mirror of
https://github.com/internetee/registry.git
synced 2025-08-12 04:29:33 +02:00
comment out riigipil delivery
This commit is contained in:
parent
162647acba
commit
913a404d55
1 changed files with 159 additions and 159 deletions
318
.github/workflows/build_deploy_staging.yml
vendored
318
.github/workflows/build_deploy_staging.yml
vendored
|
@ -26,180 +26,180 @@ jobs:
|
||||||
|
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Check if there are gem updates
|
# - name: Check if there are gem updates
|
||||||
id: gem-updates-check
|
# id: gem-updates-check
|
||||||
uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3
|
# uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3
|
||||||
with:
|
# with:
|
||||||
files: |
|
# files: |
|
||||||
Gemfile
|
# Gemfile
|
||||||
Gemfile.lock
|
# Gemfile.lock
|
||||||
|
|
||||||
- name: Login to container registry
|
# - name: Login to container registry
|
||||||
env:
|
# env:
|
||||||
PASSWORD: ${{ secrets.GHCR }}
|
# PASSWORD: ${{ secrets.GHCR }}
|
||||||
run: |
|
# run: |
|
||||||
echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin
|
# echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin
|
||||||
|
|
||||||
- name: No changes in gems
|
# - name: No changes in gems
|
||||||
# feature branch has no changes in gems
|
# # feature branch has no changes in gems
|
||||||
if: steps.gem-updates-check.outputs.any_changed == 'false'
|
# if: steps.gem-updates-check.outputs.any_changed == 'false'
|
||||||
run: |
|
# run: |
|
||||||
echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV
|
# echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Gems are changed
|
# - name: Gems are changed
|
||||||
# feature branch has new/updated gems
|
# # feature branch has new/updated gems
|
||||||
if: steps.gem-updates-check.outputs.any_changed == 'true'
|
# if: steps.gem-updates-check.outputs.any_changed == 'true'
|
||||||
run: |
|
# run: |
|
||||||
echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV
|
# echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Set image tag
|
# - name: Set image tag
|
||||||
run: |
|
# run: |
|
||||||
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state
|
# SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state
|
||||||
echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV
|
# echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV
|
||||||
echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV
|
# echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV
|
||||||
echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV
|
# echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Get pull request reference number
|
# - name: Get pull request reference number
|
||||||
run: |
|
# run: |
|
||||||
echo "$GITHUB_REF"
|
# echo "$GITHUB_REF"
|
||||||
echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV
|
# echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV
|
||||||
echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')
|
# echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')
|
||||||
|
|
||||||
- name: Set EPP port
|
# - name: Set EPP port
|
||||||
run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV
|
# run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Set config files for build
|
# - name: Set config files for build
|
||||||
env:
|
# env:
|
||||||
ST_APP: ${{ secrets.ST_APPLICATION_YML}}
|
# ST_APP: ${{ secrets.ST_APPLICATION_YML}}
|
||||||
run: |
|
# run: |
|
||||||
mkdir log
|
# mkdir log
|
||||||
echo $ST_APP | base64 -di > config/application.yml
|
# echo $ST_APP | base64 -di > config/application.yml
|
||||||
cp config/database.yml.sample config/database.yml
|
# cp config/database.yml.sample config/database.yml
|
||||||
ls -l config/
|
# ls -l config/
|
||||||
|
|
||||||
- name: Build registry image
|
# - name: Build registry image
|
||||||
env:
|
# env:
|
||||||
KEY_BASE: ${{ secrets.KEY_BASE}}
|
# KEY_BASE: ${{ secrets.KEY_BASE}}
|
||||||
run: |
|
# run: |
|
||||||
docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE .
