Skip to content

Release to Production #221

Release to Production

Release to Production #221

Workflow file for this run

name: Build and Deploy to Production
on:
workflow_dispatch:
inputs:
pktvisor_tag:
description: 'pktvisor agent docker tag to package'
required: true
pull_request:
branches: [ production ]
push:
branches: [ production ]
jobs:
prebuild:
runs-on: ubuntu-latest
outputs:
agent: ${{ steps.filter.outputs.agent }}
orb: ${{ steps.filter.outputs.orb }}
ui: ${{ steps.filter.outputs.ui }}
VERSION: ${{ env.VERSION }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
agent:
- 'agent/**'
- 'cmd/agent/**'
orb:
- 'fleet/**'
- 'cmd/fleet/**'
- 'policies/**'
- 'cmd/policies/**'
- 'sinks/**'
- 'cmd/sinks/**'
- 'sinker/**'
- 'cmd/sinker/**'
- 'maestro/**'
- 'cmd/maestro/**'
ui:
- 'ui/**'
- name: Set branch name
shell: bash
run: |
echo "BRANCH_NAME=production" >> $GITHUB_ENV
- name: Generate ref tag (production)
run: |
echo "REF_TAG=production" >> $GITHUB_ENV
- name: Append suffix on VERSION file for production build
run: |
echo "`cat ${{github.workspace}}/VERSION`-${{ env.REF_TAG }}" > VERSION
- name: Get VERSION
run: |
echo "VERSION=`cat ${{github.workspace}}/VERSION`" >> $GITHUB_ENV
- name: Debug VERSION
run: echo ${{ env.VERSION }}
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
test-agent:
runs-on: ubuntu-latest
needs: prebuild
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Go unit tests
if: ${{ needs.prebuild.outputs.agent == 'true' }}
run: SERVICE=agent make test_service
test-fleet:
runs-on: ubuntu-latest
needs: prebuild
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Go unit tests
run: |
if [ "${{ needs.prebuild.outputs.orb }}" == "true" ]; then
SERVICE=fleet make test_service
fi
test-policies:
runs-on: ubuntu-latest
needs: prebuild
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Go unit tests
if: ${{ needs.prebuild.outputs.orb == 'true' }}
run: SERVICE=policies make test_service
test-sinks:
runs-on: ubuntu-latest
needs: prebuild
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Go unit tests
if: ${{ needs.prebuild.outputs.orb == 'true' }}
run: SERVICE=sinks make test_service
test-sinker:
runs-on: ubuntu-latest
needs: prebuild
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Go unit tests
if: ${{ needs.prebuild.outputs.orb == 'true' }}
run: SERVICE=sinker make test_service
test-maestro:
runs-on: ubuntu-latest
needs: prebuild
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Go unit tests
run: |
if [ "${{ needs.prebuild.outputs.orb }}" == "true" ]; then
SERVICE=maestro make test_service
fi
package-agent:
# This is just for debug agent
needs:
- prebuild
- test-agent
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Replace crashpad and geo-db params
run: |
ESCAPED_REPLACE_LINE1_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--cp-token\", \"${{ secrets.CRASHPAD_TOKEN }}\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE2_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--cp-url\", \"${{ secrets.CRASHPAD_URL }}\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE3_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--cp-path\", \"/usr/local/sbin/crashpad_handler\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE4_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--default-geo-city\", \"/geo-db/city.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE5_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--default-geo-asn\", \"/geo-db/asn.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE6_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--default-service-registry\", \"/iana/custom-iana.csv\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE1_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--cp-token\", PKTVISOR_CP_TOKEN)" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE2_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--cp-url\", PKTVISOR_CP_URL)" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE3_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--cp-path\", PKTVISOR_CP_PATH)" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE4_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--default-geo-city\", \"/geo-db/city.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE5_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--default-geo-asn\", \"/geo-db/asn.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE6_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--default-service-registry\", \"/iana/custom-iana.csv\")" | sed -e 's/[\/&]/\\&/g')
