-
Notifications
You must be signed in to change notification settings - Fork 20
225 lines (220 loc) · 10.1 KB
/
site_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
# This workflow will deploy the VCell full application (server +- client) to alpha or release
name: CD-sites
# Controls when the workflow will run
on:
workflow_dispatch:
inputs:
vcell_version:
description: 'version.major.minor'
required: true
default: '7.5.0'
vcell_build:
description: 'build number'
required: true
default: '23'
vcell_site:
description: 'rel or alpha'
required: true
default: 'alpha'
server_only:
description: 'Deploy only the server components?'
required: true
default: 'false'
jobs:
build:
name: Build client installers
runs-on: ubuntu-20.04
steps:
- name: checkout tag
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build }}
- name: setup global environment variables
run: |
echo "VCELL_VERSION=${{ github.event.inputs.vcell_version }}" >> $GITHUB_ENV
echo "VCELL_BUILD=${{ github.event.inputs.vcell_build }}" >> $GITHUB_ENV
echo "VCELL_SITE=${{ github.event.inputs.vcell_site }}" >> $GITHUB_ENV
echo "VCELL_TAG=`git rev-parse --short HEAD`" >> $GITHUB_ENV
echo "VCELL_REPO_NAMESPACE=ghcr.io/virtualcell" >> $GITHUB_ENV
echo "VCELL_DEPLOY_REMOTE_DIR=/share/apps/vcell3/deployed_github" >> $GITHUB_ENV
if [ "${{ github.event.inputs.vcell_site }}" == "rel" ]; then\
echo "VCELL_MANAGER_NODE=vcellapi.cam.uchc.edu" >> $GITHUB_ENV;\
echo "VCELL_INSTALLER_REMOTE_DIR="/share/apps/vcell3/apache_webroot/htdocs/webstart/Rel"" >> $GITHUB_ENV;\
else if [ "${{ github.event.inputs.vcell_site }}" == "alpha" ]; then\
echo "VCELL_MANAGER_NODE=vcellapi-beta.cam.uchc.edu" >> $GITHUB_ENV;\
echo "VCELL_INSTALLER_REMOTE_DIR="/share/apps/vcell3/apache_webroot/htdocs/webstart/Alpha"" >> $GITHUB_ENV;\
else if [ "${{ github.event.inputs.vcell_site }}" == "test" ]; then\
echo "VCELL_MANAGER_NODE=vcellapi-test.cam.uchc.edu" >> $GITHUB_ENV;\
echo "VCELL_INSTALLER_REMOTE_DIR="/share/apps/vcell3/apache_webroot/htdocs/webstart/Test"" >> $GITHUB_ENV;\
else echo "Unknown site name ${{ github.event.inputs.vcell_site }}"; exit 1; fi; fi; fi
- name: setup ssh-agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.VC_KEY }}
- name: get installer secrets
run: |
ssh-keyscan $VCELL_MANAGER_NODE >> ~/.ssh/known_hosts
sudo mkdir /usr/local/deploy
sudo chmod 777 /usr/local/deploy
cd /usr/local/deploy
scp ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/deploy_dir_2023_07_30.tar .
cd ..
sudo tar -xvf deploy/deploy_dir_2023_07_30.tar
sudo chmod 777 -R deploy
- name: setup config
run: |
cd docker/swarm
export VCELL_CONFIG_FILE_NAME="server_${VCELL_SITE}_${VCELL_VERSION}_${VCELL_BUILD}_${VCELL_TAG}.config"
echo "VCELL_CONFIG_FILE_NAME=$VCELL_CONFIG_FILE_NAME" >> $GITHUB_ENV
echo "| $VCELL_SITE | $VCELL_REPO_NAMESPACE | $VCELL_TAG | $VCELL_VERSION | $VCELL_BUILD | $VCELL_CONFIG_FILE_NAME |"
./serverconfig-uch.sh $VCELL_SITE $VCELL_REPO_NAMESPACE $VCELL_TAG $VCELL_VERSION $VCELL_BUILD $VCELL_CONFIG_FILE_NAME
env | grep VCELL > variables
- name: send home config file and variables
run: |
scp docker/build/admin/vcell-su.sh ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/config
scp docker/swarm/$VCELL_CONFIG_FILE_NAME ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}
scp docker/swarm/variables ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/variables_$VCELL_TAG
- name: upload variables
uses: actions/upload-artifact@v3
with:
name: variables
path: docker/swarm/variables
retention-days: 1
- name: build client installers
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
cd docker/swarm
sudo docker login -u ${{ secrets.ACTION_USER }} -p ${{ secrets.ACTION_TOKEN }} ghcr.io
sudo docker pull $VCELL_REPO_NAMESPACE/vcell-clientgen:$VCELL_TAG
./generate_installers.sh ./${VCELL_CONFIG_FILE_NAME}
- name: upload generated installers
if: ${{ github.event.inputs.server_only != 'true' }}
uses: actions/upload-artifact@v3
with:
name: installers
path: docker/swarm/generated_installers
retention-days: 1
- name: Setup tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
notarize:
name: Notarize the MacOS client
runs-on: macos-latest
needs: build
steps:
- name: download generated installers
if: ${{ github.event.inputs.server_only != 'true' }}
uses: actions/download-artifact@v2
- name: notarize mac installer
