zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-08-11 20:19:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

comment out riigipil delivery

Browse source
This commit is contained in:
olegphenomenon 2023-02-09 16:12:58 +02:00
parent 162647acba
commit 913a404d55
1 changed files with 159 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

318
.github/workflows/build_deploy_staging.yml vendored
View file

@ -26,180 +26,180 @@ jobs:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Check if there are gem updates # - name: Check if there are gem updates
id: gem-updates-check # id: gem-updates-check
uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3 # uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3
with: # with:
files: | # files: |
Gemfile # Gemfile
Gemfile.lock # Gemfile.lock
- name: Login to container registry # - name: Login to container registry
env: # env:
PASSWORD: ${{ secrets.GHCR }} # PASSWORD: ${{ secrets.GHCR }}
run: | # run: |
echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin # echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin
- name: No changes in gems # - name: No changes in gems
# feature branch has no changes in gems # # feature branch has no changes in gems
if: steps.gem-updates-check.outputs.any_changed == 'false' # if: steps.gem-updates-check.outputs.any_changed == 'false'
run: | # run: |
echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV # echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV
- name: Gems are changed # - name: Gems are changed
# feature branch has new/updated gems # # feature branch has new/updated gems
if: steps.gem-updates-check.outputs.any_changed == 'true' # if: steps.gem-updates-check.outputs.any_changed == 'true'
run: | # run: |
echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV # echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV
- name: Set image tag # - name: Set image tag
run: | # run: |
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state # SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state
echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV # echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV
echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV # echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV
echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV # echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV
- name: Get pull request reference number # - name: Get pull request reference number
run: | # run: |
echo "$GITHUB_REF" # echo "$GITHUB_REF"
echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV # echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV
echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') # echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')
- name: Set EPP port # - name: Set EPP port
run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV # run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV
- name: Set config files for build # - name: Set config files for build
env: # env:
ST_APP: ${{ secrets.ST_APPLICATION_YML}} # ST_APP: ${{ secrets.ST_APPLICATION_YML}}
run: | # run: |
mkdir log # mkdir log
echo $ST_APP | base64 -di > config/application.yml # echo $ST_APP | base64 -di > config/application.yml
cp config/database.yml.sample config/database.yml # cp config/database.yml.sample config/database.yml
ls -l config/ # ls -l config/
- name: Build registry image # - name: Build registry image
env: # env:
KEY_BASE: ${{ secrets.KEY_BASE}} # KEY_BASE: ${{ secrets.KEY_BASE}}
run: | # run: |
docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE . # docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE .
- name: Clone epp_proxy project # - name: Clone epp_proxy project
run: | # run: |
git clone https://github.com/internetee/epp_proxy.git # git clone https://github.com/internetee/epp_proxy.git
- name: Configurate proxy build # - name: Configurate proxy build
run: | # run: |
cd epp_proxy/ # cd epp_proxy/
sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release # sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release
echo "EXPOSE 700" >> Dockerfile.release # echo "EXPOSE 700" >> Dockerfile.release
cd config/ # cd config/
sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config # sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config
sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config # sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config
sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config # sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config
sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config # sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config
sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config # sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config
sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config # sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config
sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config # sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config
sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config # sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config
- name: Build proxy image # - name: Build proxy image
run: | # run: |
cd epp_proxy # cd epp_proxy
docker build -t $PROXY_TAG -f Dockerfile.release . # docker build -t $PROXY_TAG -f Dockerfile.release .
- name: Push Docker image to gh container registry # - name: Push Docker image to gh container registry
