From 34e0c379bc89de397c945c7b985a34e25b3edd41 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 11 Sep 2023 11:32:37 +0100 Subject: [PATCH 1/3] add DigitalOcean to redeploy steps --- .../{build-docker.yml => deploy-adoptium.yml} | 2 +- .github/workflows/deploy-adoptopenjdk.yml | 78 +++++++++++++++++++ deploy/Dockerfile | 4 +- 3 files changed, 82 insertions(+), 2 deletions(-) rename .github/workflows/{build-docker.yml => deploy-adoptium.yml} (98%) create mode 100644 .github/workflows/deploy-adoptopenjdk.yml diff --git a/.github/workflows/build-docker.yml b/.github/workflows/deploy-adoptium.yml similarity index 98% rename from .github/workflows/build-docker.yml rename to .github/workflows/deploy-adoptium.yml index 1a3f89210..661fdc6f8 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/deploy-adoptium.yml @@ -1,4 +1,4 @@ -name: Docker Build +name: Docker Build (Adoptium) on: workflow_dispatch: diff --git a/.github/workflows/deploy-adoptopenjdk.yml b/.github/workflows/deploy-adoptopenjdk.yml new file mode 100644 index 000000000..d85cb6841 --- /dev/null +++ b/.github/workflows/deploy-adoptopenjdk.yml @@ -0,0 +1,78 @@ +name: Docker Build (AdoptOpenJDK) + +on: + workflow_dispatch: + push: + branches: [ main, production ] + +permissions: + id-token: write + contents: read + +jobs: + docker-build: + if: startsWith(github.repository, 'adoptium/') + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + + - name: Login to our Azure subscription. + uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Login to Azure Container Registry + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: adoptopenjdkacr.azurecr.io + username: ${{ secrets.AZURE_CLIENT_ID }} + password: ${{ secrets.AZURE_CLIENT_SECRET }} + + - name: Detect Branch + run: | + case ${GITHUB_REF##*/} in + production) echo "NAMESPACE=adoptopenjdk-alt" >> $GITHUB_ENV ;; + *) echo "NAMESPACE=adoptopenjdk-alt-staging" >> $GITHUB_ENV ;; + esac + + - name: Build container image and push to Azure + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 + with: + file: ./deploy/Dockerfile + tags: adoptopenjdkacr.azurecr.io/azure-${{ env.NAMESPACE }}:latest + build-args: MAVEN_FLAGS="-Padoptopenjdk,-adoptium" + push: true + + - name: Set the target Azure Kubernetes Service (AKS) cluster. + uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2 + with: + resource-group: adopt-api + cluster-name: aksff92 + + - name: Redeploy updater-api + run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment updater-api + + - name: Redeploy frontend-service + run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment frontend-service + + # if the branch is production, redeploy the k8s service on digitalocean too + - name: Login to DigitalOcean + uses: digitalocean/action-doctl@cf10ddb4467f6fb84c01f7cc5f099cec71eabc93 # v2.4.1 + with: + token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} + + - name: Set NAMEPSACE for DigitalOcean + run: echo "NAMESPACE=adoptopenjdk-do" >> $GITHUB_ENV + + - name: Save DigitalOcean kubeconfig + run: doctl kubernetes cluster kubeconfig save ${{ env.NAMESPACE }} + + - name: Redeploy updater-api on DigitalOcean + if: startsWith(github.ref, 'refs/heads/production') + run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment updater-api + + - name: Redeploy frontend-service on DigitalOcean + if: startsWith(github.ref, 'refs/heads/production') + run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment frontend-service diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 1498012d0..5b7084877 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -1,6 +1,8 @@ FROM eclipse-temurin:17 # BUILDS FOR ADOPTIUM, NOT ADOPTOPENJDK +ARG MAVEN_FLAGS="-Padoptium,-adoptopenjdk" +ENV MAVEN_FLAGS=$MAVEN_FLAGS ARG REPOSITORY="https://github.com/adoptium/api.adoptium.net.git" ENV REPOSITORY=$REPOSITORY @@ -25,7 +27,7 @@ RUN chown -R api: /tmp/build USER api -RUN ./mvnw clean install -Padoptium,-adoptopenjdk && \ +RUN ./mvnw clean install $MAVEN_FLAGS && \ cp adoptium-updater-parent/adoptium-api-v3-updater/target/adoptium-api-v3-updater-*-jar-with-dependencies.jar /home/api/deployment/updater.jar && \ cp -r adoptium-frontend-parent/adoptium-api-v3-frontend/target/quarkus-app/* /home/api/deployment/ && \ mv /home/api/deployment/quarkus-run.jar /home/api/deployment/frontend.jar && \ From b73654cf2aa4e4b7d80f27cf201805ee9933ac0f Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 11 Sep 2023 12:04:21 +0100 Subject: [PATCH 2/3] fix cluster name --- .github/workflows/deploy-adoptopenjdk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-adoptopenjdk.yml b/.github/workflows/deploy-adoptopenjdk.yml index d85cb6841..275e91493 100644 --- a/.github/workflows/deploy-adoptopenjdk.yml +++ b/.github/workflows/deploy-adoptopenjdk.yml @@ -67,7 +67,7 @@ jobs: run: echo "NAMESPACE=adoptopenjdk-do" >> $GITHUB_ENV - name: Save DigitalOcean kubeconfig - run: doctl kubernetes cluster kubeconfig save ${{ env.NAMESPACE }} + run: doctl kubernetes cluster kubeconfig save k8s-1-27-4-do-0-blr1-1693486270021 - name: Redeploy updater-api on DigitalOcean if: startsWith(github.ref, 'refs/heads/production') From f6504363831cc3beb70b5db811c17055031a54c0 Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 11 Sep 2023 13:28:20 +0100 Subject: [PATCH 3/3] Split common code into actions --- .../workflows/actions/azure-login/action.yml | 40 +++++++++++++ .github/workflows/actions/do-login/action.yml | 16 +++++ .../workflows/actions/docker-build/action.yml | 19 ++++++ .../actions/kubectl-redeploy/action.yml | 14 +++++ .github/workflows/deploy-adoptium.yml | 38 ++++-------- .github/workflows/deploy-adoptopenjdk.yml | 58 ++++++------------- 6 files changed, 119 insertions(+), 66 deletions(-) create mode 100644 .github/workflows/actions/azure-login/action.yml create mode 100644 .github/workflows/actions/do-login/action.yml create mode 100644 .github/workflows/actions/docker-build/action.yml create mode 100644 .github/workflows/actions/kubectl-redeploy/action.yml diff --git a/.github/workflows/actions/azure-login/action.yml b/.github/workflows/actions/azure-login/action.yml new file mode 100644 index 000000000..e92942e40 --- /dev/null +++ b/.github/workflows/actions/azure-login/action.yml @@ -0,0 +1,40 @@ +name: AKS and ACS login +description: Logs in to Azure subscription and Azure Container Registry +inputs: + AZURE_CLIENT_ID_OIDC: + description: 'Azure Client ID OIDC' + required: true + AZURE_TENANT_ID: + description: 'Azure Tenant ID' + required: true + AZURE_SUBSCRIPTION_ID: + description: 'Azure Subscription ID' + required: true + AZURE_CLIENT_ID: + description: 'Azure Client ID' + required: true + AZURE_CLIENT_SECRET: + description: 'Azure Client Secret' + required: true +runs: + using: composite + steps: + - name: Login to our Azure subscription. + uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + client-id: ${{ inputs.AZURE_CLIENT_ID_OIDC }} + tenant-id: ${{ inputs.AZURE_TENANT_ID }} + subscription-id: ${{ inputs.AZURE_SUBSCRIPTION_ID }} + + - name: Login to Azure Container Registry + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: adoptopenjdkacr.azurecr.io + username: ${{ inputs.AZURE_CLIENT_ID }} + password: ${{ inputs.AZURE_CLIENT_SECRET }} + + - name: Set the target Azure Kubernetes Service (AKS) cluster. + uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2 + with: + resource-group: adopt-api + cluster-name: aksff92 diff --git a/.github/workflows/actions/do-login/action.yml b/.github/workflows/actions/do-login/action.yml new file mode 100644 index 000000000..a401ec72f --- /dev/null +++ b/.github/workflows/actions/do-login/action.yml @@ -0,0 +1,16 @@ +name: DigitalOcean Login +description: Logs in to DigitalOcean +inputs: + DIGITALOCEAN_ACCESS_TOKEN: + description: 'DigitalOcean access token' + required: true +runs: + using: composite + steps: + - name: Login to DigitalOcean + uses: digitalocean/action-doctl@cf10ddb4467f6fb84c01f7cc5f099cec71eabc93 # v2.4.1 + with: + token: ${{ inputs.DIGITALOCEAN_ACCESS_TOKEN }} + + - name: Set the target Azure Kubernetes Service (AKS) cluster. + run: doctl kubernetes cluster kubeconfig save k8s-1-27-4-do-0-blr1-1693486270021 diff --git a/.github/workflows/actions/docker-build/action.yml b/.github/workflows/actions/docker-build/action.yml new file mode 100644 index 000000000..d17ed5eba --- /dev/null +++ b/.github/workflows/actions/docker-build/action.yml @@ -0,0 +1,19 @@ +name: Docker Build +description: Build and push Docker images to Azure Container Registry +inputs: + DOCKER_REPO: + description: 'Docker repository' + required: true + BUILD_ARGS: + description: 'Build arguments' + required: false +runs: + using: composite + steps: + - name: Build container image and push to Azure + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 + with: + file: ./deploy/Dockerfile + tags: ${{ inputs.DOCKER_REPO }}:latest + build-args: ${{ inputs.BUILD_ARGS }} + push: true diff --git a/.github/workflows/actions/kubectl-redeploy/action.yml b/.github/workflows/actions/kubectl-redeploy/action.yml new file mode 100644 index 000000000..4d77952ee --- /dev/null +++ b/.github/workflows/actions/kubectl-redeploy/action.yml @@ -0,0 +1,14 @@ +name: Kubernetes Rollout Restart +description: Redeploy frontend and updater +inputs: + NAMESPACE: + description: 'Kubernetes namespace' + required: true +runs: + using: composite + steps: + - name: Redeploy updater-api + run: kubectl