From 7a08dda5df785a2c9b079c85e4f80318bd2bf8eb Mon Sep 17 00:00:00 2001 From: Willard Nilges Date: Sat, 3 Aug 2024 17:57:09 -0400 Subject: [PATCH] Helm chart --- .github/workflows/playwright.yml | 5 +- .github/workflows/publish-and-deploy.yaml | 238 ++++++++++---------- infra/helm/meshforms/templates/secrets.yaml | 4 +- 3 files changed, 126 insertions(+), 121 deletions(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 531d422..07b7473 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -3,8 +3,9 @@ permissions: read-all on: push: branches: [ main ] - pull_request: - branches: [ main ] + # FIXME!!!!!!!!!!!!!!!!!!!!! + #pull_request: + # branches: [ main ] jobs: test: name: Run Playwright Tests diff --git a/.github/workflows/publish-and-deploy.yaml b/.github/workflows/publish-and-deploy.yaml index 9c32b03..e0628d6 100644 --- a/.github/workflows/publish-and-deploy.yaml +++ b/.github/workflows/publish-and-deploy.yaml @@ -7,66 +7,66 @@ on: permissions: read-all jobs: - push_to_registry: - name: Push Docker Image to Docker Hub - runs-on: ubuntu-latest - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Log in to Docker Hub - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: willnilges/meshforms - - - name: Build and push Docker image - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 - with: - context: . - file: ./Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - # Hardcoding the URL of meshdb into the image we build... There is probably - # a better way to do this. - build-args: | - "MESHDB_URL=${{ secrets.MESHDB_URL }}" + # push_to_registry: + # name: Push Docker Image to Docker Hub + # runs-on: ubuntu-latest + # steps: + # - name: Check out the repo + # uses: actions/checkout@v4 + # + # - name: Log in to Docker Hub + # uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + # with: + # username: ${{ secrets.DOCKER_USERNAME }} + # password: ${{ secrets.DOCKER_PASSWORD }} + # + # - name: Extract metadata (tags, labels) for Docker + # id: meta + # uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + # with: + # images: willnilges/meshforms + # + # - name: Build and push Docker image + # uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + # with: + # context: . + # file: ./Dockerfile + # push: true + # tags: ${{ steps.meta.outputs.tags }} + # labels: ${{ steps.meta.outputs.labels }} + # # Hardcoding the URL of meshdb into the image we build... There is probably + # # a better way to do this. + # build-args: | + # "MESHDB_URL=${{ secrets.MESHDB_URL }}" - deploy_to_grandsvc: - name: Deploy to grandsvc - needs: push_to_registry - runs-on: ubuntu-latest - steps: - - name: Setup WireGuard - run: | - sudo apt install wireguard - echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey - sudo ip link add dev wg0 type wireguard - sudo ip address add dev wg0 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.WIREGUARD_PEER }} - sudo wg set wg0 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} - sudo ip link set up dev wg0 - - name: Install SSH key - uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 - with: - key: ${{ secrets.GRANDSVC_KEY }} - name: id_ed25519 # optional - known_hosts: ${{ secrets.GRANDSVC_KNOWN_HOSTS }} - #config: ${{ secrets.CONFIG }} # ssh_config; optional - if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - - name: Pull new Docker image - run: ssh ${{ secrets.GRANDSVC_SSH_TARGET }} "cd ${{ secrets.GRANDSVC_PROJECT_PATH }} && git pull && docker compose pull && docker compose up -d" + #deploy_to_grandsvc: + # name: Deploy to grandsvc + # needs: push_to_registry + # runs-on: ubuntu-latest + # steps: + # - name: Setup WireGuard + # run: | + # sudo apt install wireguard + # echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey + # sudo ip link add dev wg0 type wireguard + # sudo ip address add dev wg0 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.WIREGUARD_PEER }} + # sudo wg set wg0 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} + # sudo ip link set up dev wg0 + # - name: Install SSH key + # uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 + # with: + # key: ${{ secrets.GRANDSVC_KEY }} + # name: id_ed25519 # optional + # known_hosts: ${{ secrets.GRANDSVC_KNOWN_HOSTS }} + # #config: ${{ secrets.CONFIG }} # ssh_config; optional + # if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) + # - name: Pull new Docker image + # run: ssh ${{ secrets.GRANDSVC_SSH_TARGET }} "cd ${{ secrets.GRANDSVC_PROJECT_PATH }} && git pull && docker compose pull && docker compose up -d" deploy_to_dev3: name: Deploy to dev3 environment: dev3 - needs: push_to_registry + #needs: push_to_registry # FIXME!!!!!!!!!!!!!!!!!!!!!!! runs-on: ubuntu-latest #if: github.ref == 'refs/heads/main' # FIXME!!!!!!!!!!!!!!!!!!! steps: @@ -94,66 +94,70 @@ jobs: # configuration option - name: Deploy Helm Chart run: | - ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }} "\ - sudo bash -c '\ - cd ${{ secrets.PROJECT_PATH }} && \ - git pull && \ - git checkout main && \ - cd infra/helm/meshforms && \ - helm template . -f values.yaml \ - --set meshforms.meshdb_url=\"${{ vars.MESHDB_URL }}\" \ - --set meshforms_app_namespace=\"${{ vars.APP_NAMESPACE }}\" \ - --set aws.access_key=\"${{ secrets.S3_ACCESS_KEY }}\" \ - --set aws.secret_key=\"${{ secrets.S3_SECRET_KEY }}\" \ - --set meshforms.s3_bucket_name=\"${{ secrets.S3_BUCKET_NAME }}\" \ - --set meshforms.s3_base_name=\"${{ secrets.S3_BASE_NAME }}\" \ - --set ingress.hosts[0].host=\"${{ vars.INGRESS_HOST }}\" \ - | kubectl apply -f - && \ - kubectl -n ${{ vars.APP_NAMESPACE }} rollout restart deploy \ - '" - - deploy_to_prod1: - name: Deploy to prod 1 - environment: prod - needs: push_to_registry - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Install SSH key - uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 - with: - key: ${{ secrets.SSH_PRIVATE_KEY }} - name: id_ed25519 # optional - known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} - if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - - - name: Setup WireGuard - run: | - sudo apt install wireguard - echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey - sudo ip link add dev wg2 type wireguard - sudo ip address add dev wg2 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.SSH_TARGET_IP }} - sudo wg set wg2 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} - sudo ip link set up dev wg2 - - name: Deploy Helm Chart - run: | - ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }} "\ - sudo bash -c '\ - cd ${{ secrets.PROJECT_PATH }} && \ - git pull && \ - git checkout main && \ - cd infra/helm/meshforms && \ - helm template . -f values.yaml \ - --set meshforms_app_namespace=\"${{ vars.APP_NAMESPACE }}\" \ - --set aws.access_key_id=\"${{ secrets.S3_ACCESS_KEY }}\" \ - --set aws.secret_access_key=\"${{ secrets.S3_ACCESS_KEY }}\" \ - --set meshforms.s3_bucket_name=\"${{ secrets.S3_BUCKET_NAME }}\" \ - --set meshforms.s3_base_name=\"${{ secrets.S3_BASE_NAME }}\" \ - --set ingress.hosts[0].host=\"${{ vars.INGRESS_HOST }}\" \ - | kubectl apply -f - && \ - kubectl -n ${{ vars.APP_NAMESPACE }} rollout restart deploy \ - '" + # Grab the kubeconfig, then use helm install from the github worker + # to install the chart. We have the tunnel leftover from earlier, so + # We can just hit the