From 1bba35f697712112b2e0d41e1aa8679ee1002b01 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 08:19:12 +0200 Subject: [PATCH 01/11] feat(metabase): deploy from the monorepo --- ....yml => build-and-deploy-nada-backend.yml} | 4 +- .github/workflows/deploy-metabase.yaml | 45 +++++++ .nais/dev/metabase/gcp.yaml | 94 +++++++++++++++ .nais/dev/{ => nada-backend}/gcp.yaml | 0 .../nada-backend-config.yaml | 0 .nais/prod/metabase/gcp.yaml | 114 ++++++++++++++++++ .nais/prod/{ => nada-backend}/gcp.yaml | 0 .../nada-backend-config.yaml | 0 .nais/vars.yaml | 59 +++++++++ 9 files changed, 314 insertions(+), 2 deletions(-) rename .github/workflows/{build-and-deploy.yml => build-and-deploy-nada-backend.yml} (96%) create mode 100644 .github/workflows/deploy-metabase.yaml create mode 100644 .nais/dev/metabase/gcp.yaml rename .nais/dev/{ => nada-backend}/gcp.yaml (100%) rename .nais/dev/{ => nada-backend}/nada-backend-config.yaml (100%) create mode 100644 .nais/prod/metabase/gcp.yaml rename .nais/prod/{ => nada-backend}/gcp.yaml (100%) rename .nais/prod/{ => nada-backend}/nada-backend-config.yaml (100%) create mode 100644 .nais/vars.yaml diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy-nada-backend.yml similarity index 96% rename from .github/workflows/build-and-deploy.yml rename to .github/workflows/build-and-deploy-nada-backend.yml index 42170b8e..9954eb62 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy-nada-backend.yml @@ -183,7 +183,7 @@ jobs: uses: nais/deploy/actions/deploy@v2 env: CLUSTER: dev-gcp - RESOURCE: .nais/dev/nada-backend-config.yaml,.nais/dev/gcp.yaml + RESOURCE: .nais/dev/nada-backend/nada-backend-config.yaml,.nais/dev/nada-backend/gcp.yaml VAR: image=${{ needs.push.outputs.image }} deploy-prod: @@ -199,5 +199,5 @@ jobs: uses: nais/deploy/actions/deploy@v2 env: CLUSTER: prod-gcp - RESOURCE: .nais/prod/nada-backend-config.yaml,.nais/prod/gcp.yaml + RESOURCE: .nais/prod/nada-backend/nada-backend-config.yaml,.nais/prod/nada-backend/gcp.yaml VAR: image=${{ needs.push.outputs.image }} diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml new file mode 100644 index 00000000..de2d0d55 --- /dev/null +++ b/.github/workflows/deploy-metabase.yaml @@ -0,0 +1,45 @@ +name: Deploy metabase + +on: + push: + branches: + - main + +permissions: + contents: read + id-token: write + +jobs: + deploy-dev: + name: Deploy to NAIS dev + runs-on: ubuntu-latest + if: github.actor != 'dependabot[bot]' + steps: + - uses: actions/checkout@v4 + - name: Read Metabase Version + id: read_metabase_version + run: echo "METABASE_VERSION=$(cat .metabase_version)" >> $GITHUB_ENV + - uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: dev-gcp + RESOURCE: .nais/dev/metabase/gcp.yaml + VAR: version=${{ env.METABASE_VERSION }} + VARS: .nais/vars.yaml + + deploy-prod: + name: Deploy to NAIS prod + runs-on: ubuntu-latest + needs: deploy-dev + if: github.ref == 'refs/heads/main' && github.actor != 'dependabot[bot]' + steps: + - uses: actions/checkout@v4 + - name: Read Metabase Version + id: read_metabase_version + run: echo "METABASE_VERSION=$(cat .metabase_version)" >> $GITHUB_ENV + - uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: prod-gcp + RESOURCE: .nais/prod/metabase/gcp.yaml + VAR: version=${{ env.METABASE_VERSION }} + VARS: .nais/vars.yaml + TIMEOUT: 15m diff --git a/.nais/dev/metabase/gcp.yaml b/.nais/dev/metabase/gcp.yaml new file mode 100644 index 00000000..f1db0d08 --- /dev/null +++ b/.nais/dev/metabase/gcp.yaml @@ -0,0 +1,94 @@ +apiVersion: nais.io/v1alpha1 +kind: Application +metadata: + labels: + team: nada + name: metabase + namespace: nada + annotations: + {{#each annotations}} + {{this.key}}: "{{this.value}}" + {{/each}} +spec: + prometheus: + enabled: true + path: /metrics + port: "9191" + env: + - name: JAVA_OPTS + value: "--XX:MaxRAMPercentage=75.0 -XX:+UseParallelGC -XX:ActiveProcessorCount=2" + - name: MB_PROMETHEUS_SERVER_PORT + value: "9191" + - name: MB_SITE_URL + value: https://metabase.ansatt.dev.nav.no + - name: MB_DB_USER + value: metabasedb + - name: MB_DB_HOST + value: "100.71.0.188" + {{#each envs}} + - name: {{this.name}} + value: "{{this.value}}" + {{/each}} + envFrom: + - secret: metabase + gcp: + sqlInstances: + - name: metabasedb + databases: + - name: metabase + type: POSTGRES_12 + tier: db-custom-1-3840 + flags: + - name: max_connections + value: "50" + diskAutoresize: true + image: metabase/metabase-enterprise:{{version}} + ingresses: + - https://metabase.ansatt.dev.nav.no + - https://metabase-inside.intern.dev.nav.no + liveness: + path: /api/health + startup: + initialDelay: 40 + periodSeconds: 10 + failureThreshold: 10 + path: /api/health + readiness: + path: /api/health + port: 3000 + replicas: + max: 2 + min: 1 + resources: + limits: + memory: 1536Mi + requests: + cpu: 20m + memory: 1024Mi + accessPolicy: + inbound: + rules: + - application: nada-backend + outbound: + external: + {{#externalhosts}} + - host: "{{ . }}" + {{/externalhosts}} + - host: smtp.adeo.no + ports: + - port: 26 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/server-snippet: | + return 301 https://metabase.ansatt.dev.nav.no$request_uri; + labels: + team: nada + name: metabase-redirect + namespace: nada +spec: + ingressClassName: nais-ingress + rules: + - host: metabase.intern.dev.nav.no diff --git a/.nais/dev/gcp.yaml b/.nais/dev/nada-backend/gcp.yaml similarity index 100% rename from .nais/dev/gcp.yaml rename to .nais/dev/nada-backend/gcp.yaml diff --git a/.nais/dev/nada-backend-config.yaml b/.nais/dev/nada-backend/nada-backend-config.yaml similarity index 100% rename from .nais/dev/nada-backend-config.yaml rename to .nais/dev/nada-backend/nada-backend-config.yaml diff --git a/.nais/prod/metabase/gcp.yaml b/.nais/prod/metabase/gcp.yaml new file mode 100644 index 00000000..75ead5dc --- /dev/null +++ b/.nais/prod/metabase/gcp.yaml @@ -0,0 +1,114 @@ +apiVersion: nais.io/v1alpha1 +kind: Application +metadata: + labels: + team: nada + name: metabase + namespace: nada + annotations: + {{#each annotations}} + {{this.key}}: "{{this.value}}" + {{/each}} +spec: + prometheus: + enabled: true + path: /metrics + port: "9191" + env: + - name: MB_PROMETHEUS_SERVER_PORT + value: "9191" + - name: MB_SITE_URL + value: https://metabase.ansatt.nav.no + - name: MB_DB_USER + value: metabase + - name: MB_DB_HOST + value: "127.0.0.1" + {{#each envs}} + - name: {{this.name}} + value: "{{this.value}}" + {{/each}} + envFrom: + - secret: metabase + gcp: + sqlInstances: + - databases: + - name: metabase + type: POSTGRES_12 + flags: + - name: max_connections + value: "100" + tier: db-g1-small + image: metabase/metabase-enterprise:{{version}} + ingresses: + - https://metabase.ansatt.nav.no + - https://metabase-inside.intern.nav.no + liveness: + path: /api/health + startup: + initialDelay: 180 + periodSeconds: 30 + failureThreshold: 30 + path: /api/health + readiness: + path: /api/health + port: 3000 + replicas: + max: 4 + min: 2 + resources: + limits: + memory: 5Gi + requests: + cpu: 300m + memory: 2048Mi + accessPolicy: + inbound: + rules: + - application: nada-backend + outbound: + external: + {{#externalhosts}} + - host: "{{ . }}" + {{/externalhosts}} + - host: smtp.adeo.no + ports: + - port: 26 + +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: metabase-alert + namespace: nada + labels: + team: nada +spec: + groups: + - name: metabase-alert + rules: + - alert: InstanceDown + expr: kube_deployment_status_replicas_available{namespace="nada", deployment="metabase"} == 0 + for: 2m + annotations: + consequence: Metabase is unavailable + action: "`kubectl describe pod ` -> `kubectl logs `" + summary: |- + No metabase pods are running in prod-gcp + labels: + namespace: nada + severity: critical +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/server-snippet: | + return 301 https://metabase.ansatt.nav.no$request_uri; + labels: + team: nada + name: metabase-redirect + namespace: nada +spec: + ingressClassName: nais-ingress-external + rules: + - host: metabase.intern.nav.no diff --git a/.nais/prod/gcp.yaml b/.nais/prod/nada-backend/gcp.yaml similarity index 100% rename from .nais/prod/gcp.yaml rename to .nais/prod/nada-backend/gcp.yaml diff --git a/.nais/prod/nada-backend-config.yaml b/.nais/prod/nada-backend/nada-backend-config.yaml similarity index 100% rename from .nais/prod/nada-backend-config.yaml rename to .nais/prod/nada-backend/nada-backend-config.yaml diff --git a/.nais/vars.yaml b/.nais/vars.yaml new file mode 100644 index 00000000..a3222a62 --- /dev/null +++ b/.nais/vars.yaml @@ -0,0 +1,59 @@ +annotations: + - key: config.linkerd.io/skip-outbound-ports + value: "26" + - key: nginx.ingress.kubernetes.io/proxy-body-size + value: "8m" + - key: nginx.ingress.kubernetes.io/proxy-read-timeout + value: "600" +envs: + - name: MB_DB_TYPE + value: postgres + - name: MB_DB_DBNAME + value: metabase + - name: MB_DB_PORT + value: "5432" + - name: JAVA_TIMEZONE + value: UTC+1 + - name: MB_COLORIZE_LOGS + value: "false" + - name: MB_PLUGINS_DIR + value: "/tmp" + - name: MB_ADMIN_EMAIL + value: "nada@nav.no" + - name: MB_METABOT_ENABLED + value: "true" + - name: MB_SAML_ENABLED + value: "true" + - name: MB_SAML_GROUP_SYNC + value: "true" + - name: MB_SAML_ATTRIBUTE_GROUP + value: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups + - name: MB_SAML_IDENTITY_PROVIDER_ISSUER + value: https://sts.windows.net/62366534-1ec3-4962-8869-9b5535279d0b/ + - name: MB_SAML_IDENTITY_PROVIDER_URI + value: HTTPS://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b/saml2 + - name: MB_ENABLE_PASSWORD_LOGIN + value: "true" + - name: MAX_SESSION_AGE + value: "1440" + - name: MB_SESSION_COOKIES + value: "true" + - name: MB_EMAIL_FROM_ADDRESS + value: "metabase@nav.no" + - name: MB_EMAIL_SMTP_HOST + value: "smtp.adeo.no" + - name: MB_EMAIL_SMTP_PORT + value: "26" + - name: MB_EMAIL_SMTP_SECURITY + value: "none" + - name: MB_EMAIL_SMTP_USERNAME + value: "srvNada" + - name: MB_SEND_NEW_SSO_USER_ADMIN_EMAIL + value: "false" + - name: MB_HEALTH_CHECK_LOGGING_ENABLED + value: "false" +externalhosts: + - token-check.metabase.com + - slack.com + - files.slack.com + - metaboat.slack.com From 7eb38c1229fadc08f87f4a269f92199e6eb1e96c Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 08:31:59 +0200 Subject: [PATCH 02/11] chore(gha): new metabase version goes to dev on PR --- .github/workflows/deploy-metabase.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml index de2d0d55..af0590e1 100644 --- a/.github/workflows/deploy-metabase.yaml +++ b/.github/workflows/deploy-metabase.yaml @@ -3,7 +3,7 @@ name: Deploy metabase on: push: branches: - - main + - '*' permissions: contents: read From 1e9f871ddae635a88fc185b49fb70b591e480612 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 08:40:27 +0200 Subject: [PATCH 03/11] chore(gha): only run deploy on changes to some paths --- .github/workflows/deploy-metabase.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml index af0590e1..3af9466c 100644 --- a/.github/workflows/deploy-metabase.yaml +++ b/.github/workflows/deploy-metabase.yaml @@ -4,6 +4,10 @@ on: push: branches: - '*' + paths: + - '.metabase_version' + - '.nais/dev/metabase/**' + - '.nais/prod/metabase/**' permissions: contents: read From 27eac4404e93f5fe8f27ef34ae65855614c6dcd4 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 14:43:18 +0200 Subject: [PATCH 04/11] chore(gha): also check for changes to vars.yaml --- .github/workflows/deploy-metabase.