-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
60 changed files
with
94 additions
and
245 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,10 @@ | ||
--- | ||
name: Deployment (Development) | ||
|
||
on: | ||
workflow_run: | ||
workflows: ["Release Image (Development)"] | ||
types: | ||
- completed | ||
workflows: [Release Image (Development)] | ||
types: [completed] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
deploy-dev: | ||
runs-on: ubuntu-latest | ||
|
@@ -16,7 +14,6 @@ jobs: | |
environment: | ||
name: development | ||
url: https://api.development.basedosdados.org | ||
|
||
steps: | ||
- name: Download branch name | ||
uses: actions/github-script@v6 | ||
|
@@ -38,19 +35,15 @@ jobs: | |
}); | ||
let fs = require('fs'); | ||
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/artifact.zip`, Buffer.from(download.data)); | ||
- name: Extract branch name | ||
run: unzip artifact.zip | ||
|
||
- name: Read branch name | ||
id: extract_branch | ||
run: echo "branch=$(cat branch)" >> "$GITHUB_OUTPUT" | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ steps.extract_branch.outputs.branch }} | ||
|
||
- name: Import secrets from Vault | ||
id: import_secrets | ||
uses: hashicorp/[email protected] | ||
|
@@ -62,21 +55,18 @@ jobs: | |
secret/data/gcp_credentials/basedosdados-dev GH_ACTIONS_SA | GCP_SA ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME | GKE_CLUSTER_NAME ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE | GKE_CLUSTER_ZONE ; | ||
- name: Setup Google Cloud CLI | ||
uses: google-github-actions/[email protected] | ||
with: | ||
service_account_key: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }} | ||
export_default_credentials: true | ||
|
||
- name: Get GKE credentials | ||
uses: google-github-actions/[email protected] | ||
with: | ||
cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }} | ||
location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }} | ||
credentials: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
|
||
- name: Write values.yaml file | ||
run: | | ||
cat << EOF > values.yaml | ||
|
@@ -147,9 +137,8 @@ jobs: | |
- development.api.basedosdados.org | ||
secretName: api-development-basedosdados-org-tls | ||
EOF | ||
- name: Deploy using Helm | ||
run: | | ||
run: |- | ||
helm upgrade \ | ||
--wait \ | ||
--install \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,11 @@ | ||
--- | ||
name: Deployment (Production) | ||
|
||
on: | ||
workflow_run: | ||
workflows: ["Release Image (Production)"] | ||
branches: | ||
- main | ||
types: | ||
- completed | ||
workflows: [Release Image (Production)] | ||
branches: [main] | ||
types: [completed] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
deploy-prod: | ||
runs-on: ubuntu-latest | ||
|
@@ -18,13 +15,11 @@ jobs: | |
environment: | ||
name: production | ||
url: https://api.basedosdados.org | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: main | ||
|
||
- name: Import secrets from Vault | ||
id: import_secrets | ||
uses: hashicorp/[email protected] | ||
|
@@ -36,21 +31,18 @@ jobs: | |
secret/data/gcp_credentials/basedosdados-dev GH_ACTIONS_SA | GCP_SA ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME | GKE_CLUSTER_NAME ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE | GKE_CLUSTER_ZONE ; | ||
- name: Setup Google Cloud CLI | ||
uses: google-github-actions/[email protected] | ||
with: | ||
service_account_key: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }} | ||
export_default_credentials: true | ||
|
||
- name: Get GKE credentials | ||
uses: google-github-actions/[email protected] | ||
with: | ||
cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }} | ||
location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }} | ||
credentials: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
|
||
- name: Write values.yaml file | ||
run: | | ||
cat << EOF > values.yaml | ||
|
@@ -121,9 +113,8 @@ jobs: | |
- api.basedosdados.org | ||
secretName: api-basedosdados-org-tls | ||
EOF | ||
- name: Deploy using Helm | ||
run: | | ||
run: |- | ||
helm upgrade \ | ||
--wait \ | ||
--install \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,11 @@ | ||
