Merge pull request #605 from Digital-Engineering/data-sources-on-uplo… #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github development workflow | |
| name: Build Development | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["develop"] | |
| jobs: | |
| build: | |
| runs-on: [self-hosted] | |
| environment: development | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| # Builds the required image | |
| - shell: bash | |
| name: Container Build | |
| env: | |
| ACR_SP_USER: ${{ secrets.CI_SP_USER }} | |
| ACR_SP_PASSWORD: ${{ secrets.CI_SP_PASSWORD }} | |
| ACR_REGISTRY: ${{ secrets.CI_REGISTRY }} | |
| ACR_PATH: ${{ secrets.CI_REGISTRY_PATH }} | |
| ACR_SP_TENANT: ${{ secrets.CI_SP_TENANT }} | |
| ACR_SUBSCRIPTION: ${{ secrets.CI_ACR_SUBSCRIPTION }} | |
| GITHUB_RUN_NUMBER: ${{ github.RUN_NUMBER }} | |
| OKTA_CLIENT_ID: ${{ vars.OKTA_CLIENT_ID }} | |
| OKTA_CLIENT_SECRET: ${{ secrets.OKTA_CLIENT_SECRET }} | |
| OKTA_ISSUER: ${{ vars.OKTA_ISSUER }} | |
| JWT_ISSUER: ${{vars.JWT_ISSUER}} | |
| JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} | |
| JWT_AUDIENCE: ${{vars.JWT_AUDIENCE}} | |
| AUTH_SECRET: ${{ secrets.AUTH_SECRET }} | |
| NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} | |
| NEXTAUTH_URL: ${{ vars.NEXTAUTH_URL }} | |
| REDIRECT_LINK: ${{ vars.REDIRECT_LINK }} | |
| SERVICE_TOKEN: ${{ secrets.SERVICE_TOKEN }} | |
| BACKEND_BASE_URL: ${{ vars.BACKEND_BASE_URL }} | |
| NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION: ${{ vars.NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION }} | |
| HOSTED_LINK: ${{ vars.HOSTED_LINK }} | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| az cloud set --name AzureUSGovernment | |
| az login --service-principal -u $ACR_SP_USER -p $ACR_SP_PASSWORD --tenant $ACR_SP_TENANT | |
| az account set --subscription $ACR_SUBSCRIPTION | |
| az acr build --registry $ACR_REGISTRY \ | |
| --image $ACR_PATH:deeplynxv3-ui-$GITHUB_RUN_NUMBER \ | |
| --file Dockerfiles/ui/Dockerfile.public \ | |
| --build-arg OKTA_CLIENT_ID=${{ vars.OKTA_CLIENT_ID }} \ | |
| --build-arg OKTA_ISSUER=${{ vars.OKTA_ISSUER }} \ | |
| --build-arg NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \ | |
| --build-arg REDIRECT_LINK=${{ vars.REDIRECT_LINK }} \ | |
| --build-arg OKTA_CLIENT_SECRET=${{ secrets.OKTA_CLIENT_SECRET }} \ | |
| --build-arg JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} \ | |
| --build-arg AUTH_SECRET=${{ secrets.AUTH_SECRET }} \ | |
| --build-arg NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }} \ | |
| --build-arg SERVICE_TOKEN=${{ secrets.SERVICE_TOKEN }} \ | |
| --build-arg BACKEND_BASE_URL=${{ vars.BACKEND_BASE_URL }} \ | |
| --build-arg NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION=${{ vars.NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION }} \ | |
| . | |
| az acr build --registry $ACR_REGISTRY \ | |
| --image $ACR_PATH:deeplynxv3-server-$GITHUB_RUN_NUMBER \ | |
| --file Dockerfiles/server/Dockerfile.public \ | |
| --build-arg OKTA_CLIENT_ID=${{ vars.OKTA_CLIENT_ID }} \ | |
| --build-arg OKTA_ISSUER=${{ vars.OKTA_ISSUER }} \ | |
| --build-arg NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} \ | |
| --build-arg REDIRECT_LINK=${{ vars.REDIRECT_LINK }} \ | |
| --build-arg OKTA_CLIENT_SECRET=${{ secrets.OKTA_CLIENT_SECRET }} \ | |
| --build-arg JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} \ | |
| --build-arg AUTH_SECRET=${{ secrets.AUTH_SECRET }} \ | |
| --build-arg NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }} \ | |
| --build-arg BACKEND_BASE_URL=${{ vars.BACKEND_BASE_URL }} \ | |
| --build-arg SERVICE_TOKEN=${{ secrets.SERVICE_TOKEN }} \ | |
| --build-arg NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION=${{ vars.NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION }} \ | |
| --build-arg HOSTED_LINK=${{ vars.HOSTED_LINK }} \ | |
| . | |
| az acr build --registry $ACR_REGISTRY \ | |
| --image $ACR_PATH:deeplynxv3-docs-$GITHUB_RUN_NUMBER \ | |