|
# docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE .
|
||||||
|
|
||||||
- name: Clone epp_proxy project
|
# - name: Clone epp_proxy project
|
||||||
run: |
|
# run: |
|
||||||
git clone https://github.com/internetee/epp_proxy.git
|
# git clone https://github.com/internetee/epp_proxy.git
|
||||||
|
|
||||||
- name: Configurate proxy build
|
# - name: Configurate proxy build
|
||||||
run: |
|
# run: |
|
||||||
cd epp_proxy/
|
# cd epp_proxy/
|
||||||
sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release
|
# sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release
|
||||||
echo "EXPOSE 700" >> Dockerfile.release
|
# echo "EXPOSE 700" >> Dockerfile.release
|
||||||
cd config/
|
# cd config/
|
||||||
sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config
|
# sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config
|
||||||
sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config
|
# sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config
|
||||||
sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config
|
# sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config
|
||||||
sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config
|
# sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config
|
||||||
sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config
|
# sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config
|
||||||
sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config
|
# sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config
|
||||||
sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config
|
# sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config
|
||||||
sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config
|
# sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config
|
||||||
|
|
||||||
- name: Build proxy image
|
# - name: Build proxy image
|
||||||
run: |
|
# run: |
|
||||||
cd epp_proxy
|
# cd epp_proxy
|
||||||
docker build -t $PROXY_TAG -f Dockerfile.release .
|
# docker build -t $PROXY_TAG -f Dockerfile.release .
|
||||||
|
|
||||||
- name: Push Docker image to gh container registry
|
# - name: Push Docker image to gh container registry
|
||||||
run: |
|
# run: |
|
||||||
docker push $TAG
|
# docker push $TAG
|
||||||
docker push $PROXY_TAG
|
# docker push $PROXY_TAG
|
||||||
|
|
||||||
- name: Get repo name
|
# - name: Get repo name
|
||||||
run: |
|
# run: |
|
||||||
OIFS=$IFS
|
# OIFS=$IFS
|
||||||
IFS='/'
|
# IFS='/'
|
||||||
read -a parts <<< "$GITHUB_REPOSITORY"
|
# read -a parts <<< "$GITHUB_REPOSITORY"
|
||||||
IFS=OIFS
|
# IFS=OIFS
|
||||||
echo "REPO=${parts[1]}" >> $GITHUB_ENV
|
# echo "REPO=${parts[1]}" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Set deploy config
|
# - name: Set deploy config
|
||||||
env:
|
# env:
|
||||||
OVPN: ${{ secrets.OVPN }}
|
# OVPN: ${{ secrets.OVPN }}
|
||||||
VPN_PWD: ${{ secrets.VPN_PWD }}
|
# VPN_PWD: ${{ secrets.VPN_PWD }}
|
||||||
P12: ${{ secrets.P12 }}
|
# P12: ${{ secrets.P12 }}
|
||||||
K_CONFIG: ${{ secrets.KUBE_CONFIG }}
|
# K_CONFIG: ${{ secrets.KUBE_CONFIG }}
|
||||||
SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }}
|
# SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }}
|
||||||
EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }}
|
# EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }}
|
||||||
run: |
|
# run: |
|
||||||
echo $VPN_PWD | base64 -di > client.pwd
|
# echo $VPN_PWD | base64 -di > client.pwd
|
||||||
chmod 0600 client.pwd
|
# chmod 0600 client.pwd
|
||||||
echo $OVPN | base64 -di > config.ovpn
|
# echo $OVPN | base64 -di > config.ovpn
|
||||||
echo $P12 | base64 -di > cert.p12
|
# echo $P12 | base64 -di > cert.p12
|
||||||
mkdir -p ~/.ssh
|
# mkdir -p ~/.ssh
|
||||||
echo $SSH_KEY | base64 -di > ~/.ssh/key
|
# echo $SSH_KEY | base64 -di > ~/.ssh/key
|
||||||
chmod 0600 ~/.ssh/key
|
# chmod 0600 ~/.ssh/key
|
||||||
mkdir -p $REPO/$PR_REF
|
# mkdir -p $REPO/$PR_REF
|
||||||
cd $REPO/$PR_REF
|
# cd $REPO/$PR_REF
|
||||||
echo "$SHORT_SHA" > TAG
|
# echo "$SHORT_SHA" > TAG
|
||||||
echo $K_CONFIG | base64 -di > kubeconfig
|
# echo $K_CONFIG | base64 -di > kubeconfig
|
||||||
chmod 0600 kubeconfig
|
# chmod 0600 kubeconfig
|
||||||
|
|
||||||
- name: Install Open VPN
|
# # - name: Install Open VPN
|
||||||
run: |
|
# run: |
|
||||||
sudo apt-get update
|
# sudo apt-get update
|
||||||
sudo apt-get install openvpn
|
