From 54c46f0b78f77192ffc698c52bdd41f18aa037e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Burkard?= <22095555+JeromeBu@users.noreply.github.com> Date: Fri, 3 May 2024 13:35:34 +0200 Subject: [PATCH] fix automatic CI deployement to prod WIP --- .github/workflows/ci.yaml | 403 ++++++++++++++++++++------------------ 1 file changed, 217 insertions(+), 186 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e78b18ed..2b6b8b5a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,171 +8,19 @@ on: - main jobs: - validations: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - - uses: bahmutov/npm-install@v1 - - name: Build back - run: cd api && yarn build - - name: Fullcheck - run: yarn fullcheck - # - check_if_version_upgraded: - name: Check if version upgrade - if: github.event_name == 'push' - runs-on: ubuntu-latest - needs: validations - outputs: - from_version: ${{ steps.step1.outputs.from_version }} - to_version: ${{ steps.step1.outputs.to_version }} - is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }} - steps: - - uses: garronej/ts-ci@v2.1.0 - id: step1 - with: - action_name: is_package_json_version_upgraded - - create_tag: - name: Create version tag - runs-on: ubuntu-latest - needs: - - check_if_version_upgraded - if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' - env: - TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Create tag - run: | - git config --local user.email "actions@github.com" - git config --local user.name "GitHub Actions" - git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}" - git push --tags - - pre-release: - runs-on: ubuntu-latest - needs: - - check_if_version_upgraded - - create_tag - permissions: - contents: write - env: - PRE_RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}-rc - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: "20" - - uses: bahmutov/npm-install@v1 - - run: cd web && yarn prepare - - name: Build - run: yarn build - - name: Keycloakify - run: cd web && npx keycloakify && cd .. - env: - XDG_CACHE_HOME: "/home/runner/.cache/yarn" - - run: mv web/build_keycloak/target/retrocompat-*.jar retrocompat-keycloak-theme.jar - - run: mv web/build_keycloak/target/*.jar keycloak-theme.jar - - name: "Generate release candidate on github" - uses: softprops/action-gh-release@v2 - with: - name: Release candidate ${{ env.PRE_RELEASE_TAG }} - prerelease: true - tag_name: ${{ env.PRE_RELEASE_TAG }} - generate_release_notes: true - token: ${{ secrets.GITHUB_TOKEN }} - files: | - retrocompat-keycloak-theme.jar - keycloak-theme.jar - - name: Delete old prereleases - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const excludeTagName = '${{ env.PRE_RELEASE_TAG }}'; - const releases = await github.request(`GET /repos/${{ github.repository }}/releases`); - - const oldPrereleases = releases.data - .filter(release => release.prerelease && release.tag_name !== excludeTagName); - - console.log(`Found ${oldPrereleases.length} old prereleases`); - - for (const release of oldPrereleases) { - console.log(`Deleting prerelease: ${release.tag_name} and the corresponding tag`); - await github.request(`DELETE /repos/${{ github.repository }}/releases/${release.id}`); - await github.request(`DELETE /repos/${{ github.repository }}/git/refs/tags/${release.tag_name}`); - } - - docker: - runs-on: ubuntu-latest - needs: - - check_if_version_upgraded - - create_tag - - pre-release - steps: - - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Computing Docker image tags - id: step1 - env: - TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} - run: | - OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest - OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}') - echo ::set-output name=docker_api_tags::$OUT_API - - OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest - OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}') - echo ::set-output name=docker_web_tags::$OUT_WEB - - - uses: docker/build-push-action@v5 - with: - push: true - context: . - target: api - tags: ${{ steps.step1.outputs.docker_api_tags }} - - uses: docker/build-push-action@v5 - with: - push: true - context: . - target: web - tags: ${{ steps.step1.outputs.docker_web_tags }} - - poke_gitops: - name: "Poke gitops" - runs-on: ubuntu-latest - needs: - - docker - steps: - - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }} - event-type: update_sill - repository: codegouvfr/paris-sspcloud - trigger_production_deploy: name: "Trigger production deploy" runs-on: ubuntu-latest environment: production - concurrency: - group: deploy-to-production - cancel-in-progress: true - needs: - - docker - - poke_gitops - - check_if_version_upgraded - env: - TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} +# concurrency: +# group: deploy-to-production +# cancel-in-progress: true +# needs: +# - docker +# - poke_gitops +# - check_if_version_upgraded +# env: +# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} steps: - run: echo "Triggering production deploy" - name: Set up SSH @@ -181,31 +29,214 @@ jobs: echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts - ssh -A -o StrictHostKeyChecking=no web@code.gouv.fr "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}" +# echo -------- +# ssh -A -o StrictHostKeyChecking=no web@code.gouv.fr "echo Connected as \$(whoami); echo \$SSH_AUTH_SOCK; sudo -u web SSH_AUTH_SOCK=\$SSH_AUTH_SOCK ssh-add -l" + echo -------- + ssh -vvv -A -o StrictHostKeyChecking=no web@code.gouv.fr "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v1.42.34" + + # ssh -T -A -o StrictHostKeyChecking=no web@code.gouv.fr "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}" env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - create_github_release: - name: "Create release notes" - runs-on: ubuntu-latest - needs: - - trigger_production_deploy - - check_if_version_upgraded - - create_tag - if: | - needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push' - # We create a release only when all of the above are validated: - # - we are on default branch - # - version has been upgraded - # - we have pushed to production - env: - TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} - steps: - - name: "Generate release candidate on github" - uses: softprops/action-gh-release@v2 - with: - name: Release v${{ env.TO_VERSION }} - prerelease: false - tag_name: v${{ env.TO_VERSION }} - generate_release_notes: true - token: ${{ secrets.GITHUB_TOKEN }} + +# validations: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v4 +# - uses: actions/setup-node@v4 +# with: +# node-version: "20" +# - uses: bahmutov/npm-install@v1 +# - name: Build back +# run: cd api && yarn build +# - name: Fullcheck +# run: yarn fullcheck +# # +# check_if_version_upgraded: +# name: Check if version upgrade +# if: github.event_name == 'push' +# runs-on: ubuntu-latest +# needs: validations +# outputs: +# from_version: ${{ steps.step1.outputs.from_version }} +# to_version: ${{ steps.step1.outputs.to_version }} +# is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }} +# steps: +# - uses: garronej/ts-ci@v2.1.0 +# id: step1 +# with: +# action_name: is_package_json_version_upgraded +# +# create_tag: +# name: Create version tag +# runs-on: ubuntu-latest +# needs: +# - check_if_version_upgraded +# if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' +# env: +# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 +# - name: Create tag +# run: | +# git config --local user.email "actions@github.com" +# git config --local user.name "GitHub Actions" +# git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}" +# git push --tags +# +# pre-release: +# runs-on: ubuntu-latest +# needs: +# - check_if_version_upgraded +# - create_tag +# permissions: +# contents: write +# env: +# PRE_RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}-rc +# steps: +# - uses: actions/checkout@v4 +# - uses: actions/setup-node@v4 +# with: +# node-version: "20" +# - uses: bahmutov/npm-install@v1 +# - run: cd web && yarn prepare +# - name: Build +# run: yarn build +# - name: Keycloakify +# run: cd web && npx keycloakify && cd .. +# env: +# XDG_CACHE_HOME: "/home/runner/.cache/yarn" +# - run: mv web/build_keycloak/target/retrocompat-*.jar retrocompat-keycloak-theme.jar +# - run: mv web/build_keycloak/target/*.jar keycloak-theme.jar +# - name: "Generate release candidate on github" +# uses: softprops/action-gh-release@v2 +# with: +# name: Release candidate ${{ env.PRE_RELEASE_TAG }} +# prerelease: true +# tag_name: ${{ env.PRE_RELEASE_TAG }} +# generate_release_notes: true +# token: ${{ secrets.GITHUB_TOKEN }} +# files: | +# retrocompat-keycloak-theme.jar +# keycloak-theme.jar +# - name: Delete old prereleases +# uses: actions/github-script@v7 +# with: +# github-token: ${{ secrets.GITHUB_TOKEN }} +# script: | +# const excludeTagName = '${{ env.PRE_RELEASE_TAG }}'; +# const releases = await github.request(`GET /repos/${{ github.repository }}/releases`); +# +# const oldPrereleases = releases.data +# .filter(release => release.prerelease && release.tag_name !== excludeTagName); +# +# console.log(`Found ${oldPrereleases.length} old prereleases`); +# +# for (const release of oldPrereleases) { +# console.log(`Deleting prerelease: ${release.tag_name} and the corresponding tag`); +# await github.request(`DELETE /repos/${{ github.repository }}/releases/${release.id}`); +# await github.request(`DELETE /repos/${{ github.repository }}/git/refs/tags/${release.tag_name}`); +# } +# +# docker: +# runs-on: ubuntu-latest +# needs: +# - check_if_version_upgraded +# - create_tag +# - pre-release +# steps: +# - uses: actions/checkout@v4 +# - uses: docker/setup-qemu-action@v3 +# - uses: docker/setup-buildx-action@v3 +# - uses: docker/login-action@v3 +# with: +# username: ${{ secrets.DOCKERHUB_USERNAME }} +# password: ${{ secrets.DOCKERHUB_TOKEN }} +# - name: Computing Docker image tags +# id: step1 +# env: +# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} +# run: | +# OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest +# OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}') +# echo ::set-output name=docker_api_tags::$OUT_API +# +# OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest +# OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}') +# echo ::set-output name=docker_web_tags::$OUT_WEB +# +# - uses: docker/build-push-action@v5 +# with: +# push: true +# context: . +# target: api +# tags: ${{ steps.step1.outputs.docker_api_tags }} +# - uses: docker/build-push-action@v5 +# with: +# push: true +# context: . +# target: web +# tags: ${{ steps.step1.outputs.docker_web_tags }} +# +# poke_gitops: +# name: "Poke gitops" +# runs-on: ubuntu-latest +# needs: +# - docker +# steps: +# - uses: peter-evans/repository-dispatch@v3 +# with: +# token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }} +# event-type: update_sill +# repository: codegouvfr/paris-sspcloud +# +# trigger_production_deploy: +# name: "Trigger production deploy" +# runs-on: ubuntu-latest +# environment: production +# concurrency: +# group: deploy-to-production +# cancel-in-progress: true +# needs: +# - docker +# - poke_gitops +# - check_if_version_upgraded +# env: +# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} +# steps: +# - run: echo "Triggering production deploy" +# - name: Set up SSH +# run: | +# mkdir -p ~/.ssh +# echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 +# chmod 600 ~/.ssh/id_ed25519 +# ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts +# ssh -A -o StrictHostKeyChecking=no web@code.gouv.fr "echo Connected as \$(whoami) && sudo -E -u web ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}" +# env: +# SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} +# +# create_github_release: +# name: "Create release notes" +# runs-on: ubuntu-latest +# needs: +# - trigger_production_deploy +# - check_if_version_upgraded +# - create_tag +# if: | +# needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push' +# # We create a release only when all of the above are validated: +# # - we are on default branch +# # - version has been upgraded +# # - we have pushed to production +# env: +# TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} +# steps: +# - name: "Generate release candidate on github" +# uses: softprops/action-gh-release@v2 +# with: +# name: Release v${{ env.TO_VERSION }} +# prerelease: false +# tag_name: v${{ env.TO_VERSION }} +# generate_release_notes: true +# token: ${{ secrets.GITHUB_TOKEN }}