diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml new file mode 100644 index 00000000..1bd91ea3 --- /dev/null +++ b/.github/workflows/deploy-production.yml @@ -0,0 +1,23 @@ +name: Deploy to Pyris Production + +on: + workflow_dispatch: + inputs: + docker-tag: + description: 'Docker tag to deploy (e.g. 1.0.0 or latest, default: latest)' + required: true + default: 'latest' + branch-name: + description: 'Branch name to deploy (default: main)' + required: true + default: 'main' + +jobs: + deploy: + uses: ./.github/workflows/deploy.yml + with: + docker-tag: latest + branch-name: main + environment-name: Pyris Production + environment-url: https://pyris.artemis.cit.tum.de + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml new file mode 100644 index 00000000..e92162ed --- /dev/null +++ b/.github/workflows/deploy-test.yml @@ -0,0 +1,172 @@ +name: Deploy to Pyris Test + +on: + pull_request: + types: [labeled] + +jobs: + # Get an up to date version of the label list. github.event.pull_request.labels seems to sometimes be outdated + # if the run was waiting for a while, which can cause duplicate deployments + get-labels: + runs-on: ubuntu-latest + outputs: + labels: ${{ steps.get-labels.outputs.result }} + steps: + - name: Get PR labels + id: get-labels + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const response = await github.rest.issues.listLabelsOnIssue({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number + }) + const labels = response.data + return labels.map(label => label.name) + + + # Check that the build job has run successfully before deploying + check-build-status: + needs: [ get-labels ] + runs-on: ubuntu-latest + # Only run workflow if the added label is a deploy label + if: contains(needs.get-labels.outputs.labels, 'deploy:pyris-test') + steps: + - name: Get latest successful build for branch + id: check_build + uses: octokit/request-action@v2.x + with: + route: GET /repos/${{ github.repository }}/actions/workflows/build.yml/runs?event=pull_request&status=success&head_sha=${{ github.event.pull_request.head.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Remove deployment-error label if new run is started + - uses: actions-ecosystem/action-remove-labels@v1 + if: fromJSON(steps.check_build.outputs.data).total_count > 0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: | + deployment-error + + # In case of invalid build status, remove deploy labels + - uses: actions-ecosystem/action-remove-labels@v1 + if: fromJSON(steps.check_build.outputs.data).total_count == 0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: | + deploy:pyris-test + + - name: Check if latest push had successful build + if: fromJSON(steps.check_build.outputs.data).total_count == 0 + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '### ❌ Unable to deploy to test server ❌\nThe docker build needs to run through before deploying.' + }) + core.setFailed('The build needs to run through first. Please wait for the build to finish and then try again.') + + # Compute the tag to use for the docker image + compute-tag: + needs: [ check-build-status ] + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.compute-tag.outputs.result }} + steps: + - name: Compute Tag + uses: actions/github-script@v6 + id: compute-tag + with: + result-encoding: string + script: | + if (context.eventName === "pull_request") { + return "pr-" + context.issue.number; + } + if (context.eventName === "release") { + return "latest"; + } + if (context.eventName === "push") { + if (context.ref.startsWith("refs/tags/")) { + return context.ref.slice(10); + } + if (context.ref === "refs/heads/develop") { + return "develop"; + } + } + return "FALSE"; + + # Run pre-deployment steps + pre-deployment: + needs: [ compute-tag ] + runs-on: ubuntu-latest + steps: + - uses: actions-ecosystem/action-remove-labels@v1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: | + deploy:pyris-test + + - name: Check "lock:pyris-test" label + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const opts = github.rest.issues.listForRepo.endpoint.merge({ + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['lock:pyris-test'] + }) + const issues = await github.paginate(opts) + if (issues.length == 1 && (!context.issue || issues[0].number != context.issue.number)) { + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `### ❌ Unable to deploy to test server ❌\nPyris Testserver is already in use by PR #${issues[0].number}.