From 437dba6abfe589ded37b6440cd529469faa206d4 Mon Sep 17 00:00:00 2001 From: Carlo Minotti <50220438+minottic@users.noreply.github.com> Date: Thu, 4 Jan 2024 12:02:54 +0100 Subject: [PATCH] Set up bastion tunnel for scicat services --- .github/workflows/materialised-view.yml | 8 ++ .github/workflows/proposals-sync.yml | 2 + .github/workflows/reusable.build-deploy.yml | 12 ++ .github/workflows/scicat-be-next.yml | 106 +++++++++--------- .github/workflows/scicat-be.yml | 2 + .github/workflows/scicat-fe.yml | 2 + .../workflows/scicat-landing-page-server.yml | 2 + .github/workflows/scicat-oaipmh.yml | 2 + .../workflows/scicat-pan-ontologies-api.yml | 3 +- .github/workflows/scicat-pss.yml | 8 +- .github/workflows/scicat-search-api.yml | 2 + .github/workflows/scicat-to-pss.yml | 2 + proposals/pyproject.toml | 2 +- 13 files changed, 98 insertions(+), 55 deletions(-) diff --git a/.github/workflows/materialised-view.yml b/.github/workflows/materialised-view.yml index d5a540c9..b608c1f0 100644 --- a/.github/workflows/materialised-view.yml +++ b/.github/workflows/materialised-view.yml @@ -29,6 +29,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 + - name: Open ssh tunnel + uses: paulscherrerinstitute/scicat-ci/.github/actions/open-ssh-tunnel@main + with: + bastion_user: '${{ secrets.BASTION_USER }}' + bastion_ssh_key: '${{ secrets.BASTION_SSH_KEY }}' + - name: deploy uses: paulscherrerinstitute/scicat-ci/.github/actions/deploy-helm@main with: @@ -46,3 +52,5 @@ jobs: RELEASE_NAME: materialised-view ENVIRONMENT: '${{ needs.set_env.outputs.environment }}' NAMESPACE_PREFIX: scicat- + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/proposals-sync.yml b/.github/workflows/proposals-sync.yml index 1252b7e4..87f8a8b7 100644 --- a/.github/workflows/proposals-sync.yml +++ b/.github/workflows/proposals-sync.yml @@ -85,3 +85,5 @@ jobs: secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} JSON_SECRETS: ${{ toJSON(secrets) }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/reusable.build-deploy.yml b/.github/workflows/reusable.build-deploy.yml index 1164dd55..d8d2a14b 100644 --- a/.github/workflows/reusable.build-deploy.yml +++ b/.github/workflows/reusable.build-deploy.yml @@ -63,6 +63,12 @@ on: SSH_PRIVATE_KEY: description: ssh key to private submodule required: false + BASTION_USER: + description: ssh bastion user@server + required: true + BASTION_SSH_KEY: + description: bastion ssh key + required: true jobs: @@ -131,6 +137,12 @@ jobs: with: ref: ${{ inputs.commit }} + - name: Open ssh tunnel + uses: paulscherrerinstitute/scicat-ci/.github/actions/open-ssh-tunnel@main + with: + bastion_user: '${{ secrets.BASTION_USER }}' + bastion_ssh_key: '${{ secrets.BASTION_SSH_KEY }}' + - name: Deploy to k8s using helm id: helm-deploy uses: paulscherrerinstitute/scicat-ci/.github/actions/deploy-helm@main diff --git a/.github/workflows/scicat-be-next.yml b/.github/workflows/scicat-be-next.yml index 7d1f5ae5..3bee85aa 100644 --- a/.github/workflows/scicat-be-next.yml +++ b/.github/workflows/scicat-be-next.yml @@ -1,57 +1,59 @@ -name: scicat-be-next +# name: scicat-be-next -on: - workflow_dispatch: - inputs: - submodule_commit: - description: 'Commit of the submodule to deploy' - required: false - commit: - description: 'Commit of the CI repo to deploy' - required: false - pull_request: - branches: [ main ] - push: - branches: [ main ] - release: - types: [ published ] +# on: +# workflow_dispatch: +# inputs: +# submodule_commit: +# description: 'Commit of the submodule to deploy' +# required: false +# commit: +# description: 'Commit of the CI repo to deploy' +# required: false +# pull_request: +# branches: [ main ] +# push: +# branches: [ main ] +# release: +# types: [ published ] -jobs: +# jobs: - set_env: - uses: ./.github/workflows/reusable.environment.yml - with: - commit: ${{ github.event.inputs.commit }} - submodule_commit: ${{ github.event.inputs.submodule_commit }} +# set_env: +# uses: ./.github/workflows/reusable.environment.yml +# with: +# commit: ${{ github.event.inputs.commit }} +# submodule_commit: ${{ github.event.inputs.submodule_commit }} - check_changed: - needs: set_env - uses: ./.github/workflows/reusable.changes.yml - with: - files: | - .github/workflows/scicat-be-next.yml - helm/configs/backend-next/${{ needs.set_env.outputs.environment }}/** - helm/configs/backend-next/values.yaml - scicat-backend-next/** - commit: ${{ needs.set_env.outputs.commit }} - submodule_commit: ${{ github.event.inputs.submodule_commit }} - submodule: scicat-backend-next +# check_changed: +# needs: set_env +# uses: ./.github/workflows/reusable.changes.yml +# with: +# files: | +# .github/workflows/scicat-be-next.yml +# helm/configs/backend-next/${{ needs.set_env.outputs.environment }}/** +# helm/configs/backend-next/values.yaml +# scicat-backend-next/** +# commit: ${{ needs.set_env.outputs.commit }} +# submodule_commit: ${{ github.event.inputs.submodule_commit }} +# submodule: scicat-backend-next - build_deploy_scicat_backend_next: - if: (needs.check_changed.outputs.changed == 'true' && !needs.set_env.outputs.component) || needs.set_env.outputs.component == 'bn' - needs: - - check_changed - - set_env - uses: ./.github/workflows/reusable.build-deploy.yml - with: - context: scicat-backend-next/. - image_name: ${{ github.repository }}/backend-next - release_name: backend-next - tag: ${{ needs.set_env.outputs.tag }} - environment: ${{ needs.set_env.outputs.environment }} - commit: ${{ needs.set_env.outputs.commit }} - submodule_commit: ${{ github.event.inputs.submodule_commit }} - submodule: scicat-backend-next - secrets: - KUBECONFIG: ${{ secrets.KUBECONFIG }} - JSON_SECRETS: ${{ toJSON(secrets) }} +# build_deploy_scicat_backend_next: +# if: (needs.check_changed.outputs.changed == 'true' && !needs.set_env.outputs.component) || needs.set_env.outputs.component == 'bn' +# needs: +# - check_changed +# - set_env +# uses: ./.github/workflows/reusable.build-deploy.yml +# with: +# context: scicat-backend-next/. +# image_name: ${{ github.repository }}/backend-next +# release_name: backend-next +# tag: ${{ needs.set_env.outputs.tag }} +# environment: ${{ needs.set_env.outputs.environment }} +# commit: ${{ needs.set_env.outputs.commit }} +# submodule_commit: ${{ github.event.inputs.submodule_commit }} +# submodule: scicat-backend-next +# secrets: +# KUBECONFIG: ${{ secrets.KUBECONFIG }} +# JSON_SECRETS: ${{ toJSON(secrets) }} +# BASTION_USER: ${{ secrets.BASTION_USER }} +# BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-be.yml b/.github/workflows/scicat-be.yml index 51f95723..236d7d2c 100644 --- a/.github/workflows/scicat-be.yml +++ b/.github/workflows/scicat-be.yml @@ -66,3 +66,5 @@ jobs: secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} JSON_SECRETS: ${{ toJSON(secrets) }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-fe.yml b/.github/workflows/scicat-fe.yml