From e3d4caaa4799e2d896fd3d6d886bf778a8dec1b2 Mon Sep 17 00:00:00 2001 From: Micaiah Martin Date: Tue, 17 Dec 2024 15:11:42 -0700 Subject: [PATCH 1/5] BRE-292: Add Ephemeral Environment PR manager --- .../_ephemeral_environment_manager.yml | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 .github/workflows/_ephemeral_environment_manager.yml diff --git a/.github/workflows/_ephemeral_environment_manager.yml b/.github/workflows/_ephemeral_environment_manager.yml new file mode 100644 index 00000000..0afe762b --- /dev/null +++ b/.github/workflows/_ephemeral_environment_manager.yml @@ -0,0 +1,117 @@ +name: Ephemeral Environment Manager +run-name: Ephemeral Environment - ${{ inputs.ephemeral_env_branch }} + +on: + workflow_call: + inputs: + ephemeral_env_branch: + required: true + type: string + project: + type: string + default: server + cleanup_config: + type: boolean + sync_environment: + type: boolean + pull_request_number: + type: number + workflow_dispatch: + inputs: + ephemeral_env_branch: + type: string + required: true + project: + type: string + default: server + cleanup_config: + type: boolean + sync_environment: + type: boolean + pull_request_number: + type: number + +env: + _KEY_VAULT: bitwarden-ci + _BOT_NAME: bitwarden-devops-bot + +jobs: + check-run: + name: Check PR run + uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + + cleanup: + name: Cleanup config + if: ${{ inputs.cleanup_config }} + runs-on: ubuntu-24.04 + needs: check-run + steps: + - name: Login to Azure - Prod Subscription + uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "github-pat-bitwarden-devops-bot-repo-scope,github-bitwarden-devops-bot-email" + + - name: Checkout ${{ inputs.project }} + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + repository: bitwarden/${{ inputs.project }} + ref: ${{ inputs.ephemeral_env_branch }} + token: '${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}' + + - name: Remove config + working-directory: ephemeral-environments + run: rm -f ${{ inputs.ephemeral_env_branch }}.yaml + + - name: Commit changes to ${{ inputs.ephemeral_env_branch }} + working-directory: ephemeral-environments + run: | + git config --local user.email "${{ steps.retrieve-secrets.outputs.github-bitwarden-devops-bot-email }}" + git config --local user.name "${{ env._BOT_NAME }}" + + git add ${{ inputs.ephemeral_env_branch }}.yaml + git commit -m "Removed ${{ inputs.ephemeral_env_branch }}.yaml config." + git push + + sync-env: + name: Sync Ephemeral Environment + if: ${{ inputs.sync_environment }} + runs-on: ubuntu-24.04 + needs: check-run + steps: + - name: Login to Azure - Prod Subscription + uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: ${{ env._KEY_VAULT }} + secrets: "ephemeral-environment-argocd-cluster-url,ephemeral-environment-argocd-cluster-api-secret,ephemeral-environment-argocd-cluster-api-user" + + - name: Install ArgoCD CLI + run: | + curl -sSL -o argocd-linux-amd64 \ + "https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64" + + install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + + - name: Log into Argo CD cluster + run: | + argocd login ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-url }} \ + --username ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-user }} \ + --password ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-secret }} + + - name: Sync ${{ inputs.ephemeral_env_branch }} application + run: | + APP_NAME=$(argocd app list -o name | grep ${{ inputs.pull_request_number }}) + argocd app sync "$APP_NAME" From a5ed617f1e0338bf0f18b7ec8bddfcb234900bf8 Mon Sep 17 00:00:00 2001 From: Micaiah Martin Date: Tue, 17 Dec 2024 15:12:25 -0700 Subject: [PATCH 2/5] Switch check-run to local path --- .github/workflows/_ephemeral_environment_manager.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_ephemeral_environment_manager.yml b/.github/workflows/_ephemeral_environment_manager.yml index 0afe762b..a95e7c76 100644 --- a/.github/workflows/_ephemeral_environment_manager.yml +++ b/.github/workflows/_ephemeral_environment_manager.yml @@ -38,7 +38,7 @@ env: jobs: check-run: name: Check PR run - uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main + uses: ./.github/workflows/check-run.yml cleanup: name: Cleanup config From 3f9ef0043a4c47e124619146cf90fb4dc5a3e2f5 Mon Sep 17 00:00:00 2001 From: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> Date: Thu, 19 Dec 2024 07:47:30 -0700 Subject: [PATCH 3/5] Update .github/workflows/_ephemeral_environment_manager.yml Co-authored-by: Opeyemi --- .github/workflows/_ephemeral_environment_manager.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/_ephemeral_environment_manager.yml b/.github/workflows/_ephemeral_environment_manager.yml index a95e7c76..909ef3eb 100644 --- a/.github/workflows/_ephemeral_environment_manager.yml +++ b/.github/workflows/_ephemeral_environment_manager.yml @@ -95,7 +95,10 @@ jobs: uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} - secrets: "ephemeral-environment-argocd-cluster-url,ephemeral-environment-argocd-cluster-api-secret,ephemeral-environment-argocd-cluster-api-user" + secrets: | + ephemeral-environment-argocd-cluster-url, + ephemeral-environment-argocd-cluster-api-secret, + ephemeral-environment-argocd-cluster-api-user - name: Install ArgoCD CLI run: | From 95f26e6a3dca68d93f6e5f1ebba6e468a0118b91 Mon Sep 17 00:00:00 2001 From: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:25:05 -0700 Subject: [PATCH 4/5] Update .github/workflows/_ephemeral_environment_manager.yml Co-authored-by: Andy Pixley <3723676+pixman20@users.noreply.github.com> --- .github/workflows/_ephemeral_environment_manager.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/_ephemeral_environment_manager.yml b/.github/workflows/_ephemeral_environment_manager.yml index 909ef3eb..6c5448f1 100644 --- a/.github/workflows/_ephemeral_environment_manager.yml +++ b/.github/workflows/_ephemeral_environment_manager.yml @@ -106,6 +106,7 @@ jobs: "https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64" install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + argocd version rm argocd-linux-amd64 - name: Log into Argo CD cluster From a4328ca9affa9dc1a8664916ded17aea9f2dabac Mon Sep 17 00:00:00 2001 From: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:41:54 -0700 Subject: [PATCH 5/5] Append --client to Argo CD CLI --- .github/workflows/_ephemeral_environment_manager.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_ephemeral_environment_manager.yml b/.github/workflows/_ephemeral_environment_manager.yml index 6c5448f1..58404ef8 100644 --- a/.github/workflows/_ephemeral_environment_manager.yml +++ b/.github/workflows/_ephemeral_environment_manager.yml @@ -106,7 +106,7 @@ jobs: "https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64" install -m 555 argocd-linux-amd64 /usr/local/bin/argocd - argocd version + argocd version --client rm argocd-linux-amd64 - name: Log into Argo CD cluster