Set up bastion tunnel for scicat services

paulscherrerinstitute · Jan 4, 2024 · 437dba6 · 437dba6
1 parent a36bf77
commit 437dba6
Show file tree

Hide file tree

Showing 13 changed files with 98 additions and 55 deletions.
diff --git a/.github/workflows/materialised-view.yml b/.github/workflows/materialised-view.yml
@@ -29,6 +29,12 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v2
 
+    - name: Open ssh tunnel
+      uses: paulscherrerinstitute/scicat-ci/.github/actions/open-ssh-tunnel@main
+      with: 
+        bastion_user: '${{ secrets.BASTION_USER }}'
+        bastion_ssh_key: '${{ secrets.BASTION_SSH_KEY }}'
+
     - name: deploy
       uses: paulscherrerinstitute/scicat-ci/.github/actions/deploy-helm@main
       with:
@@ -46,3 +52,5 @@ jobs:
         RELEASE_NAME: materialised-view
         ENVIRONMENT: '${{ needs.set_env.outputs.environment }}'
         NAMESPACE_PREFIX: scicat-
+        BASTION_USER: ${{ secrets.BASTION_USER }}
+        BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/proposals-sync.yml b/.github/workflows/proposals-sync.yml
@@ -85,3 +85,5 @@ jobs:
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
       JSON_SECRETS: ${{ toJSON(secrets) }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/reusable.build-deploy.yml b/.github/workflows/reusable.build-deploy.yml
@@ -63,6 +63,12 @@ on:
       SSH_PRIVATE_KEY: 
         description: ssh key to private submodule
         required: false
+      BASTION_USER: 
+        description: ssh bastion user@server
+        required: true
+      BASTION_SSH_KEY: 
+        description: bastion ssh key
+        required: true
 
 jobs:
 
@@ -131,6 +137,12 @@ jobs:
       with:
         ref: ${{ inputs.commit }}
 
+    - name: Open ssh tunnel
+      uses: paulscherrerinstitute/scicat-ci/.github/actions/open-ssh-tunnel@main
+      with: 
+        bastion_user: '${{ secrets.BASTION_USER }}'
+        bastion_ssh_key: '${{ secrets.BASTION_SSH_KEY }}'
+
     - name: Deploy to k8s using helm
       id: helm-deploy
       uses: paulscherrerinstitute/scicat-ci/.github/actions/deploy-helm@main

diff --git a/.github/workflows/scicat-be-next.yml b/.github/workflows/scicat-be-next.yml
@@ -1,57 +1,59 @@
-name: scicat-be-next
+# name: scicat-be-next
 
-on:  
-  workflow_dispatch: 
-    inputs:
-      submodule_commit:
-        description: 'Commit of the submodule to deploy'     
-        required: false
-      commit: 
-        description: 'Commit of the CI repo to deploy'     
-        required: false
-  pull_request:
-    branches: [ main ]
-  push:
-    branches: [ main ]
-  release:
-    types: [ published ]
+# on:  
+#   workflow_dispatch: 
+#     inputs:
+#       submodule_commit:
+#         description: 'Commit of the submodule to deploy'     
+#         required: false
+#       commit: 
+#         description: 'Commit of the CI repo to deploy'     
+#         required: false
+#   pull_request:
+#     branches: [ main ]
+#   push:
+#     branches: [ main ]
+#   release:
+#     types: [ published ]
 
-jobs:
+# jobs:
 
-  set_env: 
-    uses: ./.github/workflows/reusable.environment.yml
-    with: 
-      commit: ${{ github.event.inputs.commit }}
-      submodule_commit: ${{ github.event.inputs.submodule_commit }}
+#   set_env: 
+#     uses: ./.github/workflows/reusable.environment.yml
+#     with: 
+#       commit: ${{ github.event.inputs.commit }}
+#       submodule_commit: ${{ github.event.inputs.submodule_commit }}
 
-  check_changed:
-    needs: set_env
-    uses: ./.github/workflows/reusable.changes.yml
-    with: 
-      files: | 
-        .github/workflows/scicat-be-next.yml
-        helm/configs/backend-next/${{ needs.set_env.outputs.environment }}/**
-        helm/configs/backend-next/values.yaml
-        scicat-backend-next/**
-      commit: ${{ needs.set_env.outputs.commit }}
-      submodule_commit: ${{ github.event.inputs.submodule_commit }}
-      submodule: scicat-backend-next
+#   check_changed:
+#     needs: set_env
+#     uses: ./.github/workflows/reusable.changes.yml
+#     with: 
+#       files: | 
+#         .github/workflows/scicat-be-next.yml
+#         helm/configs/backend-next/${{ needs.set_env.outputs.environment }}/**
+#         helm/configs/backend-next/values.yaml
+#         scicat-backend-next/**
+#       commit: ${{ needs.set_env.outputs.commit }}
+#       submodule_commit: ${{ github.event.inputs.submodule_commit }}
+#       submodule: scicat-backend-next
 