--- | ||
name: Deployment (Staging) | ||
|
||
on: | ||
workflow_run: | ||
workflows: ["Release Image (Staging)"] | ||
branches: | ||
- main | ||
types: | ||
- completed | ||
workflows: [Release Image (Staging)] | ||
branches: [main] | ||
types: [completed] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
deploy-staging: | ||
runs-on: ubuntu-latest | ||
|
@@ -18,13 +15,11 @@ jobs: | |
environment: | ||
name: staging | ||
url: https://staging.api.basedosdados.org | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: main | ||
|
||
- name: Import secrets from Vault | ||
id: import_secrets | ||
uses: hashicorp/[email protected] | ||
|
@@ -36,21 +31,18 @@ jobs: | |
secret/data/gcp_credentials/basedosdados-dev GH_ACTIONS_SA | GCP_SA ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME | GKE_CLUSTER_NAME ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE | GKE_CLUSTER_ZONE ; | ||
- name: Setup Google Cloud CLI | ||
uses: google-github-actions/[email protected] | ||
with: | ||
service_account_key: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }} | ||
export_default_credentials: true | ||
|
||
- name: Get GKE credentials | ||
uses: google-github-actions/[email protected] | ||
with: | ||
cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }} | ||
location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }} | ||
credentials: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
|
||
- name: Write values.yaml file | ||
run: | | ||
cat << EOF > values.yaml | ||
|
@@ -121,9 +113,8 @@ jobs: | |
- staging.api.basedosdados.org | ||
secretName: staging-api-basedosdados-org-tls | ||
EOF | ||
- name: Deploy using Helm | ||
run: | | ||
run: |- | ||
helm upgrade \ | ||
--wait \ | ||
--install \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,20 @@ | ||
--- | ||
name: Helm - Release chart | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- ".github/workflows/release-chart.yaml" | ||
- "charts/**/*" | ||
|
||
branches: [main] | ||
paths: [.github/workflows/release-chart.yaml, charts/**/*] | ||
jobs: | ||
release-chart: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Configure Git | ||
run: | | ||
git config user.name "$GITHUB_ACTOR" | ||
git config user.email "[email protected]" | ||
- name: Run chart-releaser | ||
uses: helm/[email protected] | ||
env: | ||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,13 @@ | ||
--- | ||
name: Sync | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
description: Destination environment | ||
required: true | ||
type: choice | ||
options: | ||
- staging | ||
- development | ||
|
||
options: [staging, development] | ||
jobs: | ||
sync: | ||
name: Sync | ||
|
@@ -22,7 +19,6 @@ jobs: | |
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Import secrets | ||
id: import_secrets | ||
uses: hashicorp/[email protected] | ||
|
@@ -34,33 +30,28 @@ jobs: | |
secret/data/gcp_credentials/basedosdados-dev GH_ACTIONS_SA | GCP_SA ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME | GKE_CLUSTER_NAME ; | ||
secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE | GKE_CLUSTER_ZONE ; | ||
- name: Authenticate GCP | ||
id: auth | ||
uses: google-github-actions/auth@v1 | ||
with: | ||
credentials_json: ${{ steps.import_secrets.outputs.GCP_SA }} | ||
|
||
- name: Set up GCP SDK | ||
uses: google-github-actions/setup-gcloud@v1 | ||
with: | ||
version: ">= 363.0.0" | ||
|
||
version: '>= 363.0.0' | ||
- name: Install kubectl | ||
run: | | ||
sudo apt-get update --quiet | ||
sudo apt-get install --yes apt-transport-https ca-certificates curl | ||
curl -LO https://dl.k8s.io/release/v1.24.15/bin/linux/amd64/kubectl | ||
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | ||
- name: Set up kubectl | ||
run: | | ||
gcloud components install gke-gcloud-auth-plugin | ||
gcloud container clusters get-credentials\ | ||
${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }}\ | ||
--zone ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }} | ||
kubectl config set-context --current --namespace=website | ||
- name: Sync databases | ||
run: | | ||
run: |- | ||
./scripts/sync.sh ${{ inputs.environment }} |
Oops, something went wrong.