-
Notifications
You must be signed in to change notification settings - Fork 0
221 lines (171 loc) · 8.76 KB
/
build-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
name: Build and deploy cdapp auth-proxy docker image
on:
workflow_dispatch: # Allows manual workflow trigger
repository_dispatch: # Allows API workflow trigger
types: [cdapp-auth-proxy]
push:
branches: # Automatically deploy on commits to master
- master
- master-arbitrum
paths-ignore:
- '.github/**'
- '**.md'
concurrency:
group: ${{ github.ref }}-cdapp-auth-proxy
cancel-in-progress: true
# Set global env variables
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
ECR_REPOSITORY: ${{ secrets.AWS_ACCOUNT_ID_QA }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/cdapp/auth-proxy
COMMIT_HASH: ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }}
jobs:
# Build cdapp auth-proxy and push to AWS ECR
buildAndPush:
runs-on: ubuntu-latest
steps:
- name: Echo Env Vars through Context
run: |
echo "$GITHUB_CONTEXT"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Checkout relevant branch
run: git checkout ${{ github.event.client_payload.COMMIT_HASH != null && github.event.client_payload.COMMIT_HASH || github.sha }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}
file: ./Dockerfile
push: true
tags: |
${{ env.ECR_REPOSITORY }}:run-${{ github.run_number }}
${{ env.ECR_REPOSITORY }}:${{ (github.ref == 'refs/heads/master' && 'gnosis') || (github.ref == 'refs/heads/master-arbitrum' && 'arbitrum') }}
${{ env.ECR_REPOSITORY }}:${{ env.COMMIT_HASH }}
- uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
if: always()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
title: "Build and push cdapp auth-proxy"
# Deploy cdapp auth-proxy to QA environment
deployQA:
needs: buildAndPush
runs-on: ubuntu-latest
env:
NAMESPACE: cdapp
CLUSTER_NAME: qa-cluster
# Tagging image based on whether we are deploying to gnosis or arbitrum
ENVIRONMENT_TAG: ${{ (github.ref == 'refs/heads/master' && 'qa') || (github.ref == 'refs/heads/master-arbitrum' && 'qa-arbitrum-sepolia') }}
REPOSITORY_NAME: cdapp/auth-proxy
steps:
- name: Configure AWS credentials for ECR
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Echo current image and tag new image
run: |
echo -e "Getting image info...\n"
echo -e "###### Current image being used ######\n"
SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
echo -e "\n###### Tagging new image with environment tag ######"
MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest')
aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST"
echo -e "\n###### New image being used ######\n"
SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
- name: Configure AWS credentials for EKS
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_QA }}:role/eks-admin
role-session-name: github-cicd
role-duration-seconds: 1200
aws-region: ${{ env.AWS_REGION }}
- name: Configure AWS EKS
run: |
aws eks --region ${{ env.AWS_REGION }} update-kubeconfig --name ${{ env.CLUSTER_NAME }}
- name: Deploy to Kubernetes cluster
run: |
kubectl rollout restart deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }}
- name: Validate Kubernetes deployment
run: |
kubectl rollout status deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }}
- uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
if: always()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
title: "Deploy cdapp auth-proxy to ${{ env.ENVIRONMENT_TAG }}"
# Deploy cdapp auth-proxy to Prod environment
deployProd:
needs: deployQA
environment: prod
runs-on: ubuntu-latest
env:
NAMESPACE: cdapp
CLUSTER_NAME: prod-cluster
# Tagging image based on whether we are deploying to gnosis or arbitrum
ENVIRONMENT_TAG: ${{ (github.ref == 'refs/heads/master' && 'qa') || (github.ref == 'refs/heads/master-arbitrum' && 'prod-arbitrum-one') }}
REPOSITORY_NAME: cdapp/auth-proxy
steps:
- name: Configure AWS credentials for ECR
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_QA }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_QA }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Echo current image and tag new image
run: |
echo -e "Getting image info...\n"
echo -e "###### Current image being used ######\n"
SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
echo -e "\n###### Tagging new image with environment tag ######"
MANIFEST=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.COMMIT_HASH }} --output json | jq --raw-output --join-output '.images[0].imageManifest')
aws ecr put-image --repository-name ${{ env.REPOSITORY_NAME }} --image-tag ${{ env.ENVIRONMENT_TAG }} --image-manifest "$MANIFEST"
echo -e "\n###### New image being used ######\n"
SHA256=$(aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageTag=${{ env.ENVIRONMENT_TAG }} --output json | jq '.images[].imageId.imageDigest')
aws ecr batch-get-image --repository-name ${{ env.REPOSITORY_NAME }} --image-ids imageDigest=$SHA256 --output json | jq '.images[].imageId'
- name: Configure AWS credentials for EKS
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_PROD }}:role/eks-admin
role-session-name: github-cicd
role-duration-seconds: 1200
aws-region: ${{ env.AWS_REGION }}
- name: Configure AWS EKS
run: |
aws eks --region ${{ env.AWS_REGION }} update-kubeconfig --name ${{ env.CLUSTER_NAME }}
- name: Deploy to Kubernetes cluster
run: |
kubectl rollout restart deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }}
- name: Validate Kubernetes deployment
run: |
kubectl rollout status deployment/cdapp-auth-proxy-${{ env.ENVIRONMENT_TAG }} -n ${{ env.NAMESPACE }}
- uses: sarisia/actions-status-discord@c193626e5ce172002b8161e116aa897de7ab5383
if: always()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
title: "Deploy cdapp auth-proxy to ${{ env.ENVIRONMENT_TAG }}"