| --file Dockerfiles/docs/Dockerfile.public \ | |
| --build-arg HOSTED_LINK=${{ vars.HOSTED_LINK }} \ | |
| . | |
| kubernetes: | |
| needs: build | |
| runs-on: [self-hosted] | |
| environment: development | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| # Download kubectl | |
| - uses: azure/setup-kubectl@v3 | |
| # Initializes the kube context, introducing kubectl to the cluster | |
| - uses: azure/k8s-set-context@v3 | |
| name: Configure K8s | |
| with: | |
| method: kubeconfig | |
| kubeconfig: ${{ secrets.KUBE_CONFIG_DE_DEV }} | |
| context: deploy-service-account | |
| # Create Kubernetes Secrets for sensitive environment variables | |
| - shell: bash | |
| name: Create Kubernetes Secrets | |
| run: | | |
| kubectl create secret generic app-secrets \ | |
| --from-literal=okta-client-secret="${{ secrets.OKTA_CLIENT_SECRET }}" \ | |
| --from-literal=auth-secret="${{ secrets.AUTH_SECRET }}" \ | |
| --from-literal=next-auth-secret="${{ secrets.NEXTAUTH_SECRET }}" \ | |
| --from-literal=service-token="${{ secrets.SERVICE_TOKEN }}" \ | |
| --from-literal=jwt-secret-key="${{ secrets.JWT_SECRET_KEY }}" \ | |
| --namespace=deeplynxv3-dev \ | |
| --dry-run=client -o yaml | kubectl apply -f - | |
| # Create Kubernetes ConfigMap for non-sensitive environment variables | |
| - shell: bash | |
| name: Create Kubernetes ConfigMap | |
| run: | | |
| kubectl create configmap app-config \ | |
| --from-literal=okta-client-id="${{ vars.OKTA_CLIENT_ID }}" \ | |
| --from-literal=okta-issuer="${{ vars.OKTA_ISSUER }}" \ | |
| --from-literal=auth-url="${{ vars.NEXTAUTH_URL }}" \ | |
| --from-literal=redirect-link="${{ vars.REDIRECT_LINK }}" \ | |
| --from-literal=backend-base-url="${{ vars.BACKEND_BASE_URL }}" \ | |
| --from-literal=disabled-front-auth="${{ vars.NEXT_PUBLIC_DISABLE_FRONTEND_AUTHENTICATION }}" \ | |
| --from-literal=hosted-link="${{ vars.HOSTED_LINK }}" \ | |
| --namespace=deeplynxv3-dev \ | |
| --dry-run=client -o yaml | kubectl apply -f - | |
| # Overwrites ${VARIABLES} in the kube manifest with secrets | |
| - shell: bash | |
| name: Manifest env substitute | |
| env: | |
| AWS_S3_CONNECTION_STRING: ${{ secrets.AWS_S3_CONNECTION_STRING }} | |
| AZURE_OBJECT_CONNECTION_STRING: ${{ secrets.AZURE_OBJECT_CONNECTION_STRING }} | |
| CI_REGISTRY: ${{ secrets.CI_REGISTRY }} | |
| CI_REGISTRY_PATH: ${{ secrets.CI_REGISTRY_PATH }} | |
| GITHUB_RUN_NUMBER: ${{ github.RUN_NUMBER }} | |
| DATABASE_CONNECTION_STRING: ${{ secrets.DATABASE_CONNECTION_STRING }} | |
| FILE_STORAGE_METHOD: ${{ vars.FILE_STORAGE_METHOD }} | |
| POSTGRES_DB_HOST: ${{ vars.POSTGRES_DB_HOST }} | |
| POSTGRES_DB_NAME: ${{ vars.POSTGRES_DB_NAME }} | |
| POSTGRES_USER: ${{ vars.POSTGRES_USER }} | |
| JWT_ISSUER: ${{vars.JWT_ISSUER}} | |
| JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} | |
| JWT_AUDIENCE: ${{vars.JWT_AUDIENCE}} | |
| POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
| STORAGE_DIRECTORY: ${{ vars.STORAGE_DIRECTORY }} | |
| DUCKDB_BASE_PATH: ${{ vars.DUCKDB_BASE_PATH }} | |
| SMTP_SERVER: ${{ vars.SMTP_SERVER }} | |
| SMTP_PORT: ${{ vars.SMTP_PORT }} | |
| SMTP_ENABLE_SSL: ${{ vars.SMTP_ENABLE_SSL }} | |
| FROM_EMAIL: ${{ vars.FROM_EMAIL }} | |
| FROM_NAME: ${{ vars.FROM_NAME }} | |
| INVITE_URL: ${{ vars.INVITE_URL }} | |
| SUPPORT_EMAIL: ${{ vars.SUPPORT_EMAIL }} | |
| DISABLE_BACKEND_AUTHENTICATION: ${{ vars.DISABLE_BACKEND_AUTHENTICATION }} | |
| SUPERUSER_EMAIL: ${{ vars.SUPERUSER_EMAIL }} | |
| HOSTED_LINK: ${{ vars.HOSTED_LINK }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/kubernetes | |
| envsubst < development.yaml > manifest.yaml | |
| # Deploys the kube manifest | |
| - uses: Azure/k8s-deploy@v4 | |
| name: Deploy K8s Workload | |
| with: | |
| resource-group: ${{ secrets.AKS_RESOURCE_GROUP }} | |
| name: ${{ secrets.AKS_CLUSTER_NAME }} | |
| namespace: deeplynxv3-dev | |
| action: deploy | |
| force: true | |
| strategy: basic | |
| manifests: | | |
| kubernetes/manifest.yaml |