From 7ccaaead1bc00dabcc8eeb89469c365da8b95979 Mon Sep 17 00:00:00 2001 From: Louis GERARD Date: Fri, 16 Aug 2024 14:47:55 +0200 Subject: [PATCH 1/4] (PC-31321)[API] ci: use common action for migration --- .github/workflows/dev_on_workflow_deploy.yml | 52 ++++---------------- 1 file changed, 10 insertions(+), 42 deletions(-) diff --git a/.github/workflows/dev_on_workflow_deploy.yml b/.github/workflows/dev_on_workflow_deploy.yml index f687768ef37..5a45e38b684 100644 --- a/.github/workflows/dev_on_workflow_deploy.yml +++ b/.github/workflows/dev_on_workflow_deploy.yml @@ -77,27 +77,11 @@ jobs: kubernetes-cluster: ${{ inputs.teleport_kubernetes_cluster }} - name: "Play pre-migrations" - run: | - set -e - VERSION="${{ inputs.app_version }}" - export ENVIRONMENT="${{ inputs.environment }}" - IMAGE="europe-west1-docker.pkg.dev/passculture-infra-prod/pass-culture-artifact-registry/pcapi" - export IMAGE="${IMAGE}:${VERSION}" - export DATE=$(date +"%Y-%m-%d--%H-%M-%S") - JOB_NAME=pre-upgrade-${DATE} - envsubst < .github/workflows/templates/pre-upgrade-job.yaml | kubectl -n ${{ inputs.environment }} apply -f - - # kubectl logs returns 0 if pod is pending because of lack of resource so we use a more elaborate condition - kubectl wait -n ${{ inputs.environment }} --for=jsonpath='{.status.ready}'=1 jobs/${JOB_NAME} --timeout=180s - # Next lines assume that job's backoffLimit is 0 - kubectl logs -n ${{ inputs.environment }} -f jobs/${JOB_NAME} - kubectl wait -n ${{ inputs.environment }} --for=condition=complete jobs/${JOB_NAME} || kubectl wait -n ${{ inputs.environment }} --for=condition=failed jobs/${JOB_NAME} # Sanity check that the job is over - failure=$(kubectl get -n ${{ inputs.environment }} jobs/${JOB_NAME} -o=jsonpath='{.status.conditions[?(@.type=="Failed")].status}') # Did the job fail or not so we can give correct return code - if [[ "$failure" == "True" ]] - then - exit 1 - else - exit 0 - fi + uses: pass-culture/common-workflows/actions/pcapi-migration@PC-31321-pcapi-migration-action + with: + environment: ${{ inputs.environment }} + app_version: ${{ inputs.app_version }} + migration_type: pre # Get pcapi secrets from source code, to be passed later as a helmfile parameter. - name: "Generate pcapi secrets list" @@ -155,27 +139,11 @@ jobs: argocd app sync pcapi-${{ inputs.environment }} --core --async --prune argocd app wait pcapi-${{ inputs.environment }} --core --timeout 600 - name: "Play post-migrations" - run: | - set -e - VERSION="${{ inputs.app_version }}" - export ENVIRONMENT="${{ inputs.environment }}" - IMAGE="europe-west1-docker.pkg.dev/passculture-infra-prod/pass-culture-artifact-registry/pcapi" - export IMAGE="${IMAGE}:${VERSION}" - export DATE=$(date +"%Y-%m-%d--%H-%M-%S") - JOB_NAME=post-upgrade-${DATE} - envsubst < .github/workflows/templates/post-upgrade-job.yaml | kubectl -n ${{ inputs.environment }} apply -f - - # kubectl logs returns 0 if pod is pending because of lack of resource so we use a more elaborate condition - kubectl wait -n ${{ inputs.environment }} --for=jsonpath='{.status.ready}'=1 jobs/${JOB_NAME} --timeout=180s - # Next lines assume that job's backoffLimit is 0 - kubectl logs -n ${{ inputs.environment }} -f jobs/${JOB_NAME} - kubectl wait -n ${{ inputs.environment }} --for=condition=complete jobs/${JOB_NAME} || kubectl wait -n ${{ inputs.environment }} --for=condition=failed jobs/${JOB_NAME} # Sanity check that the job is over - failure=$(kubectl get -n ${{ inputs.environment }} jobs/${JOB_NAME} -o=jsonpath='{.status.conditions[?(@.type=="Failed")].status}') # Did the job fail or not so we can give correct return code - if [[ "$failure" == "True" ]] - then - exit 1 - else - exit 0 - fi + uses: pass-culture/common-workflows/actions/pcapi-migration@PC-31321-pcapi-migration-action + with: + environment: ${{ inputs.environment }} + app_version: ${{ inputs.app_version }} + migration_type: post deploy-api-doc-on-firebase: name: "Deploy api doc on firebase" From 783f26ee63245a8f8c39857234f6222008333fa6 Mon Sep 17 00:00:00 2001 From: Louis GERARD Date: Fri, 16 Aug 2024 14:50:39 +0200 Subject: [PATCH 2/4] (PC-31321)[API] ci: create workflow to test changes on ops --- .../workflows/dev_on_dispatch_deploy_ops.