From f4ca62591267db4b238a4c455514538ec97179c4 Mon Sep 17 00:00:00 2001 From: Pablo Suarez <2323608+pavlops@users.noreply.github.com> Date: Thu, 19 Oct 2023 13:35:00 +0400 Subject: [PATCH] DEVOPS-956: devex-apollo prod promote to gcp (#234) * feat: DEVOPS-956 devex-apollo prod promote to gcp * feat: DEVOPS-956 devex-apollo prod promote to gcp * feat: DEVOPS-956 devex-apollo prod promote to gcp * feat: DEVOPS-956 devex-apollo prod promote to gcp --- .../workflows/ci-on-merge-main-or-release.yml | 151 ------------------ .github/workflows/cicd-prd.yml | 23 +-- cd/applications.bzl | 4 +- products/devex-apollo/BUILD | 34 ---- products/devex-apollo/Makefile | 2 +- products/devex-apollo/README.md | 88 ++++++++++ .../cd/overlays/production/certificate.yaml | 7 + .../cd/overlays/production/configmap.yaml | 1 - .../production/kustomization.tpl.yaml | 26 --- .../cd/overlays/production/kustomization.yaml | 29 ++++ .../overlays/production/sealed-secrets.yaml | 16 -- .../cd/overlays/production/secrets-app.yaml | 12 ++ 12 files changed, 151 insertions(+), 242 deletions(-) delete mode 100644 .github/workflows/ci-on-merge-main-or-release.yml delete mode 100644 products/devex-apollo/BUILD create mode 100644 products/devex-apollo/cd/overlays/production/certificate.yaml delete mode 100644 products/devex-apollo/cd/overlays/production/kustomization.tpl.yaml create mode 100644 products/devex-apollo/cd/overlays/production/kustomization.yaml delete mode 100644 products/devex-apollo/cd/overlays/production/sealed-secrets.yaml create mode 100644 products/devex-apollo/cd/overlays/production/secrets-app.yaml diff --git a/.github/workflows/ci-on-merge-main-or-release.yml b/.github/workflows/ci-on-merge-main-or-release.yml deleted file mode 100644 index 729267509..000000000 --- a/.github/workflows/ci-on-merge-main-or-release.yml +++ /dev/null @@ -1,151 +0,0 @@ -name: "Create application update" - -on: - # Test run before merging - pull_request: - branches: - - main - # On merged - push: - branches: - - main - # On released - release: - types: [created] - -jobs: - build-docker: - permissions: - id-token: write - contents: write - runs-on: ubuntu-22.04 - if: ${{ github.actor != 'dependabot[bot]' }} - name: "Build and deploy" - env: - AWS_REGION: us-west-2 - DEFAULT_BRANCH: main - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - ref: ${{github.event.pull_request.head.ref}} - repository: ${{github.event.pull_request.head.repo.full_name}} - fetch-depth: 0 - - - id: "auth" - name: "Authenticate to Google Cloud" - uses: "google-github-actions/auth@v1" - with: - token_format: "access_token" - workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" - service_account: "${{ secrets.GCP_PRD_GITHUB_SA_GCS_CACHE }}" - create_credentials_file: true - - - name: Configure bazel GCS cache - run: | - export BAZEL_REMOTE_CACHE_CREDENTIALS_JSON='${{ steps.auth.outputs.credentials_file_path }}' - export BAZEL_REMOTE_CACHE_ENDPOINT='${{ vars.BAZEL_REMOTE_CACHE_ENDPOINT }}' - python config/gcp_cs_cache.py - shell: bash - - #### BEGIN PRODUCT CHANGES EVALUATION #### - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@v35 - with: - dir_names: "true" - json: true - write_output_files: true - - - name: "Analyse project changes" - id: project-changed - run: | - if [ "${{ contains(steps.changed-files.outputs.all_changed_and_modified_files, 'products/devex-apollo') }}" = "true" ]; then - echo "devex-apollo=true" >> $GITHUB_OUTPUT - fi - #### END PRODUCT CHANGES EVALUATION #### - - name: Preparing