ci: update release pipeline to use argocd (#90)

Co-authored-by: Samir Talwar <[email protected]> Co-authored-by: nizar-m <[email protected]>
hasura · Oct 20, 2023 · 8cf9b72 · 8cf9b72
1 parent eb5714f
commit 8cf9b72
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 48 deletions.
diff --git a/.buildkite/release-config-server.yaml b/.buildkite/release-config-server.yaml
@@ -1,53 +1,9 @@
+# prettier-ignore
 agents:
   queue: "aws-v3-build-node-common"
 steps:
-  - label: ":docker: Build and push docker image"
-    key: build-and-push-docker-image
-    command: |
-      set -eu -o pipefail
-
-      TAG=$(git log -1 '--format=format:%h' --abbrev=9)
-      DOCKER_TAG=$$DOCKER_REGISTRY/$$DOCKER_REPO:$$TAG
-
-      echo "~~~ :buildkite: Storing release version in metadata"
-      buildkite-agent meta-data set "release-version" "$$TAG"
-
-      echo "~~~ :docker: Configuring docker gcr helper"
-      docker-credential-gcr configure-docker --registries=$$DOCKER_REGISTRY
-
-      echo "~~~ :docker: Building ndc-postgres-config-server image"
-      docker build --ssh default -t $$DOCKER_TAG -f ConfigServer.Dockerfile .
-
-      echo "~~~ :docker: Pushing ndc-postgres-config-server image"
-      docker push $$DOCKER_TAG
-
-      echo "~~~ :docker: Removing ndc-postgres-config-server image"
-      docker rmi $$DOCKER_TAG
-    env:
-      DOCKER_REGISTRY: us-docker.pkg.dev
-      DOCKER_REPO: hasura-ddn/ddn/ndc-postgres-config-server
-    plugins:
-      - hasura/smooth-secrets#v1.3.2:
-          secrets:
-            - strategy: aws-secrets-manager
-              key: github-user-keys/hasura-ci
-              type: ssh
-              region: us-east-2
-      - gcp-workload-identity-federation#v1.0.0:
-          # We can change the aud
-          audience: "//iam.googleapis.com/projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/buildkite"
-          service-account: "[email protected]"
-      - hasura/smooth-checkout#v4.3.2:
-          repos:
-            - config:
-                - url: [email protected]:hasura/ndc-postgres.git
-          delete_checkout: true
-          interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID"
-
-  - label: ":kubernetes: Release to staging"
-    key: release-to-staging
-    depends_on:
-      - step: build-and-push-docker-image
+  - label: ":git: update tag in ddn-cloud"
+    key: update-tag
     command: .buildkite/scripts/release-component.sh "ndc-postgres-config-server"
     plugins:
       - hasura/smooth-secrets#v1.3.2:
@@ -68,6 +24,30 @@ steps:
                   ref: main
           delete_checkout: true
           interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID"
+  - label: ":kubernetes: Deploy postgres-ndc-config-server to staging"
+    key: argocd-sync
+    agents:
+      queue: argocd-runner
+    depends_on:
+      - step: update-tag
+    command: |
+      echo y | argocd login --username admin --password $$ARGOCD_ADMIN_SECRET argocd.hasura-app.io --insecure
+      argocd app list --selector 'application=postgres-ndc-config-server'
+      argocd app sync --selector 'application=postgres-ndc-config-server'
+    plugins:
+      - hasura/smooth-secrets#v1.3.2:
+          secrets:
+            - strategy: aws-secrets-manager
+              key: ci-secrets/argocd/admin-secret
+              type: env
+              region: us-east-2
+              name: ARGOCD_ADMIN_SECRET
+      - hasura/smooth-checkout#v4.3.2:
+          skip_checkout: true
+      - docker#v5.9.0:
+          image: "argoproj/argocd:v2.6.15"
+          environment:
+            - "ARGOCD_ADMIN_SECRET"
     notify:
       - slack:
           channels:

diff --git a/.github/workflows/nix-docker.yaml → ...ub/workflows/build-images-and-deploy.yaml b/.github/workflows/nix-docker.yaml → ...ub/workflows/build-images-and-deploy.yaml
@@ -61,6 +61,33 @@ jobs:
       - name: Build and deploy Docker images to GitHub Packages 🚀
         run: nix run .#publish-docker-image '${{ github.ref }}' '${{ matrix.connector }}' 'ghcr.io/hasura/${{ matrix.connector }}'
 
+      - name: Deploy to staging
+        if: ${{ matrix.connector == 'ndc-postgres' && github.ref == 'refs/heads/main' }}
+        env:
+          BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }}
+        run: |
+          long_sha=$(git rev-parse HEAD)
+          short_sha=$(git rev-parse --short=9 HEAD)
+          req_data=$(cat <<EOF
+          {
+            "commit": "${long_sha}",
+            "branch": "main",
+            "message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:",
+            "author": {
+              "name": "Hasura Bot",
+              "email": "[email protected]"
+            },
+            "env": {
+              "RELEASE_VERSION": "dev-main-${short_sha}"
+            },
+          }
+          EOF)
+
+          curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \
+            -d "$req_data"
+
       # scream into Slack if something goes wrong
       - name: Report Status
         if: always()

diff --git a/ci/deploy.sh b/ci/deploy.sh
@@ -59,7 +59,9 @@ function set_dev_tags {
     tidy_branch="$(tr './' '-' <<< "$branch")"
     local branch_prefix="dev-${tidy_branch}"
     local version
-    version=$(git show --quiet --format="${branch_prefix}-%h")
+    local short_hash
+    short_hash="$(git rev-parse --short=9 HEAD)"
+    version="${branch_prefix}-${short_hash}"
     export docker_tags=("$version" "$branch_prefix")
 }