sed -i -e "s/$ESCAPED_REPLACE_LINE1_OLD/$ESCAPED_REPLACE_LINE1_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE2_OLD/$ESCAPED_REPLACE_LINE2_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE3_OLD/$ESCAPED_REPLACE_LINE3_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE4_OLD/$ESCAPED_REPLACE_LINE4_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE5_OLD/$ESCAPED_REPLACE_LINE5_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE6_OLD/$ESCAPED_REPLACE_LINE6_NEW/g" agent/backend/pktvisor/pktvisor.go
- name: Build orb-agent
shell: bash
env:
IMAGE_NAME: orbcommunity/orb-agent
run: |
if [ "${{ github.event.inputs.pktvisor_tag }}" == "" ]; then
make agent_production
make agent_debug_production
else
PKTVISOR_TAG=${{ github.event.inputs.pktvisor_tag }} make agent_production
PKTVISOR_TAG=${{ github.event.inputs.pktvisor_tag }} make agent_debug_production
fi
- name: Login to Docker Hub orbcommunity
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push agent container orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-agent
- name: Login to Docker Hub orbcommunity
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push agent container orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-agent
package-fleet:
needs:
- prebuild
- test-fleet
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Build service containers
run: SERVICE=fleet make build_docker
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push service containers orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-fleet
package-policies:
needs:
- prebuild
- test-policies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Build service containers
run: SERVICE=policies make build_docker
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push service containers orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-policies
package-sinker:
needs:
- prebuild
- test-sinker
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Build service containers
run: SERVICE=sinker make build_docker
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push service containers orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-sinker
package-sinks:
needs:
- prebuild
- test-sinks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Build service containers
run: SERVICE=sinks make build_docker
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push service containers orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-sinks
package-maestro:
needs:
- prebuild
- test-maestro
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Build service containers
run: SERVICE=maestro make build_docker
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push service containers orbcommunity
if: github.event_name != 'pull_request'
run: docker push -a orbcommunity/orb-maestro
package-ui-dependencies:
needs:
- prebuild
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
yarn:
ui/package.json
- name: Build orb yarn image
if: ${{ steps.filter.outputs.yarn == 'true' }}
run: |
make ui-modules
- name: Login to Docker Hub orbcommunity
if: ${{ steps.filter.outputs.yarn == 'true' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push ui image orbcommunity
if: ${{ steps.filter.outputs.yarn == 'true' }}
run: |
docker push -a orbcommunity/orb-ui-modules
package-ui:
needs:
- prebuild
- package-ui-dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Build orb-ui
env:
IMAGE_NAME: orbcommunity/orb-ui
run: |
make ui
- name: Commit orb-ui-live on orb-live repo production
run: |
git config --global user.email "${{secrets.GH_ORB_EMAIL}}"
git config --global user.name "${{secrets.GH_ORB_USER}}"
git config --global credential.helper cache
git clone -b main https://${{secrets.GH_ORB_USER}}:${{secrets.GH_ORB_ACCESS_TOKEN}}@${{ secrets.ORB_UI_REPO_URL }}
cd orb-live
rm -rf ui
git add .
git commit -m "[NS1 Orb Bot] clean ui folder"
cp -rf ../ui .
cp -rf ../VERSION .
echo "${{ steps.commit_hash.outputs.sha_short }}" > COMMIT_HASH
git add .
git commit -m "[NS1 Orb Bot] Update Orb Live UI for production"
git push origin main
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Push ui container orbcommunity
if: github.event_name != 'pull_request'
run: |
docker push -a orbcommunity/orb-ui
publish-orb-live-prd:
needs:
- prebuild
- package-fleet
- package-policies
- package-sinker
- package-sinks
- package-ui
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Debug values
run: |
echo ${{ needs.prebuild.outputs.VERSION }}
echo ${{ github.event.inputs.pktvisor_tag }}
env:
VERSION: ${{ needs.prebuild.env.VERSION }}
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
echo ${{ needs.prebuild.outputs.VERSION }} > VERSION
- name: Commit image tag on orb-live-manifest environment prod and ns1 environments
run: |
git config --global user.email "${{secrets.GH_ORB_EMAIL}}"
git config --global user.name "${{secrets.GH_ORB_USER}}"
git config --global credential.helper cache
