From 5ab24210c8e4742e1ebc433621bb5687f49b904a Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 14:24:02 -0400 Subject: [PATCH 1/8] fix(ci): add permission to write deployments during preview-deploy --- .github/workflows/preview-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/preview-deploy.yml b/.github/workflows/preview-deploy.yml index a5885e9a..075f0021 100644 --- a/.github/workflows/preview-deploy.yml +++ b/.github/workflows/preview-deploy.yml @@ -14,6 +14,7 @@ concurrency: permissions: contents: write packages: write + deployments: write jobs: preview-deploy: From 54d8a3886b390486e6d6294516d23997a322c032 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 15:36:49 -0400 Subject: [PATCH 2/8] chore(ci): delete deprecated k8s-deploy workflow --- .github/workflows/k8s-deploy.yml | 234 ------------------------------- 1 file changed, 234 deletions(-) delete mode 100644 .github/workflows/k8s-deploy.yml diff --git a/.github/workflows/k8s-deploy.yml b/.github/workflows/k8s-deploy.yml deleted file mode 100644 index 713f275b..00000000 --- a/.github/workflows/k8s-deploy.yml +++ /dev/null @@ -1,234 +0,0 @@ -name: Deploy K8s Preview - -on: - pull_request: - branches: [ develop ] - types: [ opened, reopened, synchronize ] - push: - branches: [ develop ] - -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - DOCKER_REGISTRY: ghcr.io - DOCKER_PACKAGE: site-composite - - KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_BASE64 }} - KUBE_NAMESPACE: laddr - KUBE_HOSTNAME: laddr.sandbox.k8s.phl.io - - DATABASE_NAME: laddr - - HAB_LICENSE: accept-no-persist - HAB_ORIGIN: codeforphilly - -jobs: - - k8s-deploy: - runs-on: ubuntu-latest - steps: - - - name: Cancel superseded runs - uses: styfle/cancel-workflow-action@0.7.0 - with: - access_token: ${{ secrets.GITHUB_TOKEN }} - - - name: Configure environment - run: | - if [ "${GITHUB_EVENT_NAME}" == "pull_request" ]; then - RELEASE_NAME="pr-$(jq --raw-output .pull_request.number "${GITHUB_EVENT_PATH}")" - RELEASE_TRANSIENT='true' - else - RELEASE_NAME="latest" - RELEASE_TRANSIENT='false' - fi - - echo "Using RELEASE_NAME=${RELEASE_NAME}" - echo "RELEASE_NAME=${RELEASE_NAME}" >> $GITHUB_ENV - - echo "Using RELEASE_TRANSIENT=${RELEASE_TRANSIENT}" - echo "RELEASE_TRANSIENT=${RELEASE_TRANSIENT}" >> $GITHUB_ENV - - DOCKER_REPOSITORY="${GITHUB_REPOSITORY,,}" - - echo "Using DOCKER_REPOSITORY=${DOCKER_REPOSITORY}" - echo "DOCKER_REPOSITORY=${DOCKER_REPOSITORY}" >> $GITHUB_ENV - - - name: Create Github Deployment - uses: bobheadxi/deployments@v0.4.3 - id: deployment - with: - step: start - token: ${{ secrets.GITHUB_TOKEN }} - env: '${{ env.RELEASE_NAME }}' - ref: '${{ github.head_ref }}' - transient: ${{ env.RELEASE_TRANSIENT }} - logs: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' - no_override: false - - - uses: actions/checkout@v2 - - - name: 'Initialize Chef Habitat environment' - uses: JarvusInnovations/habitat-action@action/v1 - with: - deps: | - jarvus/hologit - - - id: site-projection - name: 'Project holobranch: emergence-site' - uses: JarvusInnovations/hologit@actions/projector/v1 - with: - # use HEAD checked out above by checkout action - ref: HEAD - fetch: false - holobranch: emergence-site - - - id: fixtures-projection - name: 'Project holobranch: fixtures' - uses: JarvusInnovations/hologit@actions/projector/v1 - with: - # use HEAD checked out above by checkout action - ref: HEAD - fetch: false - holobranch: fixtures - - - id: helm-projection - name: 'Project holobranch: helm-chart' - uses: JarvusInnovations/hologit@actions/projector/v1 - with: - # use HEAD checked