# sudo apt-get install openvpn
|
||||||
|
|
||||||
- name: Deploy from remote server
|
# - name: Deploy from remote server
|
||||||
timeout-minutes: 5
|
# timeout-minutes: 5
|
||||||
env:
|
# env:
|
||||||
TOKEN: ${{ secrets.CLOUD_TOKEN }}
|
# TOKEN: ${{ secrets.CLOUD_TOKEN }}
|
||||||
run: |
|
# run: |
|
||||||
sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon&
|
# sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon&
|
||||||
sleep 15
|
# sleep 15
|
||||||
ping -c 1 192.168.99.12
|
# ping -c 1 192.168.99.12
|
||||||
eval `ssh-agent`
|
# eval `ssh-agent`
|
||||||
touch ~/.ssh/known_hosts
|
# touch ~/.ssh/known_hosts
|
||||||
ssh-add ~/.ssh/key
|
# ssh-add ~/.ssh/key
|
||||||
ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts
|
# ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts
|
||||||
rsync -av "$REPO" runner@192.168.99.12:/home/runner/
|
# rsync -av "$REPO" runner@192.168.99.12:/home/runner/
|
||||||
ssh -T runner@192.168.99.12 << EOSSH
|
# ssh -T runner@192.168.99.12 << EOSSH
|
||||||
bash
|
# bash
|
||||||
cd "$REPO"/"$PR_REF"
|
# cd "$REPO"/"$PR_REF"
|
||||||
export KUBECONFIG=./kubeconfig
|
# export KUBECONFIG=./kubeconfig
|
||||||
helm repo add eisrepo https://internetee.github.io/helm-charts/
|
# helm repo add eisrepo https://internetee.github.io/helm-charts/
|
||||||
helm repo update
|
# helm repo update
|
||||||
helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin
|
# helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin
|
||||||
helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp
|
# helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp
|
||||||
helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api
|
# helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api
|
||||||
TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add
|
# TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add
|
||||||
rm kubeconfig
|
# rm kubeconfig
|
||||||
echo "Setting up URLs"
|
# echo "Setting up URLs"
|
||||||
echo "server obs.tld.ee
|
# echo "server obs.tld.ee
|
||||||
zone pilv.tld.ee
|
# zone pilv.tld.ee
|
||||||
update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
|
# update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
|
||||||
update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
|
# update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
|
||||||
update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
|
# update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
|
||||||
send
|
# send
|
||||||
" | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key
|
# " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key
|
||||||
if [ "$?" -eq "0" ]; then
|
# if [ "$?" -eq "0" ]; then
|
||||||
echo "CNAME updates were successful"
|
# echo "CNAME updates were successful"
|
||||||
else
|
# else
|
||||||
echo "CNAME updates failed"
|
# echo "CNAME updates failed"
|
||||||
fi
|
# fi
|
||||||
EOSSH
|
# EOSSH
|
||||||
|
|
||||||
- name: Notify developers
|
# - name: Notify developers
|
||||||
timeout-minutes: 1
|
# timeout-minutes: 1
|
||||||
env:
|
# env:
|
||||||
NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}}
|
# NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}}
|
||||||
run: |
|
# run: |
|
||||||
curl -i -X POST --data-urlencode 'payload={
|
# curl -i -X POST --data-urlencode 'payload={
|
||||||
"text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n
|
# "text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n
|
||||||
|Service | :net: |
|
# |Service | :net: |
|
||||||
|:------------|:---------------------------------------:|
|
# |:------------|:---------------------------------------:|
|
||||||
| **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee |
|
# | **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee |
|
||||||
| **repp** | https://repp-'$PR_REF'.pilv.tld.ee |
|
# | **repp** | https://repp-'$PR_REF'.pilv.tld.ee |
|
||||||
| **API** | https://reg-api-'$PR_REF'.pilv.tld.ee |
|
# | **API** | https://reg-api-'$PR_REF'.pilv.tld.ee |
|
||||||
| **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' |
|
# | **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' |
|
||||||
|
|
||||||
Please note that the API is only accessible from Riigipilv.
|
# Please note that the API is only accessible from Riigipilv.
|
||||||
"
|
# "
|
||||||
}' $NOTIFICATION_URL
|
# }' $NOTIFICATION_URL
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue