nextjs-slack-clone/.forgejo/workflows/build-and-deploy.yaml

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
  # Allow manual trigger
  workflow_dispatch:

env:
  REGISTRY: registry.mattiaswiberg.com
  IMAGE_NAME: nextjs-slack-clone
  HELM_CHART_PATH: ./helm/nextjs-slack-clone
  NAMESPACE: default  # Change to your application's namespace

jobs:
  build-and-push:
    runs-on: microk8s
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Login to Container Registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin
        
      # Generate a version tag based on commit hash
      - name: Generate version tag
        id: generate_tag
        run: |
          COMMIT_HASH=$(echo ${GITHUB_SHA} | cut -c1-7)
          VERSION_TAG="${COMMIT_HASH}"
          echo "VERSION_TAG=$VERSION_TAG" >> $GITHUB_OUTPUT
          # Also set latest tag for convenience
          echo "LATEST_TAG=latest" >> $GITHUB_OUTPUT

      # Build and push Docker image
      - name: Build and push
        run: |
          # Build the image
          docker build \
            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.generate_tag.outputs.VERSION_TAG }} \
            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.generate_tag.outputs.LATEST_TAG }} \
            --build-arg NEXT_PUBLIC_SUPABASE_URL=${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} \
            --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY=${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }} \
            .

          # Push the image with version tag and latest tag
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.generate_tag.outputs.VERSION_TAG }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.generate_tag.outputs.LATEST_TAG }}
  deploy:
    needs: build-and-push
    runs-on: microk8s
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      
      # Generate the same version tag as build-and-push job
      - name: Generate version tag
        id: generate_tag
        run: |
          COMMIT_HASH=$(echo ${GITHUB_SHA} | cut -c1-7)
          VERSION_TAG="${COMMIT_HASH}"
          echo "VERSION_TAG=$VERSION_TAG" >> $GITHUB_OUTPUT

      - name: Set up kubectl
        run: |
          # Install kubectl
          curl -LO "https://dl.k8s.io/release/stable.txt"
          KUBE_VERSION=$(cat stable.txt)
          curl -LO "https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl /usr/local/bin/
          
          # Make sure we don't use any existing microk8s config
          if [ -f /var/snap/microk8s/current/credentials/client.config ]; then
            echo "Detected microk8s config - we'll use our own config instead"
            # Backup any existing config and make sure it won't be used
            [ -d $HOME/.kube ] && mv $HOME/.kube $HOME/.kube.bak
          fi

      - name: Set up Helm
        run: |
          # Install Helm
          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
          chmod +x get_helm.sh
          ./get_helm.sh

      # Create kubeconfig using service account token
      - name: Configure kubeconfig from service account
        run: |
          # Create a dedicated kubeconfig file for this job
          CONFIG_FILE="$HOME/custom-kubeconfig"
          
          # Create fresh config with explicit server URL
          cat > $CONFIG_FILE <<EOF
          apiVersion: v1
          kind: Config
          preferences: {}
          clusters:
          - name: cluster
            cluster:
              server: https://kubernetes.default.svc
              certificate-authority-data: ${{ secrets.K8S_CA_CERT }}
          users:
          - name: ci-deployer
            user:
              token: ${{ secrets.K8S_SA_TOKEN }}
          contexts:
          - name: default
            context:
              cluster: cluster
              user: ci-deployer
              namespace: ${{ env.NAMESPACE }}
          current-context: default
          EOF
          chmod 600 $CONFIG_FILE
          
          # Set KUBECONFIG environment variable to use our config
          echo "KUBECONFIG=$CONFIG_FILE" >> $GITHUB_ENV
          
          # Verify the config is pointing to the correct server
          echo "Checking kubectl configuration..."
          KUBECTL_SERVER=$(KUBECONFIG=$CONFIG_FILE kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
          echo "Kubectl is configured to use server: $KUBECTL_SERVER"

      - name: Verify Kubernetes connectivity
        run: |
          # Test connectivity to the Kubernetes cluster
          echo "Testing Kubernetes API connectivity..."
          kubectl cluster-info
          kubectl get nodes
          
      - name: Deploy with Helm
        run: |
          # Deploy using Helm with service account authentication
          echo "Deploying with Helm to server: $(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')"
          helm upgrade --install nextjs-slack-clone ${{ env.HELM_CHART_PATH }} \
            --namespace ${{ env.NAMESPACE }} \
            --set image.tag=${{ steps.generate_tag.outputs.VERSION_TAG }} \
            --set registry.username=${{ secrets.REGISTRY_USERNAME }} \
            --set registry.password=${{ secrets.REGISTRY_PASSWORD }} \
            --set env.NEXT_PUBLIC_SUPABASE_URL=${{ secrets.NEXT_PUBLIC_SUPABASE_URL }} \
            --set env.NEXT_PUBLIC_SUPABASE_ANON_KEY=${{ secrets.NEXT_PUBLIC_SUPABASE_ANON_KEY }}