Merge pull request #6489 from berkeley-dsep-infra/update-nature-image… #329
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will determine if the base hub image and/or single-user server | |
# image for any or all hubs has has changed, and if so, deploy accordingly. | |
# | |
name: Deploy staging and prod hubs | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- staging | |
- prod | |
jobs: | |
deploy-hubs-to-staging: | |
if: github.event_name == 'push' && github.ref == 'refs/heads/staging' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get PR labels | |
id: pr-labels | |
uses: irby/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check for hubs that need deploying from the labels on the merge commit to staging | |
run: | | |
echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" | |
# If the PR labels "hub-images" or "jupyterhub-deployment" are | |
# present, this means the base hub image has changed, and all hubs | |
# (staging or prod) need to be redeployed. | |
# | |
if [[ -n ${GITHUB_PR_LABEL_HUB_IMAGES} || -n ${GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT} ]]; then | |
echo "DEPLOY=1" >> $GITHUB_ENV | |
# Otherwise, check to see if the PR labels contain any hubs, and | |
# deploy just those hubs to staging. | |
# | |
else | |
for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do | |
if [[ "$label" == hub-* ]]; then | |
echo "DEPLOY=1" >> $GITHUB_ENV | |
fi | |
done | |
fi | |
- name: Check out the image repo | |
if: ${{ env.DEPLOY }} | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. | |
- name: Setup python | |
if: ${{ env.DEPLOY }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install dependencies | |
if: ${{ env.DEPLOY }} | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
- name: Install Google Cloud SDK | |
if: ${{ env.DEPLOY }} | |
uses: google-github-actions/setup-gcloud@v2 | |
with: | |
install_components: 'gke-gcloud-auth-plugin' | |
- name: Install SOPS | |
if: ${{ env.DEPLOY }} | |
run: | | |
mkdir -p ${HOME}/bin | |
curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops | |
chmod 755 ${HOME}/bin/sops | |
echo "${HOME}/bin" >> $GITHUB_PATH | |
- name: Store SOPS secret in a file | |
if: ${{ env.DEPLOY }} | |
run: | | |
cat << EOF > ${HOME}/sops.key | |
${{ secrets.SOPS_KEY }} | |
EOF | |
echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV | |
- name: Install Helm | |
if: ${{ env.DEPLOY }} | |
run: | | |
curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - | |
mv linux-amd64/helm /usr/local/bin | |
helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ | |
helm repo update | |
- name: Deploy hubs to staging | |
if: ${{ env.DEPLOY }} | |
run: | | |
while read deployment; do | |
echo "Deploying single-user image and hub config to ${deployment}" | |
hubploy --verbose deploy --timeout 30m ${deployment} hub staging | |
echo | |
done < <(python .github/scripts/determine-hub-deployments.py) | |
deploy-hubs-to-prod: | |
if: github.event_name == 'push' && github.ref == 'refs/heads/prod' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get PR labels | |
id: pr-labels | |
uses: irby/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check for hubs that need deploying from the labels on the merge commit to prod | |
run: | | |
echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" | |
# If the PR labels "hub-images" or "jupyterhub-deployment" are | |
# present, this means the base hub image has changed, and all hubs | |
# (staging or prod) need to be redeployed. | |
# | |
if [[ -n ${GITHUB_PR_LABEL_HUB_IMAGES} || -n ${GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT} ]]; then | |
echo "DEPLOY=1" >> $GITHUB_ENV | |
# Otherwise, check to see if the PR labels contain any hubs, and | |
# deploy just those hubs to prod. | |
# | |
else | |
for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do | |
if [[ "$label" == hub-* ]]; then | |
echo "DEPLOY=1" >> $GITHUB_ENV | |
fi | |
done | |
fi | |
- name: Check out the image repo | |
if: ${{ env.DEPLOY }} | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. | |
- name: Setup python | |
if: ${{ env.DEPLOY }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install dependencies | |
if: ${{ env.DEPLOY }} | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
- name: Install Google Cloud SDK | |
if: ${{ env.DEPLOY }} | |
uses: google-github-actions/setup-gcloud@v2 | |
with: | |
install_components: 'gke-gcloud-auth-plugin' | |
- name: Install SOPS | |
if: ${{ env.DEPLOY }} | |
run: | | |
mkdir -p ${HOME}/bin | |
curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops | |
chmod 755 ${HOME}/bin/sops | |
echo "${HOME}/bin" >> $GITHUB_PATH | |
- name: Store SOPS secret in a file | |
if: ${{ env.DEPLOY }} | |
run: | | |
cat << EOF > ${HOME}/sops.key | |
${{ secrets.SOPS_KEY }} | |
EOF | |
echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV | |
- name: Install Helm | |
if: ${{ env.DEPLOY }} | |
run: | | |
curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - | |
mv linux-amd64/helm /usr/local/bin | |
helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ | |
helm repo update | |
- name: Deploy hubs to prod | |
if: ${{ env.DEPLOY }} | |
run: | | |
while read deployment; do | |
echo "Deploying single-user image and hub config to ${deployment}" | |
hubploy --verbose deploy --timeout 30m ${deployment} hub prod | |
echo | |
done < <(python .github/scripts/determine-hub-deployments.py) |