Merge pull request #754 from salvis2/switch-to-github-actions

Switch AWS staging hub to GitHub Actions

.circleci/config.yml

@@ -53,13 +53,13 @@ jobs:
           command: |
             hubploy build gcp-uscentral1b --commit-range ${COMMIT_RANGE}
 
-      - run:
-          name: Test building aws-uswest2.pangeo.io image if needed
-          when: always
-          command: |
-            hubploy build icesat2 --commit-range ${COMMIT_RANGE}
-          environment:
-            PYTHONIOENCODING: utf-8
+      #- run:
+      #    name: Test building aws-uswest2.pangeo.io image if needed
+      #    when: always
+      #    command: |
+      #      hubploy build icesat2 --commit-range ${COMMIT_RANGE}
+      #    environment:
+      #      PYTHONIOENCODING: utf-8
 
       # This is currently disabled becauses it always runs and because the Azure
       # container registry is not open to annonymous read access. This can be changed
@@ -142,13 +142,13 @@ jobs:
           command: |
             hubploy build gcp-uscentral1b --check-registry --push
 
-      - run:
-          name: Build aws-uswest2.pangeo.io image if needed
-          when: always
-          command: |
-            hubploy build icesat2 --check-registry --push
-          environment:
-            PYTHONIOENCODING: utf-8
+      #- run:
+      #    name: Build aws-uswest2.pangeo.io image if needed
+      #    when: always
+      #    command: |
+      #      hubploy build icesat2 --check-registry --push
+      #    environment:
+      #      PYTHONIOENCODING: utf-8
 
       - run:
           name: Build ooi.pangeo.io image if needed
@@ -194,28 +194,28 @@ jobs:
 
       # NOTE: should move the dynamic IP into hubploy where credentials and awscli version already dealt with
       # sleep 2min for now, but better to poll for readiness https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
-      - run:
-          name: Add Runner IP to EKS Kubernetes API Whitelist
-          when: always
-          command: |
-            export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt
-            RUNNERIP=`curl --silent https://checkip.amazonaws.com`
-            aws --version
-            aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${RUNNERIP}/32 > /dev/null
-            sleep 120
-      - run:
-          name: Deploy aws-uswest2.pangeo.io
-          when: always
-          no_output_timeout: 1200
-          command: |
-            hubploy deploy icesat2 pangeo-deploy ${CIRCLE_BRANCH} --timeout 1200s --cleanup-on-fail
+      #- run:
+      #    name: Add Runner IP to EKS Kubernetes API Whitelist
+      #    when: always
+      #    command: |
+      #      export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt
+      #      RUNNERIP=`curl --silent https://checkip.amazonaws.com`
+      #      aws --version
+      #      aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${RUNNERIP}/32 > /dev/null
+      #      sleep 120
+      #- run:
+      #    name: Deploy aws-uswest2.pangeo.io
+      #    when: always
+      #    no_output_timeout: 1200
+      #    command: |
+      #      hubploy deploy icesat2 pangeo-deploy ${CIRCLE_BRANCH} --timeout 1200s --cleanup-on-fail
 
-      - run:
-          name: Revert to Original EKS IP Whitelist
-          when: always
-          command: |
-            export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt
-            aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${AWS_IP_WHITELIST} > /dev/null
+      #- run:
+      #    name: Revert to Original EKS IP Whitelist
+      #    when: always
+      #    command: |
+      #      export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt
+      #      aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${AWS_IP_WHITELIST} > /dev/null
 
       - run:
           name: Deploy ooi.pangeo.io

.github/workflows/build-aws-image.yaml

@@ -0,0 +1,34 @@
+name: Build AWS Image
+on:
+  push:
+    branches:
+      - staging
+      #- prod
+    paths:
+      - 'deployments/icesat2/image/binder/*'
+      - '.github/workflows/build-aws-image.yaml'
+  pull_request:
+    branches:
+      - staging
+      #- prod
+    paths:
+      - 'deployments/icesat2/image/binder/*'
+      - '.github/workflows/build-aws-image.yaml'
+
+jobs:
+  build_aws_image:
+    name: Build AWS Image
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: docker://yuvipanda/hubploy:20200826083951674280
+        name: Unlock git-crypt Secrets
+        env:
+          GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }}
+        with:
+          entrypoint: /bin/bash
+          args: -c "echo ${GIT_CRYPT_KEY} | base64 -d | git crypt unlock - && git crypt status"
+      - uses: docker://yuvipanda/hubploy:20200826083951674280
+        name: Build & Push AWS Image if Needed
+        with:
+          args: build icesat2 --push

.github/workflows/deploy-aws-hub.yaml

@@ -0,0 +1,67 @@
+name: Deploy AWS Hub
+on:
+  push:
+    branches:
+      - staging
+      #- prod
+    paths:
+      - 'deployments/icesat2/config/**'
+      - 'deployments/icesat2/secrets/**'
+      - 'deployments/icesat2/hubploy.yaml'
+      - 'pangeo-deploy/**'
+      - '.github/workflows/deploy-aws-hub.yaml'
+
+env:
+  HELM_EXECUTABLE: /usr/local/bin/helm3
+
+jobs:
+  deploy_aws:
+    name: Deploy AWS Hub
+    # This job runs on Linux
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: docker://yuvipanda/hubploy:20200826083951674280
+        name: Unlock git-crypt Secrets
+        env:
+          GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }}
+        with:
+          entrypoint: /bin/bash
+          args: -c "echo ${GIT_CRYPT_KEY} | base64 -d | git crypt unlock - && git crypt status"
+      - name: Setup Helm
+        run: |
+          curl https://get.helm.sh/helm-v3.1.2-linux-amd64.tar.gz | tar -xzf -
+          sudo mv linux-amd64/helm $HELM_EXECUTABLE
+          helm3 version
+          helm3 repo add jupyterhub https://jupyterhub.github.io/helm-chart/
+          helm3 repo add dask https://helm.dask.org/
+          helm3 repo add dask-gateway https://dask.org/dask-gateway-helm-repo/
+          helm3 repo add stable https://kubernetes-charts.storage.googleapis.com
+          helm3 repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+          helm3 repo add prometheus-operator https://kubernetes-charts.storage.googleapis.com
+          helm3 repo update
+      - uses: docker://yuvipanda/hubploy:20200826083951674280
+        name: Add Runner IP to EKS Kubernetes API Whitelist
+        with:
+          entrypoint: /bin/bash
+          args: >
+            -c "export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt &&
+            RUNNERIP=`curl --silent https://checkip.amazonaws.com` &&
+            aws --version &&
+            aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${RUNNERIP}/32 > /dev/null &&
+            sleep 120"
+      - uses: docker://yuvipanda/hubploy:20200826083951674280
+        name: Deploy AWS Staging Hub
+        if: github.ref == 'refs/heads/staging'
+        with:
+          args: deploy icesat2 pangeo-deploy staging --timeout 1200s --cleanup-on-fail
+      - uses: docker://yuvipanda/hubploy:20200826083951674280
+        name: Revert to Original EKS IP Whitelist
+        if: always()
+        env:
+          AWS_IP_WHITELIST: ${{ secrets.AWS_IP_WHITELIST }}
+        with:
+          entrypoint: /bin/bash
+          args: >
+            -c "export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt &&
+            aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${AWS_IP_WHITELIST} > /dev/null"