-
Notifications
You must be signed in to change notification settings - Fork 1
159 lines (148 loc) · 5.47 KB
/
deployment-gcp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Lifelike GCP deployment
on:
workflow_call:
inputs:
environment_name:
description: Environment nme (prod, staging, qa or demo)
required: true
type: string
client_config:
description: Client Runtime configuration preset
required: true
default: production
type: string
container_registry:
description: Container registry name
required: false
default: ***ARANGO_DB_NAME***.azurecr.io
type: string
cloud_sql_instance_name:
description: Google Cloud SQL instance name
required: true
type: string
cloud_sql_force_backup:
description: Backup before deploying even if no migrations need to be run
required: false
default: false
type: boolean
secrets:
CONTAINER_REGISTRY_USERNAME:
required: true
CONTAINER_REGISTRY_PASSWORD:
required: true
VAULT_PASSWORD:
required: true
SSH_KEY:
required: true
GCP_CREDENTIALS:
required: true
INFRA_PAT:
required: true
jobs:
# -------------------------------------------------------------
# JOB: Build Docker images
# -------------------------------------------------------------
build:
name: Build
runs-on: ubuntu-latest
strategy:
matrix:
include:
- image: kg-webserver
path: ./client
build_extra_args: --build-arg ANGULAR_CONFIG=${{ inputs.client_config }} --build-arg CLIENT_VERSION=${{ github.sha }}
- image: kg-appserver
path: ./appserver
- image: kg-cache-service
path: ./cache-invalidator
- image: kg-statistical-enrichment
path: ./statistical-enrichment
- image: filebeat
path: ./filebeat
- image: metricbeat
path: ./metricbeat
steps:
- uses: actions/checkout@v3
- name: Build and push ${{ matrix.image }} image
uses: whoan/docker-build-with-cache-action@v5
with:
context: ${{ matrix.path }}
image_name: ${{ matrix.image }}
image_tag: ${{ github.sha }},${{ inputs.environment_name }},latest
build_extra_args: ${{ matrix.build_extra_args }}
registry: ${{ inputs.container_registry }}
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
dockerfile: ./Dockerfile
# ---------------------------------------------
# JOB: Backup DB
# ---------------------------------------------
cloud-sql-backup:
name: Backup Cloud SQL instance
needs: build
outputs:
backup_id: ${{ steps.backup.outputs.backup_id }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Create a new Clod SQL instance backup
id: backup
uses: ./.github/actions/cloud-sql-backup
with:
gcp_credentials: "${{ secrets.GCP_CREDENTIALS }}"
cloud_sql_instance_name: "${{ inputs.cloud_sql_instance_name }}"
backup_description: "Automated backup from GitHub workflow. Run ID: ${{ github.run_id }}"
# -------------------------------------------------------------
# JOB: Deploy to GCP environment using Ansible playbook
# pointed by the Git submodule: /deployment
# -------------------------------------------------------------
deploy:
name: Deploy
needs:
- build
- cloud-sql-backup
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
token: ${{ secrets.INFRA_PAT }}
submodules: recursive
- name: Set git metadata
id: git-meta
run: |
echo ::set-output name=commit_timestamp::$(git log -1 --format=%cI)
echo ::set-output name=build_number::$(git rev-list --count HEAD)
echo ::set-output name=build_version::$(echo "${GITHUB_REF#refs/*/}")
- name: Authenticate to GCP
id: auth
uses: google-github-actions/auth@v0
with:
credentials_json: "${{ secrets.GCP_CREDENTIALS }}"
- uses: google-github-actions/setup-gcloud@v0
- name: Get Cloud SQL instance private IP address
id: database-host
run: |
echo ::set-output name=ip_address::$( \
gcloud sql instances describe --format=json \
${{ inputs.cloud_sql_instance_name }} \
| jq -r '.ipAddresses[] | select(.type == "PRIVATE").ipAddress')
- name: Run Ansible deployment action
uses: ./.github/actions/ansible
with:
workspace_dir: deployment/ansible
playbook_file_path: playbooks/deploy-gcloud.yml
inventory_file_path: inventories/hosts.yml
vault_password: ${{ secrets.VAULT_PASSWORD }}
ssh_key: ${{ secrets.SSH_KEY }}
options: |
--extra-vars environment_name=${{ inputs.environment_name }}
--extra-vars client_config=${{ inputs.client_config }}
--extra-vars docker_img_hash=${{ github.sha }}
--extra-vars git_timestamp=${{ steps.git-meta.outputs.commit_timestamp }}
--extra-vars app_build_number=${{ steps.git-meta.outputs.build_number }}
--extra-vars app_version=${{ steps.git-meta.outputs.build_version }}
--extra-vars github_run_id=${{ github.run_id }}
--extra-vars postgres_host=${{ steps.database-host.outputs.ip_address }}
--user ansible
--verbose