From f931f435796c2c650d7fc70110c02c0054dc2469 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 08:44:10 -0500 Subject: [PATCH 01/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 42 +++++++++-------------------------- 1 file changed, 10 insertions(+), 32 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index e4c5312d51..30c06b46eb 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,5 +1,8 @@ name: Build, push to AWS ECR, and deploy on: + pull_request: + branches: + - main push: branches: - main @@ -56,43 +59,18 @@ jobs: -t $DOCKER_SLUG:${GITHUB_SHA::7} \ -t $DOCKER_SLUG:latest \ -f ci/Dockerfile . + - name: Publish run: | docker push $DOCKER_SLUG:latest && docker push $DOCKER_SLUG:${GITHUB_SHA::7} - - name: Configure credentials to Notify account using OIDC - uses: aws-actions/configure-aws-credentials@master - with: - role-to-assume: arn:aws:iam::239043911459:role/notification-api-apply - role-session-name: NotifyApiGitHubActions - aws-region: "ca-central-1" - - - name: Get Kubernetes configuration - run: | - aws eks --region $AWS_REGION update-kubeconfig --name notification-canada-ca-staging-eks-cluster --kubeconfig $HOME/.kube/config - - name: Update images in staging - run: | - kubectl set image deployment.apps/api api=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-beat celery-beat=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-sms celery-sms=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-primary celery-primary=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-scalable celery-scalable=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-sms-send-primary celery-sms-send-primary=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-sms-send-scalable celery-sms-send-scalable=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-email-send-primary celery-email-send-primary=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - kubectl set image deployment.apps/celery-email-send-scalable celery-email-send-scalable=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config - - - name: Restart deployments in staging + - name: Rollout in Kubernetes run: | - kubectl rollout restart deployment/api -n notification-canada-ca - kubectl rollout restart deployment/celery-beat -n notification-canada-ca - kubectl rollout restart deployment/celery-sms -n notification-canada-ca - kubectl rollout restart deployment/celery-primary -n notification-canada-ca - kubectl rollout restart deployment/celery-scalable -n notification-canada-ca - kubectl rollout restart deployment/celery-sms-send-primary -n notification-canada-ca - kubectl rollout restart deployment/celery-sms-send-scalable -n notification-canada-ca - kubectl rollout restart deployment/celery-email-send-primary -n notification-canada-ca - kubectl rollout restart deployment/celery-email-send-scalable -n notification-canada-ca + curl -L -X POST -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer "${{ secrets.WORKFLOW_GITHUB_PAT }}"" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/api-rollout-k8s-staging.yaml/dispatches \ + -d '{"ref":"deploy-workflow-tuning","inputs":{docker_sha":"${GITHUB_SHA::7}"}}' - name: my-app-install token id: notify-pr-bot From 55ec82583b54d0d6173079b0d35bb7e8bb1f7b47 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 08:44:38 -0500 Subject: [PATCH 02/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 30c06b46eb..ab060c1249 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -29,6 +29,7 @@ jobs: unzip -q awscliv2.zip sudo ./aws/install --update aws --version + - name: Install kubectl run: | curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl From 3c315eb00d2c0efeef000bf4ed72c8a9a15d6ec7 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 08:48:01 -0500 Subject: [PATCH 03/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index ab060c1249..6e5ddf5992 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -29,7 +29,7 @@ jobs: unzip -q awscliv2.zip sudo ./aws/install --update aws --version - + - name: Install kubectl run: | curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl @@ -38,33 +38,6 @@ jobs: kubectl version --client mkdir -p $HOME/.kube - - name: Configure credentials to CDS public ECR using OIDC - uses: aws-actions/configure-aws-credentials@master - with: - role-to-assume: arn:aws:iam::283582579564:role/notification-api-apply - role-session-name: NotifyApiGitHubActions - aws-region: "us-east-1" - - - name: Login to ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 - with: - registry-type: public - - - name: Build - run: | - docker pull $DOCKER_SLUG:latest - docker build \ - --cache-from $DOCKER_SLUG:latest \ - --build-arg GIT_SHA=${GITHUB_SHA::7} \ - -t $DOCKER_SLUG:${GITHUB_SHA::7} \ - -t $DOCKER_SLUG:latest \ - -f ci/Dockerfile . - - - name: Publish - run: | - docker push $DOCKER_SLUG:latest && docker push $DOCKER_SLUG:${GITHUB_SHA::7} - - name: Rollout in Kubernetes run: | curl -L -X POST -H "Accept: application/vnd.github+json" \ From 4f2e97abb21d0ca1be59edfa571d24a6f81c742a Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 08:50:06 -0500 Subject: [PATCH 04/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 6e5ddf5992..33017bba7a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -43,8 +43,8 @@ jobs: curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer "${{ secrets.WORKFLOW_GITHUB_PAT }}"" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/api-rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"deploy-workflow-tuning","inputs":{docker_sha":"${GITHUB_SHA::7}"}}' + https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ + -d '{"ref":"main","inputs":{docker_sha":"${GITHUB_SHA::7}"}}' - name: my-app-install token id: notify-pr-bot From 31df19399cc2623cec572dde02c4665ca7568181 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 08:54:49 -0500 Subject: [PATCH 05/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 33017bba7a..add3234af3 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -44,7 +44,7 @@ jobs: -H "Authorization: Bearer "${{ secrets.WORKFLOW_GITHUB_PAT }}"" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"main","inputs":{docker_sha":"${GITHUB_SHA::7}"}}' + -d '{"ref":"main","inputs":{docker_sha":"aouoeaueaoeu"}}' - name: my-app-install token id: notify-pr-bot From a0a18fcb3aa4033a899617d8b27d553d83f3ca48 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:01:36 -0500 Subject: [PATCH 06/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index add3234af3..9060f05a6b 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -12,6 +12,7 @@ env: DOCKER_ORG: public.ecr.aws/v6b8u5o6 DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api KUBECTL_VERSION: '1.23.6' + WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }} permissions: id-token: write # This is required for requesting the OIDC JWT @@ -41,7 +42,7 @@ jobs: - name: Rollout in Kubernetes run: | curl -L -X POST -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer "${{ secrets.WORKFLOW_GITHUB_PAT }}"" \ + -H "Authorization: Bearer "$WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ -d '{"ref":"main","inputs":{docker_sha":"aouoeaueaoeu"}}' From 4999301114947e52593925176eabff4fef01709d Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:02:22 -0500 Subject: [PATCH 07/23] attempting to remotely launch k8s rollout --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 9060f05a6b..26d5ca3af7 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -42,7 +42,7 @@ jobs: - name: Rollout in Kubernetes run: | curl -L -X POST -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer "$WORKFLOW_PAT" \ + -H "Authorization: Bearer "$WORKFLOW_PAT"" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ -d '{"ref":"main","inputs":{docker_sha":"aouoeaueaoeu"}}' From 96583c5421980d4de5606b3946cd5b713e3fab61 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:38:26 -0500 Subject: [PATCH 08/23] debug --- .github/workflows/docker.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 26d5ca3af7..65458d8d4b 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -41,11 +41,7 @@ jobs: - name: Rollout in Kubernetes run: | - curl -L -X POST -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer "$WORKFLOW_PAT"" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"main","inputs":{docker_sha":"aouoeaueaoeu"}}' + curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $WORKFLOW_PAT" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches -d '{"ref":"main","inputs":{"docker_sha":"aoeueaouaeo"}}' - name: my-app-install token id: notify-pr-bot @@ -66,8 +62,4 @@ jobs: sbom_name: "notification-api" token: "${{ secrets.GITHUB_TOKEN }}" - - name: Notify Slack channel if this job failed - if: ${{ failure() }} - run: | - json="{'text':' CI is failing in !'}" - curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SLACK_WEBHOOK }} + From feda156655948e0a075415a6d333208332bd11c2 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:40:02 -0500 Subject: [PATCH 09/23] debug --- .github/workflows/docker.