From ea3e84380704f48effd3a7bf93811044c46f2433 Mon Sep 17 00:00:00 2001 From: Willard Nilges Date: Sat, 3 Aug 2024 22:26:01 -0400 Subject: [PATCH] Use reusable workflow --- .github/workflows/deploy-to-k8s.yaml | 54 +++++++++++++ .github/workflows/publish-and-deploy.yaml | 97 ++--------------------- 2 files changed, 62 insertions(+), 89 deletions(-) create mode 100644 .github/workflows/deploy-to-k8s.yaml diff --git a/.github/workflows/deploy-to-k8s.yaml b/.github/workflows/deploy-to-k8s.yaml new file mode 100644 index 0000000..288507f --- /dev/null +++ b/.github/workflows/deploy-to-k8s.yaml @@ -0,0 +1,54 @@ +name: Deploy to K8s + +on: + workflow_call: + inputs: + environment: + required: true + type: string + +jobs: + deploy_to_env: + name: Deploy to env + #needs: push_to_registry # FIXME!!!!!!!!!!!!!!!!!!!!!!! + runs-on: ubuntu-latest + #if: github.ref == 'refs/heads/main' # FIXME!!!!!!!!!!!!!!!!!!! + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Install SSH key + uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 + with: + key: ${{ secrets.SSH_PRIVATE_KEY }} + name: id_ed25519 # optional + known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} + if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) + + - name: Setup WireGuard + run: | + sudo apt install wireguard + echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey + sudo ip link add dev wg1 type wireguard + sudo ip address add dev wg1 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.SSH_TARGET_IP }} + sudo wg set wg1 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} + sudo ip link set up dev wg1 + + - name: Deploy Helm Chart + run: | + # Get the kubeconfig + scp ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }}:~/.kube/config ./ + + # Create the namespace if necessary + kubectl --kubeconfig ./config --server https://${{ secrets.SSH_TARGET_IP }}:6443 create namespace ${{ vars.APP_NAMESPACE }} || echo namespace already exists + + # Install the chart with helm + helm upgrade --install --kubeconfig ./config --kube-apiserver https://${{ secrets.SSH_TARGET_IP }}:6443 -n ${{ vars.APP_NAMESPACE }} --create-namespace meshforms infra/helm/meshforms/ \ + --set meshforms.meshdb_url="${{ vars.MESHDB_URL }}" \ + --set meshforms_app_namespace="${{ vars.APP_NAMESPACE }}" \ + --set aws.access_key="${{ secrets.S3_ACCESS_KEY }}" \ + --set aws.secret_key="${{ secrets.S3_SECRET_KEY }}" \ + --set meshforms.s3_bucket_name="${{ secrets.S3_BUCKET_NAME }}" \ + --set meshforms.s3_base_name="${{ secrets.S3_BASE_NAME }}" \ + --set ingress.hosts[0].host="${{ vars.INGRESS_HOST }}",ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=Prefix + diff --git a/.github/workflows/publish-and-deploy.yaml b/.github/workflows/publish-and-deploy.yaml index 842f81a..69c17a2 100644 --- a/.github/workflows/publish-and-deploy.yaml +++ b/.github/workflows/publish-and-deploy.yaml @@ -64,96 +64,15 @@ jobs: run: ssh ${{ secrets.GRANDSVC_SSH_TARGET }} "cd ${{ secrets.GRANDSVC_PROJECT_PATH }} && git pull && docker compose pull && docker compose up -d" deploy_to_dev3: - name: Deploy to dev3 - environment: dev3 - #needs: push_to_registry # FIXME!!!!!!!!!!!!!!!!!!!!!!! - runs-on: ubuntu-latest - #if: github.ref == 'refs/heads/main' # FIXME!!!!!!!!!!!!!!!!!!! - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Install SSH key - uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 - with: - key: ${{ secrets.SSH_PRIVATE_KEY }} - name: id_ed25519 # optional - known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} - if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - - - name: Setup WireGuard - run: | - sudo apt install wireguard - echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey - sudo ip link add dev wg1 type wireguard - sudo ip address add dev wg1 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.SSH_TARGET_IP }} - sudo wg set wg1 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} - sudo ip link set up dev wg1 - - # TODO: Figure out of helm install/upgrade can take `--set` or some other - # configuration option - - name: Deploy Helm Chart - run: | - # Grab the kubeconfig, then use helm install from the github worker - # to install the chart. We have the tunnel leftover from earlier, so - # We can just hit the Kube API server directly. - # FIXME: Check if helm install will always work, and if it starts a deploy. - scp ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }}:~/.kube/config ./ - - # Create the namespace if necessary - kubectl --kubeconfig ./config --server https://${{ secrets.SSH_TARGET_IP }}:6443 create namespace ${{ vars.APP_NAMESPACE }} || echo namespace already exists - - # Install the chart with helm - helm upgrade --install --kubeconfig ./config --kube-apiserver https://${{ secrets.SSH_TARGET_IP }}:6443 -n ${{ vars.APP_NAMESPACE }} --create-namespace meshforms infra/helm/meshforms/ \ - --set meshforms.meshdb_url="${{ vars.MESHDB_URL }}" \ - --set meshforms_app_namespace="${{ vars.APP_NAMESPACE }}" \ - --set aws.access_key="${{ secrets.S3_ACCESS_KEY }}" \ - --set aws.secret_key="${{ secrets.S3_SECRET_KEY }}" \ - --set meshforms.s3_bucket_name="${{ secrets.S3_BUCKET_NAME }}" \ - --set meshforms.s3_base_name="${{ secrets.S3_BASE_NAME }}" \ - --set ingress.hosts[0].host="${{ vars.INGRESS_HOST }}",ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=Prefix + name: Deploy to dev 3 + uses: ./.github/workflows/deploy-to-k8s.yaml + needs: push_to_registry + with: + environment: dev3 deploy_to_prod1: name: Deploy to prod 1 - environment: prod - needs: push_to_registry - runs-on: ubuntu-latest + uses: ./.github/workflows/deploy-to-k8s.yaml + with: + environment: prod1 if: github.ref == 'refs/heads/main' - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - - name: Install SSH key - uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2 - with: - key: ${{ secrets.SSH_PRIVATE_KEY }} - name: id_ed25519 # optional - known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} - if_key_exists: fail # replace / ignore / fail; optional (defaults to fail) - - - name: Setup WireGuard - run: | - sudo apt install wireguard - echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey - sudo ip link add dev wg2 type wireguard - sudo ip address add dev wg2 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.SSH_TARGET_IP }} - sudo wg set wg2 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} - sudo ip link set up dev wg2 - - name: Deploy Helm Chart - run: | - ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_TARGET_IP }} "\ - sudo bash -c '\ - cd ${{ secrets.PROJECT_PATH }} && \ - git pull && \ - git checkout main && \ - cd infra/helm/meshforms && \ - helm template . -f values.yaml \ - --set meshforms_app_namespace=\"${{ vars.APP_NAMESPACE }}\" \ - --set aws.access_key_id=\"${{ secrets.S3_ACCESS_KEY }}\" \ - --set aws.secret_access_key=\"${{ secrets.S3_ACCESS_KEY }}\" \ - --set meshforms.s3_bucket_name=\"${{ secrets.S3_BUCKET_NAME }}\" \ - --set meshforms.s3_base_name=\"${{ secrets.S3_BASE_NAME }}\" \ - --set ingress.hosts[0].host=\"${{ vars.INGRESS_HOST }}\" \ - | kubectl apply -f - && \ - kubectl -n ${{ vars.APP_NAMESPACE }} rollout restart deploy \ - '"