diff --git a/.github/workflows/build_deploy_staging.yml b/.github/workflows/build_deploy_staging.yml index b854ce820..cd908ffea 100644 --- a/.github/workflows/build_deploy_staging.yml +++ b/.github/workflows/build_deploy_staging.yml @@ -26,180 +26,180 @@ jobs: - uses: actions/checkout@v2 - - name: Check if there are gem updates - id: gem-updates-check - uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3 - with: - files: | - Gemfile - Gemfile.lock + # - name: Check if there are gem updates + # id: gem-updates-check + # uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3 + # with: + # files: | + # Gemfile + # Gemfile.lock - - name: Login to container registry - env: - PASSWORD: ${{ secrets.GHCR }} - run: | - echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin + # - name: Login to container registry + # env: + # PASSWORD: ${{ secrets.GHCR }} + # run: | + # echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin - - name: No changes in gems - # feature branch has no changes in gems - if: steps.gem-updates-check.outputs.any_changed == 'false' - run: | - echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV + # - name: No changes in gems + # # feature branch has no changes in gems + # if: steps.gem-updates-check.outputs.any_changed == 'false' + # run: | + # echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV - - name: Gems are changed - # feature branch has new/updated gems - if: steps.gem-updates-check.outputs.any_changed == 'true' - run: | - echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV + # - name: Gems are changed + # # feature branch has new/updated gems + # if: steps.gem-updates-check.outputs.any_changed == 'true' + # run: | + # echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV - - name: Set image tag - run: | - SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state - echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV - echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV - echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV + # - name: Set image tag + # run: | + # SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state + # echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV + # echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV + # echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV - - name: Get pull request reference number - run: | - echo "$GITHUB_REF" - echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV - echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') + # - name: Get pull request reference number + # run: | + # echo "$GITHUB_REF" + # echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV + # echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') - - name: Set EPP port - run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV + # - name: Set EPP port + # run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV - - name: Set config files for build - env: - ST_APP: ${{ secrets.ST_APPLICATION_YML}} - run: | - mkdir log - echo $ST_APP | base64 -di > config/application.yml - cp config/database.yml.sample config/database.yml - ls -l config/ + # - name: Set config files for build + # env: + # ST_APP: ${{ secrets.ST_APPLICATION_YML}} + # run: | + # mkdir log + # echo $ST_APP | base64 -di > config/application.yml + # cp config/database.yml.sample config/database.yml + # ls -l config/ - - name: Build registry image - env: - KEY_BASE: ${{ secrets.KEY_BASE}} - run: | - docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE . + # - name: Build registry image + # env: + # KEY_BASE: ${{ secrets.KEY_BASE}} + # run: | + # docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE . - - name: Clone epp_proxy project - run: | - git clone https://github.com/internetee/epp_proxy.git + # - name: Clone epp_proxy project + # run: | + # git clone https://github.com/internetee/epp_proxy.git - - name: Configurate proxy build - run: | - cd epp_proxy/ - sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release - echo "EXPOSE 700" >> Dockerfile.release - cd config/ - sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config - sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config - sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config - sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config - sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config - sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config - sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config - sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config + # - name: Configurate proxy build + # run: | + # cd epp_proxy/ + # sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release + # echo "EXPOSE 700" >> Dockerfile.release + # cd config/ + # sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config + # sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config + # sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config + # sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config + # sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config + # sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config + # sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config + # sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config - - name: Build proxy image - run: | - cd epp_proxy - docker build -t $PROXY_TAG -f Dockerfile.release . + # - name: Build proxy image + # run: | + # cd epp_proxy + # docker build -t $PROXY_TAG -f Dockerfile.release . - - name: Push Docker image to gh container registry - run: | - docker push $TAG - docker push $PROXY_TAG + # - name: Push Docker image to gh container registry + # run: | + # docker push $TAG + # docker push $PROXY_TAG - - name: Get repo name - run: | - OIFS=$IFS - IFS='/' - read -a parts <<< "$GITHUB_REPOSITORY" - IFS=OIFS - echo "REPO=${parts[1]}" >> $GITHUB_ENV + # - name: Get repo name + # run: | + # OIFS=$IFS + # IFS='/' + # read -a parts <<< "$GITHUB_REPOSITORY" + # IFS=OIFS + # echo "REPO=${parts[1]}" >> $GITHUB_ENV - - name: Set deploy config - env: - OVPN: ${{ secrets.OVPN }} - VPN_PWD: ${{ secrets.VPN_PWD }} - P12: ${{ secrets.P12 }} - K_CONFIG: ${{ secrets.KUBE_CONFIG }} - SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} - EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }} - run: | - echo $VPN_PWD | base64 -di > client.pwd - chmod 0600 client.pwd - echo $OVPN | base64 -di > config.ovpn - echo $P12 | base64 -di > cert.p12 - mkdir -p ~/.ssh - echo $SSH_KEY | base64 -di > ~/.ssh/key - chmod 0600 ~/.ssh/key - mkdir -p $REPO/$PR_REF - cd $REPO/$PR_REF - echo "$SHORT_SHA" > TAG - echo $K_CONFIG | base64 -di > kubeconfig - chmod 0600 kubeconfig + # - name: Set deploy config + # env: + # OVPN: ${{ secrets.OVPN }} + # VPN_PWD: ${{ secrets.VPN_PWD }} + # P12: ${{ secrets.P12 }} + # K_CONFIG: ${{ secrets.KUBE_CONFIG }} + # SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} + # EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }} + # run: | + # echo $VPN_PWD | base64 -di > client.pwd + # chmod 0600 client.pwd + # echo $OVPN | base64 -di > config.ovpn + # echo $P12 | base64 -di > cert.p12 + # mkdir -p ~/.ssh + # echo $SSH_KEY | base64 -di > ~/.ssh/key + # chmod 0600 ~/.ssh/key + # mkdir -p $REPO/$PR_REF + # cd $REPO/$PR_REF + # echo "$SHORT_SHA" > TAG + # echo $K_CONFIG | base64 -di > kubeconfig + # chmod 0600 kubeconfig - - name: Install Open VPN - run: | - sudo apt-get update - sudo apt-get install openvpn + # # - name: Install Open VPN + # run: | + # sudo apt-get update + # sudo apt-get install openvpn - - name: Deploy from remote server - timeout-minutes: 5 - env: - TOKEN: ${{ secrets.CLOUD_TOKEN }} - run: | - sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& - sleep 15 - ping -c 1 192.168.99.12 - eval `ssh-agent` - touch ~/.ssh/known_hosts - ssh-add ~/.ssh/key - ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts - rsync -av "$REPO" runner@192.168.99.12:/home/runner/ - ssh -T runner@192.168.99.12 << EOSSH - bash - cd "$REPO"/"$PR_REF" - export KUBECONFIG=./kubeconfig - helm repo add eisrepo https://internetee.github.io/helm-charts/ - helm repo update - helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin - helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp - helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api - TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add - rm kubeconfig - echo "Setting up URLs" - echo "server obs.tld.ee - zone pilv.tld.ee - update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. - update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. - update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. - send - " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key - if [ "$?" -eq "0" ]; then - echo "CNAME updates were successful" - else - echo "CNAME updates failed" - fi - EOSSH + # - name: Deploy from remote server + # timeout-minutes: 5 + # env: + # TOKEN: ${{ secrets.CLOUD_TOKEN }} + # run: | + # sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& + # sleep 15 + # ping -c 1 192.168.99.12 + # eval `ssh-agent` + # touch ~/.ssh/known_hosts + # ssh-add ~/.ssh/key + # ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts + # rsync -av "$REPO" runner@192.168.99.12:/home/runner/ + # ssh -T runner@192.168.99.12 << EOSSH + # bash + # cd "$REPO"/"$PR_REF" + # export KUBECONFIG=./kubeconfig + # helm repo add eisrepo https://internetee.github.io/helm-charts/ + # helm repo update + # helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin + # helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp + # helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api + # TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add + # rm kubeconfig + # echo "Setting up URLs" + # echo "server obs.tld.ee + # zone pilv.tld.ee + # update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. + # update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. + # update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. + # send + # " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key + # if [ "$?" -eq "0" ]; then + # echo "CNAME updates were successful" + # else + # echo "CNAME updates failed" + # fi + # EOSSH - - name: Notify developers - timeout-minutes: 1 - env: - NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} - run: | - curl -i -X POST --data-urlencode 'payload={ - "text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n - |Service | :net: | - |:------------|:---------------------------------------:| - | **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee | - | **repp** | https://repp-'$PR_REF'.pilv.tld.ee | - | **API** | https://reg-api-'$PR_REF'.pilv.tld.ee | - | **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' | + # - name: Notify developers + # timeout-minutes: 1 + # env: + # NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} + # run: | + # curl -i -X POST --data-urlencode 'payload={ + # "text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n + # |Service | :net: | + # |:------------|:---------------------------------------:| + # | **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee | + # | **repp** | https://repp-'$PR_REF'.pilv.tld.ee | + # | **API** | https://reg-api-'$PR_REF'.pilv.tld.ee | + # | **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' | - Please note that the API is only accessible from Riigipilv. - " - }' $NOTIFICATION_URL + # Please note that the API is only accessible from Riigipilv. + # " + # }' $NOTIFICATION_URL