feat: add cluster reboot action (#52)

mission-apprentissage · Jul 22, 2024 · f8a4aff · f8a4aff
1 parent a290207
commit f8a4aff
Show file tree

Hide file tree

Showing 3 changed files with 151 additions and 55 deletions.
diff --git a/.github/workflows/_reboot.yml b/.github/workflows/_reboot.yml
@@ -0,0 +1,102 @@
+name: Run Reboot
+on:
+  workflow_call:
+    inputs:
+      product:
+        description: The product
+        type: string
+        required: true
+      environment:
+        description: The environment to setup
+        type: string
+        required: true
+      SSH_KNOWN_HOSTS:
+        description: The product SSH_KNOWN_HOSTS
+        type: string
+        required: true
+    secrets:
+      DEPLOY_SSH_PRIVATE_KEY:
+        description: SSH private key
+        required: true
+      DEPLOY_PASS:
+        description: SSH PWD TO DEPLOY
+        required: true
+      SLACK_WEBHOOK:
+        description: Slack webhook URL
+        required: true
+      VAULT_PWD:
+        description: Vault Password
+        required: true
+      HABILITATIONS:
+        description: Product habilitations
+        required: true
+      OVH_APP_TOKEN:
+        description: OVH Application token
+        required: true
+      OVH_APP_KEY:
+        description: OVH Application key
+        required: true
+      OVH_APP_SECRET:
+        description: OVH Application secret
+        required: true
+
+jobs:
+  setup:
+    concurrency:
+      group: "${{ inputs.product }}-${{ inputs.environment }}-${{ github.workflow }}-${{ github.ref }}"
+    name: Setup ${{ inputs.product }} on ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          name: github_actions
+          key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+          known_hosts: ${{ inputs.SSH_KNOWN_HOSTS }}
+          config: |
+            Host *
+              IdentityFile ~/.ssh/github_actions
+
+      - name: Create vault pwd file
+        run: echo ${VAULT_PWD} > .infra/.vault_pwd.txt
+        env:
+          VAULT_PWD: ${{ secrets.VAULT_PWD }}
+
+      - name: Run playbook
+        run: ".bin/mna system:reboot ${{ inputs.product }} ${{ inputs.environment }}"
+        env:
+          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
+          ANSIBLE_REMOTE_USER: deploy
+          ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
+
+      - name: Encrypt Error log on failure
+        run: .bin/mna deploy:log:encrypt
+        if: failure()
+        env:
+          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
+
+      - name: Upload failure artifacts on failure
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: error-logs
+          path: /tmp/deploy_error.log.gpg
+
+      - name: Notify failure on Slack
+        uses: ravsamhq/notify-slack-action@v2
+        if: always()
+        with:
+          status: ${{ job.status }}
+          notification_title: "Reboot en ${{ inputs.product }}-${{ inputs.environment }} a échoué"
+          message_format: "{emoji} *[${{ inputs.product }}-${{ inputs.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }}`"
+          notify_when: "failure"
+          mention_groups: "!channel"
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/cluster_reboot.yml b/.github/workflows/cluster_reboot.yml
@@ -0,0 +1,35 @@
+name: Reboot Cluster
+on:
+  workflow_dispatch:
+    inputs:
+      cluster:
+        type: string
+        required: true
+      numbers:
+        description: JSON environment array
+        type: string
+        required: true
+        default: '["1", "2", "3"]'
+
+jobs:
+  setup:
+    strategy:
+      max-parallel: 1
+      fail-fast: true
+      matrix:
+        n: ${{ fromJSON(inputs.numbers) }}
+    name: Reboot mongodb on "${{ inputs.cluster }}_${{ matrix.n }}"
+    uses: "./.github/workflows/_reboot.yml"
+    with:
+      product: mongodb
+      environment: "${{ inputs.cluster }}_${{ matrix.n }}"
+      SSH_KNOWN_HOSTS: ${{ vars[format('{0}_SSH_KNOWN_HOSTS', 'mongodb')] }}
+    secrets:
+      DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+      DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      VAULT_PWD: ${{ secrets.VAULT_PWD }}
+      HABILITATIONS: ${{ secrets[format('{0}_HABILITATIONS', 'mongodb')] }}
+      OVH_APP_TOKEN: ${{ secrets.OVH_APP_TOKEN }}
+      OVH_APP_KEY: ${{ secrets.OVH_APP_KEY }}
+      OVH_APP_SECRET: ${{ secrets.OVH_APP_SECRET }}
diff --git a/.github/workflows/reboot.yml b/.github/workflows/reboot.yml
@@ -21,58 +21,17 @@ jobs:
         product: ${{ fromJSON(inputs.products) }}
         environment: ${{ fromJSON(inputs.environments) }}
     name: Reboot ${{ matrix.product }}-${{ matrix.environment }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
-      - name: Install SSH key
-        uses: shimataro/ssh-key-action@v2
-        with:
-          name: github_actions
-          key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
-          known_hosts: ${{ vars[format('{0}_SSH_KNOWN_HOSTS', matrix.product)] }}
-          config: |
-            Host *
-              IdentityFile ~/.ssh/github_actions
-
-      - name: Create vault pwd file
-        run: echo ${VAULT_PWD} > .infra/.vault_pwd.txt
-        env:
-          VAULT_PWD: ${{ secrets.VAULT_PWD }}
-
-      - name: Run playbook
-        run: ".bin/mna system:reboot ${{ matrix.product }} ${{ matrix.environment }}"
-        env:
-          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
-          ANSIBLE_REMOTE_USER: deploy
-          ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
-
-      - name: Encrypt Error log on failure
-        run: .bin/mna deploy:log:encrypt
-        if: failure()
-        env:
-          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
-
-      - name: Upload failure artifacts on failure
-        if: failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: error-logs
-          path: /tmp/deploy_error.log.gpg
-
-      - name: Notify failure on Slack
-        uses: ravsamhq/notify-slack-action@v2
-        if: always()
-        with:
-          status: ${{ job.status }}
-          notification_title: "Reboot en ${{ matrix.product }}-${{ matrix.environment }} a échoué"
-          message_format: "{emoji} *[${{ matrix.product }}-${{ matrix.environment }}]* *{workflow}* {status_message} in <{repo_url}|{branch}> on <{commit_url}|{commit_sha}>. You can get error logs using `.bin/mna deploy:log:decrypt ${{ github.run_id }}`"
-          notify_when: "failure"
-          mention_groups: "!channel"
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+    uses: "./.github/workflows/_reboot.yml"
+    with:
+      product: "${{ matrix.product }}"
+      environment: "${{ matrix.environment }}"
+      SSH_KNOWN_HOSTS: ${{ vars[format('{0}_SSH_KNOWN_HOSTS', matrix.product)] }}
+    secrets:
+      DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+      DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      VAULT_PWD: ${{ secrets.VAULT_PWD }}
+      HABILITATIONS: ${{ secrets[format('{0}_HABILITATIONS', matrix.product)] }}
+      OVH_APP_TOKEN: ${{ secrets.OVH_APP_TOKEN }}
+      OVH_APP_KEY: ${{ secrets.OVH_APP_KEY }}
+      OVH_APP_SECRET: ${{ secrets.OVH_APP_SECRET }}