ProcessMaker · ryancooley · Jan 9, 2024 · Jan 8, 2024
diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml
@@ -1,212 +1,139 @@
-name: BUILD-PM4
+name: deploy-k8s
+run-name: ${{ github.actor }} send deploy EKS 🚀
 on: 
-  #push:
-  #  branches:
-  #    - kr-github-actions
   pull_request:
     types: [opened, reopened, synchronize, edited, closed]
-  schedule:
-    - cron: '30 2 * * *'  # every day at midnight     
-  #workflow_dispatch:
-  #pull_request:
-  #  branches:
-  #    - main
+  #schedule:
+  #  - cron: '30 2 * * *'  # every day at midnight
   workflow_dispatch:
   workflow_call:
 env:
-  SHA: ${{github.event.pull_request.head.sha}}
-  PROJECT: ${{github.event.pull_request.head.repo.name}}
-  CI_PR_BODY: ${{ github.event_name == 'schedule' && 'ci:deploy' || github.event.pull_request.body }}
-  PACKAGE_URL: ${{github.event.pull_request.head.repo.ssh_url}}
-  PACKAGE_BRANCH: ${{github.event.pull_request.head.ref}}
-  #MY_GITHUB_TOKEN: ${{ secrets.GH_STATUS_TOKEN }}
-  GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
-  #GIT_TOKEN: ${{ secrets.MY_GH_TOKEN }}
-  OWNER: ${{ github.event.pull_request.head.repo.owner.login }}  
-  #Other Parameters
   aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
   aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   aws-region: ${{ secrets.AWS_REGION }}  
-  aws-url: ${{ secrets.AWS_URL }}
-  STM_TOKEN: ${{ secrets.STM_TOKEN }}
-  CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'develop' }}
-  CI_PROJECT: ${{github.event.pull_request.head.repo.name || 'processmaker' }} 
-  CI_TEST: $CI_PROJECT
-  IMAGE_TAG1: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g")
-  GITHUB_COMMENT: ${{ secrets.GH_COMMENT }}
+  AWS_URL: ${{ secrets.AWS_URL }}
   pull_req_id: ${{github.event.pull_request.number}}
-  BASE: ${{ contains(github.event.pull_request.body, 'ci:php81') && 'ci-base' || 'ci-base-php82' }}
-  CDATA_LICENSE_DOCUSIGN: ${{ secrets.CDATA_LICENSE_DOCUSIGN }}
-  CDATA_LICENSE_EXCEL: ${{ secrets.CDATA_LICENSE_EXCEL }}
-  CDATA_LICENSE_GITHUB: ${{ secrets.CDATA_LICENSE_GITHUB }}
-  CDATA_LICENSE_SLACK: ${{ secrets.CDATA_LICENSE_SLACK }}
+  DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g')
+  CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g')
+  CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'next' }}
+  CI_PROJECT: ${{github.event.pull_request.head.repo.name || 'processmaker' }}
+  CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }}
+  IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g")
+  DEPLOY: ${{ secrets.DEPLOY }}
+  GH_USER: ${{ secrets.GH_USER }}
+  GH_EMAIL: ${{ secrets.GH_EMAIL }}
+  GITHUB_COMMENT: ${{ secrets.GH_COMMENT }}
+  DOM_EKS: ${{ secrets.DOM_EKS }}
+  GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
+  BUILD_BASE: ${{ (contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule') && '1' || '0' }}
+  BASE_IMAGE: ${{ secrets.REGISTRY_HOST }}/processmaker/processmaker:base
+  K8S_BRANCH: develop
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 jobs:
-  job1:
-    name: build-stm-image 
+  imageEKS: 
+    name: build-docker-image-EKS
     if: github.event.action != 'closed'
-    runs-on: ${{ vars.RUNNER }}    
-    steps:     
-      - name: Export Params                
+    runs-on: ${{ vars.RUNNER }}
+    steps:
+      - name: Set image name
         run: |
-          echo "Env Check: CI_PROJECT: $CI_PROJECT CI_PACKAGE_BRANCH: $CI_PACKAGE_BRANCH CI_PR_BODY: $CI_PR_BODY BASE: $BASE"
-          echo "REPOSITORY=${{env.aws-url}}/enterprise" >> $GITHUB_ENV
-          echo "TAG=${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "IMAGE=${{env.aws-url}}/enterprise:${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          #Additional
-          echo "CACHEBUSTER="$(date +%s) >> $GITHUB_ENV
-      - name: Clone Repo STM
+            RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }}
+            echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV
+      - name: Clone repo K8S
         run: |
-          git clone --depth 1 -b cicd "https://[email protected]/ProcessMaker/pm4-stm-docker.git" pm4-stm-docker
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ env.aws-access-key-id }}
