-
Notifications
You must be signed in to change notification settings - Fork 2
119 lines (96 loc) · 3.99 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
on: [push]
jobs:
main:
name: Build, Format and Test
runs-on: ubuntu-latest
steps:
- uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3.1.0
- name: Download actionlint
run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile
- name: Run actionlint to check workflow files
run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint -color
- name: Install Argo
run: |
curl -sLO https://github.com/argoproj/argo-workflows/releases/download/v3.5.5/argo-linux-amd64.gz
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
./argo-linux-amd64 version
- name: Lint workflows
run: |
./argo-linux-amd64 lint --offline templates/ workflows/
deploy-prod:
runs-on: ubuntu-latest
concurrency: deploy-prod-${{ github.ref }}
needs: [main]
if: ${{ github.ref == 'refs/heads/master' }}
environment:
name: prod
permissions:
id-token: write
contents: read
env:
CLUSTER_NAME: Workflows
steps:
- uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3.1.0
# Configure access to AWS / EKS
- name: Setup kubectl
uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3
with:
version: 'latest'
- name: AWS Configure
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
with:
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_CI_ROLE }}
- name: Find Changes in Infra
id: get-infra-changes
run: |
mapfile -d '' modified_infra_files < <(git diff --name-only -z ${{ github.event.before }} ${{ github.event.after }} -- "infra/*")
if [[ "${#modified_infra_files[@]}" -ge 1 ]]; then
echo "run_infra=true" >> "$GITHUB_OUTPUT"
else
echo "run_infra=false" >> "$GITHUB_OUTPUT"
fi
- name: (CDK) Deploy
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
npx cdk deploy ${{ env.CLUSTER_NAME }} \
-c maintainer-arns=${{ secrets.AWS_CI_ROLE }},${{ secrets.AWS_ADMIN_ROLE }},${{ secrets.AWS_WFMAINTAINER_ROLE }} \
-c aws-account-id=${{ secrets.AWS_ACCOUNT_ID }} \
--require-approval never
- name: Login to EKS
run: |
aws eks update-kubeconfig --name ${{ env.CLUSTER_NAME }} --region ap-southeast-2
- name: Check EKS connection
run: |
kubectl get nodes
# Configure the Kubernetes cluster with CDK8s
- name: (CDK8s) Synth
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
npx cdk8s synth
# nb: kubectl diff - is somewhat dangerous as it dumps out secrets in plain text
# so it should not be used in this pipeline
# TODO use a --prune and --applyset to remove unused objects
- name: (CDK8s) Deploy
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
kubectl apply -f dist/
- name: Deploy workflows
if: github.ref == 'refs/heads/master'
run: |
# Deploy templates first
kubectl apply -f templates/argo-tasks/ --namespace argo
# Find all workflows that have kind "WorkflowTemplate"
WORKFLOWS=$(grep '^kind: WorkflowTemplate$' -R workflows/ -H | cut -d ':' -f1)
# For each workflow template attempt to deploy it using kubectl
for wf in $WORKFLOWS; do
kubectl apply -f "$wf" --namespace argo
done
# Find all cron workflows that have kind "CronWorkflow"
CRON_WORKFLOWS=$(grep '^kind: CronWorkflow$' -R workflows/ -H | cut -d ':' -f1)
# For each cron workflow attempt to deploy it using kubectl
for cwf in $CRON_WORKFLOWS; do
kubectl apply -f "$cwf" --namespace argo
done