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml index 3af9466c..832e8e95 100644 --- a/.github/workflows/deploy-metabase.yaml +++ b/.github/workflows/deploy-metabase.yaml @@ -8,6 +8,7 @@ on: - '.metabase_version' - '.nais/dev/metabase/**' - '.nais/prod/metabase/**' + - '.nais/vars.yaml' permissions: contents: read From 1cbd61c0dab4a050ffcac9aba996a88d84133197 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 15:03:03 +0200 Subject: [PATCH 05/11] chore(docs): add details on upgrading metabase --- README.md | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 95943b1e..62cc8237 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,9 @@ It serves a REST-API for managing data products, and provides functionality for ```bash gcloud auth login --update-adc gcloud auth configure-docker europe-north1-docker.pkg.dev + +# There also exists a make target for login to docker: +make docker-login ``` 4. (Optional) If you are on mac with arm (m1, m2, m3, etc.) install rosetta ```bash @@ -25,10 +28,10 @@ softwareupdate --install-rosetta ```bash # Build all binaries -$ make build +make build # Run the tests -$ make test +make test ``` ## Run with fully local resources @@ -50,9 +53,6 @@ There are still a couple of services missing, though much functionality should w # Starts the dependencies in the background, and runs the API in the foreground $ make run ``` -**Note:** building the big query emulator requires quite a bit of memory, so if you see something like `clang++: -signal: killed` you need to increase the amount of memory you allocate to your container run-time. - 2. (Optional): Start the [nada-frontend](https://github.com/navikt/nada-frontend/?tab=readme-ov-file#development) 3. (Optional): Take a look at the [locally running Metabase](http://localhost:8083), the username is: `nada@nav.no`, @@ -69,23 +69,41 @@ signal: killed` you need to increase the amount of memory you allocate to your c $ make generate ``` -## Update the images +## Bumping the Metabase version +The file [.metabase_version](.metabase_version) controls the version of [Metabase](https://metabase.com) that is +used in tests and for deployment to **dev** and **prod**. Check the Metabase [releases](https://github.com/metabase/metabase/releases) page +for available versions; we follow the Metabase Enterprise track. -We build and push images for the patched metabase and customized big-query emulator to speed up local development and integration tests. If you need to make changes to these: +When you bump this version the following events will occur when you make a PR: -1. Make changes to the [base images](resources/images) +1. We build two Metabase images, which are used during integration tests and for local development +- metabase: un-modified version of Metabase when running nada-backend locally towards GCP services +- metabase-patched: modified version of Metabase that allows us to connect to bigquery-emulator running on the host +2. We run the nada-backend integration tests using the new version of Metabase +3. We deploy the new version of Metabase to `dev` + +On merge to `main`: -**Note:** in the [Makefile](Makefile) we set the target version for the mocks and Metabase. +1. We deploy the new version of Metabase `prod` -If you change the `METABASE_VERSION` then it will pull the jar or source code for that version of Metabase and build the new images. We also use this as the version in the image tags for metabase(-patched). +## Bumping the Mocks version +In the [Makefile](Makefile) we set the target version for the mocks. If you change the mocks, you also need to bump +the `MOCKS_VERSION`, so we get the latest changes. -If you change the mocks, you also need to bump the `MOCKS_VERSION`, so we get the latest changes. +## Update the images locally + +We build and push images for the patched metabase and customized big-query emulator to speed up local development and integration tests. If you need to make changes to these: + +1. Make changes to the [base images](resources/images) + +**Note:** building the big query emulator requires quite a bit of memory, so if you see something like `clang++: +signal: killed` you need to increase the amount of memory you allocate to your container run-time. 2. Build the new images locally ```bash $ make build-all ``` -3. Push the images to the container registry +3. (optional) Push the images to the container registry; requires that you have run `make docker-login` ``` $ make push-all ``` From 7edac2ba757b0c907ac76396cc5af732c71b93ae Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 