-          aws-secret-access-key: ${{ env.aws-secret-access-key }}
-          aws-region: ${{ env.aws-region }}
-      - name: Login to ECR
-        run: |          
-          aws ecr get-login-password | docker login --username AWS --password-stdin ${{env.aws-url}}
-      - name: Build and Push the base images
-        if: contains(github.event.pull_request.body, 'ci:build-base') || github.event_name == 'schedule'
+          # TODO: Change branch when pm4 k8s distribution is released
+          echo "IMAGE: ${{ env.IMAGE }}"
+          git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution           
+      - name: Generate image EKS
         run: |
-          cd pm4-stm-docker
-          docker-compose build --no-cache base-php82
-          docker-compose build --no-cache cache
-          docker push ${REPOSITORY}:ci-base-php82
-          docker push ${REPOSITORY}:ci-cache
-      - name: Build and Push the image to ECR
+          cd pm4-k8s-distribution/images
+          branch=$CI_PACKAGE_BRANCH tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh
+          echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV
+      - name: List Images
         run: |
-          cd pm4-stm-docker
-          docker-compose build processmaker
-          docker push ${IMAGE}
-  job2: 
-    name: deploy-stm    
-    if: github.event.action != 'closed'
-    needs: job1
-    runs-on: ${{ vars.RUNNER }}
-    container:
-      image:  cimg/php:7.4
-      options: --user root
-    steps:
-      - name: Export Params                
+          docker images
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: processmaker/enterprise:${{ env.VERSION }}
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: false
+          vuln-type: 'os,library'
+          scanners: 'vuln,secret'
+          severity: 'MEDIUM,HIGH,CRITICAL'
+        env:
+          TRIVY_TIMEOUT: 30m
+      - name: Login to Harbor
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.REGISTRY_HOST  }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Push Enterprise Image to Harbor
+        run: |          
+          docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}
+          docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}
+  deployEKS: 
+    name: build-deploy-EKS
+    if: contains(github.event.pull_request.body, 'ci:deploy')
+    needs: imageEKS
+    runs-on: self-hosted
+    steps:   
+      - name: Clone private repository
         run: |
-          echo "Env Check: CI_PROJECT: $CI_PROJECT CI_PACKAGE_BRANCH: $CI_PACKAGE_BRANCH CI_PR_BODY: $CI_PR_BODY"
-          echo "REPOSITORY=${{env.aws-url}}/enterprise" >> $GITHUB_ENV
-          echo "TAG=${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "IMAGE_TAG=${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "IMAGE=${{env.aws-url}}/enterprise:${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "STM_TOKEN=${{env.STM_TOKEN}}" >> $GITHUB_ENV 
-      - name: Clone Repo STM
+          git clone --depth 1 -b eng "https://[email protected]/ProcessMaker/argocd.git" argocd
+      - name: CreateDB 
+        run: |          
+          cd argocd
+          deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10)          
+          sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml
+          kubectl get namespace ci-processmaker-ns-pm4
+          namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}')
+          kubectl apply -f template-db.yaml                   
+      - name: Install pm4-tools
         run: |
-          git clone --depth 1 -b cicd "https://[email protected]/ProcessMaker/pm4-stm-docker.git" pm4-stm-docker
-          cd pm4-stm-docker          
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ env.aws-access-key-id }}
-          aws-secret-access-key: ${{ env.aws-secret-access-key }}
-          aws-region: ${{ env.aws-region }}
-      - name: Login to Amazon ECR 
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-      - name: Deploy STM
-        id: stm
+          git clone --depth 1 -b "$K8S_BRANCH" "https://[email protected]/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution     
+          cd pm4-k8s-distribution/images/pm4-tools
+          composer install --no-interaction
+          cd ..
