ready_to_deploy #880
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Dev | |
on: | |
repository_dispatch: | |
# Using a repository_dispatch event to pass information like the exact Git SHA. | |
# Otherwise, if few other changes were pushed before this workflow start, we may not | |
# deploy the right changes. Worse, this job might not pass if the artifacts were not | |
# pushed yet. | |
types: [ready_to_deploy] | |
jobs: | |
deploy_to_dev_environment: | |
# Deploy if commit on main or to -dev major version | |
# main => latest dev | |
# x.y.z-dev => version x dev | |
if: | | |
(github.event.client_payload.gh_ref == 'refs/heads/main') || | |
((contains(github.event.client_payload.gh_ref, 'refs/tags')) && | |
((!contains(github.event.client_payload.gh_ref, '-')) || | |
(contains(github.event.client_payload.gh_ref, '-dev')))) | |
runs-on: ubuntu-latest | |
concurrency: | |
group: continuous-deployment_dev-environment | |
cancel-in-progress: false | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.client_payload.gh_sha }} | |
- name: Set up Helm | |
uses: azure/setup-helm@v4 | |
with: | |
version: v3.6.0 | |
- name: Retrieve branch or tag name | |
id: refvar | |
env: | |
GH_REF: ${{ github.event.client_payload.gh_ref }} | |
run: echo "gitRefName=${GH_REF#refs/*/}" >> $GITHUB_OUTPUT | |
- name: Compute API version | |
id: apiVersionVar | |
shell: bash | |
run: | | |
export gitRefName="${{ steps.refvar.outputs.gitRefName }}" | |
if [[ "$gitRefName" == "main" ]]; then | |
export apiVersion=latest | |
echo "apiVersion=${apiVersion}" >> $GITHUB_OUTPUT | |
export apiScriptVersion=${apiVersion} | |
echo "apiScriptVersion=${apiScriptVersion}" >> $GITHUB_OUTPUT | |
else | |
# Cut MAJOR.MINOR from tag | |
export tagFirstPart=$(echo "${{ steps.refvar.outputs.gitRefName }}" | cut -d '.' -f1,2) | |
if [[ $tagFirstPart == "v*" ]]; then | |
export apiScriptVersion=${tagFirstPart} | |
else | |
export apiScriptVersion=v${tagFirstPart} | |
fi | |
echo "apiScriptVersion=${apiScriptVersion}" >> $GITHUB_OUTPUT | |
export apiVersion=${apiScriptVersion//./-} | |
if [[ "$gitRefName" == *"-dev"* ]]; then | |
export apiVersion=${apiScriptVersion//./-}-dev | |
fi | |
echo "apiVersion=${apiVersion}" >> $GITHUB_OUTPUT | |
fi | |
- name: Prepare values.yaml | |
env: | |
VALUES_YAML: "${{ secrets.DEV_ENV_VALUES_YAML_062024_2 }}" | |
run: | | |
echo "${VALUES_YAML}" > /tmp/values_for_environment.yaml | |
- name: Prepare values.yaml with build information | |
env: | |
GH_ACTOR: ${{ github.event.client_payload.gh_actor }} | |
GH_REF: ${{ github.event.client_payload.gh_ref }} | |
GH_SHA: ${{ github.event.client_payload.gh_sha }} | |
run: | | |
export deployDateTime=$(date) | |
export deployTimestamp=$(date +%s) | |
