insights/.github/workflows/production-deploy.yaml at a8c2a06aea1093c9526d13ef37ef8984c5116609 · linuxfoundation/insights · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Production Deploy

on:
  workflow_dispatch:
    inputs:
      service:
        description: Service to deploy
        required: true
        type: choice
        default: frontend
        options:
          - frontend
          - package-downloads-worker
          - search-volume-worker

env:
  CLOUD_ENV: lf-oracle-production
  ORACLE_DOCKER_USERNAME: ${{ secrets.ORACLE_DOCKER_USERNAME }}
  ORACLE_DOCKER_PASSWORD: ${{ secrets.ORACLE_DOCKER_PASSWORD }}
  ORACLE_USER: ${{ secrets.ORACLE_USER }}
  ORACLE_TENANT: ${{ secrets.ORACLE_TENANT }}
  ORACLE_REGION: ${{ secrets.ORACLE_REGION }}
  ORACLE_FINGERPRINT: ${{ secrets.ORACLE_FINGERPRINT }}
  ORACLE_KEY: ${{ secrets.ORACLE_KEY }}
  ORACLE_KEY_PASSPHRASE: ${{ secrets.ORACLE_KEY_PASSPHRASE }}
  ORACLE_CLUSTER: ${{ secrets.ORACLE_PRODUCTION_CLUSTER }}

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Set service config
        id: config
        run: |
          case "${{ inputs.service }}" in
            frontend)
              echo "dockerfile=frontend/Dockerfile" >> $GITHUB_OUTPUT
              echo "image_name=insights-app" >> $GITHUB_OUTPUT
              echo "k8s_deployment=insights-app-dpl" >> $GITHUB_OUTPUT
              echo "k8s_container=frontend" >> $GITHUB_OUTPUT
              ;;
            package-downloads-worker)
              echo "dockerfile=workers/temporal/package_downloads_worker/Dockerfile" >> $GITHUB_OUTPUT
              echo "image_name=package-downloads-worker" >> $GITHUB_OUTPUT
              echo "k8s_deployment=package-downloads-worker-dpl" >> $GITHUB_OUTPUT
              echo "k8s_container=package-downloads-worker" >> $GITHUB_OUTPUT
              ;;
            search-volume-worker)
              echo "dockerfile=workers/temporal/search_volume_worker/Dockerfile" >> $GITHUB_OUTPUT
              echo "image_name=insights-search-volume-worker" >> $GITHUB_OUTPUT
              echo "k8s_deployment=search-volume-worker-dpl" >> $GITHUB_OUTPUT
              echo "k8s_container=search-volume-worker" >> $GITHUB_OUTPUT
              ;;
            *)
              echo "::error::Unknown service: ${{ inputs.service }}"
              exit 1
              ;;
          esac

      - name: Setup OCI CLI and Kubectl
        run: |
          # Install OCI CLI
          curl -sL https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh | bash -s -- --accept-all-defaults
          echo "$HOME/bin" >> $GITHUB_PATH
          export PATH="$HOME/bin:$PATH"

          # Configure OCI CLI
          mkdir -p ~/.oci
          echo "${{ env.ORACLE_KEY }}" | base64 --decode > ~/.oci/oci_api_key.pem
          chmod 600 ~/.oci/oci_api_key.pem

          cat > ~/.oci/config << EOF
          [DEFAULT]
          user=${{ env.ORACLE_USER }}
          fingerprint=${{ env.ORACLE_FINGERPRINT }}
          key_file=$HOME/.oci/oci_api_key.pem
          tenancy=${{ env.ORACLE_TENANT }}
          region=${{ env.ORACLE_REGION }}
          pass_phrase=${{ env.ORACLE_KEY_PASSPHRASE }}
          EOF
          chmod 600 ~/.oci/config

          # Get kubeconfig
          $HOME/bin/oci ce cluster create-kubeconfig \
            --cluster-id ${{ env.ORACLE_CLUSTER }} \
            --file $HOME/.kube/config \
            --region ${{ env.ORACLE_REGION }} \
            --token-version 2.0.0 \
            --kube-endpoint PUBLIC_ENDPOINT \
            --overwrite

      - name: Load all envs from ConfigMap
        run: |
          kubectl get configmap insights-config-map -n insights -o json \
          | jq -r '.data | to_entries[] | "\(.key)=\(.value)"' >> $GITHUB_ENV

      - name: Build docker image
        uses: ./.github/actions/build-docker-image
        id: build-docker-image
        with:
          app-env: production
          dockerfile: ${{ steps.config.outputs.dockerfile }}
          image-name: ${{ steps.config.outputs.image_name }}
          build-args: ''

      - name: Update Deployment Image
        run: |
          kubectl set image deployment/${{ steps.config.outputs.k8s_deployment }} \
            ${{ steps.config.outputs.k8s_container }}=${{ steps.build-docker-image.outputs.image }} \
            -n insights
          kubectl rollout status deployment/${{ steps.config.outputs.k8s_deployment }} -n insights --timeout=300s

      - name: Flush Redis cache
        if: inputs.service == 'frontend'
        run: |
          REDIS_URL=$(kubectl get configmap insights-config-map -n insights -o jsonpath="{.data.NUXT_REDIS_URL}")
          PASSWORD=$(echo "$REDIS_URL" | sed -n 's|.*://:\([^@]*\)@.*|\1|p')
          kubectl exec -i redis-client -n insights -- \
            redis-cli -h redis-svc -a "$PASSWORD" FLUSHALL