index 95d06935..bbea19bc 100644 --- a/.github/workflows/scicat-fe.yml +++ b/.github/workflows/scicat-fe.yml @@ -58,3 +58,5 @@ jobs: ENVIRONMENT=helm/configs/frontend/${{ needs.set_env.outputs.environment }}/config.json secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-landing-page-server.yml b/.github/workflows/scicat-landing-page-server.yml index 03499b1d..a9de71a0 100644 --- a/.github/workflows/scicat-landing-page-server.yml +++ b/.github/workflows/scicat-landing-page-server.yml @@ -58,3 +58,5 @@ jobs: secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} JSON_SECRETS: ${{ toJSON(secrets) }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-oaipmh.yml b/.github/workflows/scicat-oaipmh.yml index f1cebab7..8321e82c 100644 --- a/.github/workflows/scicat-oaipmh.yml +++ b/.github/workflows/scicat-oaipmh.yml @@ -55,3 +55,5 @@ jobs: secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} JSON_SECRETS: ${{ toJSON(secrets) }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-pan-ontologies-api.yml b/.github/workflows/scicat-pan-ontologies-api.yml index 19ccc0ff..6748f5a6 100644 --- a/.github/workflows/scicat-pan-ontologies-api.yml +++ b/.github/workflows/scicat-pan-ontologies-api.yml @@ -54,4 +54,5 @@ jobs: submodule: pan-ontologies-api secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} - + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-pss.yml b/.github/workflows/scicat-pss.yml index ed21cd85..106523a1 100644 --- a/.github/workflows/scicat-pss.yml +++ b/.github/workflows/scicat-pss.yml @@ -34,12 +34,18 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 + - name: Open ssh tunnel + uses: paulscherrerinstitute/scicat-ci/.github/actions/open-ssh-tunnel@main + with: + bastion_user: '${{ secrets.BASTION_USER }}' + bastion_ssh_key: '${{ secrets.BASTION_SSH_KEY }}' + - name: deploy uses: paulscherrerinstitute/scicat-ci/.github/actions/deploy-helm@main with: release: '${{ env.RELEASE_NAME }}' namespace: '${{ env.NAMESPACE_PREFIX }}${{ env.ENVIRONMENT }}' - chart: '${{ env.RELEASE_NAME }}' + chart: helm/charts/generic_service values: "db=${{ env.RELEASE_NAME }}-${{ env.ENVIRONMENT }}" value-files: helm/configs/${{ env.RELEASE_NAME }}/values.yaml secrets: ${{ toJSON(secrets) }} diff --git a/.github/workflows/scicat-search-api.yml b/.github/workflows/scicat-search-api.yml index 67e0cc89..64a414b7 100644 --- a/.github/workflows/scicat-search-api.yml +++ b/.github/workflows/scicat-search-api.yml @@ -57,3 +57,5 @@ jobs: COMPONENT_CONFIG=helm/configs/search-api/component-config.json secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/.github/workflows/scicat-to-pss.yml b/.github/workflows/scicat-to-pss.yml index 27e1564c..6c7a12ee 100644 --- a/.github/workflows/scicat-to-pss.yml +++ b/.github/workflows/scicat-to-pss.yml @@ -47,3 +47,5 @@ jobs: commit: ${{ needs.set_env.outputs.commit }} secrets: KUBECONFIG: ${{ secrets.KUBECONFIG }} + BASTION_USER: ${{ secrets.BASTION_USER }} + BASTION_SSH_KEY: ${{ secrets.BASTION_SSH_KEY }} diff --git a/proposals/pyproject.toml b/proposals/pyproject.toml index 66fad395..27eb7d75 100644 --- a/proposals/pyproject.toml +++ b/proposals/pyproject.toml @@ -2,7 +2,7 @@ name = "proposals" version = "0.1.0" description = "A microservice for syncing proposals from duo to scicat" -authors = ["stephan.egli@psi.ch", "carlo.minotti@psi.ch", "krisztian.pozsa@psi.ch"] +authors = ["AWI-7903 "] [tool.poetry.dependencies] python = "^3.8"