config set-context --current --namespace=${{ inputs.NAMESPACE }} && kubectl rollout restart deployment updater-api + + - name: Redeploy frontend-service + run: kubectl config set-context --current --namespace=${{ inputs.NAMESPACE }} && kubectl rollout restart deployment frontend-service diff --git a/.github/workflows/deploy-adoptium.yml b/.github/workflows/deploy-adoptium.yml index 661fdc6f8..ed33e8210 100644 --- a/.github/workflows/deploy-adoptium.yml +++ b/.github/workflows/deploy-adoptium.yml @@ -16,19 +16,14 @@ jobs: steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - name: Login to our Azure subscription. - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + - name: Login to Azure + uses: ./.github/actions/azure-login with: - client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: adoptopenjdkacr.azurecr.io - username: ${{ secrets.AZURE_CLIENT_ID }} - password: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_CLIENT_ID_OIDC: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} - name: Detect Branch run: | @@ -38,20 +33,11 @@ jobs: esac - name: Build container image and push to Azure - uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 + uses: ././github/actions/docker-build with: - file: ./deploy/Dockerfile - tags: adoptopenjdkacr.azurecr.io/adoptopenjdk-${{ env.NAMESPACE }}:latest - push: true + DOCKER_REPO: adoptopenjdkacr.azurecr.io/adoptopenjdk-${{ env.NAMESPACE }} - - name: Set the target Azure Kubernetes Service (AKS) cluster. - uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2 + - name: Redeploy Kubernetes Updater and Frontend + uses: ./.github/actions/kubectl-redeploy with: - resource-group: adopt-api - cluster-name: aksff92 - - - name: Redeploy updater-api - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment updater-api - - - name: Redeploy frontend-service - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment frontend-service + NAMESPACE: ${{ env.NAMESPACE }} diff --git a/.github/workflows/deploy-adoptopenjdk.yml b/.github/workflows/deploy-adoptopenjdk.yml index 275e91493..e9936131f 100644 --- a/.github/workflows/deploy-adoptopenjdk.yml +++ b/.github/workflows/deploy-adoptopenjdk.yml @@ -16,19 +16,14 @@ jobs: steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - name: Login to our Azure subscription. - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + - name: Login to Azure + uses: ./.github/actions/azure-login with: - client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: adoptopenjdkacr.azurecr.io - username: ${{ secrets.AZURE_CLIENT_ID }} - password: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_CLIENT_ID_OIDC: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} - name: Detect Branch run: | @@ -38,41 +33,24 @@ jobs: esac - name: Build container image and push to Azure - uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 + uses: ././github/actions/docker-build with: - file: ./deploy/Dockerfile - tags: adoptopenjdkacr.azurecr.io/azure-${{ env.NAMESPACE }}:latest - build-args: MAVEN_FLAGS="-Padoptopenjdk,-adoptium" - push: true + DOCKER_REPO: adoptopenjdkacr.azurecr.io/azure-${{ env.NAMESPACE }} + BUILD_ARGS: MAVEN_FLAGS="-Padoptopenjdk,-adoptium" - - name: Set the target Azure Kubernetes Service (AKS) cluster. - uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2 + - name: Redeploy Kubernetes Updater and Frontend + uses: ./.github/actions/kubectl-redeploy with: - resource-group: adopt-api - cluster-name: aksff92 - - - name: Redeploy updater-api - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment updater-api - - - name: Redeploy frontend-service - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment frontend-service + NAMESPACE: ${{ env.NAMESPACE }} # if the branch is production, redeploy the k8s service on digitalocean too - name: Login to DigitalOcean - uses: digitalocean/action-doctl@cf10ddb4467f6fb84c01f7cc5f099cec71eabc93 # v2.4.1 + uses: ././github/actions/do-login with: token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - - name: Set NAMEPSACE for DigitalOcean - run: echo "NAMESPACE=adoptopenjdk-do" >> $GITHUB_ENV - - - name: Save DigitalOcean kubeconfig - run: doctl kubernetes cluster kubeconfig save k8s-1-27-4-do-0-blr1-1693486270021 - - - name: Redeploy updater-api on DigitalOcean + - name: Redeploy Kubernetes Updater and Frontend if: startsWith(github.ref, 'refs/heads/production') - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment updater-api - - - name: Redeploy frontend-service on DigitalOcean - if: startsWith(github.ref, 'refs/heads/production') - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment frontend-service + uses: ./.github/actions/kubectl-redeploy + with: + NAMESPACE: adoptopenjdk-do