out above by checkout action - ref: HEAD - fetch: false - holobranch: helm-chart - - - name: Build & push Docker image - uses: whoan/docker-build-with-cache-action@v5 - with: - dockerfile: Dockerfile - username: ${{ github.actor }} - password: ${{ env.GITHUB_TOKEN }} - registry: ${{ env.DOCKER_REGISTRY }} - image_name: ${{ env.DOCKER_REPOSITORY }}/${{ env.DOCKER_PACKAGE }} - image_tag: ${{ env.RELEASE_NAME }} - build_extra_args: | - --build-arg=SITE_TREE=${{ steps.site-projection.outputs.tree }} - --build-arg=SITE_VERSION=0.0.0-${{ env.RELEASE_NAME }} - --build-arg=SOURCE_COMMIT=${{ github.sha }} - --build-arg=SOURCE_TAG=${{ env.RELEASE_NAME }} - --build-arg=HAB_LICENSE=${{ env.HAB_LICENSE }} - - - name: Configure kubectl - run: | - set -e - test -e ~/.kube || mkdir ~/.kube - printf '%s' "$KUBE_CONFIG_DATA" | base64 -d > ~/.kube/config - - - name: Deploy instance via Helm template - run: | - release_hostname="${RELEASE_NAME}.${KUBE_HOSTNAME}" - - echo "Ensuring current context is namespace ${KUBE_NAMESPACE}" - kubectl config set-context --current --namespace="${KUBE_NAMESPACE}" - - echo "Listing pods existing before deploy" - kubectl get pods \ - -l app.kubernetes.io/instance="${RELEASE_NAME}" \ - --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' \ - | sort \ - | tee ./.pods-before - - echo "Extracting projected helm-chart to temporary directory" - temp_dir=$(mktemp -d) - git archive --format=tar "${{ steps.helm-projection.outputs.tree }}" | ( cd "${temp_dir}" && tar -xf - ) - - echo "Using helm upgrade to apply helm-chart to release ${RELEASE_NAME}" - helm upgrade "${RELEASE_NAME}" "${temp_dir}" \ - --install \ - --namespace "${KUBE_NAMESPACE}" \ - --set site.name="${RELEASE_NAME}" \ - --set site.title="laddr/${RELEASE_NAME}" \ - --set site.image.repository="${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}/${DOCKER_PACKAGE}" \ - --set site.image.tag="${RELEASE_NAME}" \ - --set ingress.enabled=true \ - --set site.canonicalHostname="${release_hostname}" \ - --set site.displayErrors=true \ - --set hab.license=accept-no-persist - - echo "Listing pods existing after deploy" - kubectl get pods \ - -l app.kubernetes.io/instance="${RELEASE_NAME}" \ - --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' \ - | sort \ - | tee ./.pods-after - - echo "Deleting stale pods to force image refresh" - comm -12 ./.pods-before ./.pods-after \ - | xargs --no-run-if-empty kubectl delete pod - - - name: Wait for Deployment to be ready - timeout-minutes: 10 - run: | - until kubectl rollout status deployment "${RELEASE_NAME}" 2>/dev/null >/dev/null; do - echo -n "." - sleep .5 - done - - - name: Find new Pod - run: | - POD_NAME=$( - kubectl get pod \ - -l app.kubernetes.io/instance="${RELEASE_NAME}" \ - -o jsonpath='{.items[0].metadata.name}' - ) - - echo "Using POD_NAME=${POD_NAME}" - echo "POD_NAME=${POD_NAME}" >> $GITHUB_ENV - - - name: Wait For Pod to be ready - timeout-minutes: 5 - run: kubectl wait --for condition=ready "pod/${POD_NAME}" --timeout=30s - - - name: Wait for MySQL to be Ready - timeout-minutes: 5 - run: | - until kubectl exec "${POD_NAME}" -- hab pkg exec "${HAB_ORIGIN}/${DOCKER_PACKAGE}" mysqladmin ping; do - sleep .5 - done - - - name: Load fixtures into database - run: | - echo "Dropping any existing database..." - kubectl exec "${POD_NAME}" -- \ - hab pkg exec "${HAB_ORIGIN}/${DOCKER_PACKAGE}" \ - mysqladmin drop "${DATABASE_NAME}" --force \ - || true - - echo "Creating an empty database..." - kubectl exec "${POD_NAME}" -- \ - hab pkg exec "${HAB_ORIGIN}/${DOCKER_PACKAGE}" \ - mysqladmin create "${DATABASE_NAME}" - - echo "Loading fixtures..." - ( - for fixture_file in $(git ls-tree -r --name-only ${{ steps.fixtures-projection.outputs.tree }}); do - git cat-file -p "${{ steps.fixtures-projection.outputs.tree }}:${fixture_file}" - done - ) | kubectl exec -i "${POD_NAME}" -- \ - hab pkg exec "${HAB_ORIGIN}/${DOCKER_PACKAGE}" \ - mysql "${DATABASE_NAME}" - - echo "Running migrations..." - kubectl exec "${POD_NAME}" -- \ - hab pkg exec "${HAB_ORIGIN}/${DOCKER_PACKAGE}" \ - emergence-console-run migrations:execute --all - - - name: Update Github Deployment - uses: bobheadxi/deployments@v0.4.3 - if: ${{ always() }} - with: - step: finish - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - deployment_id: ${{ steps.deployment.outputs.deployment_id }} - env_url: 'https://${{ env.RELEASE_NAME}}.${{ env.KUBE_HOSTNAME }}/' - logs: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' From bb5270bd242a171d5152fda42c97308f16547530 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 15:48:50 -0400 Subject: [PATCH 3/8] feat(ci): switch to composite destroy action --- .github/workflows/k8s-destroy.yml | 38 --------------------------- .github/workflows/preview-destroy.yml | 25 ++++++++++++++++++ 2 files changed, 25 insertions(+), 38 deletions(-) delete mode 100644 .github/workflows/k8s-destroy.yml create mode 100644 .github/workflows/preview-destroy.yml diff --git a/.github/workflows/k8s-destroy.yml b/.github/workflows/k8s-destroy.yml deleted file mode 100644 index 1958f2c5..00000000 --- a/.github/workflows/k8s-destroy.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Destroy K8s Preview - -on: - pull_request: - branches: [ develop ] - types: [ closed ] - -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_BASE64 }} - KUBE_NAMESPACE: laddr - - RELEASE_NAME: pr-${{ github.event.number }} - -jobs: - - k8s-destroy: - runs-on: ubuntu-latest - steps: - - - name: Configure kubectl - run: | - test -e ~/.kube || mkdir ~/.kube - printf '%s' "$KUBE_CONFIG_DATA" | base64 -d > ~/.kube/config - - - name: Delete PR Deployment - run: | - kubectl config set-context --current --namespace="${KUBE_NAMESPACE}" - helm uninstall "${RELEASE_NAME}" - kubectl delete secret "${RELEASE_NAME}-tls" - - - name: Deactivate Github Deployment - uses: bobheadxi/deployments@v0.4.3 - with: - step: deactivate-env - token: ${{ secrets.GITHUB_TOKEN }} - env: '${{ env.RELEASE_NAME }}' diff --git a/.github/workflows/preview-destroy.yml b/.github/workflows/preview-destroy.yml new file mode 100644 index 00000000..c29af319 --- /dev/null +++ b/.github/workflows/preview-destroy.yml @@ -0,0 +1,25 @@ +name: 'Preview: Destroy' + +on: + pull_request: + branches: [ develop ] + types: [ closed ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + deployments: write + +jobs: + preview-deploy: + runs-on: ubuntu-latest + steps: + + - uses: EmergencePlatform/php-runtime@github-actions/destroy-site-preview/v1 + id: destroy-site-preview + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + kube-config: ${{ secrets.KUBECONFIG_BASE64 }} + kube-namespace: laddr From 2b983f29e1f84117652227ec10c8b71c1a446ec3 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 15:49:30 -0400 Subject: [PATCH 4/8] DEBUG: use develop channel --- .github/workflows/preview-destroy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preview-destroy.yml b/.github/workflows/preview-destroy.yml index c29af319..a974d952 100644 --- a/.github/workflows/preview-destroy.yml +++ b/.github/workflows/preview-destroy.