Add workflow for updating CMMS deployment.

world-federation-of-advertisers · May 5, 2023 · f73677e · f73677e
1 parent 75a83cd
commit f73677e
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 13 deletions.
diff --git a/.github/workflows/configure-duchy.yml b/.github/workflows/configure-duchy.yml
@@ -28,14 +28,10 @@ on:
         description: "Name (external ID) of Duchy"
         type: string
         required: true
-      duchy-cert-id:
-        description: "ID of the Duchy certificate"
-        type: string
-        required: true
       apply:
         description: "Apply the new configuration"
         type: boolean
-        default: true
+        required: true
   workflow_dispatch:
     inputs:
       environment:
@@ -55,10 +51,6 @@ on:
         - worker2
         - aggregator
         required: true
-      duchy-cert-id:
-        description: "ID of the Duchy certificate"
-        type: string
-        required: true
       apply:
         description: "Apply the new configuration"
         type: boolean
@@ -76,7 +68,7 @@ jobs:
     runs-on: ubuntu-20.04
     environment: ${{ inputs.environment }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     # Authenticate to Google Cloud. This will export some environment
     # variables, including GCLOUD_PROJECT.
@@ -86,13 +78,19 @@ jobs:
         workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }}
         service_account: ${{ vars.GKE_CONFIG_SERVICE_ACCOUNT }}
 
+    - name: Export DUCHY_CERT_ID
+      env:
+        AGGREGATOR_DUCHY_CERT_ID: ${{ vars.AGGREGATOR_DUCHY_CERT_ID }}
+        WORKER1_DUCHY_CERT_ID: ${{ vars.WORKER1_DUCHY_CERT_ID }}
+        WORKER2_DUCHY_CERT_ID: ${{ vars.WORKER2_DUCHY_CERT_ID }}
+      run: ./.github/workflows/export-duchy-cert-id.sh
+
     - name: Generate archives
       env:
         IMAGE_TAG: ${{ inputs.image-tag }}
         SPANNER_INSTANCE: ${{ vars.SPANNER_INSTANCE }}
         KINGDOM_SYSTEM_API_TARGET: ${{ vars.KINGDOM_SYSTEM_API_TARGET }}
         DUCHY_STORAGE_BUCKET: ${{ vars.DUCHY_STORAGE_BUCKET }}
-        DUCHY_CERT_ID: ${{ inputs.duchy-cert-id }}
       run: >
         bazelisk build 
         "//src/main/k8s/dev:${DUCHY_NAME}_duchy.tar"
@@ -105,6 +103,7 @@ jobs:
         --define "duchy_storage_bucket=$DUCHY_STORAGE_BUCKET"
         --define "duchy_cert_id=$DUCHY_CERT_ID"
 
+
     - name: Make Kustomization dir
       run: mkdir -p "$KUSTOMIZATION_PATH"
 

diff --git a/.github/workflows/configure-kingdom.yml b/.github/workflows/configure-kingdom.yml
@@ -27,7 +27,7 @@ on:
       apply:
         description: "Apply the new configuration"
         type: boolean
-        default: true
+        required: true
   workflow_dispatch:
     inputs:
       environment:
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-20.04
     environment: ${{ inputs.environment }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       # Authenticate to Google Cloud. This will export some environment
       # variables, including GCLOUD_PROJECT.

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -0,0 +1,28 @@
+# Copyright 2023 The Cross-Media Measurement Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Deploy to dev environment
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  update-cmms:
+    uses: ./.github/workflows/update-cmms.yml
+    with:
+      environment: dev
+      apply: true
+
+  # TODO(@SanjayVas): Update Reporting system.
diff --git a/.github/workflows/export-duchy-cert-id.sh b/.github/workflows/export-duchy-cert-id.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# Copyright 2023 The Cross-Media Measurement Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+declare duchy_cert_id
+case "$DUCHY_NAME" in
+  aggregator)
+    duchy_cert_id="$AGGREGATOR_DUCHY_CERT_ID"
+    ;;
+  worker1)
+    duchy_cert_id="$WORKER1_DUCHY_CERT_ID"
+    ;;
+  worker2)
+    duchy_cert_id="$WORKER2_DUCHY_CERT_ID"
+    ;;
+  *)
+    echo "Unexpected Duchy name $DUCHY_NAME" >&2
+    exit 1
+    ;;
+esac
+
+echo "DUCHY_CERT_ID=${duchy_cert_id}" >> "$GITHUB_ENV"
diff --git a/.github/workflows/update-cmms.yml b/.github/workflows/update-cmms.yml
@@ -0,0 +1,80 @@
+# Copyright 2023 The Cross-Media Measurement Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Update CMMS
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        required: true
+      apply:
+        description: "Apply the new configuration"
+        type: boolean
+        required: true
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: true
+        type: choice
+        options:
+        - dev
+      apply:
+        description: "Apply the new configuration"
+        type: boolean
+        default: false
+
+jobs:
+  publish-images:
+    uses: ./.github/workflows/create-cmm-images.yml
+
+  # TODO(@SanjayVas): Call Terraforming workflows.
+
+  update-kingdom:
+    uses: ./.github/workflows/configure-kingdom.yml
+    needs: publish-images
+    with:
+      image-tag: ${{ needs.publish-images.outputs.image-tag }}
+      environment: ${{ inputs.environment }}
+      apply: ${{ inputs.apply }}
+
+  update-aggregator-duchy:
+    uses: ./.github/workflows/configure-duchy.yml
+    needs: publish-images
+    with:
+      duchy-name: aggregator
+      image-tag: ${{ needs.publish-images.outputs.image-tag }}
+      environment: ${{ inputs.environment }}
+      apply: ${{ inputs.apply }}
+
+  update-worker1-duchy:
+    uses: ./.github/workflows/configure-duchy.yml
+    needs: publish-images
+    with:
+      duchy-name: worker1
+      image-tag: ${{ needs.publish-images.outputs.image-tag }}
+      environment: ${{ inputs.environment }}
+      apply: ${{ inputs.apply }}
+
+  update-worker2-duchy:
+    uses: ./.github/workflows/configure-duchy.yml
+    needs: publish-images
+    with:
+      duchy-name: worker2
+      image-tag: ${{ needs.publish-images.outputs.image-tag }}
+      environment: ${{ inputs.environment }}
+      apply: ${{ inputs.apply }}
+
+  # TODO(@SanjayVas): Run correctness test.