ryancooley send deploy EKS 🚀 #11918
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy-k8s | |
run-name: ${{ github.actor }} send deploy EKS 🚀 | |
on: | |
pull_request: | |
types: [opened, reopened, synchronize, edited, closed] | |
schedule: | |
- cron: '30 2 * * *' # run daily | |
workflow_dispatch: | |
workflow_call: | |
env: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
AWS_URL: ${{ secrets.AWS_URL }} | |
pull_req_id: ${{github.event.pull_request.number}} | |
DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g') | |
CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g') | |
CI_PACKAGE_BRANCH: ${{ github.event.pull_request.head.ref || github.event.ref || 'develop' }} | |
CI_PROJECT: ${{github.event.pull_request.head.repo.name || github.event.repository.name || 'processmaker' }} | |
CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} | |
IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g" | sed "s/refs-heads-//g") | |
DEPLOY: ${{ secrets.DEPLOY }} | |
GH_USER: ${{ secrets.GH_USER }} | |
GH_EMAIL: ${{ secrets.GH_EMAIL }} | |
GITHUB_COMMENT: ${{ secrets.GH_COMMENT }} | |
DOM_EKS: ${{ secrets.DOM_EKS }} | |
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} | |
BUILD_BASE: ${{ (contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule') && '1' || '0' }} | |
BASE_IMAGE: ${{ secrets.REGISTRY_HOST }}/processmaker/processmaker:base | |
K8S_BRANCH: ${{ contains(github.event.pull_request.body, 'ci:next') && 'next' || 'develop' }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
imageEKS: | |
name: build-docker-image-EKS | |
if: github.event.action != 'closed' | |
runs-on: ${{ vars.RUNNER }} | |
steps: | |
- name: Set image name | |
run: | | |
RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} | |
echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV | |
- name: Clone repo K8S | |
run: | | |
echo "IMAGE: ${{ env.IMAGE }}" | |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution | |
- name: Generate image EKS | |
run: | | |
cd pm4-k8s-distribution/images | |
branch=$(echo "${{ env.CI_PACKAGE_BRANCH }}" | sed 's/refs-heads-//g') tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh | |
echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV | |
- name: List Images | |
run: | | |
docker images | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: processmaker/enterprise:${{ env.VERSION }} | |
format: 'table' | |
exit-code: '0' | |
ignore-unfixed: false | |
vuln-type: 'os,library' | |
scanners: 'vuln,secret' | |
severity: 'MEDIUM,HIGH,CRITICAL' | |
env: | |
TRIVY_TIMEOUT: 30m | |
- name: Login to Harbor | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ secrets.REGISTRY_HOST }} | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Push Enterprise Image to Harbor | |
run: | | |
docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} | |
docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} | |
deployEKS: | |
name: build-deploy-EKS | |
if: contains(github.event.pull_request.body, 'ci:deploy') | |
needs: imageEKS | |
runs-on: ${{ vars.RUNNER }} | |
steps: | |
- name: Clone private repository | |
run: | | |
git clone --depth 1 -b eng "https://[email protected]/ProcessMaker/argocd.git" argocd | |
- name: Install pm4-tools | |
run: | | |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution | |
echo "versionHelm=$(grep "version:" "pm4-k8s-distribution/charts/enterprise/Chart.yaml" | awk '{print $2}' | sed 's/\"//g')" >> $GITHUB_ENV | |
cd pm4-k8s-distribution/images/pm4-tools | |
composer install --no-interaction | |
cd .. | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Set up kubectl | |
run: | | |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
chmod +x kubectl | |
sudo mv kubectl /usr/local/bin/ | |
- name: Authenticate with Amazon EKS | |
run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng | |
- name: Deploy instance EKS | |
run: | | |
cd argocd | |
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) | |
current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10) | |
echo "NAMESPACE : ci-$deploy-ns-pm4" | |
helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update | |
if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then | |
echo "Creating DB" | |
sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml | |
kubectl apply -f template-db.yaml | |
echo "Creating Deploy :: $deploy" | |
#Sed PMAI | |
if [[ $K8S_BRANCH == "develop" ]] ; then | |
sed -i "s/{{pmai-system}}/pmai-system/" template-instance.yaml | |
else | |
sed -i "s/{{pmai-system}}/pmai-system-next/" template-instance.yaml | |
fi | |
sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml | |
sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml | |
cat template-instance.yaml | |
helm install --timeout 60m -f template-instance.yaml ci-$deploy processmaker/enterprise | |
#Add cert | |
sed -i "s/{{instance}}/ci-$deploy/" template-cert.yaml | |
sed -i "s/{{tls-crt}}/${{ secrets.TLS_CRT }}/" template-cert.yaml | |
sed -i "s/{{tls-key}}/${{ secrets.TLS_KEY }}/" template-cert.yaml | |
kubectl apply -f template-cert.yaml | |
else | |
echo "Bouncing Instance "; | |
sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml | |
sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml | |
helm upgrade --timeout 60m ci-$deploy processmaker/enterprise --version ${{ env.versionHelm }} | |
kubectl apply -f template-bounce.yaml | |
fi | |
export INSTANCE_URL=https://ci-$deploy$DOM_EKS | |
echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" | |
