Merge pull request #89 from hathitrust/demokuize_prod

Configuration for production & staging
hathitrust · Mar 30, 2021 · 1e46ce3 · 1e46ce3
2 parents 479d169 + d051dce
commit 1e46ce3
Show file tree

Hide file tree

Showing 7 changed files with 148 additions and 62 deletions.
diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
@@ -0,0 +1,42 @@
+name: Deploy to Production
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Release
+        required: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone latest repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Check that the tag exists
+      id: tag_check
+      run: |
+        if git rev-parse 'refs/tags/${{ github.event.inputs.tag }}' &> /dev/null; then
+          echo '::set-output name=tag::${{ github.event.inputs.tag }}'
+        elif echo '${{ github.event.inputs.tag }}' | grep -q '^testing-'; then
+          echo '::set-output name=tag::${{ github.event.inputs.tag }}'
+        elif git rev-parse '${{ github.event.inputs.tag }}' &> /dev/null; then
+          echo "::set-output name=tag::testing-`git rev-parse '${{ github.event.inputs.tag }}'`"
+        else
+          echo "Couldn't figure out tag from input: ${{ github.event.inputs.tag }}"
+          echo "Aborting deployment."
+          false
+        fi
+    - uses: azure/setup-kubectl@v1
+    - name: Authenticate with kubernetes
+      run: |
+        mkdir -p ${HOME}/.kube/certs/cluster
+        echo ${{ secrets.KUBERNETES_CA }} | base64 -d > ${HOME}/.kube/certs/cluster/k8s-ca.crt
+        kubectl config set-cluster cluster --certificate-authority=${HOME}/.kube/certs/cluster/k8s-ca.crt --server=${{ secrets.KUBERNETES_SERVER }}
+        kubectl config set-credentials default --token=${{ secrets.KUBERNETES_TOKEN }}
+        kubectl config set-context default --cluster=cluster --user=default --namespace=otis
+        kubectl config use-context default
+    - name: Manual Deploy
+      run: kubectl set image deployment web web=hathitrust/otis:${{ steps.tag_check.outputs.tag }}
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
@@ -0,0 +1,42 @@
+name: Deploy to Staging
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Release
+        required: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone latest repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Check that the tag exists
+      id: tag_check
+      run: |
+        if git rev-parse 'refs/tags/${{ github.event.inputs.tag }}' &> /dev/null; then
+          echo '::set-output name=tag::${{ github.event.inputs.tag }}'
+        elif echo '${{ github.event.inputs.tag }}' | grep -q '^testing-'; then
+          echo '::set-output name=tag::${{ github.event.inputs.tag }}'
+        elif git rev-parse '${{ github.event.inputs.tag }}' &> /dev/null; then
+          echo "::set-output name=tag::testing-`git rev-parse '${{ github.event.inputs.tag }}'`"
+        else
+          echo "Couldn't figure out tag from input: ${{ github.event.inputs.tag }}"
+          echo "Aborting deployment."
+          false
+        fi
+    - uses: azure/setup-kubectl@v1
+    - name: Authenticate with kubernetes
+      run: |
+        mkdir -p ${HOME}/.kube/certs/cluster
+        echo ${{ secrets.KUBERNETES_CA }} | base64 -d > ${HOME}/.kube/certs/cluster/k8s-ca.crt
+        kubectl config set-cluster cluster --certificate-authority=${HOME}/.kube/certs/cluster/k8s-ca.crt --server=${{ secrets.KUBERNETES_SERVER }}
+        kubectl config set-credentials default --token=${{ secrets.KUBERNETES_TOKEN_STAGING }}
+        kubectl config set-context default --cluster=cluster --user=default --namespace=otis-staging
+        kubectl config use-context default
+    - name: Manual Deploy
+      run: kubectl set image deployment web web=hathitrust/otis:${{ steps.tag_check.outputs.tag }}
diff --git a/.github/workflows/deploy-testing.yaml b/.github/workflows/deploy-testing.yaml
@@ -39,7 +39,7 @@ jobs:
         mkdir -p ${HOME}/.kube/certs/cluster
         echo ${{ secrets.KUBERNETES_CA }} | base64 -d > ${HOME}/.kube/certs/cluster/k8s-ca.crt
         kubectl config set-cluster cluster --certificate-authority=${HOME}/.kube/certs/cluster/k8s-ca.crt --server=${{ secrets.KUBERNETES_SERVER }}
-        kubectl config set-credentials default --token=`echo ${{ secrets.KUBERNETES_TOKEN }} | base64 -d`
+        kubectl config set-credentials default --token=`echo ${{ secrets.KUBERNETES_TOKEN_TESTING }} | base64 -d`
         kubectl config set-context default --cluster=cluster --user=default --namespace=otis-testing
         kubectl config use-context default
     - name: Automatic Deploy

