-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CI: extract deployment-stage-prod.yml to reusable workflow
That we can reuse it for the restore backup action. Issue: #3478
- Loading branch information
Showing
2 changed files
with
106 additions
and
96 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,99 +28,5 @@ jobs: | |
| upgrade-or-install-deployment: | ||
| name: Upgrade or install deployment | ||
| needs: build-and-push | ||
| runs-on: ubuntu-latest | ||
| environment: ${{ github.ref_name }} | ||
| env: | ||
| environment: ${{ github.ref_name }} | ||
| domain: ${{ vars.SUBDOMAIN }}.${{ vars.DOMAIN }} | ||
| steps: | ||
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | ||
|
|
||
| - name: Create a pending GitHub deployment | ||
| uses: bobheadxi/[email protected] | ||
| id: deployment | ||
| with: | ||
| step: start | ||
| token: ${{ secrets.REPO_ACCESS_TOKEN }} | ||
| env: ${{ env.environment }} | ||
|
|
||
| - name: Upgrade or install helm release | ||
| run: | | ||
| # Setup authentication | ||
| mkdir ~/.kube && echo '${{ secrets.KUBECONFIG }}' > ~/.kube/config && chmod go-r ~/.kube/config | ||
| # Switch to the helm chart directory | ||
| cd .helm/ecamp3 | ||
| # Install dependency charts | ||
| helm dependency update | ||
| # Set the appVersion, workaround from https://github.com/helm/helm/issues/8194 so that we can | ||
| # later find out which deployments need to be upgraded | ||
| sed -i 's/^appVersion:.*$/appVersion: "${{ github.sha }}"/' Chart.yaml | ||
| # Install or upgrade the release | ||
| helm upgrade --install ecamp3-${{ env.environment }} . \ | ||
| --set imageTag=${{ github.sha }} \ | ||
| --set frontend.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-frontend' \ | ||
| --set print.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-print' \ | ||
| --set php.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-php' \ | ||
| --set caddy.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-caddy' \ | ||
| --set termsOfServiceLinkTemplate='https://ecamp3.ch/{lang}/tos' \ | ||
| --set domain=${{ env.domain }} \ | ||
| --set ingress.basicAuth.enabled=${{ vars.BASIC_AUTH_ENABLED || false }} \ | ||
| --set ingress.basicAuth.username=${{ secrets.BASIC_AUTH_USERNAME }} \ | ||
| --set ingress.basicAuth.password='${{ secrets.BASIC_AUTH_PASSWORD }}' \ | ||
| --set mail.dsn=${{ secrets.MAILER_DSN }} \ | ||
| --set postgresql.url='${{ secrets.POSTGRES_URL }}/${{ secrets.DB_NAME }}?sslmode=require' \ | ||
| --set postgresql.dropDBOnUninstall=false \ | ||
| --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \ | ||
| --set php.appSecret='${{ secrets.API_APP_SECRET }}' \ | ||
| --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \ | ||
| --set php.jwt.passphrase='${{ secrets.JWT_PASSPHRASE }}' \ | ||
| --set php.jwt.publicKey='${{ secrets.JWT_PUBLIC_KEY }}' \ | ||
| --set php.jwt.privateKey='${{ secrets.JWT_PRIVATE_KEY }}' \ | ||
| --set php.oauth.google.clientId='${{ secrets.OAUTH_GOOGLE_CLIENT_ID }}' \ | ||
