diff --git a/.github/workflows/deploy-jupyterhub-base-images.yaml b/.github/workflows/deploy-all-hubs.yaml similarity index 93% rename from .github/workflows/deploy-jupyterhub-base-images.yaml rename to .github/workflows/deploy-all-hubs.yaml index ff84d0845..fbc149187 100644 --- a/.github/workflows/deploy-jupyterhub-base-images.yaml +++ b/.github/workflows/deploy-all-hubs.yaml @@ -1,4 +1,8 @@ -name: Deploy base hub images to staging +# if the PR labels "hub-images" or "jupyterhub-deployment" are present, this +# means the base hub image has changed, and all hubs (staging or prod) need to +# be redeployed. +# +name: Deploy base hub images to all hubs in staging and prod on: workflow_dispatch: push: @@ -17,11 +21,6 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Check out the image repo - uses: actions/checkout@v4 - with: - fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. - - name: Pull out any hubs that need deploying from the labels on the merge commit to staging run: | echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" @@ -30,11 +29,12 @@ jobs: echo "DEPLOY=1" >> $GITHUB_ENV fi done - if [[ -n "${DEPLOY}" ]]; then - echo "Deploying base hub images to all deployments" - else - echo "No hub images to deploy" - fi + + - name: Check out the image repo + if: ${{ env.DEPLOY }} + uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. - name: Setup python if: ${{ env.DEPLOY }} @@ -89,7 +89,7 @@ jobs: - name: Deploy base hub images to staging if: ${{ env.DEPLOY }} run: | - ignored_directories=("template") # these are directories that we never want to deploy to + ignored_directories=("template") # these are directories that we never want to deploy while read deployment; do for ignored in "${ignored_directories[@]}"; do if [[ "${deployment}" == "${ignored}" ]]; then @@ -110,11 +110,6 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Check out the image repo - uses: actions/checkout@v4 - with: - fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. - - name: Pull out any hubs that need deploying from the labels on the merge commit to prod run: | echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" @@ -123,11 +118,11 @@ jobs: echo "DEPLOY=1" >> $GITHUB_ENV fi done - if [[ -n "${DEPLOY}" ]]; then - echo "Deploying base hub images to all deployments" - else - echo "No hub images to deploy" - fi + + - name: Check out the image repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. - name: Setup python if: ${{ env.DEPLOY }} @@ -182,7 +177,7 @@ jobs: - name: Deploy base hub images to prod if: ${{ env.DEPLOY }} run: | - ignored_directories=("template") # these are directories that we never want to deploy to + ignored_directories=("template") # these are directories that we never want to deploy while read deployment; do for ignored in "${ignored_directories[@]}"; do if [[ "${deployment}" == "${ignored}" ]]; then diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml new file mode 100644 index 000000000..bea73df68 --- /dev/null +++ b/.github/workflows/deploy-hubs.yaml @@ -0,0 +1,204 @@ +# this workflow re-deploys SPECIFIC hubs to staging or prod if the single-user +# server image or config has changed based on the PR labels "hub: ". +# +# however, this workflow will be not run if the PR labels of "hub-images" or +# "jupyterhub-deployment" are present, as these labels will trigger the +# "deploy-jupyterhub-base-images.yaml" workflow which re-deploys every hub. +# +name: Deploy staging and prod hubs +on: + workflow_dispatch: + push: + branches: + - staging + - prod + +jobs: + deploy-hubs-to-staging: + if: github.event_name == 'push' && github.ref == 'refs/heads/staging' + runs-on: ubuntu-latest + steps: + - name: Get PR labels + id: pr-labels + uses: irby/get-labels-on-push@v1.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Pull out any hubs that need deploying from the labels on the merge commit to staging + run: | + echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" + HUBS=() + # If the PR labels "hub-images" or "jupyterhub-deployment" are present, this + # means the base hub image has changed, and all hubs (staging or prod) need to + # be redeployed. The rest of this job will not run in that case. + if [ -n $GITHUB_PR_LABEL_HUB_IMAGES ] || [ -n $GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT ]; then + echo "Base hub image has changed, not deploying individual hubs to staging" + else + # deploy any hubs that have been labeled for deployment + for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do + if [[ "$label" == hub-* ]]; then + label=$(echo $label | awk -F'-' '{print $2}') + HUBS+="$label" + echo "DEPLOY=1" >> $GITHUB_ENV + fi + done + echo "DEPLOY_HUBS=${HUBS[@]}" >> $GITHUB_ENV + fi + + - name: Check out the image repo + if: ${{ env.DEPLOY }} + uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. + + - name: Setup python + if: ${{ env.DEPLOY }} + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install dependencies + if: ${{ env.DEPLOY }} + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + pip install --force-reinstall git+https://github.com/shaneknapp/hubploy.git@major-refactor + + - name: Auth to gcloud + if: ${{ env.DEPLOY }} + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GKE_KEY }} + project_id: ${{ secrets.GCP_PROJECT_ID }} + + - name: Install Google Cloud SDK + if: ${{ env.DEPLOY }} + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: 'gke-gcloud-auth-plugin' + + - name: Install SOPS + if: ${{ env.DEPLOY }} + run: | + mkdir -p ${HOME}/bin + curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops + chmod 755 ${HOME}/bin/sops + echo "${HOME}/bin" >> $GITHUB_PATH + + - name: Store SOPS secret in a file + if: ${{ env.DEPLOY }} + run: | + cat << EOF > ${HOME}/sops.key + ${{ secrets.SOPS_KEY }} + EOF + echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV + + - name: Install Helm + if: ${{ env.DEPLOY }} + run: | + curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - + mv linux-amd64/helm /usr/local/bin + helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ + helm repo update + + - name: Deploy hubs to staging + if: ${{ env.DEPLOY }} + run: | + for hub in $(echo -e "${{ env.DEPLOY_HUBS }}"); do + echo "Deploying $hub to staging" + echo "hubploy --debug deploy $hub hub staging" + done + + deploy-hubs-to-prod: + if: github.event_name == 'push' && github.ref == 'refs/heads/prod' + runs-on: ubuntu-latest + steps: + - name: Get PR labels + id: pr-labels + uses: irby/get-labels-on-push@v1.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check out the image repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. + + - name: Pull out any hubs that need deploying from the labels on the merge commit to prod + run: | + echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" + HUBS=() + # If the PR labels "hub-images" or "jupyterhub-deployment" are present, this + # means the base hub image has changed, and all hubs (staging or prod) need to + # be redeployed. The rest of this job will not run in that case. + if [ -n $GITHUB_PR_LABEL_HUB_IMAGES ] || [ -n $GITHUB_PR_LABEL_JUPYTERHUB_DEPLOYMENT ]; then + echo "Base hub image has changed, not deploying individual hubs to prod" + else + # deploy any hubs that have been labeled for deployment + for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do + if [[ "$label" == hub-* ]]; then + label=$(echo $label | awk -F'-' '{print $2}') + HUBS+="$label" + echo "DEPLOY=1" >> $GITHUB_ENV + fi + done + echo "DEPLOY_HUBS=${HUBS[@]}" >> $GITHUB_ENV + fi + + - name: Setup python + if: ${{ env.DEPLOY }} + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install dependencies + if: ${{ env.DEPLOY }} + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + pip install --force-reinstall git+https://github.com/shaneknapp/hubploy.git@major-refactor + + - name: Auth to gcloud + if: ${{ env.DEPLOY }} + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GKE_KEY }} + project_id: ${{ secrets.GCP_PROJECT_ID }} + + - name: Install Google Cloud SDK + if: ${{ env.DEPLOY }} + uses: google-github-actions/setup-gcloud@v2 + with: + install_components: 'gke-gcloud-auth-plugin' + + - name: Install SOPS + if: ${{ env.DEPLOY }} + run: | + mkdir -p ${HOME}/bin + curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops + chmod 755 ${HOME}/bin/sops + echo "${HOME}/bin" >> $GITHUB_PATH + + - name: Store SOPS secret in a file + if: ${{ env.DEPLOY }} + run: | + cat << EOF > ${HOME}/sops.key + ${{ secrets.SOPS_KEY }} + EOF + echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV + + - name: Install Helm + if: ${{ env.DEPLOY }} + run: | + curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - + mv linux-amd64/helm /usr/local/bin + helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ + helm repo update + + - name: Deploy hubs to prod + if: ${{ env.DEPLOY }} + run: | + for hub in $(echo -e "${{ env.DEPLOY_HUBS }}"); do + echo "Deploying $hub to prod" + echo "hubploy --debug deploy $hub hub prod" + done diff --git a/.github/workflows/deploy-to-staging.yaml.disabled b/.github/workflows/deploy-to-staging.yaml.disabled deleted file mode 100644 index c72f4db5b..000000000 --- a/.github/workflows/deploy-to-staging.yaml.disabled +++ /dev/null @@ -1,94 +0,0 @@ -name: Deploy images to staging hubs -# use echo ${VAR##*: } to get the value of a variable that is a string with a colon in it -on: - workflow_dispatch: - push: - branches: - - staging - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - name: Get PR labels - id: pr-labels - uses: irby/get-labels-on-push@v1.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Check out the image repo - uses: actions/checkout@v4 - with: - fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. - - - name: Pull out any hubs that need deploying from the labels on the merge commit to staging - run: | - echo "PR labels: ${{ steps.pr-labels.outputs.labels }}" - HUBS=() - for label in $(echo -e "${{ steps.pr-labels.outputs.labels }}"); do - if [[ "$label" == hub-* ]]; then - label=$(echo $label | awk -F'-' '{print $2}') - HUBS+="$label" - echo "DEPLOY=1" >> $GITHUB_ENV - fi - done - echo "Hubs to deploy: $HUBS" - echo "DEPLOY_HUBS=${HUBS[@]}" >> $GITHUB_ENV - - - name: Setup python - if: ${{ env.DEPLOY }} - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - - name: Install dependencies - if: ${{ env.DEPLOY }} - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - pip install --force-reinstall git+https://github.com/shaneknapp/hubploy.git@major-refactor - - - name: Auth to gcloud - if: ${{ env.DEPLOY }} - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GKE_KEY }} - project_id: ${{ secrets.GCP_PROJECT_ID }} - - - name: Install Google Cloud SDK - if: ${{ env.DEPLOY }} - uses: google-github-actions/setup-gcloud@v2 - with: - install_components: 'gke-gcloud-auth-plugin' - - - name: Install SOPS - if: ${{ env.DEPLOY }} - run: | - mkdir -p ${HOME}/bin - curl -sSL https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 -o ${HOME}/bin/sops - chmod 755 ${HOME}/bin/sops - echo "${HOME}/bin" >> $GITHUB_PATH - - - name: Store SOPS secret in a file - if: ${{ env.DEPLOY }} - run: | - cat << EOF > ${HOME}/sops.key - ${{ secrets.SOPS_KEY }} - EOF - echo "GOOGLE_APPLICATION_CREDENTIALS=${HOME}/sops.key" >> $GITHUB_ENV - - - name: Install Helm - if: ${{ env.DEPLOY }} - run: | - curl -L https://get.helm.sh/helm-v3.13.3-linux-amd64.tar.gz | tar -xzf - - mv linux-amd64/helm /usr/local/bin - helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/ - helm repo update - - - name: Deploy hubs to staging - if: ${{ env.DEPLOY }} - run: | - for hub in $(echo -e "${{ env.DEPLOY_HUBS }}"); do - echo "Deploying $hub to staging" - hubploy --verbose deploy $hub hub staging - done diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 07b21837d..d886cd0dd 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -3,7 +3,7 @@ on: - pull_request_target jobs: - triage: + apply-labels: permissions: contents: read pull-requests: write