Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ci): use action-oc-runner #2240

Merged
merged 7 commits into from
Jan 17, 2025
Merged

feat(ci): use action-oc-runner #2240

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
65fcd24
Test action-oc-runner
DerekRoberts Jan 17, 2025
5f2f853
Test
DerekRoberts Jan 17, 2025
562dcd7
Fix envar
DerekRoberts Jan 17, 2025
8143ea8
Roll more into action
DerekRoberts Jan 17, 2025
a0a26d8
Keep using action
DerekRoberts Jan 17, 2025
7f61b1f
Cleanup
DerekRoberts Jan 17, 2025
d17f099
Use action release instead of main
DerekRoberts Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 27 additions & 43 deletions .github/workflows/.deployer-db.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,6 @@ jobs:
name: Crunchy (db)
environment: ${{ inputs.environment }}
steps:
# Check triggers (omitted or matched) for deployment
- uses: bcgov-nr/[email protected]
id: triggers
with:
triggers: ${{ inputs.triggers }}

- uses: actions/checkout@v4
if: steps.triggers.outputs.triggered == 'true'

- name: Install CLI tools from OpenShift Mirror
if: steps.triggers.outputs.triggered == 'true'
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14.37"

- name: Validate Inputs
if: steps.triggers.outputs.triggered == 'true' && inputs.s3_enabled
shell: bash
Expand All @@ -99,37 +84,36 @@ jobs:
exit 1
fi

- name: OC Login
if: steps.triggers.outputs.triggered == 'true'
shell: bash
run: |
# OC Login
OC_TEMP_TOKEN=$(curl -k -X POST ${{ inputs.oc_server }}/api/v1/namespaces/${{ secrets.oc_namespace }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.oc_token }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )

oc login --token=$OC_TEMP_TOKEN --server=${{ inputs.oc_server }}
oc project ${{ secrets.oc_namespace }} # Safeguard!

- name: Deploy Database
if: steps.triggers.outputs.triggered == 'true'
working-directory: ${{ inputs.directory }}
shell: bash
run: |
echo 'Deploying crunchy helm chart'
if [ ${{ inputs.s3_enabled }} == true ]; then
helm upgrade --install --wait --set crunchy.pgBackRest.s3.enabled=true \
--set-string crunchy.pgBackRest.s3.accessKey=${{ secrets.s3_access_key }} \
--set-string crunchy.pgBackRest.s3.secretKey=${{ secrets.s3_secret_key }} \
--set-string crunchy.pgBackRest.s3.bucket=${{ secrets.s3_bucket }} \
--set-string crunchy.pgBackRest.s3.endpoint=${{ secrets.s3_endpoint }} \
--values ${{ inputs.values }} postgres .
else
helm upgrade --install --wait --values ${{ inputs.values }} postgres .
fi
uses: bcgov/[email protected]
with:
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
triggers: ${{ inputs.triggers }}
commands: |
echo 'Deploying crunchy helm chart'
cd ${{ inputs.directory }}
if [ ${{ inputs.s3_enabled }} == true ]; then
helm upgrade --install --wait --set crunchy.pgBackRest.s3.enabled=true \
--set-string crunchy.pgBackRest.s3.accessKey=${{ secrets.s3_access_key }} \
--set-string crunchy.pgBackRest.s3.secretKey=${{ secrets.s3_secret_key }} \
--set-string crunchy.pgBackRest.s3.bucket=${{ secrets.s3_bucket }} \
--set-string crunchy.pgBackRest.s3.endpoint=${{ secrets.s3_endpoint }} \
--values ${{ inputs.values }} postgres .
else
helm upgrade --install --wait --values ${{ inputs.values }} postgres .
fi

- name: Add PR specific user to Crunchy DB # only for PRs
shell: bash
if: github.event_name == 'pull_request' && steps.triggers.outputs.triggered == 'true'
run: |
if: github.event_name == 'pull_request'
uses: bcgov/[email protected]
with:
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
triggers: ${{ inputs.triggers }}
commands: |
echo 'Adding PR specific user to Crunchy DB'
NEW_USER='{"databases":["app-${{ github.event.number }}"],"name":"app-${{ github.event.number }}"}'
CURRENT_USERS=$(oc get PostgresCluster/postgres-crunchy -o json | jq '.spec.users')
Expand Down
139 changes: 52 additions & 87 deletions .github/workflows/.deployer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,21 +91,14 @@ jobs:
tag: ${{ inputs.tag || steps.pr.outputs.pr }}
triggered: ${{ steps.triggers.outputs.triggered }}
steps:
### Triggers, tag and release