` + }) + core.setFailed(`Pyris Testserver is already in use by PR #${issues[0].number}.`); + } else if (issues.length > 1) { + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '### ❌ Unable to deploy to test server ❌\nPyris Testserver is already in use by multiple PRs. Check PRs with label "lock:pyris-test"!' + }) + core.setFailed('Pyris Testserver is already in use by multiple PRs. Check PRs with label "lock:pyris-test"!'); + } else if (context.issue && context.issue.number) { + await github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['lock:pyris-test'] + }) + } + + # Deploy to the test servers + deploy: + needs: [ pre-deployment ] + uses: ./.github/workflows/deploy.yml + with: + docker-tag: ${{ needs.compute-tag.outputs.tag }} + branch-name: ${{ github.event.pull_request.head.ref }} + environment-name: Pyris Test + environment-url: https://pyris-test.artemis.cit.tum.de + secrets: inherit + + + # Check that the build job has run successfully otherwise add an error label + add-error-label: + needs: [ check-build-status, compute-tag, pre-deployment, deploy ] + runs-on: ubuntu-latest + if: ${{ failure() }} + steps: + - name: Add error label + uses: actions-ecosystem/action-add-labels@v1 + with: + labels: deployment-error diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..62d25a14 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,72 @@ +name: Deploy + +on: + workflow_call: + inputs: + docker-tag: + required: true + type: string + branch-name: + required: true + type: string + environment-name: + required: true + type: string + environment-url: + required: true + type: string + secrets: + DEPLOYMENT_GATEWAY_SSH_KEY: + required: true + +concurrency: deploy + +env: + RAW_URL: https://raw.githubusercontent.com/${{ github.repository }}/${{ github.sha }} + + +jobs: + deploy: + runs-on: ubuntu-latest + + environment: + name: ${{ inputs.environment-name }} + url: ${{ inputs.environment-url }} + + env: + DOCKER_TAG: ${{ inputs.docker-tag }} + BRANCH_NAME: ${{ inputs.branch-name }} + DEPLOYMENT_USER: ${{ vars.DEPLOYMENT_USER }} + DEPLOYMENT_HOST: ${{ vars.DEPLOYMENT_HOST }} + DEPLOYMENT_FOLDER: ${{ vars.DEPLOYMENT_FOLDER }} + DEPLOYMENT_HOST_PUBLIC_KEYS: ${{ vars.DEPLOYMENT_HOST_PUBLIC_KEYS }} + GATEWAY_USER: "jump" + GATEWAY_HOST: "gateway.artemis.in.tum.de:2010" + GATEWAY_HOST_PUBLIC_KEY: "[gateway.artemis.in.tum.de]:2010 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtTLiKRILjKZ+Qg4ReWKsG7mLDXkzHfeY5nalSQUNQ4" + + steps: + # Download pyris-server-cli from GH without cloning the Repo + - name: Fetch Pyris CLI + run: | + wget ${{ env.RAW_URL }}/pyris-server-cli + chmod +x pyris-server-cli + + # Configure SSH Key + - name: Setup SSH Keys and known_hosts + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + GATEWAY_SSH_KEY: "${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }}" + DEPLOYMENT_SSH_KEY: "${{ secrets.DEPLOYMENT_SSH_KEY }}" + run: | + mkdir -p ~/.ssh + ssh-agent -a $SSH_AUTH_SOCK > /dev/null + ssh-add - <<< $GATEWAY_SSH_KEY + ssh-add - <<< $DEPLOYMENT_SSH_KEY + cat - <<< $GATEWAY_HOST_PUBLIC_KEY >> ~/.ssh/known_hosts + cat - <<< $(sed 's/\\n/\n/g' <<< "$DEPLOYMENT_HOST_PUBLIC_KEYS") >> ~/.ssh/known_hosts + + - name: Deploy Pyris with Docker + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + run: | + ./pyris-server-cli docker-deploy "$DEPLOYMENT_USER@$DEPLOYMENT_HOST" -g "$GATEWAY_USER@$GATEWAY_HOST" -t $DOCKER_TAG -b $BRANCH_NAME -d $DEPLOYMENT_FOLDER -y diff --git a/pyris-server-cli b/pyris-server-cli new file mode 100755 index 00000000..2fa0b6ee --- /dev/null +++ b/pyris-server-cli @@ -0,0 +1,216 @@ +#!