Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(PC-31321)[API] ci: use reusable actions for migration deployment workflow #13713

Merged
merged 4 commits into from
Aug 22, 2024
Merged

(PC-31321)[API] ci: use reusable actions for migration deployment workflow #13713

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7ccaaea
(PC-31321)[API] ci: use common action for migration
lgerard-pass Aug 16, 2024
783f26e
(PC-31321)[API] ci: create workflow to test changes on ops
lgerard-pass Aug 16, 2024
40c2cdc
(PC-31321)[API] ci: use teleport and argocd actions
lgerard-pass Aug 16, 2024
dc2c94a
(PC-31321)[API] ci: bump pcapi-migration action
lgerard-pass Aug 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/dev_on_dispatch_deploy_ops.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
on:
workflow_dispatch:
inputs:
pcapi_image_tag:
description: pcapi image tag to deploy
required: true

permissions: write-all

jobs:
deploy-to-ops:
name: "Deploy to ops"
uses: ./.github/workflows/dev_on_workflow_deploy.yml
with:
environment: ops
app_version: ${{ inputs.pcapi_image_tag }}
teleport_proxy: teleport.ops.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ops
deploy_api: true
deploy_pro: false
secrets:
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

3 changes: 0 additions & 3 deletions .github/workflows/dev_on_dispatch_release_deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,6 @@ jobs:
with:
environment: ${{ github.event.inputs.target_environment }}
app_version: ${{ needs.version.outputs.APP_VERSION }}
teleport_version: 15.2.5
teleport_proxy: teleport.ehp.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ehp
deploy_api: true
Expand All @@ -109,7 +108,6 @@ jobs:
with:
environment: integration
app_version: ${{ needs.version.outputs.APP_VERSION }}
teleport_version: 15.2.5
teleport_proxy: teleport.ehp.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ehp
deploy_api: true
Expand All @@ -127,7 +125,6 @@ jobs:
with:
environment: ${{ github.event.inputs.target_environment }}
app_version: ${{ needs.version.outputs.APP_VERSION }}
teleport_version: 15.2.5
teleport_proxy: teleport.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-prod
deploy_api: true
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/dev_on_push_workflow_main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,6 @@ jobs:
with:
environment: testing
app_version: ${{ github.sha }}
teleport_version: 15.2.5
teleport_proxy: teleport.ehp.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ehp
deploy_api: ${{ needs.test-api.result == 'success' }}
Expand All @@ -289,7 +288,6 @@ jobs:
with:
environment: ops
app_version: ${{ github.sha }}
teleport_version: 15.2.5
teleport_proxy: teleport.ops.passculture.team:443
teleport_kubernetes_cluster: passculture-metier-ops
deploy_api: ${{ needs.test-api.result == 'success' }}
Expand Down
102 changes: 23 additions & 79 deletions .github/workflows/dev_on_workflow_deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,6 @@ on:
app_version:
type: string
required: true
teleport_version:
type: string
required: true
teleport_proxy:
type: string
required: true
Expand Down Expand Up @@ -63,41 +60,19 @@ jobs:
with:
secrets: |-
API_TOKEN_GITHUB:passculture-metier-ehp/passculture-main-sa-access-token
- name: "Install Teleport"
uses: teleport-actions/setup@v1
with:
version: ${{ inputs.teleport_version }}
- name: "Teleport Authentication"
uses: teleport-actions/auth-k8s@v1
id: "teleport-auth"

- name: "Connect to cluster"
uses: pass-culture/common-workflows/actions/teleport-connect@teleport-connect/v0.1.0
with:
proxy: ${{ inputs.teleport_proxy }}
token: github-token
certificate-ttl: 1h
kubernetes-cluster: ${{ inputs.teleport_kubernetes_cluster }}
teleport_proxy: ${{ inputs.teleport_proxy }}
teleport_kubernetes_cluster: ${{ inputs.teleport_kubernetes_cluster }}

