-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: update release pipeline to use argocd (#90)
Co-authored-by: Samir Talwar <[email protected]> Co-authored-by: nizar-m <[email protected]>
- Loading branch information
1 parent
eb5714f
commit 8cf9b72
Showing
3 changed files
with
57 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,9 @@ | ||
# prettier-ignore | ||
agents: | ||
queue: "aws-v3-build-node-common" | ||
steps: | ||
- label: ":docker: Build and push docker image" | ||
key: build-and-push-docker-image | ||
command: | | ||
set -eu -o pipefail | ||
TAG=$(git log -1 '--format=format:%h' --abbrev=9) | ||
DOCKER_TAG=$$DOCKER_REGISTRY/$$DOCKER_REPO:$$TAG | ||
echo "~~~ :buildkite: Storing release version in metadata" | ||
buildkite-agent meta-data set "release-version" "$$TAG" | ||
echo "~~~ :docker: Configuring docker gcr helper" | ||
docker-credential-gcr configure-docker --registries=$$DOCKER_REGISTRY | ||
echo "~~~ :docker: Building ndc-postgres-config-server image" | ||
docker build --ssh default -t $$DOCKER_TAG -f ConfigServer.Dockerfile . | ||
echo "~~~ :docker: Pushing ndc-postgres-config-server image" | ||
docker push $$DOCKER_TAG | ||
echo "~~~ :docker: Removing ndc-postgres-config-server image" | ||
docker rmi $$DOCKER_TAG | ||
env: | ||
DOCKER_REGISTRY: us-docker.pkg.dev | ||
DOCKER_REPO: hasura-ddn/ddn/ndc-postgres-config-server | ||
plugins: | ||
- hasura/smooth-secrets#v1.3.2: | ||
secrets: | ||
- strategy: aws-secrets-manager | ||
key: github-user-keys/hasura-ci | ||
type: ssh | ||
region: us-east-2 | ||
- gcp-workload-identity-federation#v1.0.0: | ||
# We can change the aud | ||
audience: "//iam.googleapis.com/projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/buildkite" | ||
service-account: "[email protected]" | ||
- hasura/smooth-checkout#v4.3.2: | ||
repos: | ||
- config: | ||
- url: [email protected]:hasura/ndc-postgres.git | ||
delete_checkout: true | ||
interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID" | ||
|
||
- label: ":kubernetes: Release to staging" | ||
key: release-to-staging | ||
depends_on: | ||
- step: build-and-push-docker-image | ||
- label: ":git: update tag in ddn-cloud" | ||
key: update-tag | ||
command: .buildkite/scripts/release-component.sh "ndc-postgres-config-server" | ||
plugins: | ||
- hasura/smooth-secrets#v1.3.2: | ||
|
@@ -68,6 +24,30 @@ steps: | |
ref: main | ||
delete_checkout: true | ||
interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID" | ||
- label: ":kubernetes: Deploy postgres-ndc-config-server to staging" | ||
key: argocd-sync | ||
agents: | ||
queue: argocd-runner | ||
depends_on: | ||
- step: update-tag | ||
command: | | ||
echo y | argocd login --username admin --password $$ARGOCD_ADMIN_SECRET argocd.hasura-app.io --insecure | ||
argocd app list --selector 'application=postgres-ndc-config-server' | ||
argocd app sync --selector 'application=postgres-ndc-config-server' | ||
plugins: | ||
- hasura/smooth-secrets#v1.3.2: | ||
secrets: | ||
- strategy: aws-secrets-manager | ||
key: ci-secrets/argocd/admin-secret | ||
type: env | ||
region: us-east-2 | ||
name: ARGOCD_ADMIN_SECRET | ||
- hasura/smooth-checkout#v4.3.2: | ||
skip_checkout: true | ||
- docker#v5.9.0: | ||
image: "argoproj/argocd:v2.6.15" | ||
environment: | ||
- "ARGOCD_ADMIN_SECRET" | ||
notify: | ||
- slack: | ||
channels: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -61,6 +61,33 @@ jobs: | |
- name: Build and deploy Docker images to GitHub Packages 🚀 | ||
run: nix run .#publish-docker-image '${{ github.ref }}' '${{ matrix.connector }}' 'ghcr.io/hasura/${{ matrix.connector }}' | ||
|
||
- name: Deploy to staging | ||
if: ${{ matrix.connector == 'ndc-postgres' && github.ref == 'refs/heads/main' }} | ||
env: | ||
BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }} | ||
run: | | ||
long_sha=$(git rev-parse HEAD) | ||
short_sha=$(git rev-parse --short=9 HEAD) | ||
req_data=$(cat <<EOF | ||
{ | ||
"commit": "${long_sha}", | ||
"branch": "main", | ||
"message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:", | ||
"author": { | ||
"name": "Hasura Bot", | ||
"email": "[email protected]" | ||
}, | ||
"env": { | ||
"RELEASE_VERSION": "dev-main-${short_sha}" | ||
}, | ||
} | ||
EOF) | ||
curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \ | ||
-H "Content-Type: application/json" \ | ||
-H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \ | ||
-d "$req_data" | ||
# scream into Slack if something goes wrong | ||
- name: Report Status | ||
if: always() | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters