From ad35b5e70d8e37d1584576c47715daee00a47bc6 Mon Sep 17 00:00:00 2001 From: Sanjay Vasandani Date: Thu, 4 May 2023 15:34:27 -0700 Subject: [PATCH] Add workflow for updating CMMS deployment. --- .github/workflows/configure-duchy.yml | 21 +++--- .github/workflows/configure-kingdom.yml | 4 +- .github/workflows/deploy-dev.yml | 28 ++++++++ .github/workflows/export-duchy-cert-id.sh | 34 ++++++++++ .github/workflows/update-cmms.yml | 80 +++++++++++++++++++++++ 5 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/deploy-dev.yml create mode 100755 .github/workflows/export-duchy-cert-id.sh create mode 100644 .github/workflows/update-cmms.yml diff --git a/.github/workflows/configure-duchy.yml b/.github/workflows/configure-duchy.yml index 0d2a55374d5..6b2fd25a610 100644 --- a/.github/workflows/configure-duchy.yml +++ b/.github/workflows/configure-duchy.yml @@ -28,14 +28,10 @@ on: description: "Name (external ID) of Duchy" type: string required: true - duchy-cert-id: - description: "ID of the Duchy certificate" - type: string - required: true apply: description: "Apply the new configuration" type: boolean - default: true + required: true workflow_dispatch: inputs: environment: @@ -55,10 +51,6 @@ on: - worker2 - aggregator required: true - duchy-cert-id: - description: "ID of the Duchy certificate" - type: string - required: true apply: description: "Apply the new configuration" type: boolean @@ -76,7 +68,7 @@ jobs: runs-on: ubuntu-20.04 environment: ${{ inputs.environment }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 # Authenticate to Google Cloud. This will export some environment # variables, including GCLOUD_PROJECT. @@ -86,13 +78,19 @@ jobs: workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ vars.GKE_CONFIG_SERVICE_ACCOUNT }} + - name: Export DUCHY_CERT_ID + env: + AGGREGATOR_DUCHY_CERT_ID: ${{ vars.AGGREGATOR_DUCHY_CERT_ID }} + WORKER1_DUCHY_CERT_ID: ${{ vars.WORKER1_DUCHY_CERT_ID }} + WORKER2_DUCHY_CERT_ID: ${{ vars.WORKER2_DUCHY_CERT_ID }} + run: ./.github/workflows/export-duchy-cert-id.sh + - name: Generate archives env: IMAGE_TAG: ${{ inputs.image-tag }} SPANNER_INSTANCE: ${{ vars.SPANNER_INSTANCE }} KINGDOM_SYSTEM_API_TARGET: ${{ vars.KINGDOM_SYSTEM_API_TARGET }} DUCHY_STORAGE_BUCKET: ${{ vars.DUCHY_STORAGE_BUCKET }} - DUCHY_CERT_ID: ${{ inputs.duchy-cert-id }} run: > bazelisk build "//src/main/k8s/dev:${DUCHY_NAME}_duchy.tar" @@ -105,6 +103,7 @@ jobs: --define "duchy_storage_bucket=$DUCHY_STORAGE_BUCKET" --define "duchy_cert_id=$DUCHY_CERT_ID" + - name: Make Kustomization dir run: mkdir -p "$KUSTOMIZATION_PATH" diff --git a/.github/workflows/configure-kingdom.yml b/.github/workflows/configure-kingdom.yml index d94590cc009..f7e784b0976 100644 --- a/.github/workflows/configure-kingdom.yml +++ b/.github/workflows/configure-kingdom.yml @@ -27,7 +27,7 @@ on: apply: description: "Apply the new configuration" type: boolean - default: true + required: true workflow_dispatch: inputs: environment: @@ -55,7 +55,7 @@ jobs: runs-on: ubuntu-20.04 environment: ${{ inputs.environment }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 # Authenticate to Google Cloud. This will export some environment # variables, including GCLOUD_PROJECT. diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml new file mode 100644 index 00000000000..3f2e53a0a0d --- /dev/null +++ b/.github/workflows/deploy-dev.yml @@ -0,0 +1,28 @@ +# Copyright 2023 The Cross-Media Measurement Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Deploy to dev environment + +on: + release: + types: [published] + +jobs: + update-cmms: + uses: ./.github/workflows/update-cmms.yml + with: + environment: dev + apply: true + + # TODO(@SanjayVas): Update Reporting system. diff --git a/.github/workflows/export-duchy-cert-id.sh b/.github/workflows/export-duchy-cert-id.sh new file mode 100755 index 00000000000..c63450360ad --- /dev/null +++ b/.github/workflows/export-duchy-cert-id.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# Copyright 2023 The Cross-Media Measurement Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +declare duchy_cert_id +case "$DUCHY_NAME" in + aggregator) + duchy_cert_id="$AGGREGATOR_DUCHY_CERT_ID" + ;; + worker1) + duchy_cert_id="$WORKER1_DUCHY_CERT_ID" + ;; + worker2) + duchy_cert_id="$WORKER2_DUCHY_CERT_ID" + ;; + *) + echo "Unexpected Duchy name $DUCHY_NAME" >&2 + exit 1 + ;; +esac + +echo "DUCHY_CERT_ID=${duchy_cert_id}" >> "$GITHUB_ENV" diff --git a/.github/workflows/update-cmms.yml b/.github/workflows/update-cmms.yml new file mode 100644 index 00000000000..f13a0399663 --- /dev/null +++ b/.github/workflows/update-cmms.yml @@ -0,0 +1,80 @@ +# Copyright 2023 The Cross-Media Measurement Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Update CMMS + +on: + workflow_call: + inputs: + environment: + type: string + required: true + apply: + description: "Apply the new configuration" + type: boolean + required: true + workflow_dispatch: + inputs: + environment: + required: true + type: choice + options: + - dev + apply: + description: "Apply the new configuration" + type: boolean + default: false + +jobs: + publish-images: + uses: ./.github/workflows/create-cmm-images.yml + + # TODO(@SanjayVas): Call Terraforming workflows. + + update-kingdom: + uses: ./.github/workflows/configure-kingdom.yml + needs: publish-images + with: + image-tag: ${{ needs.publish-images.outputs.image-tag }} + environment: ${{ inputs.environment }} + apply: ${{ inputs.apply }} + + update-aggregator-duchy: + uses: ./.github/workflows/configure-duchy.yml + needs: publish-images + with: + duchy-name: aggregator + image-tag: ${{ needs.publish-images.outputs.image-tag }} + environment: ${{ inputs.environment }} + apply: ${{ inputs.apply }} + + update-worker1-duchy: + uses: ./.github/workflows/configure-duchy.yml + needs: publish-images + with: + duchy-name: worker1 + image-tag: ${{ needs.publish-images.outputs.image-tag }} + environment: ${{ inputs.environment }} + apply: ${{ inputs.apply }} + + update-worker2-duchy: + uses: ./.github/workflows/configure-duchy.yml + needs: publish-images + with: + duchy-name: worker2 + image-tag: ${{ needs.publish-images.outputs.image-tag }} + environment: ${{ inputs.environment }} + apply: ${{ inputs.apply }} + + # TODO(@SanjayVas): Run correctness test.