# Check triggers (omitted or matched) for deployment
- uses: bcgov-nr/[email protected]
id: triggers
with:
triggers: ${{ inputs.triggers }}
- uses: actions/checkout@v4

# Variables
- if: ${{ steps.triggers.outputs.triggered == 'true' && inputs.tag == '' }}
- if: inputs.tag == ''
id: pr
uses: bcgov-nr/[email protected]

- if: steps.triggers.outputs.triggered == 'true'
id: vars
- id: vars
run: |
# Vars: tag and release

Expand All @@ -129,81 +122,53 @@ jobs:
echo "version=${version}" >> $GITHUB_OUTPUT

### Deploy
- name: Install CLI tools from OpenShift Mirror
if: steps.triggers.outputs.triggered == 'true'
uses: redhat-actions/openshift-tools-installer@v1
- name: Stop pre-existing deployments on PRs (status = pending-upgrade)
if: github.event_name == 'pull_request'
uses: bcgov/[email protected]
with:
oc: "4"

# OC login and acquire short lived token
- if: steps.triggers.outputs.triggered == 'true'
shell: bash
run: |
# OC Login
OC_TEMP_TOKEN=$(curl -k -X POST ${{ inputs.oc_server }}/api/v1/namespaces/${{ secrets.oc_namespace }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.oc_token }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )

oc login --token=$OC_TEMP_TOKEN --server=${{ inputs.oc_server }}
oc project ${{ secrets.oc_namespace }} # Safeguard!

# Only stop pre-existing deployments on PRs (status = pending-upgrade)
- if: steps.triggers.outputs.triggered == 'true' && github.event_name == 'pull_request'
run: |
# Interrupt any previous deployments (PR only)
PREVIOUS=$(helm status ${{ steps.vars.outputs.release }} -o json | jq .info.status || true)
if [[ ${PREVIOUS} =~ pending ]]; then
echo "Rollback triggered"
helm rollback ${{ steps.vars.outputs.release }} || \
helm uninstall ${{ steps.vars.outputs.release }}
fi

# Package Helm chart
- if: steps.triggers.outputs.triggered == 'true'
uses: actions/checkout@v4
- if: steps.triggers.outputs.triggered == 'true'
working-directory: ${{ inputs.directory }}
run: |
# Helm package
sed -i 's/^name:.*/name: ${{ github.event.repository.name }}/' Chart.yaml
helm package -u . --app-version="tag-${{ steps.vars.outputs.tag }}_run-${{ github.run_number }}" --version=${{ steps.pr.outputs.pr || steps.vars.outputs.version }}

# Deploy Helm chart as atomic, with timeout
- if: steps.triggers.outputs.triggered == 'true' && inputs.atomic != 'false'
working-directory: ${{ inputs.directory }}
run: |
# Helm upgrade/rollout - atomic, timeout
helm upgrade \
--set-string global.repository=${{ github.repository }} \
--set-string global.tag=${{ steps.vars.outputs.tag }} \
--set-string global.config.databaseUser=${{ inputs.db_user }} \
${{ inputs.params }} \
--install --wait --atomic ${{ steps.vars.outputs.release }} \
--timeout ${{ inputs.timeout-minutes }}m \
--values ${{ inputs.values }} \
./${{ github.event.repository.name }}-${{ steps.pr.outputs.pr || steps.vars.outputs.version }}.tgz

# Deploy Helm chart without atomic or timeout
- if: steps.triggers.outputs.triggered == 'true' && inputs.atomic == 'false'
working-directory: ${{ inputs.directory }}
run: |
# Helm upgrade/rollout - non-atomic, no timeout
helm upgrade \
--set-string global.repository=${{ github.repository }} \
--set-string global.tag=${{ steps.vars.outputs.tag }} \
${{ inputs.params }} \
${{ steps.vars.outputs.release }} \
--install --wait --values ${{ inputs.values }} \
./${{ github.event.repository.name }}-${{ steps.pr.outputs.pr || steps.vars.outputs.version }}.tgz