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 65458d8d4b..4ea40f3bc0 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -41,7 +41,11 @@ jobs: - name: Rollout in Kubernetes run: | - curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $WORKFLOW_PAT" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches -d '{"ref":"main","inputs":{"docker_sha":"aoeueaouaeo"}}' + curl -L -X POST -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $WORKFLOW_PAT" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ + -d '{"ref":"main","inputs":{"docker_sha":"aoeueaouaeo"}}' - name: my-app-install token id: notify-pr-bot From 8ad4c0db183e5feba7d4812abb2cb9e4931cb270 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:43:04 -0500 Subject: [PATCH 10/23] debug --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 4ea40f3bc0..352d6907de 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -45,7 +45,7 @@ jobs: -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"main","inputs":{"docker_sha":"aoeueaouaeo"}}' + -d '{"ref":"main","inputs":{"docker_sha":"${GITHUB_SHA::7}"}}' - name: my-app-install token id: notify-pr-bot From 6f152e6f84d64a0b820295e4f2864bbbc3875d6b Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:45:12 -0500 Subject: [PATCH 11/23] debug --- .github/workflows/docker.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 352d6907de..18b9f3656c 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -13,6 +13,7 @@ env: DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api KUBECTL_VERSION: '1.23.6' WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }} + DOCKER_SHA: ${GITHUB_SHA::7} permissions: id-token: write # This is required for requesting the OIDC JWT @@ -45,7 +46,7 @@ jobs: -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"main","inputs":{"docker_sha":"${GITHUB_SHA::7}"}}' + -d '{"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}}' - name: my-app-install token id: notify-pr-bot From 51c6f13902f5511ccffc4c0d0d2324cbde68e1d8 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:47:28 -0500 Subject: [PATCH 12/23] debug --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 18b9f3656c..98aabe3291 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -46,7 +46,7 @@ jobs: -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}}' + -d "{"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}}" - name: my-app-install token id: notify-pr-bot From f91877d80d76a5bbc58a7c7776fcd167029ab1c2 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 09:49:51 -0500 Subject: [PATCH 13/23] debug --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 98aabe3291..4a139fa581 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -46,7 +46,7 @@ jobs: -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d "{"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}}" + -d '{"ref":"main","inputs":{"docker_sha":"'$DOCKER_SHA"'}}' - name: my-app-install token id: notify-pr-bot From fe4c91d8d28fdebc28bf75f3e5e113ae1342852c Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 10:26:02 -0500 Subject: [PATCH 14/23] debug --- .github/workflows/docker.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 4a139fa581..874fb5af56 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -42,11 +42,12 @@ jobs: - name: Rollout in Kubernetes run: | + PAYLOAD={"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}} curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ - -d '{"ref":"main","inputs":{"docker_sha":"'$DOCKER_SHA"'}}' + -d $PAYLOAD - name: my-app-install token id: notify-pr-bot From e06368b92eadce9ff548181c3cf82e90cc787d5d Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 10:27:21 -0500 Subject: [PATCH 15/23] debug --- .github/workflows/docker.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 874fb5af56..35ddf137bb 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -42,7 +42,8 @@ jobs: - name: Rollout in Kubernetes run: | - PAYLOAD={"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}} + #PAYLOAD={"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}} + echo $DOCKER_SHA curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ From 49a3d230877b880b4361533cc3f686d261e64266 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 10:28:32 -0500 Subject: [PATCH 16/23] debug --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 35ddf137bb..47260e161f 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -13,7 +13,7 @@ env: DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api KUBECTL_VERSION: '1.23.6' WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }} - DOCKER_SHA: ${GITHUB_SHA::7} + DOCKER_SHA: ${{ GITHUB_SHA::7 }} permissions: id-token: write # This is required for requesting the OIDC JWT From e9d7d30c1c1c829753398f26e2796f3f3d8dbe74 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 10:31:50 -0500 Subject: [PATCH 17/23] debug --- .github/workflows/docker.