From 467087dfcde2b87112887e8659aae24c7f4bd0a6 Mon Sep 17 00:00:00 2001 From: Matt <38562764+LavMatt@users.noreply.github.com> Date: Thu, 11 Jul 2024 14:34:19 +0100 Subject: [PATCH] Add prod to deploy workflow (#189) * add prod to workflows and create azure secrets * add secrets yaml for azure * correct name for secrets yaml * correct the name again * add pipe * change the command for create azure secrets step --- .github/workflows/deploy-dev.yml | 1 + .github/workflows/deploy-staged.yml | 20 ++++++++++++++++++++ .github/workflows/deploy-workflow.yml | 14 ++++++++++++++ helm_deploy/secrets.yaml | 9 +++++++++ 4 files changed, 44 insertions(+) create mode 100644 helm_deploy/secrets.yaml diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index eb7c2cd..9508c10 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -25,3 +25,4 @@ jobs: postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} postgres_url: ${{ secrets.POSTGRES_URL }} opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} diff --git a/.github/workflows/deploy-staged.yml b/.github/workflows/deploy-staged.yml index ba8cfe0..a258b7e 100644 --- a/.github/workflows/deploy-staged.yml +++ b/.github/workflows/deploy-staged.yml @@ -26,6 +26,7 @@ jobs: postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} postgres_url: ${{ secrets.POSTGRES_URL }} opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} deploy-preprod: uses: ./.github/workflows/deploy-workflow.yml @@ -43,3 +44,22 @@ jobs: postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} postgres_url: ${{ secrets.POSTGRES_URL }} opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} + + deploy-prod: + uses: ./.github/workflows/deploy-workflow.yml + needs: [deploy-preprod] + with: + env: prod + datahub_helm_version: "0.4.9" + datahub_prereqs_helm_version: "0.1.10" + secrets: + kube_namespace: "${{ secrets.KUBE_NAMESPACE }}" + kube_cert: "${{ secrets.KUBE_CERT }}" + kube_cluster: "${{ secrets.KUBE_CLUSTER }}" + kube_token: "${{ secrets.KUBE_TOKEN }}" + postgres_host: ${{ secrets.POSTGRES_HOST}} + postgres_client_host: ${{ secrets.POSTGRES_CLIENT_HOST }} + postgres_url: ${{ secrets.POSTGRES_URL }} + opensearch_proxy_host: ${{ secrets.OPENSEARCH_PROXY_HOST }} + azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} diff --git a/.github/workflows/deploy-workflow.yml b/.github/workflows/deploy-workflow.yml index bdb23dc..e79456e 100644 --- a/.github/workflows/deploy-workflow.yml +++ b/.github/workflows/deploy-workflow.yml @@ -40,6 +40,9 @@ on: opensearch_proxy_host: description: "domain address to reach opensearch" required: true + azure_client_secret: + description: "client secret for azure authentication" + required: true concurrency: group: ${{ inputs.env }} @@ -183,6 +186,17 @@ jobs: envsubst < helm_deploy/monitoring/datahub-networkpolicy.yaml | kubectl apply -f - --namespace=${KUBE_NAMESPACE} + - name: create azure k8s secrets + shell: bash + env: + KUBE_NAMESPACE: ${{ secrets.kube_namespace }} + AZURE_CLIENT_ID: ${{ vars.CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + TENANT_ID: ${{ vars.TENANT_ID }} + run: | + envsubst < helm_deploy/secrets.yaml | + kubectl -n ${KUBE_NAMESPACE} apply -f - + - name: update grafana status dashboard configmap if: ${{ inputs.env == 'dev' }} shell: bash diff --git a/helm_deploy/secrets.yaml b/helm_deploy/secrets.yaml new file mode 100644 index 0000000..a4806fd --- /dev/null +++ b/helm_deploy/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "azure-secrets" +type: Opaque +stringData: + client_id: "${AZURE_CLIENT_ID}" + client_secret: "${AZURE_CLIENT_SECRET}" + tenant_id: "${TENANT_ID}"