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,43 +1,43 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.4.3)
-      actionpack (= 5.2.4.3)
+    actioncable (5.2.5)
+      actionpack (= 5.2.5)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      actionview (= 5.2.4.3)
-      activejob (= 5.2.4.3)
+    actionmailer (5.2.5)
+      actionpack (= 5.2.5)
+      actionview (= 5.2.5)
+      activejob (= 5.2.5)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.3)
-      actionview (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    actionpack (5.2.5)
+      actionview (= 5.2.5)
+      activesupport (= 5.2.5)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.3)
-      activesupport (= 5.2.4.3)
+    actionview (5.2.5)
+      activesupport (= 5.2.5)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.4.3)
-      activesupport (= 5.2.4.3)
+    activejob (5.2.5)
+      activesupport (= 5.2.5)
       globalid (>= 0.3.6)
-    activemodel (5.2.4.3)
-      activesupport (= 5.2.4.3)
-    activerecord (5.2.4.3)
-      activemodel (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    activemodel (5.2.5)
+      activesupport (= 5.2.5)
+    activerecord (5.2.5)
+      activemodel (= 5.2.5)
+      activesupport (= 5.2.5)
       arel (>= 9.0)
-    activestorage (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      activerecord (= 5.2.4.3)
-      marcel (~> 0.3.1)
-    activesupport (5.2.4.3)
+    activestorage (5.2.5)
+      actionpack (= 5.2.5)
+      activerecord (= 5.2.5)
+      marcel (~> 1.0.0)
+    activesupport (5.2.5)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -79,15 +79,15 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.8)
     crass (1.0.6)
     deep_merge (1.2.1)
     docile (1.3.2)
     dotenv (2.7.5)
     dotenv-rails (2.7.5)
       dotenv (= 2.7.5)
       railties (>= 3.2, < 6.1)
-    erubi (1.9.0)
+    erubi (1.10.0)
     ettin (1.3.0)
       deep_merge
     execjs (2.7.0)
@@ -101,7 +101,7 @@ GEM
     ffi (1.12.2)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    i18n (1.8.2)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
     jbuilder (2.10.0)
       activesupport (>= 5.0.0)
@@ -119,22 +119,20 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.5.0)
+    loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
+    marcel (1.0.0)
     method_source (1.0.0)
-    mimemagic (0.3.5)
-    mini_mime (1.0.2)
+    mini_mime (1.0.3)
     mini_portile2 (2.5.0)
-    minitest (5.14.1)
+    minitest (5.14.4)
     msgpack (1.3.3)
     mysql2 (0.5.3)
-    nio4r (2.5.2)
-    nokogiri (1.11.1)
+    nio4r (2.5.7)
+    nokogiri (1.11.2)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     orm_adapter (0.5.0)
@@ -153,18 +151,18 @@ GEM
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.4.3)
-      actioncable (= 5.2.4.3)
-      actionmailer (= 5.2.4.3)
-      actionpack (= 5.2.4.3)
-      actionview (= 5.2.4.3)
-      activejob (= 5.2.4.3)
-      activemodel (= 5.2.4.3)
-      activerecord (= 5.2.4.3)
-      activestorage (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    rails (5.2.5)
+      actioncable (= 5.2.5)
+      actionmailer (= 5.2.5)
+      actionpack (= 5.2.5)
+      actionview (= 5.2.5)
+      activejob (= 5.2.5)
+      activemodel (= 5.2.5)
+      activerecord (= 5.2.5)
+      activestorage (= 5.2.5)
+      activesupport (= 5.2.5)
       bundler (>= 1.3.0)
-      railties (= 5.2.4.3)
+      railties (= 5.2.5)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -175,14 +173,14 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
+    railties (5.2.5)
+      actionpack (= 5.2.5)
+      activesupport (= 5.2.5)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
-    rake (13.0.1)
+    rake (13.0.3)
     rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
@@ -224,18 +222,18 @@ GEM
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.1)
+    sprockets-rails (3.2.2)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
-    thor (1.0.1)
+    thor (1.1.0)
     thread_safe (0.3.6)
     tilt (2.0.10)
     turbolinks (5.2.1)
       turbolinks-source (~> 5.2)
     turbolinks-source (5.2.0)
-    tzinfo (1.2.7)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
@@ -246,7 +244,7 @@ GEM
       activemodel (>= 5.0)
       bindex (>= 0.4.0)
       railties (>= 5.0)
-    websocket-driver (0.7.2)
+    websocket-driver (0.7.3)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
@@ -294,4 +292,4 @@ DEPENDENCIES
   web-console (>= 3.3.0)
 
 BUNDLED WITH
-   2.2.10
+   2.2.14
diff --git a/kube/environments/production/spec.json b/kube/environments/production/spec.json
@@ -6,7 +6,7 @@
   },
   "spec": {
     "apiServer": "https://macc.kubernetes.hathitrust.org",
-    "namespace": "otis-production",
+    "namespace": "otis",
     "resourceDefaults": {},
     "expectVersions": {}
   }

diff --git a/kube/environments/staging/main.jsonnet b/kube/environments/staging/main.jsonnet
@@ -4,8 +4,12 @@
     otis+: {
       web+: {
         host: 'staging.otis.kubernetes.hathitrust.org'
-        relative_url_root: '/otis-staging'
       },
     }
-  }
+  },
+  _images+:: {
+    otis: {
+      web: 'hathitrust/otis',
+    },
+  },
 }
diff --git a/kube/lib/otis/otis.libsonnet b/kube/lib/otis/otis.libsonnet
@@ -8,6 +8,7 @@
   local port = $.core.v1.containerPort,
   local volumeMount = $.core.v1.volumeMount,
   local volume = $.core.v1.volume,
+  local service_mixin = $.core.v1.service.mixin.spec,
 
   local config = $._config.otis,
   local images = $._images.otis,
@@ -33,10 +34,9 @@
         ]
       ).withVolumes([volume.fromConfigMap(name=app_config.configmap,configMapName=app_config.configmap)]),
 
-      service: $.util.serviceFor(self.deployment) + $.core.v1.service.mixin.spec.withPorts($.core.v1.service.mixin.spec.portsType.newNamed(
-        name=config.web.name,
-        port=80,
-        targetPort=config.web.port,
+      service: $.util.serviceFor(self.deployment) + service_mixin.withPorts(
+          service_mixin.portsType.newNamed( name=config.web.name, port=80,
+           targetPort=config.web.port,
       )),
 
     },