-  build_deploy_scicat_backend_next:
-    if: (needs.check_changed.outputs.changed == 'true' && !needs.set_env.outputs.component) || needs.set_env.outputs.component == 'bn'
-    needs: 
-     - check_changed
-     - set_env
-    uses: ./.github/workflows/reusable.build-deploy.yml
-    with: 
-      context: scicat-backend-next/.
-      image_name: ${{ github.repository }}/backend-next
-      release_name: backend-next
-      tag: ${{ needs.set_env.outputs.tag }}
-      environment: ${{ needs.set_env.outputs.environment }}
-      commit: ${{ needs.set_env.outputs.commit }}
-      submodule_commit: ${{ github.event.inputs.submodule_commit }}
-      submodule: scicat-backend-next
-    secrets:
-      KUBECONFIG: ${{ secrets.KUBECONFIG }}
-      JSON_SECRETS: ${{ toJSON(secrets) }}
+#   build_deploy_scicat_backend_next:
+#     if: (needs.check_changed.outputs.changed == 'true' && !needs.set_env.outputs.component) || needs.set_env.outputs.component == 'bn'
+#     needs: 
+#      - check_changed
+#      - set_env
+#     uses: ./.github/workflows/reusable.build-deploy.yml
+#     with: 
+#       context: scicat-backend-next/.
+#       image_name: ${{ github.repository }}/backend-next
+#       release_name: backend-next
+#       tag: ${{ needs.set_env.outputs.tag }}
+#       environment: ${{ needs.set_env.outputs.environment }}
+#       commit: ${{ needs.set_env.outputs.commit }}
+#       submodule_commit: ${{ github.event.inputs.submodule_commit }}
+#       submodule: scicat-backend-next
+#     secrets:
+#       KUBECONFIG: ${{ secrets.KUBECONFIG }}
+#       JSON_SECRETS: ${{ toJSON(secrets) }}
+#       BASTION_USER: ${{ secrets.BASTION_USER }}
+#       BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-be.yml b/.github/workflows/scicat-be.yml
@@ -66,3 +66,5 @@ jobs:
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
       JSON_SECRETS: ${{ toJSON(secrets) }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-fe.yml b/.github/workflows/scicat-fe.yml
@@ -58,3 +58,5 @@ jobs:
         ENVIRONMENT=helm/configs/frontend/${{ needs.set_env.outputs.environment }}/config.json
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-landing-page-server.yml b/.github/workflows/scicat-landing-page-server.yml
@@ -58,3 +58,5 @@ jobs:
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
       JSON_SECRETS: ${{ toJSON(secrets) }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-oaipmh.yml b/.github/workflows/scicat-oaipmh.yml
@@ -55,3 +55,5 @@ jobs:
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
       JSON_SECRETS: ${{ toJSON(secrets) }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-pan-ontologies-api.yml b/.github/workflows/scicat-pan-ontologies-api.yml
@@ -54,4 +54,5 @@ jobs:
       submodule: pan-ontologies-api
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
-
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-pss.yml b/.github/workflows/scicat-pss.yml
@@ -34,12 +34,18 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v2
 
+    - name: Open ssh tunnel
+      uses: paulscherrerinstitute/scicat-ci/.github/actions/open-ssh-tunnel@main
+      with: 
+        bastion_user: '${{ secrets.BASTION_USER }}'
+        bastion_ssh_key: '${{ secrets.BASTION_SSH_KEY }}'
+
     - name: deploy 
       uses: paulscherrerinstitute/scicat-ci/.github/actions/deploy-helm@main
       with:
         release: '${{ env.RELEASE_NAME }}'
         namespace: '${{ env.NAMESPACE_PREFIX }}${{ env.ENVIRONMENT }}'
-        chart: '${{ env.RELEASE_NAME }}'
+        chart: helm/charts/generic_service
         values: "db=${{ env.RELEASE_NAME }}-${{ env.ENVIRONMENT }}"
         value-files: helm/configs/${{ env.RELEASE_NAME }}/values.yaml
         secrets:  ${{ toJSON(secrets) }}

diff --git a/.github/workflows/scicat-search-api.yml b/.github/workflows/scicat-search-api.yml
@@ -57,3 +57,5 @@ jobs:
         COMPONENT_CONFIG=helm/configs/search-api/component-config.json
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/.github/workflows/scicat-to-pss.yml b/.github/workflows/scicat-to-pss.yml
@@ -47,3 +47,5 @@ jobs:
       commit: ${{ needs.set_env.outputs.commit }}
     secrets:
       KUBECONFIG: ${{ secrets.KUBECONFIG }}
+      BASTION_USER: ${{ secrets.BASTION_USER }}
+      BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }}
diff --git a/proposals/pyproject.toml b/proposals/pyproject.toml
@@ -2,7 +2,7 @@
 name = "proposals"
 version = "0.1.0"
 description = "A microservice for syncing proposals from duo to scicat"
-authors = ["[email protected]", "carlo.minotti@psi.ch", "[email protected]"]
+authors = ["AWI-7903 <awi-7903@psi.ch>"]
 
 [tool.poetry.dependencies]
 python = "^3.8"