-
Notifications
You must be signed in to change notification settings - Fork 0
136 lines (118 loc) · 5.21 KB
/
trigger-patch-sync.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Trigger-Patch-Sync
on:
workflow_dispatch: #temp added for manual testing.
push:
branches:
- main
paths:
- 'apps/**'
- 'bootstrap/**'
- 'core/**'
permissions:
contents: read
jobs:
gather-apps:
name: Gather Modified Apps
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix-apps.outputs.matrix }}
steps:
- uses: actions/checkout@v3
id: checkoutrepo
with:
fetch-depth: 0
- name: Find Modified Apps
id: find-apps
run: |
#obtain the modified folders, this will include a percentage representing the percent of change of the merge that the folder represented.
folders=$(git diff --dirstat=files,0 HEAD~1 HEAD)
#stage apps and coreapps
apps=()
coreapps=()
#parse and fill based on apps or core folder paths changes.
for f in $folders; do
if [[ $f =~ ^apps/.*$ ]]; then
#sed here looks for the 3rd in the path. apps/folder1/folder2, meaning folder2 (representing the app name) is used.
#combine folder paths if needed to form corrected env specific targets.
apps[${#apps[@]}]=$(echo "$f" | sed -n 's/^.*apps\/[^\/]*\/\([^\/]*\).*/\1/p')
elif [[ $f =~ ^core/.*$ ]]; then
#sed here looks for the second in the path. core/folder1/folder2, meaning folder1 (representing the app name) is used.
#combine folder paths if needed to form corrected env specific targets.
coreapps[${#coreapps[@]}]=$(echo "$f" | sed -n 's/^.*core\/\([^\/]*\).*/\1/p')
fi
done
#combine and get unique list of apps
appsjsonString="$(jq -c -n '$ARGS.positional' --args -- "${apps[@]}" "${coreapps[@]}" | jq --compact-output --null-input '[ inputs[]] | unique')"
#if appjsonstring is empty, do not echo out and return 0.
if [ "$(echo $appsjsonString | jq 'length')" != "0" ]; then
echo "apps=$appsjsonString" >> $GITHUB_OUTPUT
else
echo "No Gathered Apps"
exit 1
fi
- name: Setup Matrix Output For Apps
shell: bash
id: set-matrix-apps
if: steps.find-apps.outcome == 'success'
run: |
echo "matrix={\"uniqueapps\":${{toJSON(steps.find-apps.outputs.apps)}}}" >> $GITHUB_OUTPUT
matrix-sync-apps:
name: "Sync App - ${{matrix.uniqueapps}} - ${{ github.sha }}"
environment: prod
runs-on: ubuntu-latest
needs: gather-apps
strategy:
matrix: ${{fromJSON(needs.gather-apps.outputs.matrix)}}
#max-parallel: 5
steps:
- name: Configure 1Password Service Account
uses: 1password/load-secrets-action/configure@v1
id: op-configure
with:
service-account-token: ${{ secrets.OP_SERVICE_SECRET }}
- name: Load 1Password Secrets
uses: 1password/load-secrets-action@v1
id: op-load-secrets
with:
export-env: true
env:
CF_ID: op://githubactions/cloudflare-zerotrust-github-hhouse-apps/CF-Access-Client-Id
CF_SECRET: op://githubactions/cloudflare-zerotrust-github-hhouse-apps/CF-Access-Client-Secret
ARGOCD_AUTH_TOKEN: op://githubactions/argocd-githubuser-token/password
- name: Install ArgoCD CLI
id: install-argocdcli
env:
ARGOCD_SERVER: ${{ vars.ARGOCD_SERVER }}
run: |
curl -sSL -H "CF-Access-Client-Id:${{ env.CF_ID }}" -H "CF-Access-Client-Secret:${{ env.CF_SECRET }}" -H "Authorization: Bearer ${{ env.ARGOCD_AUTH_TOKEN }}" -o /usr/local/bin/argocd https://${{ env.ARGOCD_SERVER }}/download/argocd-linux-amd64
chmod +x /usr/local/bin/argocd
argocd version --client
- name: Set App Target Revision
shell: bash
id: argo-set-revision
if: ${{ !env.ACT }}
env:
ARGOCD_SERVER: ${{ vars.ARGOCD_SERVER }}
run: |
echo "Setting app: ${{matrix.uniqueapps}} to target revision: ${{ github.sha }}"
#patch app to target revision
argocd -H "CF-Access-Client-Id:${{ env.CF_ID }}" -H "CF-Access-Client-Secret:${{ env.CF_SECRET }}" --grpc-web app patch ${{matrix.uniqueapps}} --patch '[{"op": "replace", "path": "/spec/source/targetRevision", "value": "${{ github.sha }}"}]'
- name: Sync App
shell: bash
id: argo-sync-app
if: ${{ !env.ACT }}
env:
ARGOCD_SERVER: ${{ vars.ARGOCD_SERVER }}
run: |
echo "Performing Sync for ${{matrix.uniqueapps}}"
#perform sync of app
argocd -H "CF-Access-Client-Id:${{ env.CF_ID }}" -H "CF-Access-Client-Secret:${{ env.CF_SECRET }}" --grpc-web app sync ${{matrix.uniqueapps}} --assumeYes --server-side --async
- name: Check App Is Healthy
shell: bash
id: argo-wait-app-health
if: ${{ !env.ACT }}
env:
ARGOCD_SERVER: ${{ vars.ARGOCD_SERVER }}
run: |
echo "Waiting for app ${{matrix.uniqueapps}} to go health."
argocd -H "CF-Access-Client-Id:${{ env.CF_ID }}" -H "CF-Access-Client-Secret:${{ env.CF_SECRET }}" --grpc-web app wait ${{matrix.uniqueapps}} --health --timeout 120