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: EmergencePlatform/php-runtime@github-actions/destroy-site-preview/v1 + - uses: EmergencePlatform/php-runtime@github-actions/destroy-site-preview/develop id: destroy-site-preview with: github-token: ${{ secrets.GITHUB_TOKEN }} From d03afc7916f8db98c2f81bdd9a489a0ee909fd93 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 19:53:25 -0400 Subject: [PATCH 5/8] fix(ci): update job name for new preview-destroy workflow --- .github/workflows/preview-destroy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preview-destroy.yml b/.github/workflows/preview-destroy.yml index a974d952..c0fc7354 100644 --- a/.github/workflows/preview-destroy.yml +++ b/.github/workflows/preview-destroy.yml @@ -13,7 +13,7 @@ permissions: deployments: write jobs: - preview-deploy: + preview-destroy: runs-on: ubuntu-latest steps: From a5203f66368d7f679ed5fa7e2c9b00fde96eb63d Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 19:53:45 -0400 Subject: [PATCH 6/8] chore(ci): switch preview-destroy to v1 channel --- .github/workflows/preview-destroy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preview-destroy.yml b/.github/workflows/preview-destroy.yml index c0fc7354..cc4bfbb2 100644 --- a/.github/workflows/preview-destroy.yml +++ b/.github/workflows/preview-destroy.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: EmergencePlatform/php-runtime@github-actions/destroy-site-preview/develop + - uses: EmergencePlatform/php-runtime@github-actions/destroy-site-preview/v1 id: destroy-site-preview with: github-token: ${{ secrets.GITHUB_TOKEN }} From 911c20ce4c8f00b656c0d5b651a7ff14fa7e738d Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 20:01:20 -0400 Subject: [PATCH 7/8] feat(ci): use same concurrency group for preview deploy/destroy workflows --- .github/workflows/preview-deploy.yml | 2 +- .github/workflows/preview-destroy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/preview-deploy.yml b/.github/workflows/preview-deploy.yml index 075f0021..f4fe9af6 100644 --- a/.github/workflows/preview-deploy.yml +++ b/.github/workflows/preview-deploy.yml @@ -8,7 +8,7 @@ on: branches: [ develop ] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: preview-${{ github.ref }} cancel-in-progress: true permissions: diff --git a/.github/workflows/preview-destroy.yml b/.github/workflows/preview-destroy.yml index cc4bfbb2..7981ee77 100644 --- a/.github/workflows/preview-destroy.yml +++ b/.github/workflows/preview-destroy.yml @@ -6,7 +6,7 @@ on: types: [ closed ] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: preview-${{ github.ref }} cancel-in-progress: true permissions: From 0192529bb2f82d5096d46fb10334d578246b6215 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sun, 2 Apr 2023 20:11:45 -0400 Subject: [PATCH 8/8] fix(ci): use head_ref for perview workflows concurrency key --- .github/workflows/preview-deploy.yml | 2 +- .github/workflows/preview-destroy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/preview-deploy.yml b/.github/workflows/preview-deploy.yml index f4fe9af6..989ae09a 100644 --- a/.github/workflows/preview-deploy.yml +++ b/.github/workflows/preview-deploy.yml @@ -8,7 +8,7 @@ on: branches: [ develop ] concurrency: - group: preview-${{ github.ref }} + group: preview-${{ github.head_ref }} cancel-in-progress: true permissions: diff --git a/.github/workflows/preview-destroy.yml b/.github/workflows/preview-destroy.yml index 7981ee77..b0be558b 100644 --- a/.github/workflows/preview-destroy.yml +++ b/.github/workflows/preview-destroy.yml @@ -6,7 +6,7 @@ on: types: [ closed ] concurrency: - group: preview-${{ github.ref }} + group: preview-${{ github.head_ref }} cancel-in-progress: true permissions: