Deploy BESU to an EKS Cluster #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################## | |
| # Copyright Accenture. All Rights Reserved. | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| ############################################################################################## | |
| ############################################################################################## | |
| # Workflow: Deploy Hyperledger Bevel's BESU DLT Platform to an EKS Cluster. | |
| # Prerequisites: | |
| # 1. An accessible EKS Cluster | |
| # 2. A Vault instance accessible from GitHub Runner | |
| # 3. A completed network.yaml file stored in GitHub Secrets | |
| # Workflow Overview: | |
| # 1. This GitHub Actions workflow automates the seamless deployment of "BEVEL's BESU" platform to an EKS cluster. | |
| # 2. Utilizing secure environment variables, the workflow manages sensitive information related to AWS, Docker, Cluster, Vault, and Git. | |
| # 3. The workflow dynamically customizes a network configuration file by substituting placeholders with values derived from environment variables. | |
| # 4. It uses tool Ansible to deploy the platform. | |
| ############################################################################################## | |
| # Name of the workflow | |
| name: Deploy BESU to an EKS Cluster | |
| # Triggers for the workflow | |
| on: | |
| # Manually trigger the workflow through the GitHub Actions UI | |
| workflow_dispatch: | |
| inputs: | |
| action: | |
| description: 'Choose action: Deploy or Reset' | |
| required: false | |
| default: 'deploy' | |
| type: choice | |
| options: | |
| - 'deploy' | |
| - 'reset' | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**/charts/**' | |
| - '**/releases/**' | |
| # Jobs to be executed | |
| jobs: | |
| deployment: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| environment: Bevel-AWS-Deployment | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" # AWS Access Key ID | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" # AWS Secret Access Key | |
| AWS_REGION: "${{ secrets.AWS_REGION }}" # EKS cluster zone | |
| CLUSTER_CONTEXT: "${{ secrets.CLUSTER_CONTEXT }}" # Context name for the EKS cluster | |
| KUBECONFIG: "${{ secrets.ENCODED_KUBECONFIG }}" # Provide Kubernetes configuration file in encoded base64 format | |
| DOCKER_URL: "${{ secrets.DOCKER_URL }}" # URL of the Docker registry | |
| DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}" # Docker registry username | |
| DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}" # Docker registry password | |
| EXTERNAL_URL_SUFFIX: "${{ secrets.EXTERNAL_URL_SUFFIX }}" # Suffix for external URLs | |
| GIT_USER_NAME: "${{ secrets.GIT_USER_NAME }}" # Git username for Git operations | |
| GIT_EMAIL_ADDR: "${{ secrets.GIT_EMAIL_ADDR }}" # Git email address for Git operations | |
| GIT_TOKEN: "${{ secrets.GIT_TOKEN }}" # Git token with required permissions for authentication | |
| GIT_BRANCH: "${{ vars.GIT_BRANCH }}" # Git branch to be used in the deployment | |
| GIT_PRIVATE_SSH_KEY: "${{ secrets.GIT_PRIVATE_SSH_KEY }}" # Private SSH key for Git authentication in encoded base64 format | |
| VAULT_ADDR: "${{ secrets.VAULT_ADDR }}" # Vault Server DNS name | |
| VAULT_TOKEN: "${{ secrets.VAULT_TOKEN }}" # Token for authentication with Vault | |
| # Steps to be executed within the job | |
| steps: | |
| # Checkout the repository code | |
| - name: Checkout Repository | |
| uses: actions/[email protected] | |