- name: "Play pre-migrations"
run: |
set -e
VERSION="${{ inputs.app_version }}"
export ENVIRONMENT="${{ inputs.environment }}"
IMAGE="europe-west1-docker.pkg.dev/passculture-infra-prod/pass-culture-artifact-registry/pcapi"
export IMAGE="${IMAGE}:${VERSION}"
export DATE=$(date +"%Y-%m-%d--%H-%M-%S")
JOB_NAME=pre-upgrade-${DATE}
envsubst < .github/workflows/templates/pre-upgrade-job.yaml | kubectl -n ${{ inputs.environment }} apply -f -
# kubectl logs returns 0 if pod is pending because of lack of resource so we use a more elaborate condition
kubectl wait -n ${{ inputs.environment }} --for=jsonpath='{.status.ready}'=1 jobs/${JOB_NAME} --timeout=180s
# Next lines assume that job's backoffLimit is 0
kubectl logs -n ${{ inputs.environment }} -f jobs/${JOB_NAME}
kubectl wait -n ${{ inputs.environment }} --for=condition=complete jobs/${JOB_NAME} || kubectl wait -n ${{ inputs.environment }} --for=condition=failed jobs/${JOB_NAME} # Sanity check that the job is over
failure=$(kubectl get -n ${{ inputs.environment }} jobs/${JOB_NAME} -o=jsonpath='{.status.conditions[?(@.type=="Failed")].status}') # Did the job fail or not so we can give correct return code
if [[ "$failure" == "True" ]]
then
exit 1
else
exit 0
fi
uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.2.0
with:
environment: ${{ inputs.environment }}
app_version: ${{ inputs.app_version }}
migration_type: pre

# Get pcapi secrets from source code, to be passed later as a helmfile parameter.
- name: "Generate pcapi secrets list"
Expand Down Expand Up @@ -142,40 +117,16 @@ jobs:
api_token_github_secret_name: passculture-metier-ehp/passculture-main-sa-access-token
chart_values_repository: ""
helmfile_path: "./pass-culture-deployment/helm/pcapi"
- name: "Install argocd cli"
id: install_argocd_cli
run: |
curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
rm argocd-linux-amd64
- name: "Check argocd application status"
id: check_status
run: |
kubectl config set-context --current --namespace=argocd
argocd app sync pcapi-${{ inputs.environment }} --core --async --prune
argocd app wait pcapi-${{ inputs.environment }} --core --timeout 600
- name: "Sync ArgoCD application"
uses: pass-culture/common-workflows/actions/argocd-sync@argocd-sync/v0.2.0
with:
app_name: pcapi-${{ inputs.environment }}
- name: "Play post-migrations"
run: |
set -e
VERSION="${{ inputs.app_version }}"
export ENVIRONMENT="${{ inputs.environment }}"
IMAGE="europe-west1-docker.pkg.dev/passculture-infra-prod/pass-culture-artifact-registry/pcapi"
export IMAGE="${IMAGE}:${VERSION}"
export DATE=$(date +"%Y-%m-%d--%H-%M-%S")
JOB_NAME=post-upgrade-${DATE}
envsubst < .github/workflows/templates/post-upgrade-job.yaml | kubectl -n ${{ inputs.environment }} apply -f -
# kubectl logs returns 0 if pod is pending because of lack of resource so we use a more elaborate condition
kubectl wait -n ${{ inputs.environment }} --for=jsonpath='{.status.ready}'=1 jobs/${JOB_NAME} --timeout=180s
# Next lines assume that job's backoffLimit is 0
kubectl logs -n ${{ inputs.environment }} -f jobs/${JOB_NAME}
kubectl wait -n ${{ inputs.environment }} --for=condition=complete jobs/${JOB_NAME} || kubectl wait -n ${{ inputs.environment }} --for=condition=failed jobs/${JOB_NAME} # Sanity check that the job is over
failure=$(kubectl get -n ${{ inputs.environment }} jobs/${JOB_NAME} -o=jsonpath='{.status.conditions[?(@.type=="Failed")].status}') # Did the job fail or not so we can give correct return code
if [[ "$failure" == "True" ]]
then
exit 1
else
exit 0
fi
uses: pass-culture/common-workflows/actions/pcapi-migration@pcapi-migration/v0.2.0
with:
environment: ${{ inputs.environment }}
app_version: ${{ inputs.app_version }}
migration_type: post

deploy-api-doc-on-firebase:
name: "Deploy api doc on firebase"
Expand Down Expand Up @@ -276,18 +227,11 @@ jobs:
contents: read
runs-on: ubuntu-latest
steps:
- name: "Install Teleport"
uses: teleport-actions/setup@v1
with:
version: ${{ inputs.teleport_version }}
- name: "Teleport Authentication"
id: "teleport-auth"
uses: teleport-actions/auth-k8s@v1
- name: "Connect to cluster"
uses: pass-culture/common-workflows/actions/teleport-connect@teleport-connect/v0.1.0
with:
proxy: ${{ inputs.teleport_proxy }}
token: github-token
certificate-ttl: 1h
kubernetes-cluster: ${{ inputs.teleport_kubernetes_cluster }}
teleport_proxy: ${{ inputs.teleport_proxy }}
teleport_kubernetes_cluster: ${{ inputs.teleport_kubernetes_cluster }}
- name: "Configure algolia"
id: "set_algolia_settings"
uses: nick-fields/retry@v3
Expand Down
Loading