-
Notifications
You must be signed in to change notification settings - Fork 18
139 lines (117 loc) · 4.86 KB
/
qa-ec2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: qa
concurrency:
group: qa
on:
workflow_dispatch:
inputs:
run_option:
description: 'Deployment option (default or containerized)'
required: false
default: 'default'
jobs:
deploy-ec2-default:
name: deploy-ec2-e2e
if: ${{ github.event.inputs.run_option == 'default' }}
runs-on: ubuntu-latest
timeout-minutes: 120
env:
AWS_REGION: "us-east-1"
AWS_ACCESS_KEY_ID: ${{ secrets.QA_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.QA_AWS_SECRET_ACCESS_KEY }}
ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
QA_GITHUB_TOKEN: ${{ secrets.QA_GITHUB_TOKEN }}
ANSIBLE_PRIVATE_KEY_FILE: ~/.ssh/id_rsa
ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_CONFIG: '${{ github.workspace }}/deploy/ansible/ansible.cfg'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Ansible and Dependencies
run: pip install boto boto3 ansible-vault ansible
- name: Add .local/bin to PATH
run: echo "${HOME}/.local/bin" >> "$GITHUB_PATH"
- name: Install amazon.aws Ansible library
run: ansible-galaxy collection install amazon.aws
- name: SSH key setup
run: |
mkdir ~/.ssh/
echo "${{ secrets.QA_ANSIBLE_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 0400 ~/.ssh/id_rsa
- name: Run Playbook to initialize the EC2 instance
run: |
ansible-playbook -i deploy/ansible/inventory.txt \
deploy/ansible/deploy-ec2.yml
- name: Deploy the worker script
run: |
echo "${ANSIBLE_VAULT_PASSWORD}" > ansible_vault_password_file
ansible-playbook -i deploy/ansible/inventory.txt \
--vault-password-file ansible_vault_password_file \
deploy/ansible/qa/prod/deploy-worker-script.yml
- name: Terminate EC2 Instances
if: always()
run: |
ansible-playbook deploy/ansible/qa/qa-terminate/terminate-qa.yml
deploy-ec2-containerized:
name: deploy-ec2-e2e-containers
if: ${{ github.event.inputs.run_option == 'containerized' }}
runs-on: ubuntu-latest
timeout-minutes: 120
env:
AWS_REGION: "us-east-1"
AWS_ACCESS_KEY_ID: ${{ secrets.QA_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.QA_AWS_SECRET_ACCESS_KEY }}
ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
QA_GITHUB_TOKEN: ${{ secrets.QA_GITHUB_TOKEN }}
ANSIBLE_PRIVATE_KEY_FILE: ~/.ssh/id_rsa
ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_CONFIG: '${{ github.workspace }}/deploy/ansible/ansible.cfg'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Ansible and Dependencies
run: pip install boto boto3 ansible-vault ansible
- name: Add .local/bin to PATH
run: echo "${HOME}/.local/bin" >> "$GITHUB_PATH"
- name: Install amazon.aws Ansible library
run: ansible-galaxy collection install amazon.aws
- name: SSH key setup
run: |
mkdir ~/.ssh/
echo "${{ secrets.QA_ANSIBLE_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 0400 ~/.ssh/id_rsa
- name: Run Playbook to initialize the EC2 instance
run: |
ansible-playbook -i deploy/ansible/inventory.txt \
deploy/ansible/deploy-ec2.yml
- name: Run Playbook to install worker node prerequisites
run: |
ansible-galaxy install -r deploy/ansible/requirements.yml
ANSIBLE_SSH_TIMEOUT=40 ANSIBLE_BECOME_TIMEOUT=60 ansible-playbook \
-i deploy/ansible/inventory.txt \
deploy/ansible/qa/qa-worker-prereqs/qa-worker-prereqs.yml
- name: Build and deploy the worker image
run: |
echo "${ANSIBLE_VAULT_PASSWORD}" > ansible_vault_password_file
ansible-playbook -i deploy/ansible/inventory.txt \
-e "qa_github_token=${QA_GITHUB_TOKEN}" \
--vault-password-file ansible_vault_password_file \
deploy/ansible/qa/qa-build-worker/build-worker-img.yml
# - name: Deploy the bot container
# run: |
# echo "${ANSIBLE_VAULT_PASSWORD}" > ansible_vault_password_file
# ansible-playbook -i deploy/ansible/inventory.txt -e @secrets.enc \
# --vault-password-file ansible_vault_password_file \
# -e "github_token=${BOT_GITHUB_TOKEN}" deploy/ansible/deploy-bot.yml
# rm -f ansible_vault_password_file
- name: Terminate EC2 Instances
if: always()
run: |
ansible-playbook deploy/ansible/qa/qa-terminate/terminate-qa.yml