| --set php.oauth.google.clientSecret='${{ secrets.OAUTH_GOOGLE_CLIENT_SECRET }}' \ | ||
| --set php.oauth.pbsmidata.clientId='${{ secrets.OAUTH_PBSMIDATA_CLIENT_ID }}' \ | ||
| --set php.oauth.pbsmidata.clientSecret='${{ secrets.OAUTH_PBSMIDATA_CLIENT_SECRET }}' \ | ||
| --set php.oauth.pbsmidata.baseUrl='${{ secrets.OAUTH_PBSMIDATA_BASE_URL }}' \ | ||
| --set php.oauth.cevidb.clientId='${{ secrets.OAUTH_CEVIDB_CLIENT_ID }}' \ | ||
| --set php.oauth.cevidb.clientSecret='${{ secrets.OAUTH_CEVIDB_CLIENT_SECRET }}' \ | ||
| --set php.oauth.cevidb.baseUrl='${{ secrets.OAUTH_CEVIDB_BASE_URL }}' \ | ||
| --set php.oauth.jubladb.clientId='${{ secrets.OAUTH_JUBLADB_CLIENT_ID }}' \ | ||
| --set php.oauth.jubladb.clientSecret='${{ secrets.OAUTH_JUBLADB_CLIENT_SECRET }}' \ | ||
| --set php.oauth.jubladb.baseUrl='${{ secrets.OAUTH_JUBLADB_BASE_URL }}' \ | ||
| --set frontend.sentryDsn='${{ secrets.FRONTEND_SENTRY_DSN }}' \ | ||
| --set print.sentryDsn='${{ secrets.PRINT_SENTRY_DSN }}' \ | ||
| --set print.ingress.readTimeoutSeconds='${{ vars.PRINT_INGRESS_READ_TIMEOUT_SECONDS }}' \ | ||
| --set print.renderHTMLTimeoutMs='${{ vars.PRINT_RENDER_HTML_TIMEOUT_MS }}' \ | ||
| --set print.renderPDFTimeoutMs='${{ vars.PRINT_RENDER_PDF_TIMEOUT_MS }}' \ | ||
| --set deploymentTime="$(date -u +%s)" \ | ||
| --set deployedVersion="$(git rev-parse --short HEAD)" \ | ||
| --set recaptcha.siteKey='${{ secrets.RECAPTCHA_SITE_KEY }}' \ | ||
| --set recaptcha.secret='${{ secrets.RECAPTCHA_SECRET }}' \ | ||
| --set coupon.secret='${{ secrets.COUPON_SECRET }}' \ | ||
| --set frontend.loginInfoTextKey=${{ vars.LOGIN_INFO_TEXT_KEY }} \ | ||
| --set browserless.maxConcurrentSessions=${{ vars.BROWSERLESS_MAXCONCURRENTSESSIONS || 3 }} \ | ||
| --set browserless.maxQueueLength=${{ vars.BROWSERLESS_MAXQUEUELENGTH || 9 }} \ | ||
| --set browserless.connectionTimeout=${{ vars.BROWSERLESS_CONNECTION_TIMEOUT_MS || '30000' }} \ | ||
| --set browserless.resources.requests.cpu=${{ vars.BROWSERLESS_CPU || '500m' }} \ | ||
| --set browserless.resources.requests.memory=${{ vars.BROWSERLESS_MEMORY || '800Mi' }} \ | ||
| --set caddy.resources.requests.cpu=50m \ | ||
| --set caddy.resources.limits.cpu=500m \ | ||
| --set php.resources.requests.cpu=${{ vars.PHP_CPU || '1000m' }} \ | ||
| --set php.resources.requests.memory=${{ vars.PHP_MEMORY || '500Mi' }} \ | ||
| --set php.resources.limits.cpu=${{ vars.PHP_CPULIMIT || '1900m' }} \ | ||
| --set frontend.resources.requests.cpu=50m \ | ||
| --set print.resources.requests.cpu=${{ vars.PRINT_CPU || '300m' }} \ | ||
| --set print.resources.requests.memory=${{ vars.PRINT_MEMORY || '150Mi' }} \ | ||
| --set autoscaling.enabled=true \ | ||
| --set autoscaling.targetCPUUtilizationPercentage=90 | ||
| - name: Finish the GitHub deployment | ||
| uses: bobheadxi/[email protected] | ||
| if: always() | ||
| with: | ||
| step: finish | ||
| token: ${{ secrets.REPO_ACCESS_TOKEN }} | ||
| status: ${{ job.status }} | ||
| deployment_id: ${{ steps.deployment.outputs.deployment_id }} | ||
| env_url: https://${{ env.domain }} | ||
