Skip to content
Deploy

git actions workflow #92

Sign in to view logs

git actions workflow

git actions workflow #92

Workflow file for this run

.github/workflows/deploy.yml at 6d843c1
name: Deploy
on:
push:
# branches:
# - master
# - release/*
# pull_request:
# branches:
# - master
# - release/*
branches:
- azdevops-cicd-migration
workflow_dispatch:
inputs:
branch:
description: "branch to deploy"
required: true
env:
GO_VERSION: 1.21.6
TERRAFORM_VERSION: 1.7.4
jobs:
TestAndBuild:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Install Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Set up Golang CI Tools
run: ./scripts/install_ci.sh
# - name: Run Unit Tests
# run: |
# set -euxo pipefail
# make test
# - name: Publish code coverage results
# uses: actions/upload-artifact@v4
# with:
# name: coverage-report
# path: coverage.xml
# - name: Publish JUnit test results
# uses: actions/upload-artifact@v4
# with:
# name: junit-report
# path: junit-report/*.xml
# Build:
# needs: TestAndBuild
# runs-on: ubuntu-latest
# steps:
# - name: Checkout repository
# uses: actions/checkout@v2
# - name: Build Go executables
# run: make build
# - name: Publish build artifacts (bin)
# uses: actions/upload-artifact@v4
# with:
# name: bin
# path: bin
# - name: Publish build artifacts (deploy_scripts)
# uses: actions/upload-artifact@v4
# with:
# name: deploy_scripts
# path: scripts
Deploy:
# needs: Build
runs-on: ubuntu-latest
environment: "nonprod"
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Configure namespace
run: |
if [[ "${{ github.event.pull_request.number }}" != "" ]]; then
NS="github-pr-${{ github.event.pull_request.number }}"
else
NS="cd"
fi
echo "Namespace is ${NS}"
echo "namespace=${NS}" >> $GITHUB_ENV
echo "${NS}" > ./namespace.txt
- name: Upload namespace file
uses: actions/upload-artifact@v4
with:
name: namespace
path: namespace.txt
- name: Configure AWS Namespace
env:
PR_NUMBER: ${{ github.event.number }}
# This is the branch name, or the git tag name
NS_BRANCH_OR_TAG: ${{ github.ref_name }}
run: |
echo "PR_NUMBER=${{ env.PR_NUMBER }}"
echo "NS_BRANCH_OR_TAG=${{ env.NS_BRANCH_OR_TAG }}"
- name: Set up the Go workspace
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
go-path: ${{ github.workspace }}/gopath
go-bin: ${{ github.workspace }}/gopath/bin
- name: Download pipeline dependencies
run: |
set -ex
echo "${{ github.workspace }}/gopath/bin" >> $GITHUB_PATH
echo "${{ runner.tool_cache }}/go/bin" >> $GITHUB_PATH
go install github.com/jstemmer/go-junit-report@latest
# Download dce-cli
wget -q https://github.com/Optum/dce-cli/releases/download/v0.5.0/dce_linux_amd64.zip
# Validate checksum
expected_sha="cb140c743373e28a6c1bd4ba3fe1b81a7431dd538e1ad430fede3c1aff4508db"
test $(shasum -a 256 ./dce_linux_amd64.zip | awk '{print $1}') == "${expected_sha}"
unzip ./dce_linux_amd64.zip -d ./
# Lease a DCE account, to use for deploying our PR environment
# (deploy DCE in DCE)
- name: Lease DCE Account
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-1
NAMESPACE: ${{ env.namespace }}
run: |
set -ex
echo "Principal ID is ${NAMESPACE}"
echo "Configuring the dce-cli"
echo "
api:
host: ${{ secrets.DCE_NONPROD_HOSTNAME }}
basepath: /api
region: us-east-1
" > ./dce.yml
# Check to see if there's an active lease for this PR
lease_id=$(
./dce --config=dce.yml leases list \
-p ${NAMESPACE} -s Active | \
jq -r '.[].id'
)
if [ ! "${lease_id}" ]; then
echo "No lease exists for ${NAMESPACE}. Creating one..."
created_lease=$(
./dce --config=dce.yml leases create \
--principal-id ${NAMESPACE} \
--expires-on 2d \
--budget-amount 100 --budget-currency USD \
--email noreply@example.com
)
echo "Created lease: ${created_lease}"
lease_id=$(echo "${created_lease}" | jq -r .id)
fi
echo "Using lease for PrincipalId=${NAMESPACE}, Id=${lease_id}"
echo "Logging into the DCE account"
./dce --config=dce.yml leases login ${lease_id}
# # Save the lease ID to a file, so we can reference it later
# # (note that we can't assign variables across jobs in different stages)
echo "${lease_id}" > ./lease_id.txt
# Install Terraform
- name: Install Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
# Configure the Terraform backend
- name: Configure Terraform Backend
run: |
lease_id=$(cat lease_id.txt)
./scripts/create-tf-backend.sh ${lease_id}
# terraform init
- name: Terraform Init/Apply
env:
NAMESPACE: ${{ env.namespace }}
NOTIFY_EMAIL: ${{secrets.NOTIFY_EMAIL }}
run: |
set -ex
cd modules
cat ./backend.tf
terraform init -input=false
terraform plan \
-var="namespace=${NAMESPACE}" \
-var="budget_notification_from_email=${NOTIFY_EMAIL}" \
-var="reset_nuke_toggle=false"
terraform apply \
-auto-approve \
-input=false \
-var="namespace=${NAMESPACE}" \
-var="budget_notification_from_email=${NOTIFY_EMAIL}" \
-var="reset_nuke_toggle=false"
