-
Notifications
You must be signed in to change notification settings - Fork 4
99 lines (99 loc) · 4.29 KB
/
cd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
---
name: CD
on:
pull_request:
types: types: [labeled,closed]
env:
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
GH_PAT: ${{ secrets.GH_PAT }}
GKE_CLUSTER: ${{ secrets.GKE_CLUSTER }}
GKE_REGION: ${{ secrets.GKE_REGION }}
BASEDOSDADOS_CONFIG: ${{ secrets.BASEDOSDADOS_CONFIG }}
BASEDOSDADOS_CREDENTIALS_PROD: ${{ secrets.BASEDOSDADOS_CREDENTIALS_PROD }}
BASEDOSDADOS_CREDENTIALS_STAGING: ${{ secrets.BASEDOSDADOS_CREDENTIALS_STAGING }}
IMAGE_NAME: ghcr.io/basedosdados/queries-basedosdados
jobs:
build-container:
if: contains(github.event.pull_request.labels.*.name, 'table-approve')
name: Deployment
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Google Cloud CLI
uses: google-github-actions/[email protected]
with:
service_account_key: ${{ secrets.GCP_SA_KEY }}
project_id: ${{ secrets.GCP_PROJECT_ID }}
export_default_credentials: true
- name: Get GKE credentials
uses: google-github-actions/[email protected]
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_REGION }}
credentials: ${{ secrets.GCP_SA_KEY }}
- name: Build and publish image
run: |
docker build -t $IMAGE_NAME:$GITHUB_SHA .
echo $GH_PAT | docker login ghcr.io -u gabriel-milan --password-stdin
docker push $IMAGE_NAME:$GITHUB_SHA
- name: Set up Kustomize
run: |-
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
chmod u+x ./kustomize
- name: Deploy
run: |-
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE_DBT:TAG=$IMAGE_NAME:$GITHUB_SHA
./kustomize build . | kubectl apply -n prefect-agent-basedosdados -f -
kubectl rollout status -w -n prefect-agent-basedosdados deployment/dbt-rpc-dev
kubectl rollout status -w -n prefect-agent-basedosdados deployment/dbt-rpc-prod
table-approve:
if: contains(github.event.pull_request.labels.*.name, 'table-approve')
needs: build-container
name: Table approve
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Get all changed files using a comma separator
id: changed-files
uses: tj-actions/changed-files@v35
with:
separator: ','
- name: Set up poetry
run: pipx install poetry
- name: Set up python
uses: actions/setup-python@v4
with:
cache: poetry
python-version: '3.9'
- name: Install requirements
run: poetry install --only=dev
- name: Run script for approving table
run: |
poetry run python .github/workflows/scripts/table_approve.py --modified-files ${{ steps.changed-files.outputs.all_modified_files }} --graphql-url ${{ secrets.BACKEND_GRAPHQL_URL }} --source-bucket-name ${{ secrets.SOURCE_BUCKET_NAME }} --destination-bucket-name ${{ secrets.DESTINATION_BUCKET_NAME }} --backup-bucket-name ${{ secrets.BACKUP_BUCKET_NAME }} --prefect-backend-token ${{ secrets.PREFECT_BACKEND_TOKEN }} --materialization-mode ${{ secrets.MATERIALIZATION_MODE }} --materialization-label ${{ secrets.MATERIALIZATION_LABEL }}
change-metadata-status:
needs: table-approve
name: Change metadata status to "production"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get all changed files using a comma separator
id: changed-files
uses: tj-actions/changed-files@v35
with:
separator: ','
- name: Set up poetry
run: pipx install poetry
- name: Set up python
uses: actions/setup-python@v4
with:
cache: poetry
python-version: '3.9'
- name: Install requirements
run: poetry install --only=dev
- name: Run script for changing metadata status
run: |-
poetry run python .github/workflows/scripts/change_metadata_status.py --modified-files ${{ steps.changed-files.outputs.all_modified_files }} --graphql-url ${{ secrets.BACKEND_GRAPHQL_URL }} --status published --email ${{ secrets.BACKEND_EMAIL }} --password ${{ secrets.BACKEND_PASSWORD }}