| env: ${{ steps.deployment.outputs.env }} | ||
| uses: ./.github/workflows/reusable-stage-prod-deployment.yml | ||
| secrets: inherit | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,104 @@ | ||
| name: '[reusable only] Staging and Prod deployment' | ||
|
|
||
| on: | ||
| workflow_call: | ||
|
|
||
| jobs: | ||
| upgrade-or-install-deployment: | ||
| name: Upgrade or install deployment | ||
| runs-on: ubuntu-latest | ||
| environment: ${{ github.ref_name }} | ||
| env: | ||
| environment: ${{ github.ref_name }} | ||
| domain: ${{ vars.SUBDOMAIN }}.${{ vars.DOMAIN }} | ||
| steps: | ||
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 | ||
|
|
||
| - name: Create a pending GitHub deployment | ||
| uses: bobheadxi/[email protected] | ||
| id: deployment | ||
| with: | ||
| step: start | ||
| token: ${{ secrets.REPO_ACCESS_TOKEN }} | ||
| env: ${{ env.environment }} | ||
|
|
||
| - name: Upgrade or install helm release | ||
| run: | | ||
| # Setup authentication | ||
| mkdir ~/.kube && echo '${{ secrets.KUBECONFIG }}' > ~/.kube/config && chmod go-r ~/.kube/config | ||
| # Switch to the helm chart directory | ||
| cd .helm/ecamp3 | ||
| # Install dependency charts | ||
| helm dependency update | ||
| # Set the appVersion, workaround from https://github.com/helm/helm/issues/8194 so that we can | ||
| # later find out which deployments need to be upgraded | ||
| sed -i 's/^appVersion:.*$/appVersion: "${{ github.sha }}"/' Chart.yaml | ||
| # Install or upgrade the release | ||
| helm upgrade --install ecamp3-${{ env.environment }} . \ | ||
| --set imageTag=${{ github.sha }} \ | ||
| --set frontend.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-frontend' \ | ||
| --set print.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-print' \ | ||
| --set php.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-php' \ | ||
| --set caddy.image.repository='docker.io/${{ vars.DOCKER_HUB_USERNAME }}/ecamp3-api-caddy' \ | ||
| --set termsOfServiceLinkTemplate='https://ecamp3.ch/{lang}/tos' \ | ||
| --set domain=${{ env.domain }} \ | ||
| --set ingress.basicAuth.enabled=${{ vars.BASIC_AUTH_ENABLED || false }} \ | ||
| --set ingress.basicAuth.username=${{ secrets.BASIC_AUTH_USERNAME }} \ | ||
| --set ingress.basicAuth.password='${{ secrets.BASIC_AUTH_PASSWORD }}' \ | ||
| --set mail.dsn=${{ secrets.MAILER_DSN }} \ | ||
| --set postgresql.url='${{ secrets.POSTGRES_URL }}/${{ secrets.DB_NAME }}?sslmode=require' \ | ||
| --set postgresql.dropDBOnUninstall=false \ | ||
| --set php.dataMigrationsDir='${{ vars.DATA_MIGRATIONS_DIR }}' \ | ||
| --set php.appSecret='${{ secrets.API_APP_SECRET }}' \ | ||
| --set php.sentryDsn='${{ secrets.API_SENTRY_DSN }}' \ | ||
| --set php.jwt.passphrase='${{ secrets.JWT_PASSPHRASE }}' \ | ||
| --set php.jwt.publicKey='${{ secrets.JWT_PUBLIC_KEY }}' \ | ||
| --set php.jwt.privateKey='${{ secrets.JWT_PRIVATE_KEY }}' \ | ||
| --set php.oauth.google.clientId='${{ secrets.OAUTH_GOOGLE_CLIENT_ID }}' \ | ||
| --set php.oauth.google.clientSecret='${{ secrets.OAUTH_GOOGLE_CLIENT_SECRET }}' \ | ||
