-
-
Notifications
You must be signed in to change notification settings - Fork 2
144 lines (141 loc) · 5.98 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Deploy
on:
workflow_dispatch:
inputs:
version:
description: 'The version of the image to deploy'
type: string
required: true
image:
description: 'The image to update'
type: string
required: true
deploy-domain:
description: 'The domain to check for deployment'
type: string
required: true
k8s-environment:
description: 'The k8s environment to deploy to, needs to be a valid folder under deployment'
type: string
required: true
workflow_call:
inputs:
version:
description: 'The version of the image to deploy'
type: string
required: true
image:
description: 'The image to update, can use * to update all images'
type: string
required: true
deploy-domain:
description: 'The domain to check for deployment'
type: string
required: true
k8s-environment:
description: 'The k8s environment to deploy to, needs to be a valid folder under deployment'
type: string
required: true
jobs:
deploy:
# deploy checks out the fleet repo, we may run into conflicts if we try to run multiple deploys at the same time
# however due to how concurrency works with environment approvals we don't want to block all deploys
# see discussion here: https://github.com/orgs/community/discussions/17401
# this could result in our push failing if we try to push at the same time as another deploy
concurrency: ${{ inputs.k8s-environment }}
runs-on: ubuntu-latest
environment:
name: ${{ inputs.k8s-environment }}
url: https://${{ inputs.deploy-domain }}
outputs:
api-version: ${{ steps.get-api-version.outputs.result }}
fw-headless-version: ${{ steps.get-fw-headless-version.outputs.result }}
ui-version: ${{ steps.get-ui-version.outputs.result }}
steps:
- name: Checkout lexbox repo
uses: actions/checkout@v4
with:
path: lexbox
- name: Run kustomize
working-directory: lexbox/deployment/${{ inputs.k8s-environment }}
run: |
kubectl kustomize . -o resources.yaml
- name: Checkout fleet repo
uses: actions/checkout@v4
with:
repository: ${{ vars.FLEET_REPO }}
ssh-key: ${{ secrets.FLEET_REPO_SSH_KEY }}
path: fleet
ref: main
- name: Copy yaml resources to fleet repo
run: |
cp lexbox/deployment/${{ inputs.k8s-environment }}/resources.yaml fleet/${{ inputs.k8s-environment }}/
# this kustomization file is in the fleet repo and only modifies the image versions being used.
- name: Update image version in fleet kustomization.yaml
uses: mikefarah/yq@0b34c9a00de1c575a34eea05af1d956a525c4fc1 # v4.34.2
with:
cmd: yq eval -i '(.images.[] | select(.name == "${{ inputs.image }}").newTag) = "${{ inputs.version }}"' "fleet/${{ inputs.k8s-environment }}/kustomization.yaml"
- name: Get API version
uses: mikefarah/yq@0b34c9a00de1c575a34eea05af1d956a525c4fc1 # v4.34.2
id: get-api-version
with:
cmd: yq '.images.[] | select(.name == "ghcr.io/sillsdev/lexbox-api").newTag' "fleet/${{ inputs.k8s-environment }}/kustomization.yaml"
- name: Get FwHeadless version
uses: mikefarah/yq@0b34c9a00de1c575a34eea05af1d956a525c4fc1 # v4.34.2
id: get-fw-headless-version
with:
cmd: yq '.images.[] | select(.name == "ghcr.io/sillsdev/lexbox-fw-headless").newTag' "fleet/${{ inputs.k8s-environment }}/kustomization.yaml"
- name: Get UI version
uses: mikefarah/yq@0b34c9a00de1c575a34eea05af1d956a525c4fc1 # v4.34.2
id: get-ui-version
with:
cmd: yq '.images.[] | select(.name == "ghcr.io/sillsdev/lexbox-ui").newTag' "fleet/${{ inputs.k8s-environment }}/kustomization.yaml"
- name: Push to fleet repo
uses: EndBug/add-and-commit@v9 #https://github.com/EndBug/add-and-commit
with:
default_author: github_actions
message: "[Lexbox] Update ${{ inputs.k8s-environment }} image: ${{ inputs.image }} to ${{ inputs.version }}"
cwd: './fleet/'
add: '${{ inputs.k8s-environment }}/*'
push: true
verify-published:
name: Verify ${{ matrix.verify.name }} Published
runs-on: self-hosted #only self hosted can access develop, so we should just run all our verify tests on self hosted
if: ${{ inputs.image != 'ghcr.io/sillsdev/lexbox-hgweb' }}
needs: deploy
strategy:
fail-fast: true
matrix:
verify:
- version: ${{ needs.deploy.outputs.api-version }}
endpoint: ${{ inputs.deploy-domain }}/api/healthz
name: API
- version: ${{ needs.deploy.outputs.ui-version }}
endpoint: ${{ inputs.deploy-domain }}/healthz
name: UI
steps:
- name: Verify Version
env:
TARGET: 'https://${{ matrix.verify.endpoint }}'
EXPECTED_VERSION: ${{ matrix.verify.version }}
run: |
IterateCount=10
DelayMultiplier=5
n=0
until [ $n -ge $IterateCount ]
do
curl -s --head "$TARGET" > response.txt
# get version from response, trim off the header and fix the line endings
versionHeader=$((grep "lexbox-version" response.txt || echo VersionNotFound) | cut -d' ' -f 2 | tr -d '[:space:]')
status_code=$(grep -oP "HTTP\/\d(\.\d)? \K\d+" response.txt)
if [[ "$versionHeader" == "$EXPECTED_VERSION" && "$status_code" == "200" ]]; then
echo "Version and status code are correct"
exit 0
else
echo "Health check failed, Version '$versionHeader', expected '$EXPECTED_VERSION', status code '$status_code'"
n=$((n+1))
sleep $((DelayMultiplier * n))
fi
done
echo "Version $versionHeader is still incorrect after waiting"
exit 1