Kube API server directly. + # FIXME: Check if helm install will always work, and if it starts a deploy. + scp ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }}:~/.kube/config ./ + kubectl --kubeconfig ./config --server https://${{ secrets.SSH_TARGET_IP }}:6443 create namespace ${{ vars.APP_NAMESPACE }} || echo namespace already exists + if helm --kubeconfig ./config --kube-apiserver https://${{ secrets.SSH_TARGET_IP }}:6443 ls --all --short | grep -q ${{ vars.APP_NAMESPACE }}; then + echo "The chart is installed." + HELM_ACTION=upgrade + else + echo "The chart is NOT installed." + HELM_ACTION=install + fi + helm $HELM_ACTION --kubeconfig ./config --kube-apiserver https://${{ secrets.SSH_TARGET_IP }}:6443 -n ${{ vars.APP_NAMESPACE }} meshforms infra/helm/meshforms/ \ + --set meshforms.meshdb_url="${{ vars.MESHDB_URL }}" \ + --set meshforms_app_namespace="${{ vars.APP_NAMESPACE }}" \ + --set aws.access_key="${{ secrets.S3_ACCESS_KEY }}" \ + --set aws.secret_key="${{ secrets.S3_SECRET_KEY }}" \ + --set meshforms.s3_bucket_name="${{ secrets.S3_BUCKET_NAME }}" \ + --set meshforms.s3_base_name="${{ secrets.S3_BASE_NAME }}" \ + --set ingress.hosts[0].host="${{ vars.INGRESS_HOST }}" + # deploy_to_prod1: + # name: Deploy to prod 1 + # environment: prod + # needs: push_to_registry + # runs-on: ubuntu-latest + # if: github.ref == 'refs/heads/main' + # steps: + # - name: Check out the repo + # uses: actions/checkout@v4 + # + # - name: Install SSH key + # uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 + # with: + # key: ${{ secrets.SSH_PRIVATE_KEY }} + # name: id_ed25519 # optional + # known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} + # if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) + # + # - name: Setup WireGuard + # run: | + # sudo apt install wireguard + # echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey + # sudo ip link add dev wg2 type wireguard + # sudo ip address add dev wg2 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.SSH_TARGET_IP }} + # sudo wg set wg2 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} + # sudo ip link set up dev wg2 + # - name: Deploy Helm Chart + # run: | + # ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }} "\ + # sudo bash -c '\ + # cd ${{ secrets.PROJECT_PATH }} && \ + # git pull && \ + # git checkout main && \ + # cd infra/helm/meshforms && \ + # helm template . -f values.yaml \ + # --set meshforms_app_namespace=\"${{ vars.APP_NAMESPACE }}\" \ + # --set aws.access_key_id=\"${{ secrets.S3_ACCESS_KEY }}\" \ + # --set aws.secret_access_key=\"${{ secrets.S3_ACCESS_KEY }}\" \ + # --set meshforms.s3_bucket_name=\"${{ secrets.S3_BUCKET_NAME }}\" \ + # --set meshforms.s3_base_name=\"${{ secrets.S3_BASE_NAME }}\" \ + # --set ingress.hosts[0].host=\"${{ vars.INGRESS_HOST }}\" \ + # | kubectl apply -f - && \ + # kubectl -n ${{ vars.APP_NAMESPACE }} rollout restart deploy \ + # '" + # diff --git a/infra/helm/meshforms/templates/secrets.yaml b/infra/helm/meshforms/templates/secrets.yaml index 91b4ac7..8f09303 100644 --- a/infra/helm/meshforms/templates/secrets.yaml +++ b/infra/helm/meshforms/templates/secrets.yaml @@ -7,6 +7,6 @@ type: Opaque data: S3_ACCESS_KEY: {{ .Values.aws.access_key | b64enc | quote }} S3_SECRET_KEY: {{ .Values.aws.secret_key | b64enc | quote }} - S3_BUCKET_NAME: {{ .Values.s3_bucket_name | b64enc | quote }} - S3_BASE_NAME: {{ .Values.s3_base_name | b64enc | quote }} + S3_BUCKET_NAME: {{ .Values.meshforms.s3_bucket_name | b64enc | quote }} + S3_BASE_NAME: {{ .Values.meshforms.s3_base_name | b64enc | quote }} NEXT_PUBLIC_MESHDB_URL: {{ .Values.meshforms.meshdb_url | b64enc | quote }}