ci: Auto deploy latest build of master

After building and publishing a new "latest" container image, we can automatically deploy it to production by restarting the *sshca* Deployment. We use `curl` here to patch the Deployment manually, since `kubectl` is not available in the container image. This is a simple enough operation that it's not worth the effort of trying to install it.
2024-02-03 10:07:29 -06:00 · 2024-02-03 10:07:29 -06:00 · f8f8218537
parent 748f4dba9a
commit f8f8218537
3 changed files with 38 additions and 0 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -8,3 +8,8 @@ trim_trailing_whitespace = true

 [**.rs]
 max_line_length = 79
+
+[Jenkinsfile]
+max_line_length = 79
+indent_style = space
+indent_size = 4
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@ -40,6 +40,15 @@ pipeline {
                                }
                            }
                        }
+
+                        stage('Deploy') {
+                            when {
+                                branch 'master'
+                            }
+                            steps {
+                                sh '. ci/deploy.sh'
+                            }
+                        }
                    }
                }
            }
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@ -0,0 +1,24 @@
+#!/bin/sh
+
+namespace=sshca
+name=sshca
+
+now=$(date +%Y-%m-%dT%H:%M:%S%:z)
+
+curl https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/apis/apps/v1/namespaces/${namespace}/deployments/${name} \
+    --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt \
+    -X PATCH \
+    -H "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)" \
+    -H 'Content-Type: application/merge-patch+json' \
+    -H 'Accept: application/json' \
+    -d '{
+  "spec": {
+    "template": {
+      "metadata": {
+        "annotations": {
+          "kubectl.kubernetes.io/restartedAt": "'"${now}"'"
+        }
+      }
+    }
+  }
+}'