diff --git a/.github/workflows/deploy-on-demand-v2.yml b/.github/workflows/deploy-on-demand-v2.yml index 8e6b13e..0e1dfac 100644 --- a/.github/workflows/deploy-on-demand-v2.yml +++ b/.github/workflows/deploy-on-demand-v2.yml @@ -9,6 +9,9 @@ on: type: choice options: - dev + - preprod + - cec-prd + - cec-euprd env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -21,11 +24,13 @@ env: PROJECT: ota-admin-portal-v2 REGISTRY: fiskercloud.azurecr.io +permissions: + id-token: write + contents: read + jobs: build: runs-on: ubuntu-latest - outputs: - build-env: ${{ steps.set-env.outputs.ENVIRONMENT }} steps: - name: Slack Notification uses: rtCamp/action-slack-notify@v2 @@ -34,7 +39,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -48,22 +53,6 @@ jobs: - name: JFrog Auth run: echo ${JFROG_NPMRC} | base64 -d > .npmrc - - name: Set Env - env: - ENV: ${{ inputs.environment }} - id: set-env - run: | - case ${ENV} in - dev) - ENVIRONMENT=dev;; - preprod) - ENVIRONMENT=prd;; - *) - ENVIRONMENT=dev;; - esac - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_OUTPUT - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -71,7 +60,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . - build-args: ENVIRONMENT=${{ env.ENVIRONMENT }} + build-args: ENVIRONMENT=${{ inputs.environment }} push: true tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }} cache-from: type=gha @@ -82,30 +71,56 @@ jobs: uses: rtCamp/action-slack-notify@v2 env: SLACK_COLOR: ${{ job.status }} - SLACK_MESSAGE: "Failed to build ${{ env.PROJECT }} ${{ inputs.environment }}! :this-is-fine:" + SLACK_MESSAGE: "Failed to build ${{ env.PROJECT }} in ${{ inputs.environment }}! :this-is-fine:" deploy: needs: build - runs-on: [self-hosted, azure] - env: - ENVIRONMENT: ${{ needs.build.outputs.build-env }} + runs-on: arc-azure-${{ inputs.environment }} steps: - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ inputs.environment }}... :partydeploy:" - - name: Deploy - run: |- - helm upgrade \ - --kube-context $ENVIRONMENT \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG \ - --wait -i -f k8s/values-$ENVIRONMENT.yaml $PROJECT k8s/ + - name: Set env + run: | + case ${{ inputs.environment }} in + dev) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + preprod) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_PREPROD }};; + cec-prd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_PRD }};; + cec-euprd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_EUPRD }};; + *) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + esac + + echo "KUBECONFIG=${KUBECONFIG}" >> $GITHUB_ENV + + - name: Deploy to env + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ env.KUBECONFIG }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG \ + --wait -i -f k8s/values-${{ inputs.environment }}.yaml $PROJECT k8s/ + + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" - name: Notify deploy failure if: ${{ failure() }} diff --git a/.github/workflows/deploy-on-demand.yml b/.github/workflows/deploy-on-demand.yml index d60a444..1af79b3 100644 --- a/.github/workflows/deploy-on-demand.yml +++ b/.github/workflows/deploy-on-demand.yml @@ -10,6 +10,8 @@ on: options: - dev - preprod + - cec-prd + - cec-euprd env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -21,11 +23,13 @@ env: PROJECT: ota-admin-portal REGISTRY: fiskercloud.azurecr.io +permissions: + id-token: write + contents: read + jobs: build: runs-on: ubuntu-latest - outputs: - build-env: ${{ steps.set-env.outputs.ENVIRONMENT }} steps: - name: Slack Notification uses: rtCamp/action-slack-notify@v2 @@ -34,7 +38,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -45,21 +49,6 @@ jobs: username: ${{ secrets.AZURE_CLIENT_ID }} password: ${{ secrets.AZURE_CLIENT_SECRET }} - - name: Set Env - env: - ENV: ${{ inputs.environment }} - id: set-env - run: | - case ${ENV} in - dev) - ENVIRONMENT=dev;; - preprod) - ENVIRONMENT=prd;; - *) - ENVIRONMENT=dev;; - esac - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -68,44 +57,77 @@ jobs: uses: docker/build-push-action@v5 with: context: . - build-args: ENVIRONMENT=${{ env.ENVIRONMENT }} + build-args: ENVIRONMENT=${{ inputs.environment }} push: true - tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }}-${{ env.ENVIRONMENT }} + tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }}-${{ inputs.environment }} cache-from: type=gha cache-to: type=gha,mode=max - deploy: - needs: build - runs-on: [self-hosted, azure] - env: - ENVIRONMENT: ${{ needs.build.outputs.build-env }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - uses: rtCamp/action-slack-notify@v2 - env: - MSG_MINIMAL: true - SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ inputs.environment }}... :partydeploy:" - - - name: Deploy - run: |- - helm upgrade \ - --kube-context $ENVIRONMENT \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-$ENVIRONMENT \ - --wait -i -f k8s/values-$ENVIRONMENT.yaml $PROJECT k8s/ - - - name: Notify deploy - uses: rtCamp/action-slack-notify@v2 - env: - MSG_MINIMAL: true - SLACK_MESSAGE: "Successfully deployed ${{ env.PROJECT }} to ${{ inputs.environment }}! :gopher_party:" - - name: Notify if failure + if: ${{ failure() }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_COLOR: ${{ job.status }} + SLACK_MESSAGE: "Failed to build ${{ env.PROJECT }} in ${{ inputs.environment }}! :this-is-fine:" + + deploy: + needs: build + runs-on: arc-azure-${{ inputs.environment }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 + env: + MSG_MINIMAL: true + SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ inputs.environment }}... :partydeploy:" + + - name: Set env + run: | + case ${{ inputs.environment }} in + dev) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + preprod) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_PREPROD }};; + cec-prd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_PRD }};; + cec-euprd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_EUPRD }};; + *) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + esac + + echo "KUBECONFIG=${KUBECONFIG}" >> $GITHUB_ENV + + - name: Deploy to env + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ env.KUBECONFIG }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-${{ inputs.environment }} \ + --wait -i -f k8s/values-${{ inputs.environment }}.yaml $PROJECT k8s/ + + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 env: SLACK_COLOR: ${{ job.status }} SLACK_MESSAGE: "Failed to deploy ${{ env.PROJECT }} to ${{ inputs.environment }}! :this-is-fine:" + + - name: Notify deploy success + uses: rtCamp/action-slack-notify@v2 + env: + MSG_MINIMAL: true + SLACK_MESSAGE: "Successfully deployed ${{ env.PROJECT }} to ${{ inputs.environment }}! :gopher_party:" \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e2301d8..1400ca8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,6 +15,10 @@ env: PROJECT: ota-admin-portal REGISTRY: fiskercloud.azurecr.io +permissions: + id-token: write + contents: read + jobs: build-dev: runs-on: ubuntu-latest @@ -27,7 +31,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -60,26 +64,37 @@ jobs: deploy-dev: needs: [build-dev] - runs-on: [self-hosted, azure] + runs-on: [ arc-azure-dev ] environment: dev steps: - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to dev... :partydeploy:" - name: Deploy to dev - run: |- - helm upgrade \ - --kube-context dev \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-dev \ - --wait -i -f k8s/values-dev.yaml $PROJECT k8s/ + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_DEV }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-dev \ + --wait -i -f k8s/values-dev.yaml $PROJECT k8s/ + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 @@ -104,7 +119,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -137,26 +152,38 @@ jobs: deploy-preprod: needs: [deploy-dev, build-preprod] - runs-on: [self-hosted, azure] - environment: stg + runs-on: [ arc-azure-preprod ] + environment: preprod steps: + - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to preprod... :partydeploy:" - name: Deploy to preprod - run: |- - helm upgrade \ - --kube-context prd \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-prd \ - --wait -i -f k8s/values-prd.yaml $PROJECT k8s/ - + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_PREPROD }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-prd \ + --wait -i -f k8s/values-prd.yaml $PROJECT k8s/ + + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 @@ -181,7 +208,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -214,26 +241,38 @@ jobs: deploy-cec-prd: needs: [deploy-dev, deploy-preprod, build-cec-prd] - runs-on: [self-hosted, azure] + runs-on: [ arc-azure-cec-prd ] environment: prd steps: + - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to cec-prd... :partydeploy:" - name: Deploy to cec-prd - run: |- - helm upgrade \ - --kube-context cec-prd-cluster-1 \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-cec-prd \ - --wait -i -f k8s/values-cec-prd.yaml $PROJECT k8s/ + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_CEC_PRD }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-cec-prd \ + --wait -i -f k8s/values-cec-prd.yaml $PROJECT k8s/ + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 @@ -258,7 +297,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -291,26 +330,37 @@ jobs: deploy-cec-euprd: needs: [deploy-dev, deploy-preprod, build-cec-euprd] - runs-on: [self-hosted, azure] + runs-on: [ arc-azure-cec-euprd ] environment: prd steps: - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to cec-euprd... :partydeploy:" - name: Deploy to cec-euprd - run: |- - helm upgrade \ - --kube-context cec-euprd-cluster-1 \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-cec-euprd \ - --wait -i -f k8s/values-cec-euprd.yaml $PROJECT k8s/ + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_CEC_EUPRD }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-cec-euprd \ + --wait -i -f k8s/values-cec-euprd.yaml $PROJECT k8s/ + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6a3ecc7..91553b0 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -9,4 +9,4 @@ on: jobs: prcheck: - uses: Fisker-Inc/github-actions/.github/workflows/pr.yml@main + uses: Fisker-Inc/github-actions/.github/workflows/pr.yml@v1.0.16