15:24:45 +0200 Subject: [PATCH 06/11] feat(gha): wait for nada-backend push before metabase deploy --- .github/workflows/build-and-deploy-nada-backend.yml | 1 + .github/workflows/deploy-metabase.yaml | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/.github/workflows/build-and-deploy-nada-backend.yml b/.github/workflows/build-and-deploy-nada-backend.yml index 9954eb62..dac403f2 100644 --- a/.github/workflows/build-and-deploy-nada-backend.yml +++ b/.github/workflows/build-and-deploy-nada-backend.yml @@ -143,6 +143,7 @@ jobs: path: nada-backend push: + name: Push backend image permissions: contents: write id-token: write diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml index 832e8e95..c741f405 100644 --- a/.github/workflows/deploy-metabase.yaml +++ b/.github/workflows/deploy-metabase.yaml @@ -20,6 +20,16 @@ jobs: runs-on: ubuntu-latest if: github.actor != 'dependabot[bot]' steps: + - name: Wait for tests to succeed + uses: lewagon/wait-on-check-action@v1.3.4 + with: + ref: ${{ github.ref }} + # When nada-backend has successfully built and pushed its image, we can + # deploy the new version of Metabase with high confidence that the + # nada-backend deploy will succeed. + check-name: 'Push backend image' + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 10 - uses: actions/checkout@v4 - name: Read Metabase Version id: read_metabase_version From 7a3dcb2800900f4d281bbf42acca0c8c3f165333 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Tue, 3 Sep 2024 15:39:32 +0200 Subject: [PATCH 07/11] feat(metabase): bump to version 1.50.23 --- .metabase_version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.metabase_version b/.metabase_version index 258234a6..0b65540f 100644 --- a/.metabase_version +++ b/.metabase_version @@ -1 +1 @@ -v1.50.21 \ No newline at end of file +v1.50.23 From ab67939269478861f123771dadb64d5c701874f0 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Fri, 6 Sep 2024 11:09:05 +0200 Subject: [PATCH 08/11] chore(bq): update patch for v1.50.24 --- .metabase_version | 2 +- .../metabase/001-bigquery-cloud-sdk-no-auth.patch | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.metabase_version b/.metabase_version index 0b65540f..8b6dfe14 100644 --- a/.metabase_version +++ b/.metabase_version @@ -1 +1 @@ -v1.50.23 +v1.50.24 diff --git a/resources/images/metabase/001-bigquery-cloud-sdk-no-auth.patch b/resources/images/metabase/001-bigquery-cloud-sdk-no-auth.patch index cda8e0a6..ca8500ba 100644 --- a/resources/images/metabase/001-bigquery-cloud-sdk-no-auth.patch +++ b/resources/images/metabase/001-bigquery-cloud-sdk-no-auth.patch @@ -1,4 +1,4 @@ -From 02196275ab942919b452fcdb8e1c972e8e1daf60 Mon Sep 17 00:00:00 2001 +From d7d1dada261df3bb4cb88821043ded665f4e2adc Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Wed, 31 Jul 2024 10:12:15 +0200 Subject: [PATCH] chore(bq): modify driver to allow for local bq @@ -33,7 +33,7 @@ index bc5be48d86..56e101980a 100644 display-name: Service account JSON file helper-text: This JSON file contains the credentials Metabase needs to read and query your dataset. diff --git a/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk.clj b/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk.clj -index 19e7b1ee67..917611db24 100644 +index 9480fcda54..46d77fff47 100644 --- a/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk.clj +++ b/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk.clj @@ -54,11 +54,22 @@ @@ -102,11 +102,11 @@ index 19e7b1ee67..917611db24 100644 (^Table [^BigQuery client :- (lib.schema.common/instance-of-class BigQuery) diff --git a/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk/common.clj b/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk/common.clj -index ee6b4396b5..5057799c85 100644 +index e1b8b311d4..7fc5c88e90 100644 --- a/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk/common.clj +++ b/modules/drivers/bigquery-cloud-sdk/src/metabase/driver/bigquery_cloud_sdk/common.clj @@ -7,8 +7,9 @@ - #_{:clj-kondo/ignore [:discouraged-namespace]} + ^{:clj-kondo/ignore [:discouraged-namespace]} [toucan2.core :as t2]) (:import - (com.google.auth.oauth2 ServiceAccountCredentials) @@ -131,10 +131,10 @@ index ee6b4396b5..5057799c85 100644 "Returns a `ServiceAccountCredentials` (not scoped) for the given `service-account-json` (String)." {:added "0.42.0"} diff --git a/package.json b/package.json -index 2fb393da9f..53940495cd 100644 +index a5589cd0f3..bd82b9bf47 100644 --- a/package.json +++ b/package.json -@@ -418,10 +418,6 @@ +@@ -419,10 +419,6 @@ ], "e2e/test/scenarios/*/{*.