git clone https://${{secrets.GH_ORB_USER}}:${{secrets.GH_ORB_ACCESS_TOKEN}}@${{ secrets.ORB_MANIFEST_REPO_URL }}
# Commit prd folder
cd orb-live-manifest/prod
mv values.yaml .template/values.old
cat .template/values.yaml.tpl >> values.yaml
sed -i -e "s/IMAGE_TAG/${{ needs.prebuild.outputs.VERSION }}-${{ steps.commit_hash.outputs.sha_short }}/g" values.yaml
git add values.yaml
git add .template/values.old
git commit -m "[NS1 Orb Bot] Update image tag on prod environment"
# Commit ns1 folder
cd ../ns1
mv values.yaml .template/values.old
cat .template/values.yaml.tpl >> values.yaml
sed -i -e "s/IMAGE_TAG/${{ needs.prebuild.outputs.VERSION }}-${{ steps.commit_hash.outputs.sha_short }}/g" values.yaml
git add values.yaml
git add .template/values.old
git commit -m "[NS1 Orb Bot] Update image tag on ns1 environment"
#commit on repo
git push origin main
post-slack-message:
needs: publish-orb-live-prd
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Generating changelog and post it in slack channel
uses: ./.github/actions/slack-post
with:
branch: production
header: ":first_place_medal: :orb: *Deployed new features in orb.live* :orb: :rocket: :tada:"
github_repo: orb-community/orb
slack_channel: C041B9204CF # orb netdev slack channel ID
slack_api_token: ${{ secrets.SLACK_APP_TOKEN }}
buildx:
needs: publish-orb-live-prd
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Set branch name
shell: bash
run: |
echo "BRANCH_NAME=production" >> $GITHUB_ENV
- name: Generate ref tag (production)
run: |
echo "REF_TAG=production" >> $GITHUB_ENV
- name: Get VERSION
run: |
echo "VERSION=`cat ${{github.workspace}}/VERSION`" >> $GITHUB_ENV
- name: Debug VERSION
run: echo ${{ env.VERSION }}
- name: Get short commit hash to a variable
id: commit_hash
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub orbcommunity
uses: docker/login-action@v3
with:
username: ${{ secrets.ORB_DOCKERHUB_USERNAME }}
password: ${{ secrets.ORB_DOCKERHUB_TOKEN }}
- name: Replace crashpad and geo-db params
run: |
ESCAPED_REPLACE_LINE1_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--cp-token\", \"${{ secrets.CRASHPAD_TOKEN }}\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE2_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--cp-url\", \"${{ secrets.CRASHPAD_URL }}\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE3_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--cp-path\", \"/usr/local/sbin/crashpad_handler\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE4_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--default-geo-city\", \"/geo-db/city.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE5_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--default-geo-asn\", \"/geo-db/asn.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE6_NEW=$(printf '%s\n' "pvOptions = append(pvOptions, \"--default-service-registry\", \"/iana/custom-iana.csv\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE1_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--cp-token\", PKTVISOR_CP_TOKEN)" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE2_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--cp-url\", PKTVISOR_CP_URL)" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE3_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--cp-path\", PKTVISOR_CP_PATH)" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE4_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--default-geo-city\", \"/geo-db/city.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE5_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--default-geo-asn\", \"/geo-db/asn.mmdb\")" | sed -e 's/[\/&]/\\&/g')
ESCAPED_REPLACE_LINE6_OLD=$(printf '%s\n' "// pvOptions = append(pvOptions, \"--default-service-registry\", \"/iana/custom-iana.csv\")" | sed -e 's/[\/&]/\\&/g')
sed -i -e "s/$ESCAPED_REPLACE_LINE1_OLD/$ESCAPED_REPLACE_LINE1_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE2_OLD/$ESCAPED_REPLACE_LINE2_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE3_OLD/$ESCAPED_REPLACE_LINE3_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE4_OLD/$ESCAPED_REPLACE_LINE4_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE5_OLD/$ESCAPED_REPLACE_LINE5_NEW/g" agent/backend/pktvisor/pktvisor.go
sed -i -e "s/$ESCAPED_REPLACE_LINE6_OLD/$ESCAPED_REPLACE_LINE6_NEW/g" agent/backend/pktvisor/pktvisor.go
- name: Build + push - agent (multi-arch)
env:
IMAGE_NAME: orbcommunity/orb-agent:latest
IMAGE_NAME_2: orbcommunity/orb-agent:${{ env.VERSION }}-${{ steps.commit_hash.outputs.sha_short }}
uses: docker/build-push-action@v5
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./agent/docker/Dockerfile
platforms: linux/amd64, linux/arm64
push: true
tags: ${{ env.IMAGE_NAME }} , ${{ env.IMAGE_NAME_2 }}
build-args: |
PKTVISOR_TAG=latest