Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

K8s rollout workflow #2134

Merged
merged 27 commits into from
Mar 7, 2024
Merged
Changes from 25 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 11 additions & 40 deletions .github/workflows/docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ env:
DOCKER_ORG: public.ecr.aws/v6b8u5o6
DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api
KUBECTL_VERSION: '1.23.6'
WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }}

permissions:
id-token: write # This is required for requesting the OIDC JWT
Expand All @@ -26,21 +27,14 @@ jobs:
unzip -q awscliv2.zip
sudo ./aws/install --update
aws --version
- name: Install kubectl
run: |
curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl version --client
mkdir -p $HOME/.kube

- name: Configure credentials to CDS public ECR using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::283582579564:role/notification-api-apply
role-session-name: NotifyApiGitHubActions
aws-region: "us-east-1"

ben851 marked this conversation as resolved.
Show resolved Hide resolved
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
Expand All @@ -56,43 +50,19 @@ jobs:
-t $DOCKER_SLUG:${GITHUB_SHA::7} \
-t $DOCKER_SLUG:latest \
-f ci/Dockerfile .

- name: Publish
run: |
docker push $DOCKER_SLUG:latest && docker push $DOCKER_SLUG:${GITHUB_SHA::7}

- name: Configure credentials to Notify account using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::239043911459:role/notification-api-apply
role-session-name: NotifyApiGitHubActions
aws-region: "ca-central-1"

- name: Get Kubernetes configuration
run: |
aws eks --region $AWS_REGION update-kubeconfig --name notification-canada-ca-staging-eks-cluster --kubeconfig $HOME/.kube/config
- name: Update images in staging
- name: Rollout in Kubernetes
run: |
kubectl set image deployment.apps/api api=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-beat celery-beat=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-sms celery-sms=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-primary celery-primary=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-scalable celery-scalable=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-sms-send-primary celery-sms-send-primary=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-sms-send-scalable celery-sms-send-scalable=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-email-send-primary celery-email-send-primary=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config
kubectl set image deployment.apps/celery-email-send-scalable celery-email-send-scalable=$DOCKER_SLUG:${GITHUB_SHA::7} -n=notification-canada-ca --kubeconfig=$HOME/.kube/config

- name: Restart deployments in staging
run: |
kubectl rollout restart deployment/api -n notification-canada-ca
kubectl rollout restart deployment/celery-beat -n notification-canada-ca
kubectl rollout restart deployment/celery-sms -n notification-canada-ca
kubectl rollout restart deployment/celery-primary -n notification-canada-ca
kubectl rollout restart deployment/celery-scalable -n notification-canada-ca
kubectl rollout restart deployment/celery-sms-send-primary -n notification-canada-ca
kubectl rollout restart deployment/celery-sms-send-scalable -n notification-canada-ca
kubectl rollout restart deployment/celery-email-send-primary -n notification-canada-ca
kubectl rollout restart deployment/celery-email-send-scalable -n notification-canada-ca
PAYLOAD={\"ref\":\"main\",\"inputs\":{\"docker_sha\":\"${GITHUB_SHA::7}\"}}
curl -L -X POST -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $WORKFLOW_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/api-rollout-k8s-staging.yaml/dispatches \
-d $PAYLOAD

- name: my-app-install token
id: notify-pr-bot
Expand All @@ -118,3 +88,4 @@ jobs:
run: |
json="{'text':'<!here> CI is failing in <https://github.com/cds-snc/notification-api/actions/runs/${GITHUB_RUN_ID}|notification-api> !'}"
curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SLACK_WEBHOOK }}

Loading