Release workflow fixes (#142)

* Deprecate reliance on "common-build-scripts" (i.e., tomware) in places where its dependency wasn't noticed before. * Pin flask dependency since 2.2.x broke other dependencies. Shame on flask! * Make HUSKY_DIRECTORY_VERSION a globally required build arg so that it doesn't have to be repeated for all stages. * Update deploy workflow to work with shared build process * Give release workflow a better name. * [Bot] Update version to 2.2.3 Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
UWIT-IAM · Aug 3, 2022 · 6ddeedc · 6ddeedc
1 parent c5cfea0
commit 6ddeedc
Show file tree

Hide file tree

Showing 9 changed files with 60 additions and 71 deletions.
diff --git a/.github/steps/deploy/configure-canvas.sh b/.github/steps/deploy/configure-canvas.sh
@@ -1,15 +1,13 @@
 #!/usr/bin/env bash
 
-source ./.build-scripts/sources/github-actions.sh
-
 canvas=$(${STEP_SCRIPTS}/get_slack_notification.sh \
   -b canvas \
   -v "$target_version" \
   -s "$target_cluster" \
   -q "${deployment_qualifier}" \
   -c "#iam-bot-sandbox")  # TODO
 
-set_ci_output slack-canvas "$(echo $canvas)"
+echo "::set-output name=slack-canvas::$(echo $canvas)"
 echo "Slack canvas json: $canvas"
 
 context_artifact=$(${STEP_SCRIPTS}/get_slack_notification.sh \
@@ -18,7 +16,7 @@ context_artifact=$(${STEP_SCRIPTS}/get_slack_notification.sh \
   -s "$target_cluster" \
   -q "${deployment_qualifier}")
 
-set_ci_output context-artifact "$(echo $context_artifact)"
+echo "::set-output name=context-artifact::$(echo $context_artifact)"
 echo "Context artifact: $context_artifact"
 
 set -e

diff --git a/.github/steps/deploy/deploy.sh b/.github/steps/deploy/deploy.sh
diff --git a/.github/steps/deploy/get_slack_notification.sh b/.github/steps/deploy/get_slack_notification.sh
@@ -1,6 +1,5 @@
 #!/usr/bin/env bash
 
-source ./.build-scripts/sources/slack.sh
 ACTOR=${GITHUB_ACTOR}
 SLACK_CHANNEL='#cloud-native-directory'
 
@@ -84,6 +83,15 @@ function build_canvas {
   echo "$template"
 }
 
+function slack_link {
+  # Generates a 'mrkdwn' link.
+  # Use:
+  #   slack_link https://www.uw.edu "University of Washington"
+  local url="$1"
+  local link_text="$2"
+  echo "<$url | $link_text>"
+}
+
 function build_context_artifact {
   actor_link=$(slack_link "https://github.com/$ACTOR" "@${ACTOR}")
   execution_link=$(slack_link "https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" execution)

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -1,3 +1,4 @@
+name: Create release tag, and deploy to dev
 on:
   push:
     branches:

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,7 +1,6 @@
+name: Deploy the UW Directory
+
 on:
-  push:
-    branches:
-      - dry-run-deploy
   workflow_dispatch:
     inputs:
       cluster:
@@ -10,7 +9,7 @@ on:
         required: true
       rfc:
         description: >
-          rfc. The RFC number (e.g., '0724') associated with this
+          rfc. The RFC number or link associated with this
           deployment. Required when deploying to prod.
       version:
         description: >
@@ -32,45 +31,35 @@ jobs:
     permissions:
       contents: read
       id-token: write
+    env:
+      input_version: ${{ github.event.inputs.version }}
+      input_rfc: ${{ github.event.inputs.rfc }}
+      input_cluster: ${{ github.event.inputs.cluster }}
     steps:
       - uses: actions/checkout@v3
       - uses: abatilo/[email protected]
-      - run: sudo apt-get -y install jq
+      - run: |
+          sudo apt-get -y install jq
+          poetry install
+
       - uses: UWIT-IAM/actions/[email protected]
         with:
           gcloud-token: ${{ secrets.GCR_TOKEN }}
+
       # When performing an automated dry run from a push, we will be running using
       # the basic default command of: ./deploy-sh --dry-run --target-cluster dev
-      - if: github.event_name == 'push' && github.ref == 'refs/heads/dry-run-deploy'
+      - if: github.ref != 'refs/heads/main'
         run: |
           echo "DRY_RUN=true" >> $GITHUB_ENV
-          echo "deployment_qualifier='[DRY_RUN]'" >> $GITHUB_ENV
+          echo "deployment_qualifier=[DRY_RUN]" >> $GITHUB_ENV
         name: Configure dry run deployment
 
-      # When pushing from the Github UI, we will fill in the values
-      # provided by the user.
-      - if: github.event_name == 'workflow_dispatch'
-        run: |
-          echo "DRY_RUN=${{ github.event.inputs.dry-run }}" >> $GITHUB_ENV
-          echo "target_cluster=${{ github.event.inputs.cluster }}" >> $GITHUB_ENV
-          echo "target_version=${{ github.event.inputs.version }}" >> $GITHUB_ENV
-          echo "rfc_number=${{ github.event.inputs.rfc }}" >> $GITHUB_ENV
-          if [[ -n "${{ github.event.inputs.rfc }}" ]]
-          then
-            qualifier="[RFC-${{ github.event.inputs.rfc }}]"
-            echo "deployment_qualifier=${qualifier}" >> $GITHUB_ENV
-          fi
-        id: configure-env
-        name: Configure manual deployment
-
       - name: Update env with promotion version
-        # This runs as a separate step so that the entrypoint (manual vs. auto)
-        # doesn't matter.
         run: |
           source ./scripts/globals.sh
           target_version=$(get_promotion_version ${{ inputs.cluster }})
           echo "target_version=${target_version}" >> $GITHUB_ENV
-        if: '! env.target_version'
+        if: env.target_version == ''
 
       - name: Configure slack notification canvas
         id: configure-canvas
@@ -82,25 +71,26 @@ jobs:
         id: slack
         name: Create slack notification canvas
 
-      - run: |
-          echo "CURRENT_STEP=deploy" >> $GITHUB_ENV
-        name: Set up slack notification env
-
       - uses: uwit-iam/actions/[email protected]
         with:
           command: add-artifact
           description: ${{ steps.configure-canvas.outputs.context-artifact }}
         name: Add context artifact to slack
 
       - run: |
-          ${STEP_SCRIPTS}/deploy.sh
+          ./scripts/deploy.sh \
+            -g \
+            -v ${{ env.target_version }} \
+            -t ${{ env.target_cluster }} \
+            -r "${{ github.event.inputs.rfc }}" \
+            ${{ env.DRY_RUN == 'true' && '-x' || '' }}
         id: deploy
         name: Deploy version ${{ env.target_version }}
 
       - uses: uwit-iam/actions/[email protected]
         with:
           command: update-workflow
-          step-id: ${{ env.CURRENT_STEP }}
+          step-id: deploy
           step-status: succeeded
 
       - if: always() && steps.slack.outputs.canvas-id

diff --git a/fingerprints.yaml b/fingerprints.yaml
@@ -13,6 +13,14 @@ release-target: development-server
 docker:
   repository: gcr.io/uwit-mci-iam
   app-name: husky-directory
+  build-args:
+    - arg: HUSKY_DIRECTORY_VERSION
+      # Whenever build.sh is run for this application,
+      # to extract fingerprints or build information,
+      # `--build-arg HUSKY_DIRECTORY_VERSION=x.y.z`
+      # must be supplied.
+      sources:
+        - cli
 
 targets:
   build-config:
@@ -30,32 +38,16 @@ targets:
     depends-on: [base]
     include-paths:
       - husky_directory
-    docker:
-      build-args:
-        - arg: HUSKY_DIRECTORY_VERSION
-          sources: [cli]
 
   test-runner:
     depends-on: [app]
     include-paths:
       - tests
-    docker:
-      build-args:
-        - arg: HUSKY_DIRECTORY_VERSION
-          sources: [cli]
 
   selenium-runner:
     depends-on: [test-runner]
     include-paths:
       - selenium-tests
-    docker:
-      build-args:
-        - arg: HUSKY_DIRECTORY_VERSION
-          sources: [cli]
 
   development-server:
     depends-on: [app]
-    docker:
-      build-args:
-        - arg: HUSKY_DIRECTORY_VERSION
-          sources: [cli]
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,13 +1,18 @@
 [tool.poetry]
 name = "uw-husky-directory"
-version = "2.2.2"
+version = "2.2.3"
 description = "An updated version of the UW Directory"
 authors = ["Thomas Thorogood <[email protected]>"]
 license = "MIT"
 
 [tool.poetry.dependencies]
 python = ">=3.8,<3.9"
-Flask = "^2.1"
+# Flask 2.2.0 broke our builds; there were several dependencies
+# that broke, which means Flask broke the semver contract.
+# Flask will remain pinned to <2.2 until someone else attempts
+# to upgrade at a later Flask revision in hopes they
+# straightened out their issues
+Flask = ">=2.1,<2.2"
 injector = "^0.19.0"
 Flask-Injector = "^0.13.0"
 pydantic = {extras = ["email", "dotenv"], version = "^1.8.1"}
@@ -21,7 +26,7 @@ uw-saml = {version = "^1.1.0"}
 Flask-Session = "^0.3.2"
 redis = "^4.1.0"
 pytz = "^2022.1"
-prometheus-flask-exporter = "^0.19"
+prometheus-flask-exporter = "^0.20"
 Flask-HTTPAuth = "^4.4.0"
 python-Levenshtein = "^0.12.2"
 uw-it-flask-gunicorn-json-logger = "^0.1.6"

diff --git a/scripts/deploy.sh b/scripts/deploy.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 source ./scripts/globals.sh
-build_script=$(poetry run fingerprinter -o build-script)
+build_script="$(poetry run fingerprinter -o build-script) -p"
 
 REPO_API_URL=https://api.github.com/repos/uwit-iam/uw-husky-directory
 
@@ -81,6 +81,7 @@ do
       ;;
     --debug|-g)
       set -x
+      DEBUG=1
       ;;
     *)
       echo "Invalid Option: $1"
@@ -157,10 +158,14 @@ function wait_for_deployment {
 set -e
 configure_deployment
 
+set -x
 $build_script \
   --deploy ${target_cluster} \
   -dversion ${deploy_version} \
-  $(test -z "${DRY_RUN}" || echo "-ddry")
+  --build-arg HUSKY_DIRECTORY_VERSION=${deploy_version} \
+  $(test -z "${DRY_RUN}" || echo "-ddry") \
+  $(test -z "${DEBUG}" || echo "-g")
+set +x
 
 if [[ -z "${UNSAFE}" ]] && [[ -z "${DRY_RUN}" ]]
 then