/usr/bin/env bash + +######################################################################################################################## +# Script: pyris-server-cli # +# # +# Description: Provide a Wrapper to conveniently perform common operations on Pyris Servers. # +# This assumes a standardized server configuration and properly configured SSH access. # +# Run pyris-server-cli -h for usage information # +# # +# Author: Timor Morrien # +# Email: timor.morrien@tum.de # +# GitHub: @hialus # +# # +######################################################################################################################## + + +# Function: Ask User for Confirmation, if -y flag is not used +# +# @param question +interactive=true +function user_confirmation { + if [ $interactive = true ]; then + echo $1 + read -p "Do you want to continue? [Y/n] " response + if [[ ! $response =~ ^([yY][eE][sS]|[yY])$ ]]; then + echo "Aborted." + exit 0 + fi + fi +} + +# Function: Perform Deployment to Server via Docker +# Expects the pyris-docker.sh script to be present on the remote server +# +# @param deployment host +# @param gateway host +# @param pr tag +# @param pr branch +# @param deployment directory +function docker_deploy { + user_confirmation "About to start a deployment of PR $3 ($4) on remote server $1 using gateway server $2" + + ssh -J "$2" -o "StrictHostKeyChecking=no" "$1" << COMMAND +cd $5 +sudo /usr/bin/bash $5/pyris-docker.sh restart $3 $4 +COMMAND +} + +# Function: Check for -h Flag +# +# @param callback function to display help menu +# @param $@ +function extract_help_flag { + callback=$1; shift + + local OPTIND + while getopts ":h" opt; do + case ${opt} in + h ) + $callback + exit 0 + ;; + \? ) + printf "Invalid Option: -$OPTARG \n\n" 1>&2 + $callback + exit 1 + ;; + esac + done + shift $((OPTIND -1)) +} + +# Function: Print general usage information +function general_help { + cat << HELP +Usage: + ./$(basename $0) [options] + +Commands: + docker-deploy Deploy to remote Pyris Server. + +General Options: + -h Show help. +HELP +} + +# Function: Print docker-deploy usage information +function docker_deploy_help { + cat << HELP +Usage: + ./$(basename $0) docker-deploy [options] + +Options: + [user@]hostname + -g Gateway [user@]hostname. + -t Docker tag that should be deployed. + -b GitHub branch that should be deployed. + -d Deployment directory + -y Automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively. +HELP +} + +######################################################################################################################## +# Subcommand Menus # +######################################################################################################################## + + +# Function: Display Docker Deployment Subcommand Menu +# +# @param $@ +function docker_deploy_menu { + extract_help_flag docker_deploy_help $@ + + server=$1; shift + # Handle missing server + if [ -z "$server" ] + then + docker_deploy_help + exit 1 + fi + + local gateway='' + local tag='' + local branch='' + local directory='' + + local OPTIND + while getopts ":hyg:t:b:d:" opt; do + case ${opt} in + h ) + deploy_help + exit 0 + ;; + y ) + interactive=false + ;; + g ) + gateway=$OPTARG + ;; + t ) + tag=$OPTARG + ;; + b ) + branch=$OPTARG + ;; + d ) + directory=$OPTARG + ;; + \? ) + printf "Invalid Option: -$OPTARG\n\n" 1>&2 + docker_deploy_help + exit 1 + ;; + esac + done + if [ $OPTIND -eq 1 ]; then + printf "Invalid Option: backup requires an argument\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + shift $((OPTIND -1)) + + if [ -z "$gateway" ]; then + printf "Require gateway to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + if [ -z "$tag" ]; then + printf "Require docker tag to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + if [ -z "$branch" ]; then + printf "Require branch name to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + if [ -z "$directory" ]; then + printf "Require deployment directory to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + docker_deploy "$server" "$gateway" "$tag" "$branch" "$directory" +} + +######################################################################################################################## +# Main Menu # +######################################################################################################################## + + +# Parse options to the `pyris-server-cli` command +extract_help_flag general_help $@ + +# read subcommand `pyris-server-cli subcommand server` in variable and remove base command from argument list +subcommand=$1; shift + +# Handle empty subcommand +if [ -z $subcommand ]; then + general_help + exit 1 +fi + +case "$subcommand" in + docker-deploy) + docker_deploy_menu $@ + ;; + *) + printf "Invalid Command: $subcommand\n\n" 1>&2 + general_help + exit 1 + ;; +esac