# - name: Verify AWS Credentials
# env:
# AWS_DEFAULT_REGION: us-east-1
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
# run: |
# aws sts get-caller-identity
# Deploy Application Code to AWS
- name: Deploy Application Code
run: |
# Temporary workaround using jq to get formatted output from terraform output until we upgrade to >=0.14.3 and can use -raw flag
# https://github.com/hashicorp/terraform/releases/tag/v0.14.3
# ARTIFACTS_BUCKET_NAME=$(cd modules && terraform output --raw artifacts_bucket_name)
# NAMESPACE=$(cd modules && terraform output --raw namespace)
echo "Running terraform output for artifacts_bucket_name"
ARTIFACTS_BUCKET_NAME=$(terraform output artifacts_bucket_name)
echo "output bucket: ${ARTIFACTS_BUCKET_NAME}"
echo "Running terraform output for namespace"
NAMESPACE=$(terraform output namespace)
echo "output namespace: ${NAMESPACE}"
./scripts/deploy.sh \
${{ github.workspace }}/bin/build_artifacts.zip \
${NAMESPACE} \
${ARTIFACTS_BUCKET_NAME}
# Functional Tests
- name: Functional Tests
run: |
set -euxo pipefail
mkdir -p junit-report
# Run functional tests
go get github.com/jstemmer/go-junit-report
go test -v ./tests/... -test.timeout 50m 2>&1 | tee >(go-junit-report > junit-report/functional.xml)
# Publish junit test results (for unit and functional tests)
- name: Publish Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Functional Tests
path: ${{ github.workspace }}/junit-report/*.xml
# Publish the dce-cli executable, so we can use
# it in our Cleanup stage
- name: Upload dce-cli Artifact
uses: actions/upload-artifact@v4
with:
name: dce-cli
path: ${{ github.workspace }}/dce
- name: Upload dce-yml Artifact
uses: actions/upload-artifact@v4
with:
name: dce-yml
path: ${{ github.workspace }}/dce.yml
- name: Upload lease_id Artifact
uses: actions/upload-artifact@v4
with:
name: lease_id
path: ${{ github.workspace }}/lease_id.txt
- name: Upload namespace Artifact
uses: actions/upload-artifact@v4
with:
name: namespace
path: ${{ github.workspace }}/namespace.txt
- name: Upload backend-tf Artifact
uses: actions/upload-artifact@v4
with:
name: backend-tf
path: ${{ github.workspace }}/modules/backend.tf
- name: Checkout the git repo code
uses: actions/checkout@v2
- name: Download dce-cli artifact
uses: actions/download-artifact@v4
with:
name: dce-cli
path: ${{ github.workspace }}/dce-cli
- name: Download dce-yml artifact
uses: actions/download-artifact@v4
with:
name: dce-yml
path: ${{ github.workspace }}/dce-yml
- name: Download lease_id artifact
uses: actions/download-artifact@v4
with:
name: lease_id
path: ${{ github.workspace }}/lease_id
- name: Download namespace artifact
uses: actions/download-artifact@v4
with:
name: namespace
path: ${{ github.workspace }}/namespace
- name: Download backend-tf artifact
uses: actions/download-artifact@v4
with:
name: backend-tf
path: ${{ github.workspace }}/backend-tf
- name: Copy Artifacts to Working Dir
run: |
set -ex
# GitHub Actions wraps artifact files inside a directory
# in the github.workspace dir (which is different than our working dir...)
# Extract these out into our working dir, for easier access
cp ${{ github.workspace }}/dce-cli/dce ./
cp ${{ github.workspace }}/dce-yml/dce.yml ./
cp ${{ github.workspace }}/lease_id/lease_id.txt ./
cp ${{ github.workspace }}/namespace/namespace.txt ./
cp ${{ github.workspace }}/backend-tf/backend.tf ./modules/
chmod +x ./dce
# Login to our DCE lease
- name: DCE Lease Login
# env:
# AWS_DEFAULT_REGION: us-east-1
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
run: |
set -ex
lease_id=$(cat ./lease_id.txt)
echo "Logging into lease ${lease_id}"
cat ./dce.yml
./dce --config=./dce.yml leases login ${lease_id}
# Install Terraform
- name: Install Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Terraform destroy
run: |
set -ex
export TF_VAR_namespace=$(cat ./namespace.txt)
export TF_VAR_budget_notification_from_email=${{ env.NOTIFY_EMAIL }}
cd modules
terraform init -input=false
terraform destroy -auto-approve
# End the DCE lease
- name: End DCE Lease
# env:
# AWS_DEFAULT_REGION: us-east-1
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }}
run: |
set -ex
lease_id=$(cat ./lease_id.txt)
echo "Ending lease ${lease_id}"
./dce --config=./dce.yml leases end ${lease_id}
- name: Download bin artifact
uses: actions/download-artifact@v4
with:
name: bin
path: ${{ github.workspace }}/bin
- name: Download deploy_scripts artifact
uses: actions/download-artifact@v4
with:
name: deploy_scripts
path: ${{ github.workspace }}/deploy_scripts
- name: Create GitHub Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
files: |
${{ github.workspace }}/bin/build_artifacts.zip
${{ github.workspace }}/bin/terraform_artifacts.zip
${{ github.workspace }}/deploy_scripts/deploy.sh
${{ github.workspace }}/deploy_scripts/restore_db.sh