# Helm release history
- if: steps.triggers.outputs.triggered == 'true'
run: |
# Helm release history
helm history ${{ steps.vars.outputs.release }}

### Cleanup

# Completed pod cleanup
- if: steps.triggers.outputs.triggered == 'true'
run: |
# Completed pod cleanup
oc delete po --field-selector=status.phase==Succeeded || true
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
triggers: ${{ inputs.triggers }}
commands: |
# Interrupt any previous deployments (PR only)
PREVIOUS=$(helm status ${{ steps.vars.outputs.release }} -o json | jq .info.status || true)
if [[ ${PREVIOUS} =~ pending ]]; then
echo "Rollback triggered"
helm rollback ${{ steps.vars.outputs.release }} || \
helm uninstall ${{ steps.vars.outputs.release }}
fi

- name: Helm Deploy
uses: bcgov/[email protected]
with:
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
triggers: ${{ inputs.triggers }}
commands: |
# Deploy

# If directory provided, cd to it
[ -z "${{ inputs.directory }}" ]|| cd ${{ inputs.directory }}

# Helm package
sed -i 's/^name:.*/name: ${{ github.event.repository.name }}/' Chart.yaml
helm package -u . --app-version="tag-${{ steps.vars.outputs.tag }}_run-${{ github.run_number }}" --version=${{ steps.pr.outputs.pr || steps.vars.outputs.version }}

# Helm upgrade/rollout
helm upgrade \
--set-string global.repository=${{ github.repository }} \
--set-string global.tag=${{ steps.vars.outputs.tag }} \
--set-string global.config.databaseUser=${{ inputs.db_user }} \
${{ inputs.params }} \
--install --wait ${{ inputs.atomic && '--atomic' || '' }} ${{ steps.vars.outputs.release }} \
--timeout ${{ inputs.timeout-minutes }}m \
--values ${{ inputs.values }} \
./${{ github.event.repository.name }}-${{ steps.pr.outputs.pr || steps.vars.outputs.version }}.tgz

# Helm release history
helm history ${{ steps.vars.outputs.release }}

# Completed pod cleanup
oc delete po --field-selector=status.phase==Succeeded || true
24 changes: 10 additions & 14 deletions .github/workflows/demo.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Point DEMO URL to Existing Service
run: |
# Set Up Routing

# OC Login
OC_TEMP_TOKEN=$(curl -k -X POST ${{ vars.oc_server }}/api/v1/namespaces/${{ secrets.oc_namespace }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.oc_token }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )

oc login --token=$OC_TEMP_TOKEN --server=${{ vars.oc_server }}
oc project ${{ secrets.oc_namespace }} #Safeguard!

# Delete and replace route
oc delete route/${{ env.REPO }}-${{ env.DEST }} --ignore-not-found=true
oc create route edge ${{ env.REPO }}-${{ env.DEST }} \
--hostname=${{ env.REPO }}-${{ env.DEST }}.${{ env.DOMAIN }} \
--service=${{ env.REPO }}-${{ github.event.number || inputs.target }}-frontend
uses: bcgov/[email protected]
with:
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
command: |
oc delete route/${{ env.REPO }}-${{ env.DEST }} --ignore-not-found=true
oc create route edge ${{ env.REPO }}-${{ env.DEST }} \
--hostname=${{ env.REPO }}-${{ env.DEST }}.${{ env.DOMAIN }} \
--service=${{ env.REPO }}-${{ github.event.number || inputs.target }}-frontend
75 changes: 33 additions & 42 deletions .github/workflows/pr-close.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,48 +25,39 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Install CLI tools from OpenShift Mirror
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: "4.14.37"

- name: OC Login
shell: bash
run: |
# OC Login
OC_TEMP_TOKEN=$(curl -k -X POST https://api.silver.devops.gov.bc.ca:6443/api/v1/namespaces/${{ secrets.oc_namespace }}/serviceaccounts/pipeline/token --header "Authorization: Bearer ${{ secrets.oc_token }}" -d '{"spec": {"expirationSeconds": 600}}' -H 'Content-Type: application/json; charset=utf-8' | jq -r '.status.token' )

oc login --token=$OC_TEMP_TOKEN --server=https://api.silver.devops.gov.bc.ca:6443
oc project ${{ secrets.oc_namespace }} # Safeguard!

