CD - Kubernetes - Dev #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD - Kubernetes - Dev | |
on: | |
schedule: | |
- cron: "0 */3 * * *" | |
workflow_dispatch: | |
inputs: | |
check-cache: | |
type: boolean | |
description: "Check workflow cache" | |
default: false | |
deploy-helm: | |
type: boolean | |
description: "Deploy Helm Charts" | |
default: false | |
jobs: | |
check-last-run: | |
runs-on: om-ci-16vcpu-ubuntu2204 | |
outputs: | |
same-commit: ${{ steps.cache.outputs.cache-hit }} | |
steps: | |
- name: Check for new changes | |
if: github.event_name == 'schedule' || github.event.inputs.check-cache == 'true' | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: scripts/k8s_dev_hash # we don't care about the file, just the key | |
key: k8s-dev-${{ github.sha }} | |
lookup-only: true | |
- name: Save Commit SHA | |
if: github.event_name == 'schedule' || github.event.inputs.check-cache == 'true' | |
# only for making the cache action happy | |
run: echo "${{ github.sha }}" > scripts/k8s_dev_hash | |
deploy-syft-dev: | |
needs: check-last-run | |
if: needs.check-last-run.outputs.same-commit != 'true' | |
runs-on: om-ci-16vcpu-ubuntu2204 | |
steps: | |
- name: Permission to home directory | |
run: | | |
sudo chown -R $USER:$USER $HOME | |
- uses: actions/checkout@v4 | |
# Checkout Infra repo (nested) | |
- name: Checkout Infra Repo | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ secrets.INFRA_REPO }} | |
ref: "main" | |
token: ${{ secrets.INFRA_BOT_COMMIT_TOKEN }} | |
path: infrastructure | |
- name: Set up Python | |
uses: actions/setup-python@v3 | |
with: | |
python-version: "3.11" | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Install Azure CLI | |
run: | | |
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash | |
az version | |
- name: Login to Azure CLI | |
uses: azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS_GITHUB_CI }} | |
- name: Login to Azure Container Registry | |
uses: azure/docker-login@v1 | |
with: | |
login-server: ${{ secrets.ACR_SERVER }} | |
username: ${{ secrets.ACR_USERNAME }} | |
password: ${{ secrets.ACR_PASSWORD }} | |
- name: Set Grid package version | |
id: grid | |
shell: bash | |
run: echo "GRID_VERSION=$(python packages/grid/VERSION)" >> $GITHUB_OUTPUT | |
- name: Build and push `grid-backend` image to registry | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./packages | |
file: ./packages/grid/backend/backend.dockerfile | |
push: true | |
target: backend | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/grid-backend:dev | |
${{ secrets.ACR_SERVER }}/openmined/grid-backend:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/grid-backend:${{ steps.grid.outputs.GRID_VERSION }} | |
- name: Build and push `grid-frontend` image to registry | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./packages/grid/frontend | |
file: ./packages/grid/frontend/frontend.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/grid-frontend:dev | |
${{ secrets.ACR_SERVER }}/openmined/grid-frontend:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/grid-frontend:${{ steps.grid.outputs.GRID_VERSION }} | |
target: grid-ui-development | |
# TODO: Re-enable once we have Enclave up and running | |
# - name: Build and push `grid-enclave` image to registry | |
# uses: docker/build-push-action@v5 | |
# with: | |
# context: ./packages | |
# file: ./packages/grid/worker/worker.dockerfile | |
# push: true | |
# target: worker | |
# tags: | | |
# ${{ secrets.ACR_SERVER }}/openmined/grid-enclave:dev | |
# ${{ secrets.ACR_SERVER }}/openmined/grid-enclave:dev-${{ github.sha }} | |
# ${{ secrets.ACR_SERVER }}/openmined/grid-enclave:${{ steps.grid.outputs.GRID_VERSION }} | |
- name: Build and push `grid-headscale` image to registry | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./packages/grid/vpn | |
file: ./packages/grid/vpn/headscale.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/grid-headscale:dev | |
${{ secrets.ACR_SERVER }}/openmined/grid-headscale:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/grid-headscale:${{ steps.grid.outputs.GRID_VERSION }} | |
- name: Build and push `grid-tailscale` image to registry | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./packages/grid/vpn | |
file: ./packages/grid/vpn/tailscale.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/grid-tailscale:dev | |
${{ secrets.ACR_SERVER }}/openmined/grid-tailscale:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/grid-tailscale:${{ steps.grid.outputs.GRID_VERSION }} | |
- name: Build and push `grid-vpn-iptables` image to registry | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./packages/grid/vpn | |
file: ./packages/grid/vpn/iptables.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/grid-vpn-iptables:dev | |
${{ secrets.ACR_SERVER }}/openmined/grid-vpn-iptables:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/grid-vpn-iptables:${{ steps.grid.outputs.GRID_VERSION }} | |
- name: Build Helm Chart & Copy to infra | |
if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true' | |
shell: bash | |
run: | | |
K3D_VERSION=v5.6.0 | |
DEVSPACE_VERSION=v6.3.3 | |
# install k3d | |
wget https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64 | |
mv k3d-linux-amd64 k3d | |
chmod +x k3d | |
export PATH=`pwd`:$PATH | |
k3d version | |
# Install devspace | |
curl -sSL https://github.com/loft-sh/devspace/releases/download/${DEVSPACE_VERSION}/devspace-linux-amd64 -o ./devspace | |
chmod +x devspace | |
devspace version | |
export CONTAINER_REGISTRY=${{ secrets.ACR_SERVER }} | |
export VERSION=dev-${{github.sha}} | |
tox -e syft.build.helm | |
rm -rf infrastructure/gitops/environments/dev/ | |
mkdir -p infrastructure/gitops/environments/dev/ | |
cp -R packages/grid/helm/syft/. packages/grid/helm/manifests.yaml infrastructure/gitops/environments/dev/ | |
- name: Commit & push changes to Infra Repo | |
if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true' | |
uses: EndBug/add-and-commit@v9 | |
with: | |
author_name: ${{ secrets.OM_BOT_NAME }} | |
author_email: ${{ secrets.OM_BOT_EMAIL }} | |
message: "[env] Update dev helm charts" | |
add: "." | |
push: "origin main" | |
cwd: "./infrastructure/" | |
- name: Cleanup Azure Container Registry | |
run: | | |
ACR_REGISTRY_NAME=${{ secrets.ACR_REGISTRY_NAME }} | |
echo ">> Fetching repo list.." | |
REPO_LIST=$(az acr repository list -n $ACR_REGISTRY_NAME -o tsv) | |
KEEP_PREV_VERSIONS=5 | |
TAIL_FROM_LINE=$(($KEEP_PREV_VERSIONS + 1)) | |
for repo in $REPO_LIST | |
do | |
echo "Cleaning up '$repo'" | |
az acr repository show-tags --name $ACR_REGISTRY_NAME --repository $repo --orderby time_desc --output tsv \ | |
| grep dev- \ | |
| tail -n +$TAIL_FROM_LINE \ | |
| xargs -r -I% az acr repository untag --name $ACR_REGISTRY_NAME --image $repo:% | |
done | |
- name: Logout and cleanup Azure account | |
if: always() | |
run: | | |
az logout | |
az cache purge | |
az account clear |