Skip to content

Deploy environment #334

Deploy environment

Deploy environment #334

Workflow file for this run

name: Deploy environment
on:
workflow_dispatch:
jobs:
deploy:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
runs-on: self-hosted
env:
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_NAME: ${{ secrets.OS_APPLICATION_CREDENTIAL_NAME }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }}
AWS_ROUTE53_KEY_ID: ${{ secrets.AWS_ROUTE53_KEY_ID }}
AWS_ROUTE53_SECRET_KEY: ${{ secrets.AWS_ROUTE53_SECRET_KEY }}
TF_VAR_key_pair: ${{ secrets.KEY_PAIR_NAME }}
TF_VAR_vm_user: ubuntu
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.6.3"
terraform_wrapper: false
- run: python --version
# pin ansible version to 2.15, there seems to be an issue related to debconf with 2.16, need to investigate
- run: pipx install --force ansible-core==2.15.7
- run: ansible-playbook --version
- name: Write private key file
run: |
import os
with open(os.environ['TF_VAR_key_file'], 'w') as fh:
fh.write(os.environ['PRIVATE_KEY_CONTENT'])
shell: python
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
PRIVATE_KEY_CONTENT: ${{ secrets.PRIVATE_KEY_CONTENT }}
- run: chmod 400 ${TF_VAR_key_file}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
- name: Write clouds.yaml to temp dir
run: |
import os
with open(os.environ['CLOUDS_YAML_FILE'], 'w') as fh:
fh.write(os.environ['CLOUDS_YAML_CONTENT'])
shell: python
env:
CLOUDS_YAML_CONTENT: "${{ secrets.CLOUDS_YAML }}"
CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml"
- name: Link clouds.yaml
run: |
mkdir -p ~/.config/openstack
ln -sf ${CLOUDS_YAML_FILE} ~/.config/openstack/clouds.yaml
env:
CLOUDS_YAML_FILE: "${{ runner.temp }}/clouds.yaml"
- run: echo "GITHUB_REF = $GITHUB_REF"
- run: echo "GITHUB_REF_NAME = $GITHUB_REF_NAME"
- run: echo "GITHUB_HEAD_REF = $GITHUB_HEAD_REF"
- run: echo "GITHUB_BASE_REF = $GITHUB_BASE_REF"
- run: echo "GITHUB_EVENT_NAME = $GITHUB_EVENT_NAME"
- name: Write ansible config file to temp dir
run: |
cp ondemand-config.yml.example ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_KEYCLOAK_ADMIN_PASSWORD/$KEYCLOAK_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_LDAP_ADMIN_PASSWORD/$LDAP_ADMIN_PASSWORD/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_OIDC_CRYPTO_PASSPHRASE/$OIDC_CRYPTO_PASSPHRASE/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s/CHANGEME_OPENSTACK_SSH_KEY_NAME/$KEY_PAIR_NAME/" ${ONDEMAND_CONFIG_FILE}
sed -i'' "s|CHANGEME_SLACK_TOKEN|$SLACK_TOKEN|" ${ONDEMAND_CONFIG_FILE}
working-directory: vars
env:
KEYCLOAK_ADMIN_PASSWORD: '${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}'
LDAP_ADMIN_PASSWORD: '${{ secrets.LDAP_ADMIN_PASSWORD }}'
OIDC_CRYPTO_PASSPHRASE: '${{ secrets.OIDC_CRYPTO_PASSPHRASE }}'
KEY_PAIR_NAME: '${{ secrets.KEY_PAIR_NAME }}'
SLACK_TOKEN: '${{ secrets.SLACK_TOKEN }}'
ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml'
- name: Link ondemand config
run: |
ln -sf ${ONDEMAND_CONFIG_FILE} ondemand-config.yml
working-directory: vars
env:
ONDEMAND_CONFIG_FILE: '${{ runner.temp }}/ondemand-config.yml'
- name: Install ansible dependencies
run: ansible-galaxy install --force -r requirements.yml
# - name: Install ansible collection dependencies
# run: ansible-galaxy collection install community.general
- name: Terraform initialise
run: terraform init -input=false
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
working-directory: terraform
- name: Switch terraform workspace (making sure it exists)
run: terraform workspace select -or-create=true ${GITHUB_BASE_REF:-$GITHUB_REF_NAME}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
working-directory: terraform
- name: Install required Python library (botocore and boto3)
run: |
pip install botocore
pip install boto3
pip install jmespath
working-directory: terraform
# - name: Destroy the environment first
# run: ./deployment.sh destroy ${GITHUB_BASE_REF:-$GITHUB_REF_NAME}
# env:
# TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
# CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}"
# KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}"
- name: Create the environment
run: ./deployment.sh create ${GITHUB_BASE_REF:-$GITHUB_REF_NAME}
env:
TF_VAR_key_file: "${{ runner.temp }}/my_ci_private_key"
ANSIBLE_HOST_KEY_CHECKING: "False"
CLOUDS_YAML_BASE64: "${{ secrets.CLOUDS_YAML_BASE64 }}"
KUBE_CONFIG_BASE64: "${{ secrets.KUBE_CONFIG_BASE64 }}"
WILD_CERT_BASE64: "${{ secrets.WILD_CERT_BASE64 }}"
WILD_CERT_KEY_BASE64: "${{ secrets.WILD_CERT_KEY_BASE64 }}"