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
set -x
set +e
cd installers
export MAC_INSTALLER=`ls *dmg`
xcrun notarytool submit --output-format normal --no-progress --no-wait --team-id "${{ secrets.MACTEAMID }}" --apple-id "${{ secrets.MACID }}" --password "${{ secrets.MACPW }}" $MAC_INSTALLER > submit_output
echo "output returned by notarytool submit:"
cat submit_output
cat submit_output | grep "id:" | cut -d ':' -f2 > UUID
for minutes in {1..5}
do
sleep 60
xcrun notarytool info --output-format normal --no-progress --team-id "${{ secrets.MACTEAMID }}" --apple-id "${{ secrets.MACID }}" --password "${{ secrets.MACPW }}" `cat UUID` > info_output
echo "output returned by notarytool info:"
cat info_output
grep -q Accepted info_output
if [[ $? == 0 ]]; then
echo "notarized succesfully"
break
else
echo "wait another minute and check again"
fi
done
grep -q Accepted info_output
if [[ $? == 0 ]]; then
xcrun stapler staple $MAC_INSTALLER
else
echo "notarization did not succeed in 5 minutes, giving up"
exit 1
fi
- name: update generated installers
if: ${{ github.event.inputs.server_only != 'true' }}
uses: actions/upload-artifact@v3
with:
name: installers
path: installers
retention-days: 1
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ failure() }}
deploy:
name: Deploy to site
runs-on: ubuntu-20.04
needs: notarize
steps:
- name: checkout tag
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build }}
- name: retrieve installers and variables
uses: actions/download-artifact@v2
- name: setenv
run: |
for line in $(cat variables/variables); do echo $line >> $GITHUB_ENV; done
- name: stage installers
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
cd installers
mkdir ../docker/swarm/generated_installers
mv * ../docker/swarm/generated_installers
- name: setup ssh-agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.VC_KEY }}
- name: retrieve config file
run: |
set -ux
ssh-keyscan $VCELL_MANAGER_NODE >> ~/.ssh/known_hosts
cd docker/swarm
scp ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/${VCELL_CONFIG_FILE_NAME} .
- name: install singularity
uses: eWaterCycle/setup-singularity@v6
with:
singularity-version: 3.7.1
- name: retrieve batch and opt singularity images
run: |
set -ux
cd docker/swarm
export BATCH_SINGULARITY_FILENAME=`cat $VCELL_CONFIG_FILE_NAME | grep VCELL_BATCH_SINGULARITY_FILENAME | cut -d"=" -f2`
export OPT_SINGULARITY_FILENAME=`cat $VCELL_CONFIG_FILE_NAME | grep VCELL_OPT_SINGULARITY_FILENAME | cut -d"=" -f2`
cd ../build/singularity-vm
singularity remote login -u ${{ secrets.ACTION_USER }} -p ${{ secrets.ACTION_TOKEN }} oras://ghcr.io
singularity pull $BATCH_SINGULARITY_FILENAME oras://${VCELL_REPO_NAMESPACE}/vcell-batch-singularity:${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build }}
singularity pull $OPT_SINGULARITY_FILENAME oras://${VCELL_REPO_NAMESPACE}/vcell-opt-singularity:${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build }}
- name: deploy to site
run: |
set -ux
cd docker/swarm
ssh -t ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE} sudo docker login -u ${{ secrets.ACTION_USER }} -p ${{ secrets.ACTION_TOKEN }} ghcr.io
if ${{ github.event.inputs.server_only != 'true' }}; then
./deploy-action.sh \
--ssh-user ${{ secrets.CD_FULL_USER }} --install-singularity --build-installers --installer-deploy-dir $VCELL_INSTALLER_REMOTE_DIR \
${VCELL_MANAGER_NODE} \
./${VCELL_CONFIG_FILE_NAME} ${VCELL_DEPLOY_REMOTE_DIR}/config/${VCELL_CONFIG_FILE_NAME} \
./docker-compose.yml ${VCELL_DEPLOY_REMOTE_DIR}/config/docker-compose_${VCELL_TAG}.yml \
vcell${VCELL_SITE}
export VCELL_SITE_CAMEL=`cat $VCELL_CONFIG_FILE_NAME | grep VCELL_SITE_CAMEL | cut -d"=" -f2`
ssh ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE} \
installer_deploy_dir=$VCELL_INSTALLER_REMOTE_DIR vcell_siteCamel=$VCELL_SITE_CAMEL vcell_version=$VCELL_VERSION vcell_build=$VCELL_BUILD \
'bash -s' < link-installers.sh
else
./deploy-action.sh \
--ssh-user ${{ secrets.CD_FULL_USER }} --install-singularity \
${VCELL_MANAGER_NODE} \
./${VCELL_CONFIG_FILE_NAME} ${VCELL_DEPLOY_REMOTE_DIR}/config/${VCELL_CONFIG_FILE_NAME} \
./docker-compose.yml ${VCELL_DEPLOY_REMOTE_DIR}/config/docker-compose_${VCELL_TAG}.yml \
vcell${VCELL_SITE}
fi
- name: Setup tmate session 3
uses: mxschmitt/action-tmate@v3
if: ${{ failure() }}