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/dev_on_dispatch_deploy_ops.yml diff --git a/.github/workflows/dev_on_dispatch_deploy_ops.yml b/.github/workflows/dev_on_dispatch_deploy_ops.yml new file mode 100644 index 00000000000..eb9165556fe --- /dev/null +++ b/.github/workflows/dev_on_dispatch_deploy_ops.yml @@ -0,0 +1,25 @@ +on: + workflow_dispatch: + inputs: + pcapi_image_tag: + description: pcapi image tag to deploy + required: true + +permissions: write-all + +jobs: + deploy-to-ops: + name: "Deploy to ops" + uses: ./.github/workflows/dev_on_workflow_deploy.yml + with: + environment: ops + app_version: ${{ inputs.pcapi_image_tag }} + teleport_version: 15.2.5 + teleport_proxy: teleport.ops.passculture.team:443 + teleport_kubernetes_cluster: passculture-metier-ops + deploy_api: true + deploy_pro: false + secrets: + GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} + GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} + From 40c2cdccf0b93873a1e38b3b134458c7bb464514 Mon Sep 17 00:00:00 2001 From: Louis GERARD Date: Fri, 16 Aug 2024 16:21:48 +0200 Subject: [PATCH 3/4] (PC-31321)[API] ci: use teleport and argocd actions --- .../workflows/dev_on_dispatch_deploy_ops.yml | 1 - .../dev_on_dispatch_release_deploy.yml | 3 -- .../workflows/dev_on_push_workflow_main.yml | 2 - .github/workflows/dev_on_workflow_deploy.yml | 54 ++++++------------- 4 files changed, 15 insertions(+), 45 deletions(-) diff --git a/.github/workflows/dev_on_dispatch_deploy_ops.yml b/.github/workflows/dev_on_dispatch_deploy_ops.yml index eb9165556fe..9eeee6682ae 100644 --- a/.github/workflows/dev_on_dispatch_deploy_ops.yml +++ b/.github/workflows/dev_on_dispatch_deploy_ops.yml @@ -14,7 +14,6 @@ jobs: with: environment: ops app_version: ${{ inputs.pcapi_image_tag }} - teleport_version: 15.2.5 teleport_proxy: teleport.ops.passculture.team:443 teleport_kubernetes_cluster: passculture-metier-ops deploy_api: true diff --git a/.github/workflows/dev_on_dispatch_release_deploy.yml b/.github/workflows/dev_on_dispatch_release_deploy.yml index fac4e866ae8..1d35d555476 100644 --- a/.github/workflows/dev_on_dispatch_release_deploy.yml +++ b/.github/workflows/dev_on_dispatch_release_deploy.yml @@ -91,7 +91,6 @@ jobs: with: environment: ${{ github.event.inputs.target_environment }} app_version: ${{ needs.version.outputs.APP_VERSION }} - teleport_version: 15.2.5 teleport_proxy: teleport.ehp.passculture.team:443 teleport_kubernetes_cluster: passculture-metier-ehp deploy_api: true @@ -109,7 +108,6 @@ jobs: with: environment: integration app_version: ${{ needs.version.outputs.APP_VERSION }} - teleport_version: 15.2.5 teleport_proxy: teleport.ehp.passculture.team:443 teleport_kubernetes_cluster: passculture-metier-ehp deploy_api: true @@ -127,7 +125,6 @@ jobs: with: environment: ${{ github.event.inputs.target_environment }} app_version: ${{ needs.version.outputs.APP_VERSION }} - teleport_version: 15.2.5 teleport_proxy: teleport.passculture.team:443 teleport_kubernetes_cluster: passculture-metier-prod deploy_api: true diff --git a/.github/workflows/dev_on_push_workflow_main.yml b/.github/workflows/dev_on_push_workflow_main.yml index 95ab9d58b4d..a2a06fd97e7 100644 --- a/.github/workflows/dev_on_push_workflow_main.yml +++ b/.github/workflows/dev_on_push_workflow_main.yml @@ -267,7 +267,6 @@ jobs: with: environment: testing app_version: ${{ github.sha }} - teleport_version: 15.2.5 teleport_proxy: teleport.ehp.passculture.team:443 teleport_kubernetes_cluster: passculture-metier-ehp deploy_api: ${{ needs.test-api.result == 'success' }} @@ -289,7 +288,6 @@ jobs: with: environment: ops app_version: ${{ github.sha }} - teleport_version: 15.2.5 teleport_proxy: teleport.ops.passculture.team:443 teleport_kubernetes_cluster: passculture-metier-ops deploy_api: ${{ needs.test-api.result == 'success' }} diff --git a/.github/workflows/dev_on_workflow_deploy.yml b/.github/workflows/dev_on_workflow_deploy.yml index 5a45e38b684..698a46c3be0 100644 --- a/.github/workflows/dev_on_workflow_deploy.yml +++ b/.github/workflows/dev_on_workflow_deploy.yml @@ -8,9 +8,6 @@ on: app_version: type: string required: true - teleport_version: - type: string - required: true teleport_proxy: type: string required: true @@ -63,21 +60,15 @@ jobs: with: secrets: |- API_TOKEN_GITHUB:passculture-metier-ehp/passculture-main-sa-access-token - - name: "Install Teleport" - uses: teleport-actions/setup@v1 - with: - version: ${{ inputs.teleport_version }} - - name: "Teleport Authentication" - uses: teleport-actions/auth-k8s@v1 - id: "teleport-auth" + + - name: "Connect to cluster" + uses: pass-culture/common-workflows/actions/teleport-connect@teleport-connect/v0.1.0 with: - proxy: ${{ inputs.teleport_proxy }} - token: github-token - certificate-ttl: 1h - kubernetes-cluster: ${{ inputs.teleport_kubernetes_cluster }} + teleport_proxy: ${{ inputs.teleport_proxy }} + teleport_kubernetes_cluster: ${{ inputs.teleport_kubernetes_cluster }} - name: "Play pre-migrations" - uses: pass-culture/common-workflows/actions/pcapi-migration@PC-31321-pcapi-migration-action + uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.1.0 with: environment: ${{ inputs.environment }} app_version: ${{ inputs.app_version }} @@ -126,20 +117,12 @@ jobs: api_token_github_secret_name: passculture-metier-ehp/passculture-main-sa-access-token chart_values_repository: "" helmfile_path: "./pass-culture-deployment/helm/pcapi" - - name: "Install argocd cli" - id: install_argocd_cli - run: | - curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 - sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd - rm argocd-linux-amd64 - - name: "Check argocd application status" - id: check_status - run: | - kubectl config set-context --current --namespace=argocd - argocd app sync pcapi-${{ inputs.environment }} --core --async --prune - argocd app wait pcapi-${{ inputs.environment }} --core --timeout 600 + - name: "Sync ArgoCD application" + uses: pass-culture/common-workflows/actions/argocd-sync@argocd-sync/v0.2.0 + with: + app_name: pcapi-${{ inputs.environment }} - name: "Play post-migrations" - uses: pass-culture/common-workflows/actions/pcapi-migration@PC-31321-pcapi-migration-action + uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.1.0 with: environment: ${{ inputs.environment }} app_version: ${{ inputs.app_version }} @@ -244,18 +227,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - name: "Install Teleport" - uses: teleport-actions/setup@v1 - with: - version: ${{ inputs.teleport_version }} - - name: "Teleport Authentication" - id: "teleport-auth" - uses: teleport-actions/auth-k8s@v1 + - name: "Connect to cluster" + uses: pass-culture/common-workflows/actions/teleport-connect@teleport-connect/v0.1.0 with: - proxy: ${{ inputs.teleport_proxy }} - token: github-token - certificate-ttl: 1h - kubernetes-cluster: ${{ inputs.teleport_kubernetes_cluster }} + teleport_proxy: ${{ inputs.teleport_proxy }} + teleport_kubernetes_cluster: ${{ inputs.teleport_kubernetes_cluster }} - name: "Configure algolia" id: "set_algolia_settings" uses: nick-fields/retry@v3 From dc2c94a1f38a628ab257af1ecbdef9ce0020bdbe Mon Sep 17 00:00:00 2001 From: Louis GERARD Date: Wed, 21 Aug 2024 14:24:21 +0200 Subject: [PATCH 4/4] (PC-31321)[API] ci: bump pcapi-migration action --- .github/workflows/dev_on_workflow_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev_on_workflow_deploy.yml b/.github/workflows/dev_on_workflow_deploy.yml index 698a46c3be0..a7cf8af829c 100644 --- a/.github/workflows/dev_on_workflow_deploy.yml +++ b/.github/workflows/dev_on_workflow_deploy.yml @@ -68,7 +68,7 @@ jobs: teleport_kubernetes_cluster: ${{ inputs.teleport_kubernetes_cluster }} - name: "Play pre-migrations" - uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.1.0 + uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.2.0 with: environment: ${{ inputs.environment }} app_version: ${{ inputs.app_version }} @@ -122,7 +122,7 @@ jobs: with: app_name: pcapi-${{ inputs.environment }} - name: "Play post-migrations" - uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.1.0 + uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.2.0 with: environment: ${{ inputs.environment }} app_version: ${{ inputs.app_version }}