From edb3d85b49d31430f017b548411cb4265eb14511 Mon Sep 17 00:00:00 2001 From: shane knapp Date: Mon, 19 Aug 2024 15:05:16 -0700 Subject: [PATCH] workflows for support and node placeholder --- .../deploy-node-placeholder.yaml.disabled | 89 ++++++++++++++++++ .../workflows/deploy-support.yaml.disabled | 92 +++++++++++++++++++ 2 files changed, 181 insertions(+) create mode 100644 .github/workflows/deploy-node-placeholder.yaml.disabled create mode 100644 .github/workflows/deploy-support.yaml.disabled diff --git a/.github/workflows/deploy-node-placeholder.yaml.disabled b/.github/workflows/deploy-node-placeholder.yaml.disabled new file mode 100644 index 000000000..1099d5ca7 --- /dev/null +++ b/.github/workflows/deploy-node-placeholder.yaml.disabled @@ -0,0 +1,89 @@ +name: Deploy node placeholder helm chart +# use echo ${VAR##*: } to get the value of a variable that is a string with a colon in it +on: + workflow_dispatch: + push: + branches: + - staging + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Get PR labels + id: pr-labels + uses: irby/get-labels-on-push@v1.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check out the image repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. + + - name: Check if the nbde placeholder helm chart needs to be deployed + run: | + echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" + for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do + if [[ "$label" == node-placeholder-* ]]; then + echo "Deploying node placeholder charts!" + echo "DEPLOY=1" >> $GITHUB_ENV + fi + done + + - name: Auth to gcloud + if: ${{ env.DEPLOY }} + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GKE_KEY }} + project_id: ${{ secrets.GCP_PROJECT_ID }} + + - name: Install Google Cloud SDK + if: ${{ env.DEPLOY }} + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: 'gke-gcloud-auth-plugin' + + - name: Install SOPS + if: ${{ env.DEPLOY }} + run: | + mkdir -p ${HOME}/bin + curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops + chmod 755 ${HOME}/bin/sops + echo "${HOME}/bin" >> $GITHUB_PATH + + - name: Store SOPS secret in a file + if: ${{ env.DEPLOY }} + run: | + cat << EOF > ${HOME}/sops.key + ${{ secrets.SOPS_KEY }} + EOF + echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV + + - name: Install Helm + if: ${{ env.DEPLOY }} + run: | + curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - + mv linux-amd64/helm /usr/local/bin + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm repo update + + - name: Activate credentials for cluster + if: ${{ env.DEPLOY }} + run: | + sops -d -i deployments/datahub/secrets/gke-key.json + gcloud auth \ + activate-service-account \ + --key-file deployments/datahub/secrets/gke-key.json \ + gcloud container clusters \ + --region=us-central1 --project=ucb-datahub-2018 \ + get-credentials spring-2024 + + - name: Deploy node placeholder helm chart + if: ${{ env.DEPLOY }} + run: | + sops -d -i node-placeholder/secrets.yaml + helm upgrade \ + --install --wait \ + --namespace=node-placeholder node-placeholder node-placeholder \ + -f node-placeholder/secrets.yaml --debug \ No newline at end of file diff --git a/.github/workflows/deploy-support.yaml.disabled b/.github/workflows/deploy-support.yaml.disabled new file mode 100644 index 000000000..88442fc9d --- /dev/null +++ b/.github/workflows/deploy-support.yaml.disabled @@ -0,0 +1,92 @@ +name: Deploy support helm chart +# use echo ${VAR##*: } to get the value of a variable that is a string with a colon in it +on: + workflow_dispatch: + push: + branches: + - staging + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Get PR labels + id: pr-labels + uses: irby/get-labels-on-push@v1.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check out the image repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. + + - name: Check if the support helm chart needs to be deployed + run: | + echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" + for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do + if [[ "$label" == support-deployment ]]; then + echo "Deploying support charts!" + echo "DEPLOY=1" >> $GITHUB_ENV + fi + done + + - name: Auth to gcloud + if: ${{ env.DEPLOY }} + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GKE_KEY }} + project_id: ${{ secrets.GCP_PROJECT_ID }} + + - name: Install Google Cloud SDK + if: ${{ env.DEPLOY }} + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: 'gke-gcloud-auth-plugin' + + - name: Install SOPS + if: ${{ env.DEPLOY }} + run: | + mkdir -p ${HOME}/bin + curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops + chmod 755 ${HOME}/bin/sops + echo "${HOME}/bin" >> $GITHUB_PATH + + - name: Store SOPS secret in a file + if: ${{ env.DEPLOY }} + run: | + cat << EOF > ${HOME}/sops.key + ${{ secrets.SOPS_KEY }} + EOF + echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV + + - name: Install Helm + if: ${{ env.DEPLOY }} + run: | + curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - + mv linux-amd64/helm /usr/local/bin + helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + helm repo update + + - name: Activate credentials for cluster + if: ${{ env.DEPLOY }} + run: | + sops -d -i deployments/datahub/secrets/gke-key.json + gcloud auth \ + activate-service-account \ + --key-file deployments/datahub/secrets/gke-key.json + gcloud container clusters \ + --region=us-central1 --project=ucb-datahub-2018 \ + get-credentials spring-2024 + + - name: Deploy support helm chart + if: ${{ env.DEPLOY }} + run: | + sops -d -i support/secrets.yaml + helm dep up support + helm upgrade \ + --install --wait \ + --namespace=support \ + support support/ \ + -f support/secrets.yaml \ + --set installCRDs=true --debug