merged branches - # Fetch the ref of the base branch, just the single commit. - run: | - git config --global user.email "bot@zilliqa.com" - git config --global user.name "Zilliqa Bot" - - echo "Running git checkout ${{ env.DEFAULT_BRANCH }}" - - git checkout ${{ env.DEFAULT_BRANCH }} - git fetch --all --tags - git pull --all - - # Checking out the base branch to make this our working branch and - # merge the head - echo "Running git checkout ${{ github.base_ref }}" - - git checkout ${{ github.base_ref }} - git fetch --all --tags - git pull --all - python config/workspace-status.py - - - name: Committing head - if: github.event_name == 'pull_request' - env: - HEAD_REF: ${{ github.head_ref }} - # Fetch the ref of the base branch, just the single commit. - run: | - echo "Running git merge --squash ${{ env.HEAD_REF }}" - git merge --squash ${{ env.HEAD_REF }} - - git add . -A - git commit -m "Finish merge" - python config/workspace-status.py - - - name: Install SSH key - uses: webfactory/ssh-agent@v0.7.0 - with: - ssh-private-key: ${{ secrets.SSH_SECRET_KET_MANIFESTS }} - - - name: Get tag version - id: get-version - run: | - python config/workspace-status.py | grep FULL_VERSION_TAG | awk '{print $2}' > VERSION - cat VERSION - - - name: Configure AWS Credentials - production - if: github.event_name == 'release' && github.event.action == 'created' - uses: Zilliqa/gh-actions-workflows/actions/configure-aws-credentials@v1 - with: - aws-region: us-west-2 - role-to-assume: arn:aws:iam::298213327629:role/ecr-read-write - oidc-role: ${{ secrets.OIDC_ROLE }} - - - name: Login to the registry - production - if: github.event_name == 'release' && github.event.action == 'created' - uses: docker/login-action@v2 - with: - registry: 298213327629.dkr.ecr.us-west-2.amazonaws.com - - - name: "Build and push devex-apollo - production" - if: github.event_name == 'release' && github.event.action == 'created' && steps.project-changed.outputs.devex-apollo == 'true' - run: | - VERSION=$(cat VERSION) - docker build -t devex-apollo:local products/devex-apollo - docker tag devex-apollo:local 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo:$VERSION - docker push 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo:$VERSION - - ### BEGIN DEPLOYMENT STAGES - - name: "Create application.bzl" - run: | - echo 'APPLICATIONS_PROD = [' > cd/applications.bzl - if [ "${{ contains(steps.changed-files.outputs.all_changed_and_modified_files, 'products/devex-apollo') }}" = "true" ]; then - echo ' "//products/devex-apollo",' >> cd/applications.bzl - fi - echo ']' >> cd/applications.bzl - cat cd/applications.bzl - - - name: "Creating production update" - if: github.event_name == 'release' && github.event.action == 'created' - run: | - bazelisk run //cd:update_production - env: - GITHUB_TOKEN: ${{ github.token }} - DEVOPS_ACCESS_TOKEN: ${{ secrets.DEVOPS_ACCESS_TOKEN }} - BUILD_URI_SUFFIX: ${{ github.head_ref }} diff --git a/.github/workflows/cicd-prd.yml b/.github/workflows/cicd-prd.yml index e16920b6a..6258cb63b 100644 --- a/.github/workflows/cicd-prd.yml +++ b/.github/workflows/cicd-prd.yml @@ -21,7 +21,14 @@ jobs: fail-fast: false matrix: application: - [bluebell-playground, developer-portal, devex, eth-spout, neo-savant] + [ + bluebell-playground, + developer-portal, + devex, + devex-apollo, + eth-spout, + neo-savant, + ] include: - application: bluebell-playground image_name: bluebell-playground @@ -33,6 +40,11 @@ jobs: path: products/devex tag_length: 8 tag_latest: false + - application: devex-apollo + image_name: devex-apollo + path: products/devex-apollo + tag_length: 8 + tag_latest: false - application: developer-portal image_name: developer-portal path: products/developer-portal @@ -92,15 +104,6 @@ jobs: cd ${{ matrix.path }} make image/build-and-push - - name: "Build and push ${{ matrix.application }} tag latest - production" - if: matrix.tag_latest == true && github.event_name == 'push' - env: - ENVIRONMENT: prd - IMAGE_TAG: "${{ env.REGISTRY }}/${{ matrix.image_name }}:latest" - run: | - cd ${{ matrix.path }} - make image/build-and-push - - name: "Build and push ${{ matrix.application }} - production" if: github.event_name == 'release' env: diff --git a/cd/applications.bzl b/cd/applications.bzl index fc0a4245d..76e053a9d 100644 --- a/cd/applications.bzl +++ b/cd/applications.bzl @@ -4,6 +4,4 @@ This module contains the applications which are deployed upon merge into main an APPLICATIONS_STAGING = [] -APPLICATIONS_PROD = [ - "//products/devex-apollo", -] +APPLICATIONS_PROD = [] diff --git a/products/devex-apollo/BUILD b/products/devex-apollo/BUILD deleted file mode 100644 index 1ef8badbf..000000000 --- a/products/devex-apollo/BUILD +++ /dev/null @@ -1,34 +0,0 @@ -load("@rules_pkg//:pkg.bzl", "pkg_tar") -load("//config:expand-workspace-status.bzl", "expand_workspace_status") - -### -# CD update - -pkg_tar( - name = "cd_base", - srcs = glob(["cd/base/*.yaml"]), - mode = "0755", - package_dir = "", - strip_prefix = ".", - visibility = ["//visibility:public"], -) - -expand_workspace_status( - name = "production-kustomization", - output = "cd/overlays/production/kustomization.yaml", - template = "cd/overlays/production/kustomization.tpl.yaml", -) - -pkg_tar( - name = "cd_production_patch", - srcs = glob( - ["cd/overlays/production/*.yaml"], - exclude = ["cd/overlays/production/*.tpl.yaml"], - ) + [ - "cd/overlays/production/kustomization.yaml", - ], - mode = "0755", - package_dir = "", - strip_prefix = ".", - visibility = ["//visibility:public"], -) diff --git a/products/devex-apollo/Makefile b/products/devex-apollo/Makefile index f67946d3b..fcae608dc 100644 --- a/products/devex-apollo/Makefile +++ b/products/devex-apollo/Makefile @@ -16,5 +16,5 @@ endif ## Build and push the Docker image image/build-and-push: - docker build -t "${IMAGE_TAG}" . + docker build --build-arg DEPLOY_ENV=${ENVIRONMENT} -t "${IMAGE_TAG}" . docker push "${IMAGE_TAG}" diff --git a/products/devex-apollo/README.md b/products/devex-apollo/README.md index e8a26453c..290cd2071 100644 --- a/products/devex-apollo/README.md +++ b/products/devex-apollo/README.md @@ -159,3 +159,91 @@ z app sync --cache-dir=.cache devex-apollo ``` Verify your application is running correct from the staging URL and with `kubectl` commands (if required). + +## Deploying applications to production + +To deploy the production environment we need to clone the devops repository and execute `z` from there: + +```sh +git clone https://github.com/Zilliqa/devops.git +cd devops +source setenv +``` + +### Set the following environment variables + +- `Z_ENV` to the path in which your `z.yaml` resides. +- `ZQ_USER` to your username (the bit before `@` in your email address) +- `GITHUB_PAT` (if you are deploying staging or production apps) to a classic PAT with all the repo permissions ticked. + +for example: + +```sh +export Z_ENV=`pwd`/infra/live/gcp/production/prj-p-prod-apps/z_ase1.yaml +export ZQ_USER=@zilliqa.com +export GITHUB_PAT= +``` + +### Login to Google Cloud + +```sh +z