Draft of Uffizzi Preview reusable workflows

MostlyDevOps · Jul 7, 2023 · f13e3d5 · f13e3d5
1 parent 02d633a
commit f13e3d5
Show file tree

Hide file tree

Showing 2 changed files with 157 additions and 0 deletions.
diff --git a/.github/workflows/reusable-uffizzi-delete.yaml b/.github/workflows/reusable-uffizzi-delete.yaml
@@ -0,0 +1,51 @@
+---
+name: Delete Uffizzi Cluster
+
+on:  
+  workflow_call:
+    # allow reuse of this workflow in other repos
+    inputs:
+      slack-channel-id:
+        description: Slack channel ID to post to
+        required: false
+        type: string
+        # default: C0123456789
+      pr-number:
+        description: Pull Request Number (or other unique ID)
+        required: true
+        type: string
+
+    secrets:
+      slack-token:
+        description: Docker Hub username
+        required: false
+      github-token:
+        description: Docker Hub token with write access to the repo and PRs
+        required: true
+
+# permissions: GITHUB_TOKEN are better set by the **calling** workflow
+# but we'll set defaults here for reference
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions
+permissions:
+  id-token: write
+
+jobs:
+  uffizzi:
+    name: Delete
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete Uffizzi Cluster
+        uses: UffizziCloud/cluster-action@main
+        with:
+          cluster-name: pr-${{ inputs.pr-number }}
+          action: delete
+
+      - name: Post to a Slack channel
+        id: slack
+        if: ${{ inputs.slack-channel-id }}
+        uses: slackapi/slack-github-action@v1
+        with:
+          channel-id: ${{ inputs.slack-channel-id }}
+          slack-message: "PR deleted: `pr-${{ inputs.pr-number }}`"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.slack-token }}
diff --git a/.github/workflows/reusable-uffizzi.yaml b/.github/workflows/reusable-uffizzi.yaml
@@ -0,0 +1,106 @@
+---
+name: Uffizzi Preview
+
+on:  
+  # REUSABLE WORKFLOW with INPUTS
+  # to keep this workflow simple, assumptions are made:
+    # - Checks out a repo with a kustomization.yaml file
+    # - Changes a image tag in the kustomization.yaml file
+    # - Deploys to a Uffizzi Cluster
+    # - Optionally notifies a Slack channel
+
+  workflow_call:
+    # allow reuse of this workflow in other repos
+    inputs:
+      repo:
+        description: Kustomize repo to checkout
+        required: true
+        type: string
+        # default: org/repo
+      image:
+        description: Image name to update in Kustomize
+        required: true
+        type: string
+        # default: ghcr.io/org/repo
+      tag:
+        description: New tag to use for the image
+        required: true
+        type: string
+      environments-root-dir:
+        description: Root directory where all environment directories are located
+        required: false
+        type: string
+        default: environments
+      environment-dir:
+        description: Path to the kustomization.yaml file
+        required: true
+        type: string
+        # default: staging01
+      slack-channel-id:
+        description: Slack channel ID to post to
+        required: false
+        type: string
+        # default: C0123456789
+      pr-number:
+        description: Pull Request Number (or other unique ID)
+        required: true
+        type: string
+
+    secrets:
+      slack-token:
+        description: Docker Hub username
+        required: false
+      github-token:
+        description: Docker Hub token with write access to the repo and PRs
+        required: true
+
+# permissions: GITHUB_TOKEN are better set by the **calling** workflow
+# but we'll set defaults here for reference
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions
+# Need `id-token: write` for OIDC: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
+permissions:
+  id-token: write
+
+jobs:
+  ucluster:
+    name: Virtual Cluster
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout ${{ inputs.repo }}
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ inputs.repo }}
+            #token: ${{ secrets.github-token }}
+          ref: main
+
+      - name: Change image tag and Ingress host in kustomization.yaml
+        run: |
+          export INGRESS_HOST="web-pr-${{ inputs.pr-number }}-$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]').app.qa-gke.uffizzi.com"
+          cd ${{ inputs.environments-root-dir }}/${{ inputs.environment-dir }}
+          kustomize edit set image "$(echo '${{ inputs.image }}' | tr '[:upper:]' '[:lower:]'):${{ inputs.tag }}"
+          kustomize edit add patch --kind Ingress --name web --patch "[{\"op\": \"replace\", \"path\": \"/spec/tls/0/hosts/0\", \"value\": \"${INGRESS_HOST}\"}]"
+          kustomize edit add patch --kind Ingress --name web --patch "[{\"op\": \"replace\", \"path\": \"/spec/rules/0/host\", \"value\": \"${INGRESS_HOST}\"}]"
+          cat kustomization.yaml
+          echo "Web Ingress at [https://${INGRESS_HOST}](https://${INGRESS_HOST})" | tee --append $GITHUB_STEP_SUMMARY
+
+      - name: Create and/or Connect to Uffizzi Cluster
+        uses: UffizziCloud/cluster-action@main
+        with:
+          cluster-name: pr-${{ inputs.pr-number }}
+
+      - name: Deploy Kustomize onto Uffizzi Cluster
+        run: |
+          # Deploy k8s manifests via `kustomize`.
+          kubectl apply \
+            --kubeconfig=./kubeconfig \
+            --kustomize=${{ inputs.environments-root-dir }}/${{ inputs.environment-dir }}
+
+      - name: Post to a Slack channel
+        id: slack
+        if: ${{ inputs.slack-channel-id }}
+        uses: slackapi/slack-github-action@v1
+        with:
+          channel-id: ${{ inputs.slack-channel-id }}
+          slack-message: "PR deployed `pr-${{ inputs.pr-number }}`"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.slack-token }}