run: | # run: |
docker push $TAG # docker push $TAG
docker push $PROXY_TAG # docker push $PROXY_TAG
- name: Get repo name # - name: Get repo name
run: | # run: |
OIFS=$IFS # OIFS=$IFS
IFS='/' # IFS='/'
read -a parts <<< "$GITHUB_REPOSITORY" # read -a parts <<< "$GITHUB_REPOSITORY"
IFS=OIFS # IFS=OIFS
echo "REPO=${parts[1]}" >> $GITHUB_ENV # echo "REPO=${parts[1]}" >> $GITHUB_ENV
- name: Set deploy config # - name: Set deploy config
env: # env:
OVPN: ${{ secrets.OVPN }} # OVPN: ${{ secrets.OVPN }}
VPN_PWD: ${{ secrets.VPN_PWD }} # VPN_PWD: ${{ secrets.VPN_PWD }}
P12: ${{ secrets.P12 }} # P12: ${{ secrets.P12 }}
K_CONFIG: ${{ secrets.KUBE_CONFIG }} # K_CONFIG: ${{ secrets.KUBE_CONFIG }}
SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} # SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }}
EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }} # EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }}
run: | # run: |
echo $VPN_PWD | base64 -di > client.pwd # echo $VPN_PWD | base64 -di > client.pwd
chmod 0600 client.pwd # chmod 0600 client.pwd
echo $OVPN | base64 -di > config.ovpn # echo $OVPN | base64 -di > config.ovpn
echo $P12 | base64 -di > cert.p12 # echo $P12 | base64 -di > cert.p12
mkdir -p ~/.ssh # mkdir -p ~/.ssh
echo $SSH_KEY | base64 -di > ~/.ssh/key # echo $SSH_KEY | base64 -di > ~/.ssh/key
chmod 0600 ~/.ssh/key # chmod 0600 ~/.ssh/key
mkdir -p $REPO/$PR_REF # mkdir -p $REPO/$PR_REF
cd $REPO/$PR_REF # cd $REPO/$PR_REF
echo "$SHORT_SHA" > TAG # echo "$SHORT_SHA" > TAG
echo $K_CONFIG | base64 -di > kubeconfig # echo $K_CONFIG | base64 -di > kubeconfig
chmod 0600 kubeconfig # chmod 0600 kubeconfig
- name: Install Open VPN # # - name: Install Open VPN
run: | # run: |
sudo apt-get update # sudo apt-get update
sudo apt-get install openvpn # sudo apt-get install openvpn
- name: Deploy from remote server # - name: Deploy from remote server
timeout-minutes: 5 # timeout-minutes: 5
env: # env:
TOKEN: ${{ secrets.CLOUD_TOKEN }} # TOKEN: ${{ secrets.CLOUD_TOKEN }}
run: | # run: |
sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& # sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon&
sleep 15 # sleep 15
ping -c 1 192.168.99.12 # ping -c 1 192.168.99.12
eval `ssh-agent` # eval `ssh-agent`
touch ~/.ssh/known_hosts # touch ~/.ssh/known_hosts
ssh-add ~/.ssh/key # ssh-add ~/.ssh/key
ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts # ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts
rsync -av "$REPO" runner@192.168.99.12:/home/runner/ # rsync -av "$REPO" runner@192.168.99.12:/home/runner/
ssh -T runner@192.168.99.12 << EOSSH # ssh -T runner@192.168.99.12 << EOSSH
bash # bash
cd "$REPO"/"$PR_REF" # cd "$REPO"/"$PR_REF"
export KUBECONFIG=./kubeconfig # export KUBECONFIG=./kubeconfig
helm repo add eisrepo https://internetee.github.io/helm-charts/ # helm repo add eisrepo https://internetee.github.io/helm-charts/
helm repo update # helm repo update
helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin # helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin
helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp # helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp
helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api # helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api
TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add # TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add
rm kubeconfig # rm kubeconfig
echo "Setting up URLs" # echo "Setting up URLs"
echo "server obs.tld.ee # echo "server obs.tld.ee
zone pilv.tld.ee # zone pilv.tld.ee
update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. # update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. # update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. # update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
send # send
" | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key # " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key
if [ "$?" -eq "0" ]; then # if [ "$?" -eq "0" ]; then
echo "CNAME updates were successful" # echo "CNAME updates were successful"
else # else
echo "CNAME updates failed" # echo "CNAME updates failed"
fi # fi
EOSSH # EOSSH
- name: Notify developers # - name: Notify developers
timeout-minutes: 1 # timeout-minutes: 1
env: # env:
NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} # NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}}
run: | # run: |
curl -i -X POST --data-urlencode 'payload={ # curl -i -X POST --data-urlencode 'payload={
"text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n # "text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n
|Service | :net: | # |Service | :net: |
|:------------|:---------------------------------------:| # |:------------|:---------------------------------------:|
| **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee | # | **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee |
| **repp** | https://repp-'$PR_REF'.pilv.tld.ee | # | **repp** | https://repp-'$PR_REF'.pilv.tld.ee |
| **API** | https://reg-api-'$PR_REF'.pilv.tld.ee | # | **API** | https://reg-api-'$PR_REF'.pilv.tld.ee |
| **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' | # | **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' |
Please note that the API is only accessible from Riigipilv. # Please note that the API is only accessible from Riigipilv.
" # "
}' $NOTIFICATION_URL # }' $NOTIFICATION_URL