-
Notifications
You must be signed in to change notification settings - Fork 0
148 lines (129 loc) · 6.16 KB
/
integrity-checker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Documentation: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsuses
name: integrity-checker_workflow
run-name: integrity-checker workflow
# Allow one concurrent deployment
concurrency:
group: "integrity-checker"
cancel-in-progress: true
on:
push:
branches:
- main
- prod
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
review:
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Lint Python app
uses: ./.github/actions/lint-python-app
with:
python-app-path: .
test:
needs: review
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Test Python app
uses: ./.github/actions/test-python-app
with:
python-app-path: .
token: ${{ secrets.GITHUB_TOKEN }}
release:
needs: test
runs-on: ubuntu-latest
# Only run on main
if: success() && github.ref == 'refs/heads/main'
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Build and push Docker image to GitHub
id: build-and-push-docker-image-to-github
uses: ./.github/actions/build-and-push-docker-image-to-github
with:
docker-registry-username: ${{ github.actor }}
docker-registry-password: ${{ secrets.GITHUB_TOKEN }}
docker-image-name: swiss-ai-center/integrity-checker
docker-image-context: .
outputs:
docker-image-tags: ${{ steps.build-and-push-docker-image-to-github.outputs.docker-image-tags }}
deploy-dev:
needs: release
runs-on: ubuntu-latest
# Only run on main
if: success() && github.ref == 'refs/heads/main'
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Prepare configuration files
shell: bash
working-directory: ./kubernetes
env:
ENVIRONMENT: production
LOG_LEVEL: info
ENGINE_URLS: "'[\"https://backend-core-engine-swiss-ai-center.kube.isc.heia-fr.ch\"]'"
SERVICE_URL: https://integrity-checker-swiss-ai-center.kube.isc.heia-fr.ch
run: |
# Set integrity-checker version
docker_image_tags=(${{ needs.release.outputs.docker-image-tags }})
docker_image_sha_tag="${docker_image_tags[1]}"
yq ".spec.template.spec.containers[0].image = \"$docker_image_sha_tag\"" integrity-checker.stateful.yml > new-integrity-checker.stateful.yml && mv new-integrity-checker.stateful.yml integrity-checker.stateful.yml
# Set integrity-checker configuration (ConfigMap)
yq '.data = (.data | to_entries | map({"key": .key, "value": "${" + .key + "}"}) | from_entries)' integrity-checker.config-map.yml | envsubst > new-integrity-checker.config-map.yml && mv new-integrity-checker.config-map.yml integrity-checker.config-map.yml
# Set integrity-checker configuration (Ingress)
yq ".spec.rules[0].host = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml
yq ".spec.tls[0].hosts[0] = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml
- name: Deploy integrity-checker on the Kubernetes cluster
uses: ./.github/actions/execute-command-on-kubernetes-cluster
with:
kube-config: ${{ secrets.KUBE_CONFIG_DEV }}
kube-namespace: swiss-ai-center-dev
kubectl-context: ./kubernetes
kubectl-args: |
apply \
-f integrity-checker.config-map.yml \
-f integrity-checker.stateful.yml \
-f integrity-checker.service.yml \
-f integrity-checker.ingress.yml
deploy-prod:
needs: release
runs-on: ubuntu-latest
# Only run on prod
if: success() && github.ref == 'refs/heads/prod'
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Prepare configuration files
shell: bash
working-directory: ./kubernetes
env:
ENVIRONMENT: production
LOG_LEVEL: info
ENGINE_URLS: "'[\"https://backend-core-engine-swiss-ai-center.kube.isc.heia-fr.ch\"]'"
SERVICE_URL: https://integrity-checker-swiss-ai-center.kube.isc.heia-fr.ch
run: |
# Set integrity-checker version
docker_image_tags=(${{ needs.release.outputs.docker-image-tags }})
docker_image_sha_tag="${docker_image_tags[1]}"
yq ".spec.template.spec.containers[0].image = \"$docker_image_sha_tag\"" integrity-checker.stateful.yml > new-integrity-checker.stateful.yml && mv new-integrity-checker.stateful.yml integrity-checker.stateful.yml
# Set integrity-checker configuration (ConfigMap)
yq '.data = (.data | to_entries | map({"key": .key, "value": "${" + .key + "}"}) | from_entries)' integrity-checker.config-map.yml | envsubst > new-integrity-checker.config-map.yml && mv new-integrity-checker.config-map.yml integrity-checker.config-map.yml
# Set integrity-checker configuration (Ingress)
yq ".spec.rules[0].host = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml
yq ".spec.tls[0].hosts[0] = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml
- name: Deploy integrity-checker on the Kubernetes cluster
uses: ./.github/actions/execute-command-on-kubernetes-cluster
with:
kube-config: ${{ secrets.KUBE_CONFIG_PROD }}
kube-namespace: swiss-ai-center-prod
kubectl-context: ./kubernetes
kubectl-args: |
apply \
-f integrity-checker.config-map.yml \
-f integrity-checker.stateful.yml \
-f integrity-checker.service.yml \
-f integrity-checker.ingress.yml