../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready | |
- name: Comment Instance | |
run: | | |
echo "Instance URL: '${INSTANCE_URL}'" | |
bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" | |
runAPITest: | |
name: Run API Tests | |
needs: [deployEKS] | |
if: contains(github.event.pull_request.body, 'ci:api-test') | |
runs-on: self-hosted | |
steps: | |
- name: Clone private repository | |
run: | | |
git clone --depth 1 -b eng "https://[email protected]/ProcessMaker/argocd.git" argocd | |
- name: Install pm4-tools | |
run: | | |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution | |
echo "versionHelm=$(grep "version:" "pm4-k8s-distribution/charts/enterprise/Chart.yaml" | awk '{print $2}' | sed 's/\"//g')" >> $GITHUB_ENV | |
cd pm4-k8s-distribution/images/pm4-tools | |
composer install --no-interaction | |
cd .. | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Set up kubectl | |
run: | | |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
chmod +x kubectl | |
sudo mv kubectl /usr/local/bin/ | |
- name: Authenticate with Amazon EKS | |
run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng | |
- name: Run the API tests | |
run: | | |
cd argocd | |
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) | |
namespace="ci-$deploy-ns-pm4" | |
pr_body=$(jq -r .pull_request.body < "$GITHUB_EVENT_PATH" | base64) | |
kubectl get pods --namespace=$namespace | |
pod_names=$(kubectl get pods --namespace=$namespace --field-selector=status.phase=Running -o jsonpath="{.items[*].metadata.name}" | tr ' ' '\n' | grep -E '(-processmaker-scheduler-)') | |
for pod in $pod_names; do | |
code=' | |
has_processmaker=$(ls /opt | grep processmaker) | |
has_sudo=$(ls /usr/bin | grep sudo) | |
has_php=$(ls /usr/bin | grep php) | |
if [ ! -z "$has_processmaker" ] && [ ! -z "$has_sudo" ] && [ ! -z "$has_php" ]; then | |
echo $pr_body | base64 -d > /tmp/pr_body | |
cd /opt/processmaker | |
sudo -u nginx php artisan package-api-testing:run --body="$pr_body" | |
else | |
exit 1 | |
fi' | |
kubectl exec -n $namespace $pod -- /bin/sh -c "pr_body='${pr_body}';${code}" | tee /tmp/comment.md && break || true | |
done | |
# Send the content of /tmp/comment.md as a PR comment | |
MESSAGE=$(cat /tmp/comment.md) | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY=${{ github.repository }} | |
PR_NUMBER=$(jq -r .number < "$GITHUB_EVENT_PATH") | |
if [ -z "$PR_NUMBER" ]; then | |
echo "The PR number is not available. Make sure this script is executed in a context of Pull Request." | |
exit 1 | |
fi | |
URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" | |
json_payload=$(jq -n --arg message "$MESSAGE" '{"body": $message}') | |
curl -s \ | |
-H "Authorization: token ${GITHUB_TOKEN}" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
-d "$json_payload" \ | |
"${URL}" | |
deleteEKS: | |
name: Delete Instance | |
if: github.event.action == 'closed' | |
runs-on: self-hosted | |
steps: | |
- name: Delete instance EKS | |
run: | | |
deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) | |
if kubectl get namespace/ci-$deploy-ns-pm4 ; then | |
echo "Deleting Instace :: ci-$deploy" | |
helm delete ci-$deploy | |
kubectl delete namespace ci-$deploy-ns-pm4 | |
#Drop database | |
deploy_db="\`pm4_ci-$deploy\`" | |
deploy_ai="\`pm4_ci-${deploy}_ai\`" | |
mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_db" -h ${{ secrets.RDS_ENG }} | |
mysql -u${{ secrets.USER_MYSQL_ENG }} -p${{ secrets.PASS_MYSQL_ENG }} -e "DROP DATABASE $deploy_ai" -h ${{ secrets.RDS_ENG }} | |
#Drop image Harbor | |
curl -X DELETE -u ${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }} "https://${{ secrets.REGISTRY_HOST }}/api/v2.0/projects/processmaker/repositories/enterprise/artifacts/${{env.IMAGE_TAG}}" | |
echo "The instance [https://ci-$deploy.engk8s.processmaker.net] was deleted!!" | |
else | |
echo "The pull request does not have an instance on K8s [https://ci-$deploy.engk8s.processmaker.net] not found!!" | |
fi | |
runPhpUnit: | |
name: run-phpunit | |
if: github.event.action != 'closed' | |
needs: imageEKS | |
runs-on: ${{ vars.RUNNER }} | |
steps: | |
- name: Export Params | |
run: | | |
echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}" >> $GITHUB_ENV | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Clone repo K8S | |
run: | | |
echo "IMAGE: ${{ env.IMAGE }}" | |
git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution | |
- name: Login to Harbor | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ secrets.REGISTRY_HOST }} | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: PHPUnits | |
run: | | |
cd pm4-k8s-distribution/images/pm4-tools | |
docker pull $IMAGE | |
docker compose down -v | |
docker compose build phpunit | |
docker compose run phpunit | |
CONTAINER_ID=$(docker ps -a --filter ancestor=pm4-eks-phpunit:latest --format "{{.ID}}" | head -n 1) | |
docker cp $CONTAINER_ID:/opt/processmaker/coverage.xml coverage.xml | |
- name: Archive code coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: code-coverage | |
path: ./pm4-k8s-distribution/images/pm4-tools/coverage.xml | |
- name: SonarQube Coverage Report | |
uses: sonarsource/sonarqube-scan-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
with: | |
args: > | |
-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} | |
-Dsonar.sources=. | |
-Dsonar.tests=. | |
-Dsonar.test.inclusions=**/*Test.php | |
-Dsonar.php.coverage.reportPaths=./pm4-k8s-distribution/images/pm4-tools/coverage.xml |