From 233f8ced7b3ddb3be3c83386da1bf2ec252c24d6 Mon Sep 17 00:00:00 2001 From: chmaurer Date: Wed, 6 Dec 2023 08:40:29 -0500 Subject: [PATCH 1/3] LMSA-9012 - adding deployment workflow for crosslister --- .github/workflows/kube-deploy.yml | 124 ++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 .github/workflows/kube-deploy.yml diff --git a/.github/workflows/kube-deploy.yml b/.github/workflows/kube-deploy.yml new file mode 100644 index 0000000..d7351dc --- /dev/null +++ b/.github/workflows/kube-deploy.yml @@ -0,0 +1,124 @@ +# Description +# ----------- +# This workflow builds and releases the Docker image to Harbor, then deploys out to the kubernetes environment. +# +# Setup +# ----- +# 1. Create the following secrets inside GitHub: +# - LMS_GH_TOKEN (Personal access token for the lmsgit user that has read access to other repositories) +# - LMS_MAVEN_SETTINGS (Base64 encoded settings.xml file) +# - LMS_REGISTRY_PASSWORD (Registry password - push access) +# - LMS_REGISTRY_USERNAME (Registry username) +# 2. Create the following environments, representative of the deployments: +# - reg +# - stg +# - prd +# 3. Create the following secrets in each of the above environments +# - LMS_KUBECONFIG_DEPLOYER (Base64 encoded kubernetes deployment service account for the appropriate cluster) +# 4. Create the following variables in each of the above environment +# - DOCKER_TAG (tag name for the docker image that will be deployed i.e. stable, unstable-reg, etc) + +name: Build and Deploy + +on: + pull_request: + workflow_dispatch: + inputs: + server_env: + type: choice + required: true + options: + - reg + - stg + - prd + description: Select deployment env + default: reg + helm_deployer_branch: + required: true + description: Indicate the branch that contains the helm deployment files + default: develop + +env: + TZ: America/New_York + IMAGE_REPO: registry.docker.iu.edu/lms/lms-lti-crosslist + IMAGE_TAG: registry.docker.iu.edu/lms/lms-lti-crosslist:${{ vars.DOCKER_TAG }} + DIGEST_REPO: registry.docker.iu.edu/lms/lms-lti-crosslist@sha256 + KUBE_NS: ua-vpit--enterprise-systems--lms--helm-release + DEPLOY_DIR: crosslisting + JAR_FILE: lms-lti-crosslist.jar + K8S_RELEASE_PREFIX: lms-lti-crosslist + +jobs: + mvn_build: + name: Maven Build + runs-on: self-hosted + container: + image: maven:3.9.4-eclipse-temurin-17 + environment: ${{ github.event.inputs.server_env }} + steps: + - name: Clone GitHub root repository + uses: actions/checkout@v4 + with: + repository: iu-uits-es/ess-lms-canvas-standalone-apps + ref: ${{ github.event.inputs.helm_deployer_branch }} + token: ${{ secrets.LMS_GH_TOKEN }} + github-server-url: https://github.iu.edu +# path: source + - name: Clone GitHub tool repository + uses: actions/checkout@v4 + with: + path: tools/${{ env.DEPLOY_DIR }} + - name: mvn setup + run: mkdir /root/.m2 + - name: Create maven settings.xml + run: echo -n '${{ secrets.LMS_MAVEN_SETTINGS }}' | base64 -d > /root/.m2/settings.xml + - name: Maven Build + run: mvn clean install -P 'denodo,it12' + working-directory: tools/${{ env.DEPLOY_DIR }} + - name: copy jar file + run: | + mkdir -p deployments/${{ env.DEPLOY_DIR }}/lib + cp tools/${{ env.DEPLOY_DIR }}/target/${{ env.JAR_FILE }} deployments/${{ env.DEPLOY_DIR }}/lib/${{ env.JAR_FILE }} + - name: build/push docker image + run: | + mvn clean install -P docker-push -D dockerfile.username=${{ secrets.LMS_REGISTRY_USERNAME }} \ + -D dockerfile.password=${{ secrets.LMS_REGISTRY_PASSWORD }} -D docker_repository_base=registry.docker.iu.edu/lms/ \ + -D docker_tag=${{ vars.DOCKER_TAG }} + working-directory: deployments/${{ env.DEPLOY_DIR }} + deploy: + name: Deploy to Kubernetes + needs: [ mvn_build ] + runs-on: self-hosted + environment: ${{ github.event.inputs.server_env }} + container: +# image: registry.docker.iu.edu/library/kube-deployer:3.11.0 + image: registry.docker.iu.edu/library/kube-deployer:3.10.2 + credentials: + username: ${{ secrets.LMS_REGISTRY_USERNAME }} + password: ${{ secrets.LMS_REGISTRY_PASSWORD }} + steps: + - name: Clone GitHub repository + uses: actions/checkout@v4 + with: + repository: iu-uits-es/ess-lms-canvas-standalone-apps + ref: ${{ github.event.inputs.helm_deployer_branch }} + token: ${{ secrets.LMS_GH_TOKEN }} + github-server-url: https://github.iu.edu + - name: Create KUBECONFIG file for the cluster + run: | + echo -n '${{ secrets.LMS_KUBECONFIG_DEPLOYER}}' | base64 -d > /root/.kube/config + chmod 400 /root/.kube/config + - name: Get Docker Image SHA + id: get-docker-image-sha + run: | + echo "DOCKER_IMAGE_SHA=$(skopeo inspect --creds '${{ secrets.LMS_REGISTRY_USERNAME }}:${{ secrets.LMS_REGISTRY_PASSWORD }}' \ + docker://${{ env.IMAGE_TAG }} | jq -rc '.Digest' | awk -F':' '{ print $2 }')" >> "$GITHUB_OUTPUT" + - name: Deploy + env: + KUBECONFIG: /root/.kube/config + working-directory: deployments/${{ env.DEPLOY_DIR }} + run: | + helm upgrade ${{ env.K8S_RELEASE_PREFIX }}-${{ github.event.inputs.server_env }} ../../k8s \ + --values helm-common.yaml,helm-${{ github.event.inputs.server_env }}.yaml --install -n ${{ env.KUBE_NS }} \ + --set image.repository="${{ env.DIGEST_REPO }}",image.tag="${{ steps.get-docker-image-sha.outputs.docker_image_sha }}",image.tagName="${{ vars.DOCKER_TAG }}" \ + --wait --timeout 15m \ No newline at end of file From 5fca1938f8adeae8e0d6211bf1e04db4edf933bc Mon Sep 17 00:00:00 2001 From: chmaurer Date: Wed, 6 Dec 2023 08:49:48 -0500 Subject: [PATCH 2/3] LMSA-9012 - remove the temporary pr trigger --- .github/workflows/kube-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/kube-deploy.yml b/.github/workflows/kube-deploy.yml index d7351dc..fbb3ec2 100644 --- a/.github/workflows/kube-deploy.yml +++ b/.github/workflows/kube-deploy.yml @@ -21,7 +21,6 @@ name: Build and Deploy on: - pull_request: workflow_dispatch: inputs: server_env: From efa78f2e32b6c1f1bce786ea609618ee74a23eda Mon Sep 17 00:00:00 2001 From: chmaurer Date: Thu, 7 Dec 2023 16:32:28 -0500 Subject: [PATCH 3/3] LMSA-9012 - generalizing the deployment workflow file so that all the custom parts are in repo variables --- .github/workflows/kube-deploy.yml | 33 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/.github/workflows/kube-deploy.yml b/.github/workflows/kube-deploy.yml index fbb3ec2..a50555c 100644 --- a/.github/workflows/kube-deploy.yml +++ b/.github/workflows/kube-deploy.yml @@ -17,6 +17,12 @@ # - LMS_KUBECONFIG_DEPLOYER (Base64 encoded kubernetes deployment service account for the appropriate cluster) # 4. Create the following variables in each of the above environment # - DOCKER_TAG (tag name for the docker image that will be deployed i.e. stable, unstable-reg, etc) +# 5. Create the following variables in the repository +# - IMAGE_REPO_NAME (Harbor registry name where the docker image will be pushed) +# - DEPLOY_DIR (Directory where the helm deployment files can be found) +# - JAR_FILE (Name of the application jar file) +# - K8S_RELEASE_PREFIX (Kubernetes release name prefix for the deployed application) +# - BUILD_PROFILES (Comma separated list of maven build profiles that need to be activated) name: Build and Deploy @@ -39,13 +45,10 @@ on: env: TZ: America/New_York - IMAGE_REPO: registry.docker.iu.edu/lms/lms-lti-crosslist - IMAGE_TAG: registry.docker.iu.edu/lms/lms-lti-crosslist:${{ vars.DOCKER_TAG }} - DIGEST_REPO: registry.docker.iu.edu/lms/lms-lti-crosslist@sha256 + IMAGE_REPO: registry.docker.iu.edu/lms/${{ vars.IMAGE_REPO_NAME }} + IMAGE_TAG: registry.docker.iu.edu/lms/${{ vars.IMAGE_REPO_NAME }}:${{ vars.DOCKER_TAG }} + DIGEST_REPO: registry.docker.iu.edu/lms/${{ vars.IMAGE_REPO_NAME }}@sha256 KUBE_NS: ua-vpit--enterprise-systems--lms--helm-release - DEPLOY_DIR: crosslisting - JAR_FILE: lms-lti-crosslist.jar - K8S_RELEASE_PREFIX: lms-lti-crosslist jobs: mvn_build: @@ -62,35 +65,33 @@ jobs: ref: ${{ github.event.inputs.helm_deployer_branch }} token: ${{ secrets.LMS_GH_TOKEN }} github-server-url: https://github.iu.edu -# path: source - name: Clone GitHub tool repository uses: actions/checkout@v4 with: - path: tools/${{ env.DEPLOY_DIR }} + path: tools/${{ vars.DEPLOY_DIR }} - name: mvn setup run: mkdir /root/.m2 - name: Create maven settings.xml run: echo -n '${{ secrets.LMS_MAVEN_SETTINGS }}' | base64 -d > /root/.m2/settings.xml - name: Maven Build - run: mvn clean install -P 'denodo,it12' - working-directory: tools/${{ env.DEPLOY_DIR }} + run: mvn clean install -P '${{ vars.BUILD_PROFILES}}' + working-directory: tools/${{ vars.DEPLOY_DIR }} - name: copy jar file run: | - mkdir -p deployments/${{ env.DEPLOY_DIR }}/lib - cp tools/${{ env.DEPLOY_DIR }}/target/${{ env.JAR_FILE }} deployments/${{ env.DEPLOY_DIR }}/lib/${{ env.JAR_FILE }} + mkdir -p deployments/${{ vars.DEPLOY_DIR }}/lib + cp tools/${{ vars.DEPLOY_DIR }}/target/${{ vars.JAR_FILE }} deployments/${{ vars.DEPLOY_DIR }}/lib/${{ vars.JAR_FILE }} - name: build/push docker image run: | mvn clean install -P docker-push -D dockerfile.username=${{ secrets.LMS_REGISTRY_USERNAME }} \ -D dockerfile.password=${{ secrets.LMS_REGISTRY_PASSWORD }} -D docker_repository_base=registry.docker.iu.edu/lms/ \ -D docker_tag=${{ vars.DOCKER_TAG }} - working-directory: deployments/${{ env.DEPLOY_DIR }} + working-directory: deployments/${{ vars.DEPLOY_DIR }} deploy: name: Deploy to Kubernetes needs: [ mvn_build ] runs-on: self-hosted environment: ${{ github.event.inputs.server_env }} container: -# image: registry.docker.iu.edu/library/kube-deployer:3.11.0 image: registry.docker.iu.edu/library/kube-deployer:3.10.2 credentials: username: ${{ secrets.LMS_REGISTRY_USERNAME }} @@ -115,9 +116,9 @@ jobs: - name: Deploy env: KUBECONFIG: /root/.kube/config - working-directory: deployments/${{ env.DEPLOY_DIR }} + working-directory: deployments/${{ vars.DEPLOY_DIR }} run: | - helm upgrade ${{ env.K8S_RELEASE_PREFIX }}-${{ github.event.inputs.server_env }} ../../k8s \ + helm upgrade ${{ vars.K8S_RELEASE_PREFIX }}-${{ github.event.inputs.server_env }} ../../k8s \ --values helm-common.yaml,helm-${{ github.event.inputs.server_env }}.yaml --install -n ${{ env.KUBE_NS }} \ --set image.repository="${{ env.DIGEST_REPO }}",image.tag="${{ steps.get-docker-image-sha.outputs.docker_image_sha }}",image.tagName="${{ vars.DOCKER_TAG }}" \ --wait --timeout 15m \ No newline at end of file