Skip to content

Merge pull request #6489 from berkeley-dsep-infra/update-nature-image… #329

Merge pull request #6489 from berkeley-dsep-infra/update-nature-image…

Merge pull request #6489 from berkeley-dsep-infra/update-nature-image… #329

Workflow file for this run

# This workflow will determine if the base hub image and/or single-user server
# image for any or all hubs has has changed, and if so, deploy accordingly.
#
name: Deploy staging and prod hubs
on:
workflow_dispatch:
push:
branches:
- staging
- prod
jobs:
deploy-hubs-to-staging:
if: github.event_name == 'push' && github.ref == 'refs/heads/staging'
runs-on: ubuntu-latest
steps:
- name: Get PR labels
id: pr-labels
uses: irby/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Check for hubs that need deploying from the labels on the merge commit to staging
run: |
echo "PR labels: ${{ steps.pr-labels.outputs.labels }}"
# If the PR labels "hub-images" or "jupyterhub-deployment" are
# present, this means the base hub image has changed, and all hubs
# (staging or prod) need to be redeployed.
#
if [[ -n ${GITHUB_PR_LABEL_HUB_IMAGES} || -n ${GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT} ]]; then
echo "DEPLOY=1" >> $GITHUB_ENV
# Otherwise, check to see if the PR labels contain any hubs, and
# deploy just those hubs to staging.
#
else
for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do
if [[ "$label" == hub-* ]]; then
echo "DEPLOY=1" >> $GITHUB_ENV
fi
done
fi
- name: Check out the image repo
if: ${{ env.DEPLOY }}
uses: actions/checkout@v4
with:
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit.
- name: Setup python
if: ${{ env.DEPLOY }}
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
if: ${{ env.DEPLOY }}
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Install Google Cloud SDK
if: ${{ env.DEPLOY }}
uses: google-github-actions/setup-gcloud@v2
with:
install_components: 'gke-gcloud-auth-plugin'
- name: Install SOPS
if: ${{ env.DEPLOY }}
run: |
mkdir -p ${HOME}/bin
curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops
chmod 755 ${HOME}/bin/sops
echo "${HOME}/bin" >> $GITHUB_PATH
- name: Store SOPS secret in a file
if: ${{ env.DEPLOY }}
run: |
cat << EOF > ${HOME}/sops.key
${{ secrets.SOPS_KEY }}
EOF
echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV
- name: Install Helm
if: ${{ env.DEPLOY }}
run: |
curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf -
mv linux-amd64/helm /usr/local/bin
helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
helm repo update
- name: Deploy hubs to staging
if: ${{ env.DEPLOY }}
run: |
while read deployment; do
echo "Deploying single-user image and hub config to ${deployment}"
hubploy --verbose deploy --timeout 30m ${deployment} hub staging
echo
done < <(python .github/scripts/determine-hub-deployments.py)
deploy-hubs-to-prod:
if: github.event_name == 'push' && github.ref == 'refs/heads/prod'
runs-on: ubuntu-latest
steps:
- name: Get PR labels
id: pr-labels
uses: irby/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Check for hubs that need deploying from the labels on the merge commit to prod
run: |
echo "PR labels: ${{ steps.pr-labels.outputs.labels }}"
# If the PR labels "hub-images" or "jupyterhub-deployment" are
# present, this means the base hub image has changed, and all hubs
# (staging or prod) need to be redeployed.
#
if [[ -n ${GITHUB_PR_LABEL_HUB_IMAGES} || -n ${GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT} ]]; then
echo "DEPLOY=1" >> $GITHUB_ENV
# Otherwise, check to see if the PR labels contain any hubs, and
# deploy just those hubs to prod.
#
else
for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do
if [[ "$label" == hub-* ]]; then
echo "DEPLOY=1" >> $GITHUB_ENV
fi
done
fi
- name: Check out the image repo
if: ${{ env.DEPLOY }}
uses: actions/checkout@v4
with:
fetch-depth: 0 # OR "2" -> To retrieve the preceding commit.
- name: Setup python
if: ${{ env.DEPLOY }}
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
if: ${{ env.DEPLOY }}
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Install Google Cloud SDK
if: ${{ env.DEPLOY }}
uses: google-github-actions/setup-gcloud@v2
with:
install_components: 'gke-gcloud-auth-plugin'
- name: Install SOPS
if: ${{ env.DEPLOY }}
run: |
mkdir -p ${HOME}/bin
curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops
chmod 755 ${HOME}/bin/sops
echo "${HOME}/bin" >> $GITHUB_PATH
- name: Store SOPS secret in a file
if: ${{ env.DEPLOY }}
run: |
cat << EOF > ${HOME}/sops.key
${{ secrets.SOPS_KEY }}
EOF
echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV
- name: Install Helm
if: ${{ env.DEPLOY }}
run: |
curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf -
mv linux-amd64/helm /usr/local/bin
helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
helm repo update
- name: Deploy hubs to prod
if: ${{ env.DEPLOY }}
run: |
while read deployment; do
echo "Deploying single-user image and hub config to ${deployment}"
hubploy --verbose deploy --timeout 30m ${deployment} hub prod
echo
done < <(python .github/scripts/determine-hub-deployments.py)