export gitShaShort=$(git rev-parse --short HEAD) | |
cat <<EOF > /tmp/values_for_environment_with_build_info.yaml | |
podAnnotations: | |
"com.cosmotech/deployed-by": "${GH_ACTOR}" | |
"com.cosmotech/deployed-at": "${deployDateTime}" | |
"com.cosmotech/deployed-at-timestamp": "${deployTimestamp}" | |
"com.cosmotech/commit-id": "${GH_SHA}" | |
"com.cosmotech/vcs-ref": "${GH_REF}" | |
"com.cosmotech/vcs-url": "https://github.com/Cosmo-Tech/cosmotech-api.git" | |
"com.cosmotech/run-id": "${GITHUB_RUN_ID}" | |
"com.cosmotech/run-number": "${GITHUB_RUN_NUMBER}" | |
"com.cosmotech/job-id": "${GITHUB_JOB}" | |
config: | |
csm: | |
platform: | |
commit-id: "${gitShaShort}" | |
vcs-ref: "${{ steps.refvar.outputs.gitRefName }}" | |
EOF | |
- uses: Azure/login@v2 | |
with: | |
# Secret created with: az ad sp create-for-rbac -n "github-actions" --sdk-auth | |
creds: '${{ secrets.AZURE_CREDENTIALS }}' | |
- uses: Azure/aks-set-context@v4 | |
with: | |
cluster-name: ${{ secrets.DEV_ENV_CLUSTER_NAME }} | |
resource-group: ${{ secrets.DEV_ENV_CLUSTER_RESOURCE_GROUP }} | |
- name: Deploy | |
env: | |
GH_SHA: ${{ github.event.client_payload.gh_sha }} | |
NAMESPACE: phoenix | |
ARGO_MINIO_ACCESS_KEY: ${{ secrets.DEV_ENV_ARGO_MINIO_ACCESS_KEY }} | |
ARGO_MINIO_SECRET_KEY: ${{ secrets.DEV_ENV_ARGO_MINIO_SECRET_KEY }} | |
ARGO_POSTGRESQL_PASSSORD: ${{ secrets.DEV_ENV_ARGO_POSTGRESQL_PASSSORD }} | |
DEPLOY_PROMETHEUS_STACK: 'false' | |
NGINX_INGRESS_CONTROLLER_ENABLED: 'true' | |
NGINX_INGRESS_CONTROLLER_LOADBALANCER_IP: ${{ secrets.DEV_ENV_NGINX_INGRESS_CONTROLLER_LOADBALANCER_IP }} | |
CERT_MANAGER_USE_ACME_PROD: 'true' | |
TLS_CERTIFICATE_TYPE: let_s_encrypt | |
COSMOTECH_API_DNS_NAME: ${{ secrets.DEV_ENV_COSMOTECH_API_DNS_NAME }} | |
TLS_CERTIFICATE_LET_S_ENCRYPT_CONTACT_EMAIL: ${{ secrets.DEV_ENV_TLS_CERTIFICATE_LET_S_ENCRYPT_CONTACT_EMAIL }} | |
REDIS_DISK_SIZE: 128 | |
REDIS_DISK_RESOURCE: "/subscriptions/a24b131f-bd0b-42e8-872a-bded9b91ab74/resourceGroups/phoenixdev/providers/Microsoft.Compute/disks/cosmotech-database-disk" | |
REDIS_RESOURCES_LIMITS_MEMORY: 8Gi | |
REDIS_RESOURCES_REQUESTS_MEMORY: 8Gi | |
REDIS_RESOURCES_LIMITS_CPU: 2000m | |
REDIS_RESOURCES_REQUESTS_CPU: 1000m | |
run: | | |
curl -o- -sSL https://raw.githubusercontent.com/Cosmo-Tech/azure-platform-deployment-tools/main/deployment_scripts/${{ steps.apiVersionVar.outputs.apiScriptVersion }}/deploy_via_helm.sh | bash -s -- \ | |
"${GH_SHA}" \ | |
"${NAMESPACE}" \ | |
"${ARGO_POSTGRESQL_PASSSORD}" \ | |
"${{ steps.apiVersionVar.outputs.apiVersion }}" \ | |
--values /tmp/values_for_environment.yaml \ | |
--values /tmp/values_for_environment_with_build_info.yaml \ | |
--set image.tag="${GH_SHA}" \ | |
--set replicaCount=2 \ | |
--atomic \ | |
--wait \ | |
--timeout 5m | |