Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BRE-292: Add workflow for ephemeral environment management #357

Merged
merged 5 commits into from
Dec 19, 2024
Merged
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 120 additions & 0 deletions .github/workflows/_ephemeral_environment_manager.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
name: Ephemeral Environment Manager
run-name: Ephemeral Environment - ${{ inputs.ephemeral_env_branch }}

on:
workflow_call:
inputs:
ephemeral_env_branch:
required: true
type: string
project:
type: string
default: server
cleanup_config:
type: boolean
sync_environment:
type: boolean
pull_request_number:
type: number
workflow_dispatch:
inputs:
ephemeral_env_branch:
type: string
required: true
project:
type: string
default: server
cleanup_config:
type: boolean
sync_environment:
type: boolean
pull_request_number:
type: number

env:
_KEY_VAULT: bitwarden-ci
_BOT_NAME: bitwarden-devops-bot

jobs:
check-run:
name: Check PR run
uses: ./.github/workflows/check-run.yml

cleanup:
name: Cleanup config
if: ${{ inputs.cleanup_config }}
runs-on: ubuntu-24.04
needs: check-run
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope,github-bitwarden-devops-bot-email"

- name: Checkout ${{ inputs.project }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: bitwarden/${{ inputs.project }}
ref: ${{ inputs.ephemeral_env_branch }}
token: '${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}'

- name: Remove config
working-directory: ephemeral-environments
run: rm -f ${{ inputs.ephemeral_env_branch }}.yaml

- name: Commit changes to ${{ inputs.ephemeral_env_branch }}
working-directory: ephemeral-environments
run: |
git config --local user.email "${{ steps.retrieve-secrets.outputs.github-bitwarden-devops-bot-email }}"
git config --local user.name "${{ env._BOT_NAME }}"

git add ${{ inputs.ephemeral_env_branch }}.yaml
git commit -m "Removed ${{ inputs.ephemeral_env_branch }}.yaml config."
git push

sync-env:
name: Sync Ephemeral Environment
if: ${{ inputs.sync_environment }}
runs-on: ubuntu-24.04
needs: check-run
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: |
ephemeral-environment-argocd-cluster-url,
ephemeral-environment-argocd-cluster-api-secret,
ephemeral-environment-argocd-cluster-api-user

- name: Install ArgoCD CLI
run: |
curl -sSL -o argocd-linux-amd64 \
"https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64"

install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
mimartin12 marked this conversation as resolved.
Show resolved Hide resolved
rm argocd-linux-amd64

- name: Log into Argo CD cluster
run: |
argocd login ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-url }} \
--username ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-user }} \
--password ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-secret }}

- name: Sync ${{ inputs.ephemeral_env_branch }} application
run: |
APP_NAME=$(argocd app list -o name | grep ${{ inputs.pull_request_number }})
argocd app sync "$APP_NAME"