mavalosn send deploy EKS π #161
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy-k8s | |
run-name: ${{ github.actor }} send deploy EKS π | |
on: | |
pull_request: | |
types: [opened, reopened, synchronize, edited, closed] | |
#schedule: | |
# - cron: '30 2 * * *' # every day at midnight | |
workflow_dispatch: | |
workflow_call: | |
env: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
AWS_URL: ${{ secrets.AWS_URL }} | |
pull_req_id: ${{github.event.pull_request.number}} | |
DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g') | |
CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g') | |
CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'next' }} | |
CI_PROJECT: ${{github.event.pull_request.head.repo.name || 'processmaker' }} | |
CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} | |
IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g") | |
DEPLOY: ${{ secrets.DEPLOY }} | |
GH_USER: ${{ secrets.GH_USER }} | |
GH_EMAIL: ${{ secrets.GH_EMAIL }} | |
GITHUB_COMMENT: ${{ secrets.GH_COMMENT }} | |
DOM_EKS: ${{ secrets.DOM_EKS }} | |
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} | |
BUILD_BASE: ${{ (contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule') && '1' || '0' }} | |
BASE_IMAGE: ${{ secrets.REGISTRY_HOST }}/processmaker/processmaker:base | |
K8S_BRANCH: bugfix/FOUR-12410 | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
#imageEKS: | |
# name: build-docker-image-EKS | |
# if: github.event.action != 'closed' | |
# runs-on: ${{ vars.RUNNER }} | |
# steps: | |
# - name: Set image name | |
# run: | | |
# RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} | |
# echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV | |
# - name: Clone repo K8S | |
# run: | | |
# # TODO: Change branch when pm4 k8s distribution is released | |
# echo "IMAGE: ${{ env.IMAGE }}" | |
# git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution | |
# - name: Generate image EKS | |
# run: | | |
# cd pm4-k8s-distribution/images | |
# branch=$CI_PACKAGE_BRANCH tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh | |
# IMAGE1=$(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g") | |
# echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV | |
# echo "IMAGE1=$IMAGE1" >> $GITHUB_ENV | |
# - name: List Images | |
# run: | | |
# docker images | |
# echo "VERSION: $VESION" | |
# echo "IMAGE1: $IMAGE1" | |
# - name: Run Trivy vulnerability scanner | |
# uses: aquasecurity/trivy-action@master | |
# with: | |
# image-ref: processmaker/enterprise:${{ env.VERSION }} | |
# format: 'table' | |
# exit-code: '0' | |
# ignore-unfixed: false | |
# vuln-type: 'os,library' | |
# scanners: 'vuln,secret' | |
# severity: 'MEDIUM,HIGH,CRITICAL' | |
# env: | |
# TRIVY_TIMEOUT: 30m | |
# - name: Login to Harbor | |
# uses: docker/login-action@v2 | |
# with: | |
# registry: ${{ secrets.REGISTRY_HOST }} | |
# username: ${{ secrets.REGISTRY_USERNAME }} | |
# password: ${{ secrets.REGISTRY_PASSWORD }} | |
# - name: Push Enterprise Image to Harbor | |
# run: | | |
# docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} | |
# docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} | |
deployEKS: | |
name: build-deploy-EKS | |
if: contains(github.event.pull_request.body, 'ci:deploy') | |
#needs: imageEKS | |
runs-on: self-hosted | |
container: | |
image: cimg/php:7.4 | |
options: --user root | |
steps: | |
- name: Clone private repository | |
run: | | |
git clone --depth 1 -b eng "https://[email protected]/ProcessMaker/argocd.git" argocd | |
- name: CreateDB | |
run: | | |
cd argocd | |
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) | |
sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml | |
kubectl get namespace ci-processmaker-ns-pm4 | |
namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') | |
kubectl apply -f template-db.yaml | |
- name: Install pm4-tools | |
run: | | |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution | |
cd pm4-k8s-distribution/images/pm4-tools | |
composer install --no-interaction | |
cd .. | |
- name: Deploy instance EKS | |
run: | | |
cd argocd | |
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) | |
current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10) | |
echo "NAMESPACE : ci-$deploy-ns-pm4" | |
if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then | |
echo "Creating Deploy :: $deploy" | |
sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml | |
sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml | |
cat template-instance.yaml | |
helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update && helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 | |
else | |
echo "Bouncing Instance "; | |
sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml | |
sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml | |
kubectl apply -f template-bounce.yaml | |
fi | |
export INSTANCE_URL=https://ci-$deploy$DOM_EKS | |
echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" | |
../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready | |
- name: Comment Instance | |
run: | | |
echo "Instance URL: '${INSTANCE_URL}'" | |
bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" | |
deleteEKS: | |
name: Delete Instance | |
if: github.event.action == 'closed' | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Delete instance EKS | |
run: | | |
deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10) | |
echo "Deleting Instace :: ci-$deploy" | |
helm delete ci-$deploy | |
kubectl delete namespace ci-$deploy-ns-pm4 |