Is possible to pass environment variables to yml manifests while running a Github Action?

Question

I'm trying to make a deployment to a Kubernetes cluster running it inside a Github Action, the action build and push the image to a private registry and apply a manifest where I can able to set dynamically some atributes such the image name generated in previous step and an OCI network security group saved as an environment secret in Github Repository.

Here the current yml manifest:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: preview
  labels:
    app: preview
spec:
  replicas: 2
  selector:
    matchLabels:
      app: preview
  template:
    metadata:
      labels:
        app: preview
    spec:
      containers:
      - name: preview
        image: $MY_IMAGE_NAME
        imagePullPolicy: Always
        ports:
          - containerPort: 3000
            protocol: TCP
      imagePullSecrets:
        - name: ocirsecret
---
apiVersion: v1
kind: Service
metadata:
  name: my-preview-svc
  labels:
    app: preview
  annotations:
    oci.oraclecloud.com/load-balancer-type: "nlb"
    oci-network-load-balancer.oraclecloud.com/is-preserve-source: "true"
    oci-network-load-balancer.oraclecloud.com/oci-network-security-groups: "$OCI_NETWORK_SG"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: http
      port: 80
      targetPort: 3000
    - name: https
      port: 443
      targetPort: 3000
  selector:
    app: preview

I already tried to set the env in Github actions workflow after save the secrets on environment.

  deploy-to-oke:
    name: Deploy container image to an OKE Cluster
    runs-on: ubuntu-latest
    environment: Preview
    env:
      OCI_CLI_USER: ${{ secrets.OCI_CLI_USER }}
      OCI_CLI_TENANCY: ${{ secrets.OCI_CLI_TENANCY }}
      OCI_CLI_FINGERPRINT: ${{ secrets.OCI_CLI_FINGERPRINT }}
      OCI_CLI_KEY_CONTENT: ${{ secrets.OCI_CLI_KEY_CONTENT }}
      OCI_CLI_REGION: ${{ secrets.OCI_CLI_REGION }}
      MY_IMAGE_NAME: ${{ secrets.OCIR_REGISTRY }}/${{ secrets.OCI_TENANCY_NAMESPACE }}/${{ secrets.OCIR_REPO_NAME }}:preview
      OCI_NETWORK_SG: ${{ secrets.OCI_NETWORK_SG }}
    steps:
      - name: Configure Kubectl
        uses: oracle-actions/configure-kubectl-oke@v1.5.0
        with:
          cluster: ${{ secrets.OKE_CLUSTER_OCID }}
      - name: Checkout
        uses: actions/checkout@v4
      - name: Deploy to Kubernetes
        run: |
          kubectl apply -f kubernetes/svc-preview.yml -n preview

The deploy fails due to invalid image name and non existent network security group on OCI.

Also, I've tried to use envsubst, but also didn't work

      - name: Deploy to Kubernetes
        run: |
          envsubst < kubernetes/svc-preview.yml | kubectl apply -f kubernetes/svc-preview.yml -n default -v=10

There's any option to do it?

Answer 1

You substitute env vars using envsubst but then pass the original unmodified file to kubectl.

Try this instead:

  - name: Deploy to Kubernetes
    run: |
      envsubst < kubernetes/svc-preview.yml | kubectl apply -f - -n default -v=10