Merge pull request #157 from coopTilleuls/feat/helm-chart-deploy

Feat/helm chart deploy
coopTilleuls · Apr 13, 2023 · b6cc9cc · b6cc9cc
2 parents d501d86 + 9ca4c7e
commit b6cc9cc
Show file tree

Hide file tree

Showing 32 changed files with 1,033 additions and 321 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -11,17 +11,16 @@ on:
     types: [ opened, reopened, synchronize, labeled ]
 
 jobs:
-  # TODO: uncomment before merge
-  # remove-deploy-label:
-  #   name: Remove deploy label
-  #   if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: mondeja/remove-labels-gh-action@v1
-  #       with:
-  #         token: ${{ secrets.GITHUB_TOKEN }}
-  #         labels: |
-  #           deploy
+  remove-deploy-label:
+    name: Remove deploy label
+    if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mondeja/remove-labels-gh-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: |
+            deploy
 
   build:
     name: Build
@@ -30,13 +29,12 @@ jobs:
     if: github.event_name != 'pull_request' || (github.event_name == 'pull_request')
     uses: ./.github/workflows/build.yml
 
-  # TODO: next step
-  # deploy:
-  #   name: Deploy
-  #   if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy'))
-  #   needs: [ build ]
-  #   uses: ./.github/workflows/deploy.yml
-  #   concurrency: ${{ github.ref }}-deploy
-  #   secrets:
-  #     kubeconfig: ${{ secrets.KUBECONFIG }}
-  #     domain: ${{ secrets.DOMAIN }}
+  deploy:
+    name: Deploy
+    if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy'))
+    needs: [ build ]
+    uses: ./.github/workflows/deploy.yml
+    concurrency: ${{ github.ref }}-deploy
+    secrets:
+      kubeconfig: ${{ secrets.KUBECONFIG }}
+      domain: ${{ secrets.DOMAIN }}
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -0,0 +1,33 @@
+name: Cleanup
+
+on:
+  pull_request:
+    types: [ closed ]
+
+jobs:
+  cleanup:
+    name: Cleanup
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set KUBECONFIG
+        run: |
+          mkdir ~/.kube
+          echo ${{ secrets.KUBECONFIG }} | base64 -d > ~/.kube/config
+          kubectl config view
+
+      - name: Uninstall helm release
+        id: uninstall_helm_release
+        run: |
+          export RELEASE_NAME=pr-$(jq --raw-output .pull_request.number $GITHUB_EVENT_PATH)
+          echo "Uninstalling release ${RELEASE_NAME}"
+          if ! helm uninstall ${RELEASE_NAME} --kube-context nonprod --wait ; then
+            echo "HELM Uninstall has failed !"
+            echo "Please ask the SRE team to manually clean remaining objects"
+            exit 1
+          fi
+          echo "HELM uninstall successfull"
+          echo "Cleaning remaining PVC..."
+          kubectl delete pvc -l app.kubernetes.io/instance=$RELEASE_NAME
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,91 @@
+name: Deploy
+
+on:
+  workflow_call:
+    secrets:
+      kubeconfig:
+        description: kubeconfig stored as a base64 encrypted secret
+        required: true
+      domain:
+        description: Main project deploy domain used in URLs
+        required: true 
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    #permissions:
+    #  contents: 'read'
+    #  id-token: 'write'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set kubeconfig
+        run: |
+          mkdir ~/.kube
+          echo ${{ secrets.kubeconfig }} | base64 -d > ~/.kube/config
+          kubectl config view
+
+      # https://github.com/helm/helm/issues/8036
+      - name: Build helm dependencies
+        run: |
+          set -o pipefail
+          # add all repos
+          if [ -f "./helm/chart/Chart.lock" ]; then
+            yq --indent 0 '.dependencies | map(["helm", "repo", "add", .name, .repository] | join(" ")) | .[]' "./helm/chart/Chart.lock"  | sh --;
+          fi
+          helm dependency build ./helm/chart
+
+      - name: Deploy on namespace
+        id: deploy
+        run: |
+          set -o pipefail
+          if [[ "${{ github.ref }}" == *"tag"* ]]; then
+              # Tags are deployed in prod
+              CONTEXT=prod
+              IMAGE_TAG=${{ github.ref_name }}
+              RELEASE_NAME=demo
+              URL=demo.${{ secrets.domain }}; 
+          else
+              CONTEXT=nonprod
+              IMAGE_TAG=sha-${GITHUB_SHA::7}
+              if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
+                  RELEASE_NAME=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
+              else
+                  RELEASE_NAME=${{ github.ref_name }}
+              fi
+              URL=${RELEASE_NAME}.nonprod.${{ secrets.domain }}
+          fi
+          REGISTRY_IMAGE_URL=ghcr.io/cooptilleuls \
+          helm upgrade --install $RELEASE_NAME ./helm/chart \
+            --atomic \
+            --debug \
+            --kube-context $CONTEXT \
+            --set=php.image.tag=${IMAGE_TAG} \
+            --set=caddy.image.tag=${IMAGE_TAG} \
+            --set=pwa.image.tag=${IMAGE_TAG} \
+            --set=ingress.hosts[0].host=${URL} \
+            --set=ingress.tls[0].secretName=${RELEASE_NAME}-tls \
+            --set=ingress.tls[0].hosts[0]=${URL} \
+            --set=postgresql.global.auth.password=changeme \
+            --set=mailer.dsn="smtp://maildev-maildev.maildev:1025" \
+            --values ./helm/chart/values-prod.yml \
+            | sed --unbuffered '/USER-SUPPLIED VALUES/,$d'
+          echo "URL=$URL" >> $GITHUB_OUTPUT
+
+      - name: Output deployment URL
+        uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          URL: ${{ steps.deploy.outputs.URL }}
+        with:
+          script: |
+            const { URL } = process.env
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `Chart has been deployed with this url:\n\`\`\`\n${URL}\n\`\`\``
+            })
diff --git a/api/migrations/Version20230328140424.php b/api/migrations/Version20230328140424.php
@@ -16,7 +16,7 @@ public function getDescription(): string
 
     public function up(Schema $schema): void
     {
-        $this->addSql('CREATE EXTENSION Postgis');
+        $this->addSql('CREATE EXTENSION IF NOT EXISTS postgis');
     }
 
     public function down(Schema $schema): void

diff --git a/helm/api-platform/Chart.lock b/helm/api-platform/Chart.lock
diff --git a/helm/api-platform/README.md b/helm/api-platform/README.md
diff --git a/helm/api-platform/templates/deployment.yaml b/helm/api-platform/templates/deployment.yaml
diff --git a/helm/api-platform/templates/pwa-service.yaml b/helm/api-platform/templates/pwa-service.yaml