From a0cfab2b2db8c028969d7b4e793de8c7a40ba4de Mon Sep 17 00:00:00 2001 From: Milamary Date: Tue, 2 Apr 2024 21:38:17 -0700 Subject: [PATCH 1/6] ARC runners: deploy-on-demand-v2.yml --- .github/workflows/deploy-on-demand-v2.yml | 72 ++++++++++++----------- 1 file changed, 39 insertions(+), 33 deletions(-) diff --git a/.github/workflows/deploy-on-demand-v2.yml b/.github/workflows/deploy-on-demand-v2.yml index 8e6b13e..880d6a1 100644 --- a/.github/workflows/deploy-on-demand-v2.yml +++ b/.github/workflows/deploy-on-demand-v2.yml @@ -9,6 +9,7 @@ on: type: choice options: - dev + - preprod env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -21,11 +22,13 @@ env: PROJECT: ota-admin-portal-v2 REGISTRY: fiskercloud.azurecr.io +permissions: + id-token: write + contents: read + jobs: build: runs-on: ubuntu-latest - outputs: - build-env: ${{ steps.set-env.outputs.ENVIRONMENT }} steps: - name: Slack Notification uses: rtCamp/action-slack-notify@v2 @@ -34,7 +37,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -48,22 +51,6 @@ jobs: - name: JFrog Auth run: echo ${JFROG_NPMRC} | base64 -d > .npmrc - - name: Set Env - env: - ENV: ${{ inputs.environment }} - id: set-env - run: | - case ${ENV} in - dev) - ENVIRONMENT=dev;; - preprod) - ENVIRONMENT=prd;; - *) - ENVIRONMENT=dev;; - esac - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_OUTPUT - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -71,7 +58,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . - build-args: ENVIRONMENT=${{ env.ENVIRONMENT }} + build-args: ENVIRONMENT=${{ inputs.environment }} push: true tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }} cache-from: type=gha @@ -82,30 +69,49 @@ jobs: uses: rtCamp/action-slack-notify@v2 env: SLACK_COLOR: ${{ job.status }} - SLACK_MESSAGE: "Failed to build ${{ env.PROJECT }} ${{ inputs.environment }}! :this-is-fine:" + SLACK_MESSAGE: "Failed to build ${{ env.PROJECT }} in ${{ inputs.environment }}! :this-is-fine:" deploy: needs: build - runs-on: [self-hosted, azure] - env: - ENVIRONMENT: ${{ needs.build.outputs.build-env }} + runs-on: arc-azure-${{ inputs.environment }} steps: - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ inputs.environment }}... :partydeploy:" - - name: Deploy - run: |- - helm upgrade \ - --kube-context $ENVIRONMENT \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG \ - --wait -i -f k8s/values-$ENVIRONMENT.yaml $PROJECT k8s/ + - name: Set env + run: | + case ${{ inputs.environment }} in + dev) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + preprod) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_PREPROD }};; + *) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + esac + + echo "KUBECONFIG=${KUBECONFIG}" >> $GITHUB_ENV + + - name: Deploy to env + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ env.KUBECONFIG }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG \ + --wait -i -f k8s/values-${{ inputs.environment }}.yaml $PROJECT k8s/ - name: Notify deploy failure if: ${{ failure() }} From d14273f0266fe640b3b173d7c4269298478d1dcd Mon Sep 17 00:00:00 2001 From: Milamary Date: Tue, 2 Apr 2024 21:38:43 -0700 Subject: [PATCH 2/6] ARC runners: deploy-on-demand.yml --- .github/workflows/deploy-on-demand.yml | 111 ++++++++++++++----------- 1 file changed, 62 insertions(+), 49 deletions(-) diff --git a/.github/workflows/deploy-on-demand.yml b/.github/workflows/deploy-on-demand.yml index d60a444..f7ff110 100644 --- a/.github/workflows/deploy-on-demand.yml +++ b/.github/workflows/deploy-on-demand.yml @@ -21,11 +21,13 @@ env: PROJECT: ota-admin-portal REGISTRY: fiskercloud.azurecr.io +permissions: + id-token: write + contents: read + jobs: build: runs-on: ubuntu-latest - outputs: - build-env: ${{ steps.set-env.outputs.ENVIRONMENT }} steps: - name: Slack Notification uses: rtCamp/action-slack-notify@v2 @@ -34,7 +36,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -45,21 +47,6 @@ jobs: username: ${{ secrets.AZURE_CLIENT_ID }} password: ${{ secrets.AZURE_CLIENT_SECRET }} - - name: Set Env - env: - ENV: ${{ inputs.environment }} - id: set-env - run: | - case ${ENV} in - dev) - ENVIRONMENT=dev;; - preprod) - ENVIRONMENT=prd;; - *) - ENVIRONMENT=dev;; - esac - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV - echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -68,44 +55,70 @@ jobs: uses: docker/build-push-action@v5 with: context: . - build-args: ENVIRONMENT=${{ env.ENVIRONMENT }} + build-args: ENVIRONMENT=${{ inputs.environment }} push: true - tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }}-${{ env.ENVIRONMENT }} + tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }}-${{ inputs.environment }} cache-from: type=gha cache-to: type=gha,mode=max - deploy: - needs: build - runs-on: [self-hosted, azure] - env: - ENVIRONMENT: ${{ needs.build.outputs.build-env }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - uses: rtCamp/action-slack-notify@v2 - env: - MSG_MINIMAL: true - SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ inputs.environment }}... :partydeploy:" - - - name: Deploy - run: |- - helm upgrade \ - --kube-context $ENVIRONMENT \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-$ENVIRONMENT \ - --wait -i -f k8s/values-$ENVIRONMENT.yaml $PROJECT k8s/ - - - name: Notify deploy - uses: rtCamp/action-slack-notify@v2 - env: - MSG_MINIMAL: true - SLACK_MESSAGE: "Successfully deployed ${{ env.PROJECT }} to ${{ inputs.environment }}! :gopher_party:" - - name: Notify if failure + if: ${{ failure() }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_COLOR: ${{ job.status }} + SLACK_MESSAGE: "Failed to build ${{ env.PROJECT }} in ${{ inputs.environment }}! :this-is-fine:" + + deploy: + needs: build + runs-on: arc-azure-${{ inputs.environment }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 + env: + MSG_MINIMAL: true + SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ inputs.environment }}... :partydeploy:" + + - name: Set env + run: | + case ${{ inputs.environment }} in + dev) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + preprod) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_PREPROD }};; + *) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; + esac + + echo "KUBECONFIG=${KUBECONFIG}" >> $GITHUB_ENV + + - name: Deploy to env + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ env.KUBECONFIG }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-${{ inputs.environment }} \ + --wait -i -f k8s/values-${{ inputs.environment }}.yaml $PROJECT k8s/ + + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 env: SLACK_COLOR: ${{ job.status }} SLACK_MESSAGE: "Failed to deploy ${{ env.PROJECT }} to ${{ inputs.environment }}! :this-is-fine:" + + - name: Notify deploy success + uses: rtCamp/action-slack-notify@v2 + env: + MSG_MINIMAL: true + SLACK_MESSAGE: "Successfully deployed ${{ env.PROJECT }} to ${{ inputs.environment }}! :gopher_party:" \ No newline at end of file From 12dad92f4ec7292cd1c130af8eaebd26591995b4 Mon Sep 17 00:00:00 2001 From: Milamary Date: Tue, 2 Apr 2024 21:39:03 -0700 Subject: [PATCH 3/6] ARC runners: deploy.yml --- .github/workflows/deploy.yml | 136 ++++++++++++++++++++++++----------- 1 file changed, 94 insertions(+), 42 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e2301d8..108e579 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,6 +15,10 @@ env: PROJECT: ota-admin-portal REGISTRY: fiskercloud.azurecr.io +permissions: + id-token: write + contents: read + jobs: build-dev: runs-on: ubuntu-latest @@ -27,7 +31,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -60,25 +64,37 @@ jobs: deploy-dev: needs: [build-dev] - runs-on: [self-hosted, azure] + runs-on: [ arc-azure-dev ] environment: dev steps: - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to dev... :partydeploy:" - name: Deploy to dev - run: |- - helm upgrade \ - --kube-context dev \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-dev \ - --wait -i -f k8s/values-dev.yaml $PROJECT k8s/ + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_DEV }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-dev \ + --wait -i -f k8s/values-dev.yaml $PROJECT k8s/ + + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} @@ -104,7 +120,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -137,26 +153,38 @@ jobs: deploy-preprod: needs: [deploy-dev, build-preprod] - runs-on: [self-hosted, azure] - environment: stg + runs-on: [ arc-azure-preprod ] + environment: preprod steps: + - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to preprod... :partydeploy:" - name: Deploy to preprod - run: |- - helm upgrade \ - --kube-context prd \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-prd \ - --wait -i -f k8s/values-prd.yaml $PROJECT k8s/ - + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_PREPROD }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-prd \ + --wait -i -f k8s/values-prd.yaml $PROJECT k8s/ + + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 @@ -181,7 +209,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -214,26 +242,38 @@ jobs: deploy-cec-prd: needs: [deploy-dev, deploy-preprod, build-cec-prd] - runs-on: [self-hosted, azure] + runs-on: [ arc-azure-cec-prd ] environment: prd steps: + - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to cec-prd... :partydeploy:" - name: Deploy to cec-prd - run: |- - helm upgrade \ - --kube-context cec-prd-cluster-1 \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-cec-prd \ - --wait -i -f k8s/values-cec-prd.yaml $PROJECT k8s/ + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_CEC_PRD }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-cec-prd \ + --wait -i -f k8s/values-cec-prd.yaml $PROJECT k8s/ + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 @@ -258,7 +298,7 @@ jobs: uses: actions/checkout@v4 - name: Azure Login - uses: azure/login@v1 + uses: azure/login@v2 with: creds: ${{ secrets.AZURE_CREDENTIALS }} @@ -291,25 +331,37 @@ jobs: