Skip to content

feat: add support for redirecting cluster deploys in hookd for migrat… #303

feat: add support for redirecting cluster deploys in hookd for migrat…

feat: add support for redirecting cluster deploys in hookd for migrat… #303

Workflow file for this run

name: Google Artifact Registry images -> Chart -> Rollout | GitHub Release
on:
pull_request:
push:
branches:
- master
paths-ignore:
- '.github/workflows/codeql-analysis.yml'
- '.github/workflows/test-*.yaml'
- 'actions/testoidc/*'
- 'deploy/testdata/*'
- '*.md'
env:
GOOGLE_REGISTRY: "europe-north1-docker.pkg.dev"
jobs:
build_and_push:
name: Build, push and sign images
runs-on: ubuntu-22.04
permissions:
contents: "read"
id-token: "write"
strategy:
matrix:
component:
- hookd
- deploy
- deployd
- canary-deployer
- deploy-action
include:
- component: hookd
chart: true
- component: deployd
chart: true
steps:
- uses: actions/checkout@v4 # ratchet:exclude
- uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # ratchet:azure/setup-helm@v3
if: matrix.chart
with:
version: "v3.11.1"
- name: "Build and push image"
uses: nais/platform-build-push-sign@main # ratchet:exclude
id: build_push_sign
with:
dockerfile: Dockerfile.${{ matrix.component }}
name: ${{ matrix.component }}
google_service_account: gh-deploy
workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
push: ${{ github.actor != 'dependabot[bot]' && github.ref == 'refs/heads/master' }}
- name: "Package chart"
if: matrix.chart
id: package_chart
env:
CHART_PATH: ./charts/${{ matrix.component }}
run: |
base_version="$(yq '.version' < "${{ env.CHART_PATH }}/Chart.yaml")"
chart_version="${base_version}-${{ steps.build_push_sign.outputs.version }}"
yq eval \
'.version="'"$chart_version"'"' \
"${{ env.CHART_PATH }}/Chart.yaml" --inplace
yq eval \
'.image.tag="${{ steps.build_push_sign.outputs.version }}"' \
"${{ env.CHART_PATH }}/values.yaml" --inplace
# helm dependency update "${{ env.CHART_PATH }}"
helm package "${{ env.CHART_PATH }}" --destination .
name=$(yq '.name' < "${{ env.CHART_PATH }}/Chart.yaml")
echo "${{ matrix.component }}_name=$name" >> $GITHUB_OUTPUT
echo "${{ matrix.component }}_version=$chart_version" >> $GITHUB_OUTPUT
echo "archive=$name-$chart_version.tgz" >> $GITHUB_OUTPUT
- name: "Authenticate to Google Cloud"
if: matrix.chart && github.ref == 'refs/heads/master'
id: "auth"
uses: "google-github-actions/auth@v1" # ratchet:exclude
with:
workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
service_account: "[email protected]"
token_format: "access_token"
- name: "Log in to Google Artifact Registry"
if: matrix.chart && github.ref == 'refs/heads/master'
run: |-
echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://${{ env.GOOGLE_REGISTRY }}
- name: "Push Chart"
if: matrix.chart && github.ref == 'refs/heads/master'
run: |-
chart="${{ steps.package_chart.outputs.archive }}"
echo "Pushing: $chart"
helm push "$chart" oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature
outputs:
hookd_chart_name: ${{ steps.package_chart.outputs.hookd_name }}
hookd_chart_version: ${{ steps.package_chart.outputs.hookd_version }}
deployd_chart_name: ${{ steps.package_chart.outputs.deployd_name }}
deployd_chart_version: ${{ steps.package_chart.outputs.deployd_version }}
rollout:
runs-on: fasit-deploy
if: github.ref == 'refs/heads/master'
permissions:
id-token: write
needs:
- build_and_push
steps:
- name: "Rollout hookd"
uses: nais/fasit-deploy@v2 # ratchet:exclude
with:
chart: oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature/${{ needs.build_and_push.outputs.hookd_chart_name }}
version: ${{ needs.build_and_push.outputs.hookd_chart_version }}
- name: "Rollout deployd"
uses: nais/fasit-deploy@v2 # ratchet:exclude
with:
chart: oci://${{ env.GOOGLE_REGISTRY }}/nais-io/nais/feature/${{ needs.build_and_push.outputs.deployd_chart_name }}
version: ${{ needs.build_and_push.outputs.deployd_chart_version }}
release:
name: Release GitHub Action / binaries
if: github.ref == 'refs/heads/master'
needs:
- build_and_push
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4 # ratchet:exclude
- uses: actions/setup-go@v5
with:
go-version: 'stable'
- name: Force create tag
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git remote set-url origin "https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
git tag -f $(cat actions/deploy/version)
git push -f --tags
- name: Create deploy binaries
run: |
make deploy-release-linux
make deploy-release-darwin
make deploy-release-windows
- name: Delete release if exists
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
latest=$(curl https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest)
tag=$(echo $latest | jq .tag_name | xargs) # xargs strips quotes
if grep -q "$tag" actions/deploy/version; then
release_id=$(echo $latest | jq .id)
curl -X DELETE https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@api.github.com/repos/${GITHUB_REPOSITORY}/releases/${release_id}
fi
- name: Create Release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
release=$(curl -X POST \
-d '{"tag_name": "'"$(cat actions/deploy/version)"'"}' \
-H "Content-Type: application/json" \
https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@api.github.com/repos/${GITHUB_REPOSITORY}/releases)
echo "release_id=$(echo $release | jq .id)" >> ${GITHUB_OUTPUT}
- name: Upload Linux Asset
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BINARY: deploy-linux
run: |
curl -X POST \
-H 'Content-Type: application/x-executable' \
--data-binary @${BINARY} \
https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.create_release.outputs.release_id }}/assets?name=${BINARY}
- name: Upload Darwin Asset
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BINARY: deploy-darwin
run: |
curl -X POST \
-H 'Content-Type: application/x-executable' \
--data-binary @${BINARY} \
https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.create_release.outputs.release_id }}/assets?name=${BINARY}
- name: Upload Windows Asset
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BINARY: deploy-windows
run: |
curl -X POST \
-H 'Content-Type: application/x-executable' \
--data-binary @${BINARY} \
https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.create_release.outputs.release_id }}/assets?name=${BINARY}