-
-
Notifications
You must be signed in to change notification settings - Fork 151
136 lines (126 loc) · 5.77 KB
/
docker-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Automate build and deploy
on:
push:
branches: [ "main" ]
env:
AWS_REGION: us-west-2
EKS_CLUSTER_NAME: courtlistener
EKS_NAMESPACE: court-listener
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and Push
run: |
make push --file docker/django/Makefile -e VERSION=$(git rev-parse --short HEAD)
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set shortcode
id: vars
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Create Kubeconfig with AWS CLI
run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER_NAME }}
- name: Collect static assets and check unapplied migration exit code
id: checkMigration
# Do big complicated thing to get secrets into the image.
# See: https://stackoverflow.com/a/52488906/64911
run: |
kubectl run ${{ steps.vars.outputs.sha_short }} -it --rm -n ${{ env.EKS_NAMESPACE }} --image freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-web-prod --restart Never --overrides='
{
"spec": {
"containers": [
{
"name": "${{ steps.vars.outputs.sha_short }}",
"image": "freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-web-prod",
"command": [
"/bin/sh",
"-c",
"./manage.py collectstatic --noinput && ./manage.py migrate --check"
],
"envFrom": [
{
"secretRef": {
"name": "cl-env"
}
}
]
}
]
}
}
'
# If the previous step had an error, start a pod to do maintenance, and
# quit with an error message.
- name: Check migration exit code from previous step
if: failure()
run: |
echo "Found unapplied migrations. A pod named deploy-${{ steps.vars.outputs.sha_short }} has been created for you."
echo "Shell into that pod, do a manual migration, delete the pod, and re-run this Github Action job."
kubectl run deploy-${{ steps.vars.outputs.sha_short }} -n ${{ env.EKS_NAMESPACE }} --image freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-web-prod --restart Never --overrides='
{
"spec": {
"containers": [
{
"name": "deploy-${{ steps.vars.outputs.sha_short }}",
"image": "freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-web-prod",
"command": [
"/bin/sh",
"-c",
"trap : TERM INT; sleep infinity & wait"
],
"envFrom": [
{
"secretRef": {
"name": "cl-env"
}
}
]
}
]
}
}
'
exit 1
# Rollout new versions one by one (watch "deployments" in k9s)
- name: Rollout cl-python
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-python web=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-web-prod
- name: Watch cl-python rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-python
- name: Rollout cl-celery-prefork
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork cl-celery-prefork=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-celery
- name: Watch cl-celery-prefork rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork
- name: Rollout cl-celery-prefork-bulk
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-bulk cl-celery-prefork-bulk=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-celery
- name: Watch cl-celery-prefork-bulk rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-bulk
- name: Rollout cl-scrape-rss
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-scrape-rss scrape-rss=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-scrape-rss
- name: Watch cl-scrape-rss rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-scrape-rss
- name: Rollout cl-retry-webhooks
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-retry-webhooks retry-webhooks=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-webhooks-retry
- name: Watch cl-retry-webhooks rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-retry-webhooks
# Watch "cronjobs" in k9s
- name: Update cronjobs
run: |
CRONJOB_NAMES=$(kubectl get cronjobs -n court-listener -o jsonpath='{.items.*.metadata.name}' -l image_type=web-prod);
for name in $CRONJOB_NAMES; do
kubectl set image -n ${{ env.EKS_NAMESPACE }} CronJob/$name job=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-web-prod;
done;