-
Notifications
You must be signed in to change notification settings - Fork 0
167 lines (142 loc) · 6.67 KB
/
node_rocksbot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: Build rocksbot
on:
workflow_dispatch:
inputs:
environ:
description: "Where to deploy: (preview, production)?"
required: true
default: "preview"
jobs:
build_image:
name: Build rocksbot and Deploy
runs-on: ubuntu-18.04
steps:
- name: Set BRANCH
shell: bash
run: |
echo "BRANCH=$(echo ${GITHUB_REF##*/})" >> $GITHUB_ENV
echo "PROJECT_NAME=rocksbot" >> $GITHUB_ENV
- name: Cluster specific envs
shell: bash
run: |
echo "CLUSTER=prod_1" >> $GITHUB_ENV
echo "CLUSTER_LONG_NAME=prod_1-creators-hub" >> $GITHUB_ENV
echo "CD=1" >> $GITHUB_ENV
- name: Inputs
shell: bash
run: |
echo "ENV_NAME=${{ github.event.inputs.environ }}" >> $GITHUB_ENV
- name: Inputs validate
if: ${{ !contains(github.event.inputs.environ, 'preview') && !contains(github.event.inputs.environ, 'production')}}
shell: bash
run: |
exit 1
- name: Cluster specific envs
shell: bash
run: |
case $CLUSTER in
prod_1)
echo "DCR_HOST=245763787462.dkr.ecr.eu-central-1.amazonaws.com" >> $GITHUB_ENV
echo "DCR_PATH=rocksbot" >> $GITHUB_ENV
echo "TIMESTAMP=$(date +'%d-%m-%Y_%H-%M-%S')" >> $GITHUB_ENV
;;
esac
- name: Cluster specific AWS creds
shell: bash
run: |
echo "AWS_ACCESS_KEY_ID=${{ secrets[format('{0}_AWS_ACCESS_KEY_ID', env.CLUSTER)] }}" >> $GITHUB_ENV
echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('{0}_AWS_SECRET_ACCESS_KEY', env.CLUSTER)] }}" >> $GITHUB_ENV
echo "AWS_REGION=${{ secrets[format('{0}_AWS_REGION', env.CLUSTER)] }}" >> $GITHUB_ENV
echo "AWS_PROFILE=${{ secrets[format('{0}_AWS_PROFILE', env.CLUSTER)] }}" >> $GITHUB_ENV
echo "AWS_ACCOUNTID=${{ secrets[format('{0}_AWS_ACCOUNTID', env.CLUSTER)] }}" >> $GITHUB_ENV
echo "GITHUB_MESSAGE=$(git log -1 --pretty=format:'%s')" >> $GITHUB_ENV
- name: Create AWS & Kube Profile
run: |
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl
chmod +x kubectl
mv ./kubectl /usr/local/bin/kubectl
mkdir -p ~/.aws
cat << EoF >> ~/.aws/config
[${AWS_PROFILE}]
region = ${AWS_REGION}
EoF
cat << EoF >> ~/.aws/credentials
[${AWS_PROFILE}]
aws_access_key_id=${AWS_ACCESS_KEY_ID}
aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}
EoF
mkdir -p ~/.kube && echo "${{ secrets[format('{0}_KUBE_CONFIG_CONTENT', env.CLUSTER)] }}" | base64 -d > ~/.kube/config
chmod 600 ~/.kube/config
- name: Environment specific envs
shell: bash
run: |
mkdir -p ~/.${PROJECT_NAME}-${ENV_NAME}
aws --region ${{ env.AWS_REGION }} ssm get-parameter --name "/rocksbot/${{ env.ENV_NAME }}/secrets" --with-decryption --output text --query Parameter.Value > ~/.${PROJECT_NAME}-${ENV_NAME}/.rocksbot_secrets
- name: Get Project Params
run: |
mkdir -p ~/.$PROJECT_NAME
aws --region ${{ env.AWS_REGION }} ssm get-parameter --name "/rocksbot/${{ env.ENV_NAME }}/envs" --with-decryption --output text --query Parameter.Value > ~/.${PROJECT_NAME}-${ENV_NAME}/.rocksbot_envs
- name: Get Cluster Namespace Params
run: |
if [ ${{ env.ENV_NAME }} = "production" ] ; then echo "NAMESPACE=rocksbot-prod" >> $GITHUB_ENV; else echo "NAMESPACE=rocksbot-prev" >> $GITHUB_ENV; fi
if [ ${{ env.ENV_NAME }} = "production" ] ; then echo "NODE_ENV=production" >> $GITHUB_ENV; else echo "NODE_ENV=development" >> $GITHUB_ENV; fi
if [ ${{ env.ENV_NAME }} = "production" ] ; then echo "NODE_NPM=start" >> $GITHUB_ENV; else echo "NODE_NPM=dev" >> $GITHUB_ENV; fi
- name: Checkout Repo
uses: actions/checkout@v1
with:
path: ${{ env.PROJECT_NAME }}-${{ env.ENV_NAME }}
- name: Build Containers - Docker Compose
env:
DCR_HOST: ${{ env.DCR_HOST }}
DCR_PATH: ${{ env.DCR_PATH }}
BRANCH: ${{ env.BRANCH }}
AWS_PROFILE: ${{ env.AWS_PROFILE }}
AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ env.AWS_REGION }}
AWS_ACCOUNTID: ${{ env.AWS_ACCOUNTID }}
NODE_NPM: ${{ env.NODE_NPM }}
run: |
export DOCKER_BUILDKIT=0
echo deployment >> .dockerignore
envsubst < deployment/Dockerfile > deployment/Dockerfile-app
docker-compose -f deployment/docker-compose.yml up -d
docker-compose -f deployment/docker-compose.yml build
- name: Push base containers to DCR
id: push
run: |
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNTID.dkr.ecr.$AWS_REGION.amazonaws.com
docker-compose -f deployment/docker-compose.yml push
- name: Deploy (feature branch) 🚀
id: deploy
env:
ALB_HOSTNAME: ${{ env.PROJECT_DOMAIN }}
ALB_GROUP: ${{ env.ALB_GROUP }}
ALB_SUBNETS: ${{ env.ALB_SUBNETS }}
PROD_DATABASE_URL: ${{ env.PROD_DATABASE_URL }}
TIMESTAMP: ${{ env.TIMESTAMP }}
if: env.CD == 1
run: |
echo "create namespace"
kubectl create ns $NAMESPACE || true
echo "setting env variables"
envsubst < deployment/rocksbot.yaml > deployment/rocksbot.yml
mv -f deployment/rocksbot.yml deployment/rocksbot.yaml
echo "app configmap"
cp ~/.${PROJECT_NAME}-${ENV_NAME}/.rocksbot_envs .rocksbot_envs
kubectl create configmap rocksbot-envs-${ENV_NAME} --from-env-file=.rocksbot_envs -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "app secrets"
cp ~/.${PROJECT_NAME}-${ENV_NAME}/.rocksbot_secrets .rocksbot_secret
kubectl create secret generic rocksbot-secrets-${ENV_NAME} --from-env-file=.rocksbot_secret -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "app deployment"
cat deployment/rocksbot.yaml | kubectl delete -f - || true
cat deployment/rocksbot.yaml | kubectl apply -f -
- name: Cleanup
if: always()
run: |
rm -f .env_secret
rm -f ~/.aws/config
rm -f ~/.aws/credentials
rm -f ~/.kube/config
docker-compose -f deployment/docker-compose.yml down --remove-orphans
rm -fr ~/.${PROJECT_NAME}-${ENV_NAME}