Skip to content

kloudlite/kloudlite-ci

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github/workflows
.github/workflows
 
 
helm/kloudlite-apps
helm/kloudlite-apps
 
 
README.md
README.md
 
 

Repository files navigation

kloudlite-ci

Deployment repository for kloudlite/kloudlite. Builds happen in the main repo; this repo handles deployments to AKS.

Workflows

Workflow Trigger Purpose
deploy.yml Manual (workflow_dispatch) Deploy selected apps to an environment
deploy-on-build.yml repository_dispatch from main repo Auto-deploy after successful build
rollback.yml Manual (workflow_dispatch) Rollback to a previous Helm revision

Repository Structure

kloudlite-ci/
├── .github/workflows/
│   ├── deploy.yml              # Manual deployment
│   ├── deploy-on-build.yml     # Auto-deploy via repository_dispatch
│   └── rollback.yml            # Rollback deployments
└── helm/kloudlite-apps/        # Helm chart
    ├── Chart.yaml
    ├── values.yaml             # Base values
    ├── values-production.yaml
    ├── values-staging.yaml
    ├── values-development.yaml
    └── templates/
        ├── _helpers.tpl
        ├── console.yaml
        ├── website.yaml
        ├── oci-installer-configmap.yaml
        └── rbac.yaml

Required Secrets

Configure these in Settings → Secrets and variables → Actions:

Repository Secrets

Secret Description
AZURE_CREDENTIALS Azure service principal JSON for AKS access

Environment Secrets

Create three environments: production, staging, development. Each can have environment-specific secrets and protection rules (e.g., required reviewers for production).

Azure Credentials Format

{
  "clientId": "<app-id>",
  "clientSecret": "<password>",
  "subscriptionId": "<subscription-id>",
  "tenantId": "<tenant-id>"
}

Generate with:

az ad sp create-for-rbac \
  --name "kloudlite-ci-deploy" \
  --role contributor \
  --scopes /subscriptions/<subscription-id>/resourceGroups/rg-kloudlite \
  --sdk-auth

Triggering Deploys from Main Repo

Add this step to the build workflow in kloudlite/kloudlite:

- name: Trigger deployment
  if: success()
  run: |
    curl -X POST \
      -H "Accept: application/vnd.github+json" \
      -H "Authorization: Bearer ${{ secrets.DEPLOY_PAT }}" \
      https://api.github.com/repos/kloudlite/kloudlite-ci/dispatches \
      -d '{
        "event_type": "deploy",
        "client_payload": {
          "version": "${{ steps.tag.outputs.tag }}",
          "environment": "staging",
          "console": true,
          "website": true,
          "oci_installer": true,
          "is_nightly": ${{ inputs.is_nightly }}
        }
      }'

This requires a DEPLOY_PAT secret in the main repo — a GitHub Personal Access Token with repo scope for kloudlite/kloudlite-ci.

Environment Protection Rules (Recommended)

Environment Recommendations
development No restrictions
staging No restrictions
production Required reviewers, wait timer

Configure in Settings → Environments.

Kubernetes Secrets

The Helm chart references these K8s secrets (created manually in each namespace):

  • console-secrets — runtime secrets for the console app
  • website-secrets — runtime secrets for the website app

These are NOT GitHub secrets — they are Kubernetes secrets deployed in-cluster.

About

Deployment workflows for kloudlite/kloudlite

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages