From 9f93cfe42eda2cb7c4df6b5bae728c97440e5632 Mon Sep 17 00:00:00 2001 From: Lindsey Hattamer Date: Tue, 8 Feb 2022 10:25:48 -0500 Subject: [PATCH] Revert "fix: reverting reuable workflows" This reverts commit 5aee53c32411aeef5f51b05cbd8be5d84c08893e, reversing changes made to 8bdfaa792ca18669f1b00291972e592ac905d266. --- .github/workflows/deploy.yml | 108 ++--------------- .github/workflows/push-images.yml | 32 ++--- .../workflows/templates/deploy-template.yml | 109 ++++++++++++++++++ .../templates/push-image-template.yml | 35 ++++++ 4 files changed, 160 insertions(+), 124 deletions(-) create mode 100644 .github/workflows/templates/deploy-template.yml create mode 100644 .github/workflows/templates/push-image-template.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2de8182c..45f96a71 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,99 +1,9 @@ -name: Release and Update Manifests - -on: - push: - branches: - - master - workflow_dispatch: - inputs: - environments: - description: "Cluster environments you would like to update wrapped in single quotes. - Avalable options -> dev, staging, sandbox, utility, prod sandbox" - required: true - -env: - autoDeployEnvs: 'utility' - -jobs: - prepare-values: - runs-on: ubuntu-20.04 - outputs: - environments: ${{ steps.set-environments.outputs.environments }} - steps: - - name: Set to auto deploy environments when not run via workflow dispatch - if: github.event.inputs.environments == '' - run: | - echo "triggered via schedule" - echo "environments=${{ env.autoDeployEnvs }}" >> $GITHUB_ENV - - name: Set to environments specified in input when run via workflow dispatch - if: github.event.inputs.environments != '' - run: | - echo "triggered via workflow dispatch" - echo "environments=${{ github.event.inputs.environments }}" >> $GITHUB_ENV - - name: Set output - id: set-environments - run: | - echo "::set-output name=environments::${{ env.environments }}" - release: - needs: [prepare-values] - if: github.ref == 'refs/heads/master' - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: "us-gov-west-1" - - name: Log into ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - name: Get bot token from Parameter Store - uses: marvinpinto/action-inject-ssm-secrets@latest - with: - ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN - env_variable_name: VA_VSP_BOT_GITHUB_TOKEN - - name: Semantic Release - uses: cycjimmy/semantic-release-action@v2 - id: semantic - env: - GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} - - name: Install yq if needed - if: steps.semantic.outputs.new_release_published == 'true' || github.event.inputs.environments != '' - run: | - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 - sudo add-apt-repository ppa:rmescandon/yq - sudo apt update - sudo apt install yq -y - - name: Check out Manifest Repo - uses: actions/checkout@v2 - with: - repository: department-of-veterans-affairs/vsp-infra-application-manifests - token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} - fetch-depth: 1 - path: vsp-infra-application-manifests - - name: Update image name in Manifest repo - if: steps.semantic.outputs.new_release_published == 'true' || github.event.inputs.environments != '' - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: dsva/platform-console - run: | - cd vsp-infra-application-manifests/apps/vsp-tools-backend/platform-console-api - # Update platform-console image - envs=( ${{ needs.prepare-values.outputs.environments }} ) - for env in ${envs[*]}; - do - yq e -i '.spec.template.spec.containers.[0].image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/platform-console:platform-console-${{ github.sha }}"' $env/deployment.yml - done - git diff - - name: Add and Commit file - if: steps.semantic.outputs.new_release_published == 'true' || github.event.inputs.environments != '' - uses: EndBug/add-and-commit@v7 - with: - branch: main - add: '*' - cwd: vsp-infra-application-manifests/apps/vsp-tools-backend/platform-console-api - author_name: va-vsp-bot - author_email: devops@va.gov - message: 'Release ${{ needs.prepare-values.outputs.environments }} for platform-console.' +deploy: + uses: department-of-veterans-affairs/platform-console-api/.github/workflows/templates/deploy-template.yml@master + with: + ecr_repository: 'platform-console' + manifests_directory: 'vsp-tools-backend/platform-console-api' + auto_deploy_envs: 'utility' + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/push-images.yml b/.github/workflows/push-images.yml index bfcdb9ab..f643dd32 100644 --- a/.github/workflows/push-images.yml +++ b/.github/workflows/push-images.yml @@ -1,25 +1,7 @@ -name: Push image to ECR when changes are pushed to master - -on: - push: - branches: - - master - workflow_dispatch: - -jobs: - push-image: - runs-on: ubuntu-20.04 - name: Push image to ECR - steps: - - uses: actions/checkout@v2 - - name: Build and push argo images to ECR - uses: kciter/aws-ecr-action@v4 - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - account_id: '008577686731' - repo: dsva/platform-console - region: us-gov-west-1 - tags: "platform-console-${{ github.sha }}" - dockerfile: Dockerfile - extra_build_args: "--build-arg RAILS_ENV=production" +push-images: + uses: department-of-veterans-affairs/platform-console-api/.github/workflows/templates/push-images-template.yml@master + with: + ecr_repository: 'platform-console' + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/templates/deploy-template.yml b/.github/workflows/templates/deploy-template.yml new file mode 100644 index 00000000..3d61820f --- /dev/null +++ b/.github/workflows/templates/deploy-template.yml @@ -0,0 +1,109 @@ +name: Release and Update Manifests + +on: + push: + branches: + - master + + workflow_call: + inputs: + ecr_repository: + required: true #platform-console + type: string + manifests_directory: + required: true #vsp-tools-backend/platform-console-api + type: string + auto_deploy_envs: + required: true # utility + type: string + secrets: + aws_access_key_id: #${{ secrets.AWS_ACCESS_KEY_ID }} + required: true + aws_secret_access_key: #${{ secrets.AWS_SECRET_ACCESS_KEY }} + required: true + +jobs: + prepare-values: + runs-on: ubuntu-20.04 + outputs: + environments: ${{ steps.set-environments.outputs.environments }} + steps: + - name: Set to auto deploy environments on push to master + run: | + echo "triggered via schedule" + echo "environments=${{inputs.auto_deploy_envs}}" >> $GITHUB_ENV + - name: Set output + id: set-environments + run: | + echo "::set-output name=environments::${{ env.environments }}" + release: + needs: [prepare-values] + if: github.ref == 'refs/heads/master' + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.aws_access_key_id }} + aws-secret-access-key: ${{ secrets.aws_secret_access_key }} + aws-region: "us-gov-west-1" + + - name: Log into ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Get bot token from Parameter Store + uses: marvinpinto/action-inject-ssm-secrets@latest + with: + ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN + env_variable_name: VA_VSP_BOT_GITHUB_TOKEN + + - name: Semantic Release + uses: cycjimmy/semantic-release-action@v2 + id: semantic + env: + GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} + + - name: Install yq if needed + if: steps.semantic.outputs.new_release_published == 'true' + run: | + sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq -y + + - name: Check out Manifest Repo + uses: actions/checkout@v2 + with: + repository: department-of-veterans-affairs/vsp-infra-application-manifests + token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} + fetch-depth: 1 + path: vsp-infra-application-manifests + + - name: Update image name in Manifest repo + if: steps.semantic.outputs.new_release_published == 'true' + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: dsva/${{inputs.ecr_repository}} + run: | + cd vsp-infra-application-manifests/apps/${{inputs.manifests_directory}} + # Update ecr image + envs=( ${{ needs.prepare-values.outputs.environments }} ) + for env in ${envs[*]}; + do + + yq e -i '.spec.template.spec.containers.[0].image = "008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/${{inputs.ecr_repository}}:${{inputs.ecr_repository}}-${{ github.sha }}"' $env/deployment.yml + done + git diff + + - name: Add and Commit file + if: steps.semantic.outputs.new_release_published == 'true' + uses: EndBug/add-and-commit@v7 + with: + branch: main + add: '*' + cwd: vsp-infra-application-manifests/apps/${{inputs.manifests_directory}} + author_name: va-vsp-bot + author_email: devops@va.gov + message: 'Release ${{ needs.prepare-values.outputs.environments }} for ${{inputs.ecr_repository}}.' diff --git a/.github/workflows/templates/push-image-template.yml b/.github/workflows/templates/push-image-template.yml new file mode 100644 index 00000000..045eb774 --- /dev/null +++ b/.github/workflows/templates/push-image-template.yml @@ -0,0 +1,35 @@ +name: Push image to ECR when changes are pushed to master + +on: + push: + branches: + - master + + workflow_call: + inputs: + repository: + required: true #platform-console + type: string + secrets: + aws_access_key_id: #${{ secrets.AWS_ACCESS_KEY_ID }} + required: true + aws_secret_access_key: #${{ secrets.AWS_SECRET_ACCESS_KEY }} + required: true + +jobs: + push-image: + runs-on: ubuntu-20.04 + name: Push image to ECR + steps: + - uses: actions/checkout@v2 + - name: Build and push argo images to ECR + uses: kciter/aws-ecr-action@v4 + with: + access_key_id: ${{ secrets.aws_access_key_id }} + secret_access_key: ${{ secrets.aws_secret_access_key }} + account_id: '008577686731' + repo: dsva/${{inputs.ecr_repository}} + region: us-gov-west-1 + tags: "${{inputs.ecr_repository}}-${{ github.sha }}" + dockerfile: Dockerfile + extra_build_args: "--build-arg RAILS_ENV=production"