-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4699854
commit 2c3f453
Showing
1 changed file
with
92 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,85 +1,145 @@ | ||
| # Documentation: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsuses | ||
| # TODO: 1. CHANGE THE NAME AND THE RUN NAME | ||
| name: integrity-checker_workflow | ||
| run-name: integrity-checker workflow | ||
|
|
||
| # Allow one concurrent deployment | ||
| concurrency: | ||
| # TODO: 2. CHANGE THE GROUP NAME | ||
| group: "integrity-checker" | ||
| cancel-in-progress: true | ||
|
|
||
| on: | ||
| push: | ||
| paths: | ||
| - .github/actions/build-and-push-docker-image-to-github/action.yml | ||
| - .github/actions/execute-command-on-kubernetes-cluster/action.yml | ||
| - .github/actions/test-python-app/action.yml | ||
| # TODO: 3. CHANGE THE WORKFLOW NAME | ||
| - .github/workflows/integrity-checker.yml | ||
| # TODO: 4. CHANGE THE PATH TO THE PYTHON APP | ||
| - services/integrity-checker/**/* | ||
| branches: | ||
| - main | ||
| - prod | ||
|
|
||
| pull_request: | ||
|
|
||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| run-workflow: | ||
| review: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Clone repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| test: | ||
| needs: review | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Clone repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Test Python app | ||
| uses: ./.github/actions/test-python-app | ||
| with: | ||
| python-app-path: . | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| release: | ||
| needs: test | ||
| runs-on: ubuntu-latest | ||
| # Only run on main | ||
| if: success() && github.ref == 'refs/heads/main' | ||
| steps: | ||
| - name: Clone repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Build and push Docker image to GitHub | ||
| id: build-and-push-docker-image-to-github | ||
| # Only run on main | ||
| if: github.ref == 'refs/heads/main' | ||
| uses: ./.github/actions/build-and-push-docker-image-to-github | ||
| with: | ||
| docker-registry-username: ${{ github.actor }} | ||
| docker-registry-password: ${{ secrets.GITHUB_TOKEN }} | ||
| # TODO: 7. CHANGE THE DOCKER IMAGE NAME | ||
| docker-image-name: ${{ github.repository }}-integrity-checker | ||
| # TODO: 8. CHANGE THE PATH TO THE DOCKER IMAGE CONTEXT | ||
| docker-image-context: . | ||
| outputs: | ||
| docker-image-tags: ${{ steps.build-and-push-docker-image-to-github.outputs.docker-image-tags }} | ||
|
|
||
| - name: Prepare configuration files with secrets from GitHub Secrets | ||
| # Only run on main | ||
| if: github.ref == 'refs/heads/main' | ||
| deploy-dev: | ||
| needs: release | ||
| runs-on: ubuntu-latest | ||
| # Only run on main | ||
| if: success() && github.ref == 'refs/heads/main' | ||
| steps: | ||
| - name: Clone repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Prepare configuration files | ||
| shell: bash | ||
| # TODO: 9. CHANGE THE PATH TO THE KUBERNETES CONFIGURATION FILES | ||
| working-directory: services/integrity-checker/kubernetes | ||
| working-directory: kubernetes | ||
| env: | ||
| ENVIRONMENT: production | ||
| LOG_LEVEL: info | ||
| # Engine URLs can be added as a list separated by a comma with escaped double quotes | ||
| ENGINE_URLS: "'[\"https://engine-csia-pme.kube.isc.heia-fr.ch\"]'" | ||
| # TODO: 10. CHANGE THE URL OF THE SAMPLE SERVICE | ||
| SERVICE_URL: https://integrity-checker-csia-pme.kube.isc.heia-fr.ch | ||
| # TODO: 11. CHANGE THE NAME OF THE CONFIGURATION FILES | ||
| run: | | ||
| # Set integrity-checker version | ||
| docker_image_tags=(${{ steps.build-and-push-docker-image-to-github.outputs.docker-image-tags }}) | ||
| docker_image_tags=(${{ needs.release.outputs.docker-image-tags }}) | ||