+      - name: Deploy instance EKS           
         run: |
-          mkdir -p /tmp/workspace
-          cd pm4-stm-docker/deploy-stm
-          composer install --no-dev
-          php run.php
-          if [ -f "url.txt" ]; then
-            INSTANCE_URL=$(cat url.txt)
+          cd argocd 
+          deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10)
+          current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10)
+          echo "NAMESPACE : ci-$deploy-ns-pm4"
+          helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update
+          if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then 
+            echo "Creating Deploy :: $deploy"
+            sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml
+            sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml
+            cat template-instance.yaml         
+            helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0             
+          else
+            echo "Bouncing Instance  ";
+            sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml
+            sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml
+            helm upgrade --timeout 20m ci-$deploy processmaker/enterprise --version 2.1.0          
+            kubectl apply -f template-bounce.yaml
           fi
-          echo "Instance URL: '${INSTANCE_URL}'"
+          export INSTANCE_URL=https://ci-$deploy$DOM_EKS
           echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV"
-      - name: Publish the URL to the Github PR 
-        if: success() || steps.stm.conclusion == 'success'
+          ../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready
+      - name: Comment Instance
         run: |
-          cd pm4-stm-docker
           echo "Instance URL: '${INSTANCE_URL}'"
-          bash ./github_comment.sh "$PROJECT" "$pull_req_id"
-  job3: 
-   name: run-phpunit
-   if: github.event.action != 'closed'
-   needs: job1
-   runs-on: ${{ vars.RUNNER }}
-   steps:
-     - name: Export Params                
-       run: |
-         echo "REPOSITORY=${{env.aws-url}}/enterprise" >> $GITHUB_ENV
-         echo "TAG=${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-         echo "IMAGE=${{env.aws-url}}/enterprise:${{env.IMAGE_TAG1}}" >> $GITHUB_ENV          
-     - name: Clone Repo STM
-       run: |
-         git clone --depth 1 -b cicd "https://[email protected]/ProcessMaker/pm4-stm-docker.git" pm4-stm-docker
-         cd pm4-stm-docker          
-     - name: Configure AWS Credentials
-       uses: aws-actions/configure-aws-credentials@v1
-       with:
-         aws-access-key-id: ${{ env.aws-access-key-id }}
-         aws-secret-access-key: ${{ env.aws-secret-access-key }}
-         aws-region: ${{ env.aws-region }}
-     - name: Login to Amazon ECR
-       id: login-ecr
-       uses: aws-actions/amazon-ecr-login@v1
-     - name: PHPUnits
-       run: |          
-         cd pm4-stm-docker          
-         docker pull $IMAGE          
-         docker-compose down -v          
-         docker-compose build phpunit          
-         docker-compose run phpunit
-  #job4: 
-  #  name: run-benchmarks
-  #  needs: job2
-  #  runs-on: ${{ vars.RUNNER }}
-  #  steps:
-  #    - name: my-step
-  #      run: |
-  #        echo "Fifth Step"
-  #job5: 
-  #  name: run-cypress
-  #  needs: job2
-  #  runs-on: ${{ vars.RUNNER }}
-  #  steps:
-  #    - name: my-step
-  #      run: |
-  #        echo "fourth Step"
-  #job6: 
-  #  name: run-cypress-qa
-  #  needs: job2
-  #  runs-on: ${{ vars.RUNNER }}
-  #  steps:
-  #    - name: my-step
-  #      run: |
-  #        echo "Sixt Step"
-  job7: 
+          bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id"
+  deleteEKS:
     name: Delete Instance
     if: github.event.action == 'closed'
-    runs-on: ${{ vars.RUNNER }}
-    container:
-      image:  cimg/php:7.4
-      options: --user root
-    steps:
-      - name: Export Params                
-        run: |
-          echo "REPOSITORY=${{env.aws-url}}/enterprise" >> $GITHUB_ENV
-          echo "TAG=${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "IMAGE_TAG=${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "IMAGE=${{env.aws-url}}/enterprise:${{env.IMAGE_TAG1}}" >> $GITHUB_ENV
-          echo "STM_TOKEN=${{env.STM_TOKEN}}" >> $GITHUB_ENV 
-      - name: Clone Repo STM
-        run: |
-          git clone --depth 1 -b cicd "https://[email protected]/ProcessMaker/pm4-stm-docker.git" pm4-stm-docker
-          cd pm4-stm-docker     
-      - name: Delete Instance STM
-        run: |
-          mkdir -p /tmp/workspace
-          cd pm4-stm-docker/deploy-stm
-          composer install --no-dev
-          php run-delete-instance.php
+    runs-on: self-hosted
+    steps:      
+      - name: Delete instance EKS            
+        run: |           
+          deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10)
+          echo "Deleting Instace :: ci-$deploy"
+          helm delete ci-$deploy
+          kubectl delete namespace ci-$deploy-ns-pm4