login +``` + +### Add the application to the production `z.yaml` file. Skip this step if it is an existing application + +1. Create a branch: + + ```sh + git checkout -b users//add_devex_to_production_cluster + ``` + +2. In the file `infra/live/gcp/production/prj-p-prod-apps/z_ase1.yaml` add the following: + + - in `apps` stanza add: + + ```yaml + clusters: + production: + apps: + devex-apollo: + repo: https://github.com/Zilliqa/zilliqa-developer + path: products/devex-apollo/cd/overlays/production + track: production + type: kustomize + ``` + + - in `subdomains` stanza add: + + ```yaml + infrastructure: + dns: + vars: + subdomains: + devex-apollo: {} + ``` + +3. Push the changes + + ```sh + git add . + git commit -m "Add Devex Apollo to production cluster" + git push origin users//add_devex_apollo_to_production_cluster + ``` + +4. Open a Pull Request to the main branch + +5. Apply the changes + + ```sh + z plan + z apply + ``` + +### Deploy the application + +```sh +z app sync --cache-dir=.cache devex-apollo +``` + +Verify your application is running correct from the production URL and with `kubectl` commands (if required). diff --git a/products/devex-apollo/cd/overlays/production/certificate.yaml b/products/devex-apollo/cd/overlays/production/certificate.yaml new file mode 100644 index 000000000..7372839bf --- /dev/null +++ b/products/devex-apollo/cd/overlays/production/certificate.yaml @@ -0,0 +1,7 @@ +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: devex-apollo +spec: + domains: + - devex-apollo.zilliqa.com diff --git a/products/devex-apollo/cd/overlays/production/configmap.yaml b/products/devex-apollo/cd/overlays/production/configmap.yaml index fe5f17f9b..73c73d55e 100644 --- a/products/devex-apollo/cd/overlays/production/configmap.yaml +++ b/products/devex-apollo/cd/overlays/production/configmap.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: devex-apollo - namespace: devex-apollo-prd data: BLOCKS_PER_REQUEST: "50" FAST_SYNC: "false" diff --git a/products/devex-apollo/cd/overlays/production/kustomization.tpl.yaml b/products/devex-apollo/cd/overlays/production/kustomization.tpl.yaml deleted file mode 100644 index 126b13c4b..000000000 --- a/products/devex-apollo/cd/overlays/production/kustomization.tpl.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../base - - configmap.yaml - - sealed-secrets.yaml - -images: - - name: devex-apollo - newName: 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo - newTag: ${FULL_VERSION_TAG} - -patches: - - patch: |- - - op: replace - path: "/spec/rules/0/host" - value: devex-apollo.platform.prd.z7a.xyz - - op: replace - path: "/spec/rules/1/host" - value: devex-apollo.zilliqa.com - target: - kind: Ingress - name: devex-apollo - -namespace: devex-apollo-prd diff --git a/products/devex-apollo/cd/overlays/production/kustomization.yaml b/products/devex-apollo/cd/overlays/production/kustomization.yaml new file mode 100644 index 000000000..4ab49238f --- /dev/null +++ b/products/devex-apollo/cd/overlays/production/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + - certificate.yaml + +patches: + - target: + kind: Ingress + name: devex-apollo + patch: |- + - op: replace + path: "/spec/rules/0/host" + value: devex-apollo.zilliqa.com + - op: remove + path: "/spec/rules/1" + - op: replace + path: /metadata/annotations + value: + kubernetes.io/ingress.class: gce + kubernetes.io/ingress.global-static-ip-name: devex-apollo-zilliqa-com + networking.gke.io/managed-certificates: devex-apollo + +patchesStrategicMerge: + - configmap.yaml + - secrets-app.yaml + +namespace: devex-apollo-prd diff --git a/products/devex-apollo/cd/overlays/production/sealed-secrets.yaml b/products/devex-apollo/cd/overlays/production/sealed-secrets.yaml deleted file mode 100644 index 1c33f5439..000000000 --- a/products/devex-apollo/cd/overlays/production/sealed-secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: devex-apollo - namespace: devex-apollo-prd -spec: - encryptedData: - DOCUMENTDB_HOST: AgB1qS6mJamPixxYUc1TsDZ9X0srUEEIyIYHPfuVvTNwQTVt+2KEC0JvVteaPTVBANt6YBPKBr+nbfM5aunQ1yRN2rl1nf24D0O2updPqlTfCDa9lC8fG221YEByhKQorDlgKwgSPUg2WF0Lc6MRxpaKxu4GfE02ozwrBpcZ547EaBdZBt75w9UNH0vXSzXJL57BJvxIt21kM+sOXpvzOs9h/C93hjSAx+vYxJaWadIg6SDKLasI0n6ODwLoHSNbyPmRhRSAayf5P7Aul5HA5Fg3qs2E6W0eIo6CQECAeVuOK9276oFY78j7OpDwvYF5Mko+9ChiT/6Aoxlr+n9h9uRv4uykb0wKfi3gy8lwXqcCJCbwru/1LK2gK57/zUjpBc6+Vzj9sojaAfPpL0GOZX1teuzNVM/A+ktPG8ms1Jde1Khg5in0Bhjr6x30W6T1UT11fhf95b2rRsg7iEuTGDlwDgJwgsWqxiQrDD7WdchNFcAeIOXhT7vx7BNdN4sZDdQtre9IPfBizYr5nVcybUWaxkrck6Sp7dpAhXSBr4PBdr/2o0pFHxb0bFCn9T2n0BI0jY2Rk4BygSTlZ8G1EVMGRzi3O6kG9ro1OKCavksqlXv7UESujSwZZEovlTqgBzty+FTQSwNbDJGsKrYF0KNrCgdUL1NdgOJXVL5fkCT7IOUkIC58HWog7b9qTX49BlxxJDtQwmYNC9hudoavSMPlZ1WaDb45+6FUMLSDyr3LZ12RbG2Zpq9s5hDPoNPpDjWBB/pvlMOYfRoCv1yCdPZyFGhgfYxhxnbm++NUUQA= - DOCUMENTDB_PASSWORD: AgCvBXCZ7FC65dlsqTQIjbfw+W2RVflT1brhPG0cA6k5Neb3MOCjd1GuvaiOCsVUAPV1r+K9CQrB/3+gAHneRrRDZuF3hwofN2DHbhOi7iABDupl1KffaT99HWAKCR/hqZV0POY7UYp2dv+yGfClnNx/gS35ZCYkCAp3aY7iYM+481VXDWDeFH8b+BJwKMmntMxMEjwWaPkjfVDZeUNlb8PqWMpHHorCNjir9yy2Rqpuv/MBU/ZtaT1lsvIkoPs7NKsw3SFxLzs9kcrZA7+xwFz19o0bQ3fyLneoKtSAo8Hv3lOmNrZfb7yG8YosocGfNXxKS+JeSZPPvROmwwdsYVhu4OgQLmvMglnyzobWkcNw4R/uQN6G3uYETxtp5pHlGhQ0uUjmTRNA9WPHv1O4wzOVLFnTJ7LYDRuJVsPf4iznvWeJO+cAmE297VTBJcPQK17fMbTfNgPfvCbd6j9/soHXbWAjXp9LOjqGlyA8MW4YnGQSexdnyvtyL6M5n6PZtgAnw0KuVhS7RKvVao7pd5pnzsWAOUvhSR2me6gI7vAdZgJA1sDumYCPFy1ZLCzBgVpbSkppw2TMzopdN/jg2TjIKEqrclMyJC568IdV5Mhbyu1o8s6Sv221iW0JDumfa2M8Bw9/FSlUbC2Gw1d9+DZ5OSlLOeiK0TvvhlrCdKpdRamDvo11yicHR39P7Ip58/mxkj3+EjXjPYJ2AcXRrVCexiH7/qIlyJ3MoiQ5oLWMD+ieE70ty+jl - DOCUMENTDB_USER: AgBOuwt3QtaSAXLOllhZuCo+323OD6pBJLlHZ4kibjfdNgB6Iuz1yJhTHLK58XFQBXsDE+aDFuuh3bm39fde+BVSf53P5lib79fuD4UWolb2BsAbR5ZFjx3FFHyEH5DYBo5Okl25Bizu8QA2J71lQuWMd87X8s0c1IwHDzMSHTM6A64lZiTXDjCkhMg1eu/U0Mr1gDnTKRkKW6QYso0vZ3C0n8FXgBtYLWnnue4sN3ygATauQEplKYRI1vq5Zj1CiYm3m7yWWLezKeX6kNX0GVOZdE+WcivWswDvk3qodO3aBP61rSmnWwOip/ItT8MM8IWuk4csGkKi/9h1kWxtNs1UwxWVCPCZ3VmOpHUPg0Pr0io7yQftU0trVxpqRYAlMx4Q8suq2VPqSyzhL4zVXdvwsdzBpzoevzN/N3d2xPmNDljsVaKFb7ua4VDJwglr1zZdnb7kYI76d7Wr7cLqYdO4npuw9jjb4/2a7bGOyIIHjiDXEx94WAJHpPrgffjDO9ulzNliVZOanetuJdVoGBv5mgzl4kIT5lV+ordo491Q59VOQcDrvX318kyJ023bouizeGeKSBmz4pF8CXKqp6qppL5H8uVxEN0EzzaykVm4jNnaenTorU4KZW6l8EFLmcBN6M7D1t0ouid8jWKK3LgcUvaCt2p7gNI8R3OLO7xQ1iOPhXBLoQTckPlAS8MyoQo9L3jer7wzKj0AhtO6ig== - template: - metadata: - creationTimestamp: null - name: devex-apollo - namespace: devex-apollo-prd diff --git a/products/devex-apollo/cd/overlays/production/secrets-app.yaml b/products/devex-apollo/cd/overlays/production/secrets-app.yaml new file mode 100644 index 000000000..a3cd3f3b3 --- /dev/null +++ b/products/devex-apollo/cd/overlays/production/secrets-app.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: devex-apollo + annotations: + zilliqa.com/autofill: "prj-p-prod-apps" +type: Opaque +data: + DOCUMENTDB_HOST: "devex-apollo/url" + DOCUMENTDB_USER: "devex-apollo/username" + DOCUMENTDB_PASSWORD: "devex-apollo/password" + DOCUMENTDB_DB: "devex-apollo/db"