Skip to content
deploy-k8s

gproly send deploy EKS 🚀 #11817

Sign in to view logs

gproly send deploy EKS 🚀

gproly send deploy EKS 🚀 #11817

Workflow file for this run

.github/workflows/deploy-pm4.yml at 7d029ad
name: deploy-k8s
run-name: ${{ github.actor }} send deploy EKS 🚀
on:
pull_request:
types: [opened, reopened, synchronize, edited, closed]
schedule:
- cron: '30 2 * * *' # run daily
workflow_dispatch:
workflow_call:
env:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
AWS_URL: ${{ secrets.AWS_URL }}
pull_req_id: ${{github.event.pull_request.number}}
DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g')
CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g')
CI_PACKAGE_BRANCH: ${{ github.event.pull_request.head.ref || github.event.ref || 'develop' }}
CI_PROJECT: ${{github.event.pull_request.head.repo.name || github.event.repository.name || 'processmaker' }}
CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }}
IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g")
DEPLOY: ${{ secrets.DEPLOY }}
GH_USER: ${{ secrets.GH_USER }}
GH_EMAIL: ${{ secrets.GH_EMAIL }}
GITHUB_COMMENT: ${{ secrets.GH_COMMENT }}
DOM_EKS: ${{ secrets.DOM_EKS }}
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
BUILD_BASE: ${{ (contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule') && '1' || '0' }}
BASE_IMAGE: ${{ secrets.REGISTRY_HOST }}/processmaker/processmaker:base
K8S_BRANCH: ${{ contains(github.event.pull_request.body, 'ci:next') && 'next' || 'develop' }}
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
imageEKS:
name: build-docker-image-EKS
if: github.event.action != 'closed'
runs-on: ${{ vars.RUNNER }}
steps:
- name: Set image name
run: |
RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }}
echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV
- name: Clone repo K8S
run: |
echo "IMAGE: ${{ env.IMAGE }}"
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution
- name: Generate image EKS
run: |
cd pm4-k8s-distribution/images
branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh
echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV
- name: List Images
run: |
docker images
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: processmaker/enterprise:${{ env.VERSION }}
format: 'table'
exit-code: '0'
ignore-unfixed: false
vuln-type: 'os,library'
scanners: 'vuln,secret'
severity: 'MEDIUM,HIGH,CRITICAL'
env:
TRIVY_TIMEOUT: 30m
- name: Login to Harbor
uses: docker/login-action@v2
with:
registry: ${{ secrets.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Push Enterprise Image to Harbor
run: |
docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}
docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}
deployEKS:
name: build-deploy-EKS
if: contains(github.event.pull_request.body, 'ci:deploy')
needs: imageEKS
runs-on: ${{ vars.RUNNER }}
steps:
- name: Clone private repository
run: |
git clone --depth 1 -b eng "https://[email protected]/ProcessMaker/argocd.git" argocd
- name: Install pm4-tools
run: |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution
echo "versionHelm=$(grep "version:" "pm4-k8s-distribution/charts/enterprise/Chart.yaml" | awk '{print $2}' | sed 's/\"//g')" >> $GITHUB_ENV
cd pm4-k8s-distribution/images/pm4-tools
composer install --no-interaction
cd ..
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Set up kubectl
run: |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
- name: Authenticate with Amazon EKS
run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng
- name: Deploy instance EKS
run: |
cd argocd
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10)
current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10)
echo "NAMESPACE : ci-$deploy-ns-pm4"
helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update
if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then
echo "Creating DB"
sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml
kubectl apply -f template-db.yaml
echo "Creating Deploy :: $deploy"
#Sed PMAI
if [[ $K8S_BRANCH == "develop" ]] ; then
sed -i "s/{{pmai-system}}/pmai-system/" template-instance.yaml
else
sed -i "s/{{pmai-system}}/pmai-system-next/" template-instance.yaml
fi
sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml
sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml
cat template-instance.yaml
helm install --timeout 60m -f template-instance.yaml ci-$deploy processmaker/enterprise
#Add cert
sed -i "s/{{instance}}/ci-$deploy/" template-cert.yaml
sed -i "s/{{tls-crt}}/${{ secrets.TLS_CRT }}/" template-cert.yaml
sed -i "s/{{tls-key}}/${{ secrets.TLS_KEY }}/" template-cert.yaml
kubectl apply -f template-cert.yaml
else
echo "Bouncing Instance ";
sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml
sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml
helm upgrade --timeout 60m ci-$deploy processmaker/enterprise --version ${{ env.versionHelm }}
kubectl apply -f template-bounce.yaml
fi
export INSTANCE_URL=https://ci-$deploy$DOM_EKS
echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV"
../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready
- name: Comment Instance
run: |
echo "Instance URL: '${INSTANCE_URL}'"
bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id"
runAPITest:
name: Run API Tests
needs: [deployEKS]
if: contains(github.event.pull_request.body, 'ci:api-test')
runs-on: self-hosted
steps:
- name: Clone private repository
run: |
git clone --depth 1 -b eng "https://[email protected]/ProcessMaker/argocd.git" argocd
- name: Install pm4-tools
run: |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution
echo "versionHelm=$(grep "version:" "pm4-k8s-distribution/charts/enterprise/Chart.yaml" | awk '{print $2}' | sed 's/\"//g')" >> $GITHUB_ENV
cd pm4-k8s-distribution/images/pm4-tools
composer install --no-interaction
cd ..
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Set up kubectl
run: |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
- name: Authenticate with Amazon EKS
run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng
- name: Run the API tests
run: |
cd argocd
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10)
namespace="ci-$deploy-ns-pm4"
pr_body=$(jq -r .pull_request.body < "$GITHUB_EVENT_PATH" | base64)
kubectl get pods --namespace=$namespace
pod_names=$(kubectl get pods --namespace=$namespace --field-selector=status.phase=Running -o jsonpath="{.items[*].metadata.name}" | tr ' ' '\n' | grep -E '(-processmaker-scheduler-)')
for pod in $pod_names; do
code='
has_processmaker=$(ls /opt | grep processmaker)
has_sudo=$(ls /usr/bin | grep sudo)
has_php=$(ls /usr/bin | grep php)
if [ ! -z "$has_processmaker" ] && [ ! -z "$has_sudo" ] && [ ! -z "$has_php" ]; then
echo $pr_body | base64 -d > /tmp/pr_body
cd /opt/processmaker
sudo -u nginx php artisan package-api-testing:run --body="$pr_body"
else
exit 1
fi'
kubectl exec -n $namespace $pod -- /bin/sh -c "pr_body='${pr_body}';${code}" | tee /tmp/comment.md && break || true
done
# Send the content of /tmp/comment.md as a PR comment
MESSAGE=$(cat /tmp/comment.md)
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY=${{ github.repository }}
PR_NUMBER=$(jq -r .number < "$GITHUB_EVENT_PATH")
if [ -z "$PR_NUMBER" ]; then
echo "The PR number is not available. Make sure this script is executed in a context of Pull Request."
exit 1
fi
URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments"
json_payload=$(jq -n --arg message "$MESSAGE" '{"body": $message}')
curl -s \
-H "Authorization: token ${GITHUB_TOKEN}" \
-H "Accept: application/vnd.github.v3+json" \
-d "$json_payload" \
"${URL}"
deleteEKS:
name: Delete Instance
if: github.event.action == 'closed'
runs-on: self-hosted
steps:
- name: Delete instance EKS
run: |
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10)
if kubectl get namespace/ci-$deploy-ns-pm4 ; then
echo "Deleting Instace :: ci-$deploy"
helm delete ci-$deploy
kubectl delete namespace ci-$deploy-ns-pm4
#Drop database
deploy_db="\`pm4_ci-$deploy\`"
deploy_ai="\`pm4_ci-${deploy}_ai\`"
mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_db" -h ${{ secrets.RDS_ENG }}
mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_ai" -h ${{ secrets.RDS_ENG }}
#Drop image Harbor
curl -X DELETE -u ${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }} "https://${{ secrets.REGISTRY_HOST }}/api/v2.0/projects/processmaker/repositories/enterprise/artifacts/${{env.IMAGE_TAG}}"
echo "The instance [https://ci-$deploy.engk8s.processmaker.net] was deleted!!"
else
echo "The pull request does not have an instance on K8s [https://ci-$deploy.engk8s.processmaker.net] not found!!"
fi
runPhpUnit:
name: run-phpunit
if: github.event.action != 'closed'
needs: imageEKS
runs-on: ${{ vars.RUNNER }}
steps:
- name: Export Params
run: |
echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}" >> $GITHUB_ENV
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Clone repo K8S
run: |
echo "IMAGE: ${{ env.IMAGE }}"
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution
- name: Login to Harbor
uses: docker/login-action@v2
with:
registry: ${{ secrets.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: PHPUnits
run: |
cd pm4-k8s-distribution/images/pm4-tools
docker pull $IMAGE
docker compose down -v
docker compose build phpunit
docker compose run phpunit
CONTAINER_ID=$(docker ps -a --filter ancestor=pm4-eks-phpunit:latest --format "{{.ID}}" | head -n 1)
docker cp $CONTAINER_ID:/opt/processmaker/coverage.xml coverage.xml
- name: Archive code coverage
uses: actions/upload-artifact@v4
with:
name: code-coverage
path: ./pm4-k8s-distribution/images/pm4-tools/coverage.xml
- name: SonarQube Coverage Report
uses: sonarsource/sonarqube-scan-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
args: >
-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
-Dsonar.sources=.
-Dsonar.tests=.
-Dsonar.test.inclusions=**/*Test.php
-Dsonar.php.coverage.reportPaths=./pm4-k8s-distribution/images/pm4-tools/coverage.xml