(js|ts),!(helpers|shared)/*.(js|ts)}": [ "node e2e/validate-e2e-test-files.js" From b4fecc6b96efa734f325a250354a94d625193e14 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Fri, 6 Sep 2024 11:15:52 +0200 Subject: [PATCH 09/11] chore(gha): increa wait-interval to 4 min --- .github/workflows/deploy-metabase.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml index c741f405..2a0efeb7 100644 --- a/.github/workflows/deploy-metabase.yaml +++ b/.github/workflows/deploy-metabase.yaml @@ -29,7 +29,7 @@ jobs: # nada-backend deploy will succeed. check-name: 'Push backend image' repo-token: ${{ secrets.GITHUB_TOKEN }} - wait-interval: 10 + wait-interval: 240 - uses: actions/checkout@v4 - name: Read Metabase Version id: read_metabase_version From 5e7f69e4bec75ed899715bd55a1b39d21c1dc44d Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Fri, 6 Sep 2024 13:26:29 +0200 Subject: [PATCH 10/11] fix(integration): strip whitespace from .metabase_version --- test/integration/integration.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/integration/integration.go b/test/integration/integration.go index cff78d23..2a2b9af5 100644 --- a/test/integration/integration.go +++ b/test/integration/integration.go @@ -187,9 +187,11 @@ func (c *containers) RunMetabase(cfg *MetabaseConfig) *MetabaseConfig { c.t.Fatalf("loading metabase version: %s", err) } + c.log.Info().Msgf("Metabase version: %s", metabaseVersion) + resource, err := c.pool.RunWithOptions(&dockertest.RunOptions{ Repository: "europe-north1-docker.pkg.dev/nada-prod-6977/nada-north/metabase-patched", - Tag: string(metabaseVersion), + Tag: strings.TrimSpace(string(metabaseVersion)), Env: []string{ "MB_DB_TYPE=h2", "MB_ENABLE_PASSWORD_LOGIN=true", From 9bb93b7e96c424b0165a0dd945ce32ed09b7f7f0 Mon Sep 17 00:00:00 2001 From: "Paul B. Beskow" Date: Fri, 6 Sep 2024 13:39:09 +0200 Subject: [PATCH 11/11] chore(gha): lets just depend on the whole previous workflow --- .github/workflows/deploy-metabase.yaml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/deploy-metabase.yaml b/.github/workflows/deploy-metabase.yaml index 2a0efeb7..216c847a 100644 --- a/.github/workflows/deploy-metabase.yaml +++ b/.github/workflows/deploy-metabase.yaml @@ -1,7 +1,10 @@ name: Deploy metabase on: - push: + workflow_run: + workflows: [ "Build and Deploy Nada Backend" ] + types: + - completed branches: - '*' paths: @@ -18,18 +21,8 @@ jobs: deploy-dev: name: Deploy to NAIS dev runs-on: ubuntu-latest - if: github.actor != 'dependabot[bot]' + if: github.actor != 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success' steps: - - name: Wait for tests to succeed - uses: lewagon/wait-on-check-action@v1.3.4 - with: - ref: ${{ github.ref }} - # When nada-backend has successfully built and pushed its image, we can - # deploy the new version of Metabase with high confidence that the - # nada-backend deploy will succeed. - check-name: 'Push backend image' - repo-token: ${{ secrets.GITHUB_TOKEN }} - wait-interval: 240 - uses: actions/checkout@v4 - name: Read Metabase Version id: read_metabase_version @@ -45,7 +38,7 @@ jobs: name: Deploy to NAIS prod runs-on: ubuntu-latest needs: deploy-dev - if: github.ref == 'refs/heads/main' && github.actor != 'dependabot[bot]' + if: github.ref == 'refs/heads/main' && github.actor != 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success' steps: - uses: actions/checkout@v4 - name: Read Metabase Version