diff --git a/.github/workflows/deployment-stage-prod.yml b/.github/workflows/deployment-stage-prod.yml index 1a8f6f647ae..bc5ec1ccea9 100644 --- a/.github/workflows/deployment-stage-prod.yml +++ b/.github/workflows/deployment-stage-prod.yml @@ -28,99 +28,5 @@ jobs: upgrade-or-install-deployment: name: Upgrade or install deployment needs: build-and-push - runs-on: ubuntu-latest - environment: ${{ github.ref_name }} - env: - environment: ${{ github.ref_name }} - domain: ${{ vars.SUBDOMAIN }}.${{ vars.DOMAIN }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 - - - name: Create a pending GitHub deployment - uses: bobheadxi/deployments@v1.4.0 - id: deployment - with: - step: start - token: ${{ secrets.REPO_ACCESS_TOKEN }} - env: ${{ env.environment }} - - - name: Upgrade or install helm release - run: | - # Setup authentication - mkdir ~/.kube && echo '${{ secrets.KUBECONFIG }}' > ~/.kube/config && chmod go-r ~/.kube/config - # Switch to the helm chart directory - cd .helm/ecamp3 - # Install dependency charts - helm dependency update - # Set the appVersion, workaround from https://github.com/helm/helm/issues/8194 so that we can - # later find out which deployments need to be upgraded - sed -i 's/^appVersion:.*$/appVersion: "${{ github.sha }}"/' Chart.yaml - # Install or upgrade the release - helm upgrade --install ecamp3-${{ env.environment }} . \ - --set imageTag=${{ github.sha }} \ - --set frontend.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-frontend' \ - --set print.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-print' \ - --set php.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-php' \ - --set caddy.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-caddy' \ - --set termsOfServiceLinkTemplate='https://ecamp3.ch/{lang}/tos' \ - --set domain=${{ env.domain }} \ - --set ingress.basicAuth.enabled=${{ vars.BASIC_AUTH_ENABLED || false }} \ - --set ingress.basicAuth.username=${{ secrets.BASIC_AUTH_USERNAME }} \ - --set ingress.basicAuth.password='${{ secrets.BASIC_AUTH_PASSWORD }}' \ - --set mail.dsn=${{ secrets.MAILER_DSN }} \ - --set postgresql.url='${{ secrets.POSTGRES_URL }}/${{ secrets.DB_NAME }}?sslmode=require' \ - --set postgresql.dropDBOnUninstall=false \ - --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \ - --set php.appSecret='${{ secrets.API_APP_SECRET }}' \ - --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \ - --set php.jwt.passphrase='${{ secrets.JWT_PASSPHRASE }}' \ - --set php.jwt.publicKey='${{ secrets.JWT_PUBLIC_KEY }}' \ - --set php.jwt.privateKey='${{ secrets.JWT_PRIVATE_KEY }}' \ - --set php.oauth.google.clientId='${{ secrets.OAUTH_GOOGLE_CLIENT_ID }}' \ - --set php.oauth.google.clientSecret='${{ secrets.OAUTH_GOOGLE_CLIENT_SECRET }}' \ - --set php.oauth.pbsmidata.clientId='${{ secrets.OAUTH_PBSMIDATA_CLIENT_ID }}' \ - --set php.oauth.pbsmidata.clientSecret='${{ secrets.OAUTH_PBSMIDATA_CLIENT_SECRET }}' \ - --set php.oauth.pbsmidata.baseUrl='${{ secrets.OAUTH_PBSMIDATA_BASE_URL }}' \ - --set php.oauth.cevidb.clientId='${{ secrets.OAUTH_CEVIDB_CLIENT_ID }}' \ - --set php.oauth.cevidb.clientSecret='${{ secrets.OAUTH_CEVIDB_CLIENT_SECRET }}' \ - --set php.oauth.cevidb.baseUrl='${{ secrets.OAUTH_CEVIDB_BASE_URL }}' \ - --set php.oauth.jubladb.clientId='${{ secrets.OAUTH_JUBLADB_CLIENT_ID }}' \ - --set php.oauth.jubladb.clientSecret='${{ secrets.OAUTH_JUBLADB_CLIENT_SECRET }}' \ - --set php.oauth.jubladb.baseUrl='${{ secrets.OAUTH_JUBLADB_BASE_URL }}' \ - --set frontend.sentryDsn='${{ secrets.FRONTEND_SENTRY_DSN }}' \ - --set print.sentryDsn='${{ secrets.PRINT_SENTRY_DSN }}' \ - --set print.ingress.readTimeoutSeconds='${{ vars.PRINT_INGRESS_READ_TIMEOUT_SECONDS }}' \ - --set print.renderHTMLTimeoutMs='${{ vars.PRINT_RENDER_HTML_TIMEOUT_MS }}' \ - --set print.renderPDFTimeoutMs='${{ vars.PRINT_RENDER_PDF_TIMEOUT_MS }}' \ - --set deploymentTime="$(date -u +%s)" \ - --set deployedVersion="$(git rev-parse --short HEAD)" \ - --set recaptcha.siteKey='${{ secrets.RECAPTCHA_SITE_KEY }}' \ - --set recaptcha.secret='${{ secrets.RECAPTCHA_SECRET }}' \ - --set coupon.secret='${{ secrets.COUPON_SECRET }}' \ - --set frontend.loginInfoTextKey=${{ vars.LOGIN_INFO_TEXT_KEY }} \ - --set browserless.maxConcurrentSessions=${{ vars.BROWSERLESS_MAXCONCURRENTSESSIONS || 3 }} \ - --set browserless.maxQueueLength=${{ vars.BROWSERLESS_MAXQUEUELENGTH || 9 }} \ - --set browserless.connectionTimeout=${{ vars.BROWSERLESS_CONNECTION_TIMEOUT_MS || '30000' }} \ - --set browserless.resources.requests.cpu=${{ vars.BROWSERLESS_CPU || '500m' }} \ - --set browserless.resources.requests.memory=${{ vars.BROWSERLESS_MEMORY || '800Mi' }} \ - --set caddy.resources.requests.cpu=50m \ - --set caddy.resources.limits.cpu=500m \ - --set php.resources.requests.cpu=${{ vars.PHP_CPU || '1000m' }} \ - --set php.resources.requests.memory=${{ vars.PHP_MEMORY || '500Mi' }} \ - --set php.resources.limits.cpu=${{ vars.PHP_CPULIMIT || '1900m' }} \ - --set frontend.resources.requests.cpu=50m \ - --set print.resources.requests.cpu=${{ vars.PRINT_CPU || '300m' }} \ - --set print.resources.requests.memory=${{ vars.PRINT_MEMORY || '150Mi' }} \ - --set autoscaling.enabled=true \ - --set autoscaling.targetCPUUtilizationPercentage=90 - - - name: Finish the GitHub deployment - uses: bobheadxi/deployments@v1.4.0 - if: always() - with: - step: finish - token: ${{ secrets.REPO_ACCESS_TOKEN }} - status: ${{ job.status }} - deployment_id: ${{ steps.deployment.outputs.deployment_id }} - env_url: https://${{ env.domain }} - env: ${{ steps.deployment.outputs.env }} + uses: ./.github/workflows/reusable-stage-prod-deployment.yml + secrets: inherit diff --git a/.github/workflows/reusable-stage-prod-deployment.yml b/.github/workflows/reusable-stage-prod-deployment.yml new file mode 100644 index 00000000000..75e52931cfd --- /dev/null +++ b/.github/workflows/reusable-stage-prod-deployment.yml @@ -0,0 +1,104 @@ +name: '[reusable only] Staging and Prod deployment' + +on: + workflow_call: + +jobs: + upgrade-or-install-deployment: + name: Upgrade or install deployment + runs-on: ubuntu-latest + environment: ${{ github.ref_name }} + env: + environment: ${{ github.ref_name }} + domain: ${{ vars.SUBDOMAIN }}.${{ vars.DOMAIN }} + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + + - name: Create a pending GitHub deployment + uses: bobheadxi/deployments@v1.4.0 + id: deployment + with: + step: start + token: ${{ secrets.REPO_ACCESS_TOKEN }} + env: ${{ env.environment }} + + - name: Upgrade or install helm release + run: | + # Setup authentication + mkdir ~/.kube && echo '${{ secrets.KUBECONFIG }}' > ~/.kube/config && chmod go-r ~/.kube/config + # Switch to the helm chart directory + cd .helm/ecamp3 + # Install dependency charts + helm dependency update + # Set the appVersion, workaround from https://github.com/helm/helm/issues/8194 so that we can + # later find out which deployments need to be upgraded + sed -i 's/^appVersion:.*$/appVersion: "${{ github.sha }}"/' Chart.yaml + # Install or upgrade the release + helm upgrade --install ecamp3-${{ env.environment }} . \ + --set imageTag=${{ github.sha }} \ + --set frontend.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-frontend' \ + --set print.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-print' \ + --set php.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-php' \ + --set caddy.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-caddy' \ + --set termsOfServiceLinkTemplate='https://ecamp3.ch/{lang}/tos' \ + --set domain=${{ env.domain }} \ + --set ingress.basicAuth.enabled=${{ vars.BASIC_AUTH_ENABLED || false }} \ + --set ingress.basicAuth.username=${{ secrets.BASIC_AUTH_USERNAME }} \ + --set ingress.basicAuth.password='${{ secrets.BASIC_AUTH_PASSWORD }}' \ + --set mail.dsn=${{ secrets.MAILER_DSN }} \ + --set postgresql.url='${{ secrets.POSTGRES_URL }}/${{ secrets.DB_NAME }}?sslmode=require' \ + --set postgresql.dropDBOnUninstall=false \ + --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \ + --set php.appSecret='${{ secrets.API_APP_SECRET }}' \ + --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \ + --set php.jwt.passphrase='${{ secrets.JWT_PASSPHRASE }}' \ + --set php.jwt.publicKey='${{ secrets.JWT_PUBLIC_KEY }}' \ + --set php.jwt.privateKey='${{ secrets.JWT_PRIVATE_KEY }}' \ + --set php.oauth.google.clientId='${{ secrets.OAUTH_GOOGLE_CLIENT_ID }}' \ + --set php.oauth.google.clientSecret='${{ secrets.OAUTH_GOOGLE_CLIENT_SECRET }}' \ + --set php.oauth.pbsmidata.clientId='${{ secrets.OAUTH_PBSMIDATA_CLIENT_ID }}' \ + --set php.oauth.pbsmidata.clientSecret='${{ secrets.OAUTH_PBSMIDATA_CLIENT_SECRET }}' \ + --set php.oauth.pbsmidata.baseUrl='${{ secrets.OAUTH_PBSMIDATA_BASE_URL }}' \ + --set php.oauth.cevidb.clientId='${{ secrets.OAUTH_CEVIDB_CLIENT_ID }}' \ + --set php.oauth.cevidb.clientSecret='${{ secrets.OAUTH_CEVIDB_CLIENT_SECRET }}' \ + --set php.oauth.cevidb.baseUrl='${{ secrets.OAUTH_CEVIDB_BASE_URL }}' \ + --set php.oauth.jubladb.clientId='${{ secrets.OAUTH_JUBLADB_CLIENT_ID }}' \ + --set php.oauth.jubladb.clientSecret='${{ secrets.OAUTH_JUBLADB_CLIENT_SECRET }}' \ + --set php.oauth.jubladb.baseUrl='${{ secrets.OAUTH_JUBLADB_BASE_URL }}' \ + --set frontend.sentryDsn='${{ secrets.FRONTEND_SENTRY_DSN }}' \ + --set print.sentryDsn='${{ secrets.PRINT_SENTRY_DSN }}' \ + --set print.ingress.readTimeoutSeconds='${{ vars.PRINT_INGRESS_READ_TIMEOUT_SECONDS }}' \ + --set print.renderHTMLTimeoutMs='${{ vars.PRINT_RENDER_HTML_TIMEOUT_MS }}' \ + --set print.renderPDFTimeoutMs='${{ vars.PRINT_RENDER_PDF_TIMEOUT_MS }}' \ + --set deploymentTime="$(date -u +%s)" \ + --set deployedVersion="$(git rev-parse --short HEAD)" \ + --set recaptcha.siteKey='${{ secrets.RECAPTCHA_SITE_KEY }}' \ + --set recaptcha.secret='${{ secrets.RECAPTCHA_SECRET }}' \ + --set coupon.secret='${{ secrets.COUPON_SECRET }}' \ + --set frontend.loginInfoTextKey=${{ vars.LOGIN_INFO_TEXT_KEY }} \ + --set browserless.maxConcurrentSessions=${{ vars.BROWSERLESS_MAXCONCURRENTSESSIONS || 3 }} \ + --set browserless.maxQueueLength=${{ vars.BROWSERLESS_MAXQUEUELENGTH || 9 }} \ + --set browserless.connectionTimeout=${{ vars.BROWSERLESS_CONNECTION_TIMEOUT_MS || '30000' }} \ + --set browserless.resources.requests.cpu=${{ vars.BROWSERLESS_CPU || '500m' }} \ + --set browserless.resources.requests.memory=${{ vars.BROWSERLESS_MEMORY || '800Mi' }} \ + --set caddy.resources.requests.cpu=50m \ + --set caddy.resources.limits.cpu=500m \ + --set php.resources.requests.cpu=${{ vars.PHP_CPU || '1000m' }} \ + --set php.resources.requests.memory=${{ vars.PHP_MEMORY || '500Mi' }} \ + --set php.resources.limits.cpu=${{ vars.PHP_CPULIMIT || '1900m' }} \ + --set frontend.resources.requests.cpu=50m \ + --set print.resources.requests.cpu=${{ vars.PRINT_CPU || '300m' }} \ + --set print.resources.requests.memory=${{ vars.PRINT_MEMORY || '150Mi' }} \ + --set autoscaling.enabled=true \ + --set autoscaling.targetCPUUtilizationPercentage=90 + + - name: Finish the GitHub deployment + uses: bobheadxi/deployments@v1.4.0 + if: always() + with: + step: finish + token: ${{ secrets.REPO_ACCESS_TOKEN }} + status: ${{ job.status }} + deployment_id: ${{ steps.deployment.outputs.deployment_id }} + env_url: https://${{ env.domain }} + env: ${{ steps.deployment.outputs.env }}