| docker_image_sha_tag="${docker_image_tags[1]}" | ||
| yq ".spec.template.spec.containers[0].image = \"$docker_image_sha_tag\"" integrity-checker.stateful.yml > new-integrity-checker.stateful.yml && mv new-integrity-checker.stateful.yml integrity-checker.stateful.yml | ||
| # Set integrity-checker configuration | ||
| # Set integrity-checker configuration (ConfigMap) | ||
| yq '.data = (.data | to_entries | map({"key": .key, "value": "${" + .key + "}"}) | from_entries)' integrity-checker.config-map.yml | envsubst > new-integrity-checker.config-map.yml && mv new-integrity-checker.config-map.yml integrity-checker.config-map.yml | ||
| # TODO: 12. CHANGE THE NAME OF THE ACTION | ||
| # Set integrity-checker configuration (Ingress) | ||
| yq ".spec.rules[0].host = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml | ||
| yq ".spec.tls[0].hosts[0] = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml | ||
| - name: Deploy integrity-checker on the Kubernetes cluster | ||
| # Only run on main | ||
| if: github.ref == 'refs/heads/main' | ||
| uses: ./.github/actions/execute-command-on-kubernetes-cluster | ||
| with: | ||
| kube-config: ${{ secrets.KUBE_CONFIG }} | ||
| kube-namespace: csia-pme-prod | ||
| # TODO: 13. CHANGE THE KUBERNETES CONTEXT | ||
| kube-config: ${{ secrets.KUBE_CONFIG_DEV }} | ||
| kube-namespace: csia-pme-dev | ||
| kubectl-context: ./kubernetes | ||
| # TODO: 14. CHANGE THE PATH TO THE KUBERNETES CONFIGURATION FILES | ||
| kubectl-args: | | ||
| apply \ | ||
| -f integrity-checker.config-map.yml \ | ||
| -f integrity-checker.stateful.yml \ | ||
| -f integrity-checker.service.yml \ | ||
| -f integrity-checker.ingress.yml | ||
| deploy-prod: | ||
| needs: release | ||
| runs-on: ubuntu-latest | ||
| # Only run on prod | ||
| if: success() && github.ref == 'refs/heads/prod' | ||
| steps: | ||
| - name: Clone repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Prepare configuration files | ||
| shell: bash | ||
| working-directory: kubernetes | ||
| env: | ||
| ENVIRONMENT: production | ||
| LOG_LEVEL: info | ||
| ENGINE_URLS: "'[\"https://engine-csia-pme.kube.isc.heia-fr.ch\"]'" | ||
| SERVICE_URL: https://integrity-checker-csia-pme.kube.isc.heia-fr.ch | ||
| run: | | ||
| # Set integrity-checker version | ||
| docker_image_tags=(${{ needs.release.outputs.docker-image-tags }}) | ||
| docker_image_sha_tag="${docker_image_tags[1]}" | ||
| yq ".spec.template.spec.containers[0].image = \"$docker_image_sha_tag\"" integrity-checker.stateful.yml > new-integrity-checker.stateful.yml && mv new-integrity-checker.stateful.yml integrity-checker.stateful.yml | ||
| # Set integrity-checker configuration (ConfigMap) | ||
| yq '.data = (.data | to_entries | map({"key": .key, "value": "${" + .key + "}"}) | from_entries)' integrity-checker.config-map.yml | envsubst > new-integrity-checker.config-map.yml && mv new-integrity-checker.config-map.yml integrity-checker.config-map.yml | ||
| # Set integrity-checker configuration (Ingress) | ||
| yq ".spec.rules[0].host = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml | ||
| yq ".spec.tls[0].hosts[0] = \"${SERVICE_URL#*://}\"" integrity-checker.ingress.yml > new-integrity-checker.ingress.yml && mv new-integrity-checker.ingress.yml integrity-checker.ingress.yml | ||
| - name: Deploy integrity-checker on the Kubernetes cluster | ||
| uses: ./.github/actions/execute-command-on-kubernetes-cluster | ||
| with: | ||
| kube-config: ${{ secrets.KUBE_CONFIG_PROD }} | ||
| kube-namespace: csia-pme-prod | ||
| kubectl-context: ./kubernetes | ||
| kubectl-args: | | ||
| apply \ | ||
| -f integrity-checker.config-map.yml \ | ||
| -f integrity-checker.stateful.yml \ | ||
| -f integrity-checker.service.yml \ | ||
| -f integrity-checker.ingress.yml |