- name: Remove PR user and database from crunchy
continue-on-error: true
shell: bash
run: |
# check if postgres-crunchy exists or else exit
oc get PostgresCluster/postgres-crunchy || exit 0

# Remove the user from the crunchy cluster yaml and apply the changes
USER_TO_REMOVE='{"databases":["app-${{ github.event.number }}"],"name":"app-${{ github.event.number }}"}'

echo 'getting current users from crunchy'
CURRENT_USERS=$(oc get PostgresCluster/postgres-crunchy -o json | jq '.spec.users')
echo "${CURRENT_USERS}"

# Remove the user from the list,
UPDATED_USERS=$(echo "${CURRENT_USERS}" | jq --argjson user "${USER_TO_REMOVE}" 'map(select(. != $user))')

PATCH_JSON=$(jq -n --argjson users "${UPDATED_USERS}" '{"spec": {"users": $users}}')
oc patch PostgresCluster/postgres-crunchy --type=merge -p "${PATCH_JSON}"

# get primary crunchy pod and remove the role and db
CRUNCHY_PG_PRIMARY_POD_NAME=$(oc get pods -l postgres-operator.crunchydata.com/role=master -o json | jq -r '.items[0].metadata.name')

echo "${CRUNCHY_PG_PRIMARY_POD_NAME}"
# Terminate all connections to the database before trying terminate
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = 'app-${{ github.event.number }}' AND pid <> pg_backend_pid();"

# Drop the database and role
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "DROP DATABASE \"app-${{ github.event.number }}\" --cascade"
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "DROP ROLE \"app-${{ github.event.number }}\" --cascade"
echo 'database and role deleted'
uses: bcgov/[email protected]
with:
oc_namespace: ${{ secrets.oc_namespace }}
oc_token: ${{ secrets.oc_token }}
oc_server: ${{ vars.oc_server }}
commands: |
# check if postgres-crunchy exists or else exit
oc get PostgresCluster/postgres-crunchy || exit 0

# Remove the user from the crunchy cluster yaml and apply the changes
USER_TO_REMOVE='{"databases":["app-${{ github.event.number }}"],"name":"app-${{ github.event.number }}"}'

echo 'getting current users from crunchy'
CURRENT_USERS=$(oc get PostgresCluster/postgres-crunchy -o json | jq '.spec.users')
echo "${CURRENT_USERS}"

# Remove the user from the list,
UPDATED_USERS=$(echo "${CURRENT_USERS}" | jq --argjson user "${USER_TO_REMOVE}" 'map(select(. != $user))')

PATCH_JSON=$(jq -n --argjson users "${UPDATED_USERS}" '{"spec": {"users": $users}}')
oc patch PostgresCluster/postgres-crunchy --type=merge -p "${PATCH_JSON}"

# get primary crunchy pod and remove the role and db
CRUNCHY_PG_PRIMARY_POD_NAME=$(oc get pods -l postgres-operator.crunchydata.com/role=master -o json | jq -r '.items[0].metadata.name')

echo "${CRUNCHY_PG_PRIMARY_POD_NAME}"
# Terminate all connections to the database before trying terminate
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = 'app-${{ github.event.number }}' AND pid <> pg_backend_pid();"

# Drop the database and role
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "DROP DATABASE \"app-${{ github.event.number }}\" --cascade"
oc exec "${CRUNCHY_PG_PRIMARY_POD_NAME}" -- psql -c "DROP ROLE \"app-${{ github.event.number }}\" --cascade"
echo 'database and role deleted'
2 changes: 1 addition & 1 deletion .github/workflows/pr-open.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_token: ${{ secrets.OC_TOKEN }}
with:
triggers: ('backend/' 'frontend/' 'migrations/' 'charts/')
# triggers: ('backend/' 'frontend/' 'migrations/' 'charts/')
db_user: app-${{ github.event.number }}
params: --set global.secrets.persist=false

Expand Down
Loading
Loading