| # Configure AWS credentials | |
| - name: AWS Setup | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: "${{ env.AWS_ACCESS_KEY_ID }}" | |
| aws-secret-access-key: "${{ env.AWS_SECRET_ACCESS_KEY }}" | |
| aws-region: "${{ env.AWS_REGION }}" | |
| # name: Reset corda network | |
| # run: | | |
| # if [ "${{ github.event.inputs.action }}" == "reset" ]; then | |
| # reset=true | |
| # else | |
| # reset=false | |
| # fi- | |
| # Set up BEVEL's BESU network configuration file | |
| - name: BEVEL's BESU Network Configuration file Setup | |
| run: | | |
| # Prepare network configuration file for deployment | |
| mkdir -p build/ | |
| cp "./platforms/hyperledger-besu/configuration/samples/workflow/network-proxy-besu.yaml" "build/network-besu.yaml" | |
| NETWORK_CONF_FILE="build/network-besu.yaml" | |
| # Decode and store private SSH key | |
| echo "${{ env.GIT_PRIVATE_SSH_KEY }}" | base64 --decode > /home/runner/private_ssh_key | |
| # Define placeholder values for the network configuration file | |
| declare -A placeholders=( | |
| ["NETWORK_VERSION"]="22.10.2" | |
| ["FLUX_SUFFIX"]="besu" | |
| ["PORT_RANGE_FROM"]=15010 | |
| ["PORT_RANGE_TO"]=15090 | |
| ["DOCKER_URL"]="${{ env.DOCKER_URL }}" | |
| ["DOCKER_USERNAME"]="${{ env.DOCKER_USERNAME }}" | |
| ["DOCKER_PASSWORD"]="${{ env.DOCKER_PASSWORD }}" | |
| ["USER_DIRECTORY"]="$(pwd)" | |
| ["EXTERNAL_URL_SUFFIX"]="${{ env.EXTERNAL_URL_SUFFIX }}" | |
| ["AWS_ACCESS_KEY"]="${{ env.AWS_ACCESS_KEY_ID }}" | |
| ["AWS_SECRET_KEY"]="${{ env.AWS_SECRET_ACCESS_KEY }}" | |
| ["AWS_REGION"]="${{ env.AWS_REGION}}" | |
| ["CLUSTER_CONTEXT"]="${{ env.CLUSTER_CONTEXT }}" | |
| ["CLUSTER_CONFIG"]="/home/runner/.kube/build_config/kubeconfig" | |
| ["VAULT_ADDR"]="${{ env.VAULT_ADDR }}" | |
| ["VAULT_ROOT_TOKEN"]="${{ env.VAULT_TOKEN }}" | |
| ["GIT_USERNAME"]="${{ env.GIT_USER_NAME }}" | |
| ["GIT_TOKEN"]="${{ env.GIT_TOKEN }}" | |
| ["GIT_EMAIL_ADDR"]="${{ env.GIT_EMAIL_ADDR }}" | |
| ["GIT_BRANCH"]="${{ env.GIT_BRANCH }}" | |
| ["PRIVATE_KEY_PATH"]="/home/runner/private_ssh_key" | |
| ) | |
| # Replace placeholders in the network configuration file | |
| for placeholder in "${!placeholders[@]}"; do | |
| sed -i "s#${placeholder}#${placeholders[$placeholder]}#g" "$NETWORK_CONF_FILE" | |
| done | |
| # Deploy BEVEL's BESU Platform | |
| - name: Deploy BEVEL's BESU Platform | |
| run: | | |
| # Setup Kubernetes configuration | |
| mkdir -p /home/runner/.kube/build_config | |
| echo "${{ env.KUBECONFIG }}" | base64 --decode > /home/runner/.kube/build_config/kubeconfig | |
| export KUBECONFIG="/home/runner/.kube/build_config/kubeconfig" | |
| # Configure Git user settings | |
| git config --global user.email "${{ env.GIT_EMAIL_ADDR }}" | |
| git config --global user.name "${{ env.GIT_USER_NAME }}" | |
| # Install required tools and Ansible collections | |
| mkdir -p ~/bin | |
| export PATH=$PATH:~/bin | |
| pip3 install openshift=='0.13.1' | |
| pip install ansible jmespath jinja2-time | |
| ansible-galaxy collection install -r platforms/shared/configuration/requirements.yaml | |
| # Set reset variable | |
| if [ "${{ github.event.inputs.action }}" == "reset" ]; then | |
| reset=true | |
| else | |
| reset=false | |
| fi | |
| # Deploy the BEVEL's BESU DLT platform | |
| ansible-playbook platforms/shared/configuration/site.yaml \ | |
| -i platforms/shared/inventory/ansible_provisioners \ | |
| -e @build/network-besu.yaml \ | |
| -e 'ansible_python_interpreter=/usr/bin/python3' -e "reset=$reset" |