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 47260e161f..bffb3780c5 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -13,7 +13,6 @@ env: DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api KUBECTL_VERSION: '1.23.6' WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }} - DOCKER_SHA: ${{ GITHUB_SHA::7 }} permissions: id-token: write # This is required for requesting the OIDC JWT @@ -42,8 +41,8 @@ jobs: - name: Rollout in Kubernetes run: | - #PAYLOAD={"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}} - echo $DOCKER_SHA + PAYLOAD={"ref":"main","inputs":{"docker_sha":"${GITHUB_SHA::7}"}} + echo ${GITHUB_SHA::7} curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ From 9df2acdac486013a2e5d424a87aab8f96988ef66 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 10:33:59 -0500 Subject: [PATCH 18/23] debug --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index bffb3780c5..6ca6e1c69e 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -41,7 +41,7 @@ jobs: - name: Rollout in Kubernetes run: | - PAYLOAD={"ref":"main","inputs":{"docker_sha":"${GITHUB_SHA::7}"}} + PAYLOAD={\"ref\":\"main\",\"inputs\":{\"docker_sha\":\"${GITHUB_SHA::7}\"}} echo ${GITHUB_SHA::7} curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $WORKFLOW_PAT" \ From 7b83923dffbfa65166ff7f4ceaebcec2f2a3654f Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 10:47:41 -0500 Subject: [PATCH 19/23] Remote call --- .github/workflows/docker.yaml | 40 ++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 6ca6e1c69e..98a4407967 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,8 +1,5 @@ name: Build, push to AWS ECR, and deploy on: - pull_request: - branches: - - main push: branches: - main @@ -31,18 +28,36 @@ jobs: sudo ./aws/install --update aws --version - - name: Install kubectl + - name: Configure credentials to CDS public ECR using OIDC + uses: aws-actions/configure-aws-credentials@master + with: + role-to-assume: arn:aws:iam::283582579564:role/notification-api-apply + role-session-name: NotifyApiGitHubActions + aws-region: "us-east-1" + + - name: Login to ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 + with: + registry-type: public + + - name: Build run: | - curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin/kubectl - kubectl version --client - mkdir -p $HOME/.kube + docker pull $DOCKER_SLUG:latest + docker build \ + --cache-from $DOCKER_SLUG:latest \ + --build-arg GIT_SHA=${GITHUB_SHA::7} \ + -t $DOCKER_SLUG:${GITHUB_SHA::7} \ + -t $DOCKER_SLUG:latest \ + -f ci/Dockerfile . + + - name: Publish + run: | + docker push $DOCKER_SLUG:latest && docker push $DOCKER_SLUG:${GITHUB_SHA::7} - name: Rollout in Kubernetes run: | PAYLOAD={\"ref\":\"main\",\"inputs\":{\"docker_sha\":\"${GITHUB_SHA::7}\"}} - echo ${GITHUB_SHA::7} curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ @@ -68,4 +83,9 @@ jobs: sbom_name: "notification-api" token: "${{ secrets.GITHUB_TOKEN }}" + - name: Notify Slack channel if this job failed + if: ${{ failure() }} + run: | + json="{'text':' CI is failing in !'}" + curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SLACK_WEBHOOK }} From 28b8c1034d22d7c21916defde6e74fce91642197 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 14:02:37 -0500 Subject: [PATCH 20/23] final test --- .github/workflows/docker.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 98a4407967..1afc75f98d 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,5 +1,8 @@ name: Build, push to AWS ECR, and deploy on: + pull_request: + branches: + - main push: branches: - main From 42de35269cae1d709125e5f278fa164adb6cc6f8 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 14:02:54 -0500 Subject: [PATCH 21/23] final test --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 1afc75f98d..42ca16026b 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -64,7 +64,7 @@ jobs: curl -L -X POST -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $WORKFLOW_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \ + https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/api-rollout-k8s-staging.yaml/dispatches \ -d $PAYLOAD - name: my-app-install token From 53fc6deb68e3db6f8d48ca0d7abce8c0144c38bf Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 14:04:20 -0500 Subject: [PATCH 22/23] undoing test --- .github/workflows/docker.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 42ca16026b..73db38ab46 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,8 +1,5 @@ name: Build, push to AWS ECR, and deploy on: - pull_request: - branches: - - main push: branches: - main From 064bd61b0c2b254c407cddbbe8bc2a9b800e6164 Mon Sep 17 00:00:00 2001 From: Ben Larabie Date: Thu, 7 Mar 2024 14:43:42 -0500 Subject: [PATCH 23/23] undoing test --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 73db38ab46..5fa4e2f343 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -34,7 +34,7 @@ jobs: role-to-assume: arn:aws:iam::283582579564:role/notification-api-apply role-session-name: NotifyApiGitHubActions aws-region: "us-east-1" - + - name: Login to ECR id: login-ecr uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1