| --set php.oauth.pbsmidata.clientId='${{ secrets.OAUTH_PBSMIDATA_CLIENT_ID }}' \ | ||
| --set php.oauth.pbsmidata.clientSecret='${{ secrets.OAUTH_PBSMIDATA_CLIENT_SECRET }}' \ | ||
| --set php.oauth.pbsmidata.baseUrl='${{ secrets.OAUTH_PBSMIDATA_BASE_URL }}' \ | ||
| --set php.oauth.cevidb.clientId='${{ secrets.OAUTH_CEVIDB_CLIENT_ID }}' \ | ||
| --set php.oauth.cevidb.clientSecret='${{ secrets.OAUTH_CEVIDB_CLIENT_SECRET }}' \ | ||
| --set php.oauth.cevidb.baseUrl='${{ secrets.OAUTH_CEVIDB_BASE_URL }}' \ | ||
| --set php.oauth.jubladb.clientId='${{ secrets.OAUTH_JUBLADB_CLIENT_ID }}' \ | ||
| --set php.oauth.jubladb.clientSecret='${{ secrets.OAUTH_JUBLADB_CLIENT_SECRET }}' \ | ||
| --set php.oauth.jubladb.baseUrl='${{ secrets.OAUTH_JUBLADB_BASE_URL }}' \ | ||
| --set frontend.sentryDsn='${{ secrets.FRONTEND_SENTRY_DSN }}' \ | ||
| --set print.sentryDsn='${{ secrets.PRINT_SENTRY_DSN }}' \ | ||
| --set print.ingress.readTimeoutSeconds='${{ vars.PRINT_INGRESS_READ_TIMEOUT_SECONDS }}' \ | ||
| --set print.renderHTMLTimeoutMs='${{ vars.PRINT_RENDER_HTML_TIMEOUT_MS }}' \ | ||
| --set print.renderPDFTimeoutMs='${{ vars.PRINT_RENDER_PDF_TIMEOUT_MS }}' \ | ||
| --set deploymentTime="$(date -u +%s)" \ | ||
| --set deployedVersion="$(git rev-parse --short HEAD)" \ | ||
| --set recaptcha.siteKey='${{ secrets.RECAPTCHA_SITE_KEY }}' \ | ||
| --set recaptcha.secret='${{ secrets.RECAPTCHA_SECRET }}' \ | ||
| --set coupon.secret='${{ secrets.COUPON_SECRET }}' \ | ||
| --set frontend.loginInfoTextKey=${{ vars.LOGIN_INFO_TEXT_KEY }} \ | ||
| --set browserless.maxConcurrentSessions=${{ vars.BROWSERLESS_MAXCONCURRENTSESSIONS || 3 }} \ | ||
| --set browserless.maxQueueLength=${{ vars.BROWSERLESS_MAXQUEUELENGTH || 9 }} \ | ||
| --set browserless.connectionTimeout=${{ vars.BROWSERLESS_CONNECTION_TIMEOUT_MS || '30000' }} \ | ||
| --set browserless.resources.requests.cpu=${{ vars.BROWSERLESS_CPU || '500m' }} \ | ||
| --set browserless.resources.requests.memory=${{ vars.BROWSERLESS_MEMORY || '800Mi' }} \ | ||
| --set caddy.resources.requests.cpu=50m \ | ||
| --set caddy.resources.limits.cpu=500m \ | ||
| --set php.resources.requests.cpu=${{ vars.PHP_CPU || '1000m' }} \ | ||
| --set php.resources.requests.memory=${{ vars.PHP_MEMORY || '500Mi' }} \ | ||
| --set php.resources.limits.cpu=${{ vars.PHP_CPULIMIT || '1900m' }} \ | ||
| --set frontend.resources.requests.cpu=50m \ | ||
| --set print.resources.requests.cpu=${{ vars.PRINT_CPU || '300m' }} \ | ||
| --set print.resources.requests.memory=${{ vars.PRINT_MEMORY || '150Mi' }} \ | ||
| --set autoscaling.enabled=true \ | ||
| --set autoscaling.targetCPUUtilizationPercentage=90 | ||
| - name: Finish the GitHub deployment | ||
| uses: bobheadxi/[email protected] | ||
| if: always() | ||
| with: | ||
| step: finish | ||
| token: ${{ secrets.REPO_ACCESS_TOKEN }} | ||
| status: ${{ job.status }} | ||
| deployment_id: ${{ steps.deployment.outputs.deployment_id }} | ||
| env_url: https://${{ env.domain }} | ||
| env: ${{ steps.deployment.outputs.env }} |