deploy-cec-euprd: needs: [deploy-dev, deploy-preprod, build-cec-euprd] - runs-on: [self-hosted, azure] + runs-on: [ arc-azure-cec-euprd ] environment: prd steps: - name: Checkout uses: actions/checkout@v4 - - uses: rtCamp/action-slack-notify@v2 + - name: Notify deploy + uses: rtCamp/action-slack-notify@v2 env: MSG_MINIMAL: true SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to cec-euprd... :partydeploy:" - name: Deploy to cec-euprd - run: |- - helm upgrade \ - --kube-context cec-euprd-cluster-1 \ - --set image.registry=$REGISTRY \ - --set image.name=$PROJECT \ - --set image.tag=$TAG-cec-euprd \ - --wait -i -f k8s/values-cec-euprd.yaml $PROJECT k8s/ + id: deploy + uses: koslib/helm-eks-action@v1.28.0 + env: + KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG_AZURE_CEC_EUPRD }} + with: + command: | + helm upgrade \ + --atomic \ + --create-namespace \ + --namespace default \ + --set image.registry=$REGISTRY \ + --set image.name=$PROJECT \ + --set image.tag=$TAG-cec-euprd \ + --wait -i -f k8s/values-cec-euprd.yaml $PROJECT k8s/ + + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} From 3a19506465b3ab5d4989bee1d58f3443566e4988 Mon Sep 17 00:00:00 2001 From: Milamary Date: Tue, 2 Apr 2024 21:39:37 -0700 Subject: [PATCH 4/6] tagged shared workflow --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6a3ecc7..91553b0 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -9,4 +9,4 @@ on: jobs: prcheck: - uses: Fisker-Inc/github-actions/.github/workflows/pr.yml@main + uses: Fisker-Inc/github-actions/.github/workflows/pr.yml@v1.0.16 From e5e96491d1b56344239864042033a730526e1493 Mon Sep 17 00:00:00 2001 From: Milamary Date: Tue, 2 Apr 2024 21:46:52 -0700 Subject: [PATCH 5/6] ARC runners: added Deploy Response step --- .github/workflows/deploy-on-demand-v2.yml | 3 +++ .github/workflows/deploy-on-demand.yml | 3 +++ .github/workflows/deploy.yml | 2 -- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-on-demand-v2.yml b/.github/workflows/deploy-on-demand-v2.yml index 880d6a1..7272689 100644 --- a/.github/workflows/deploy-on-demand-v2.yml +++ b/.github/workflows/deploy-on-demand-v2.yml @@ -113,6 +113,9 @@ jobs: --set image.tag=$TAG \ --wait -i -f k8s/values-${{ inputs.environment }}.yaml $PROJECT k8s/ + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/deploy-on-demand.yml b/.github/workflows/deploy-on-demand.yml index f7ff110..e5ac63e 100644 --- a/.github/workflows/deploy-on-demand.yml +++ b/.github/workflows/deploy-on-demand.yml @@ -110,6 +110,9 @@ jobs: --set image.tag=$TAG-${{ inputs.environment }} \ --wait -i -f k8s/values-${{ inputs.environment }}.yaml $PROJECT k8s/ + - name: Deploy Response + run: echo "Response was ${{ steps.deploy.outputs.response }}" + - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 108e579..1400ca8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -95,7 +95,6 @@ jobs: - name: Deploy Response run: echo "Response was ${{ steps.deploy.outputs.response }}" - - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 @@ -362,7 +361,6 @@ jobs: - name: Deploy Response run: echo "Response was ${{ steps.deploy.outputs.response }}" - - name: Notify deploy failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 From becc5872b6c4584378a84f2d35234266347b34a7 Mon Sep 17 00:00:00 2001 From: Milamary Date: Wed, 3 Apr 2024 10:58:59 -0700 Subject: [PATCH 6/6] ARC runners: added prod envs to deploy-on-demand pipelines --- .github/workflows/deploy-on-demand-v2.yml | 6 ++++++ .github/workflows/deploy-on-demand.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/deploy-on-demand-v2.yml b/.github/workflows/deploy-on-demand-v2.yml index 7272689..0e1dfac 100644 --- a/.github/workflows/deploy-on-demand-v2.yml +++ b/.github/workflows/deploy-on-demand-v2.yml @@ -10,6 +10,8 @@ on: options: - dev - preprod + - cec-prd + - cec-euprd env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -91,6 +93,10 @@ jobs: KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; preprod) KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_PREPROD }};; + cec-prd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_PRD }};; + cec-euprd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_EUPRD }};; *) KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; esac diff --git a/.github/workflows/deploy-on-demand.yml b/.github/workflows/deploy-on-demand.yml index e5ac63e..1af79b3 100644 --- a/.github/workflows/deploy-on-demand.yml +++ b/.github/workflows/deploy-on-demand.yml @@ -10,6 +10,8 @@ on: options: - dev - preprod + - cec-prd + - cec-euprd env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -88,6 +90,10 @@ jobs: KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; preprod) KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_PREPROD }};; + cec-prd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_PRD }};; + cec-euprd) + KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_CEC_EUPRD }};; *) KUBECONFIG=${{ secrets.KUBECONFIG_AZURE_DEV }};; esac