Skip to content

Commit 58f8d4b

Browse files
adskyiprogeradskyiproger
committed
feat: Boostrap OpenCRVS node (ocrvs-9792)
1 parent 4a9f5d6 commit 58f8d4b

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+815
-1516
lines changed

.github/workflows/deploy-dependencies.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,7 @@ on:
99
default: "dev"
1010
type: choice
1111
options:
12-
- demo
13-
- dev
14-
- dev-stg
12+
- ""
1513
jobs:
1614
github-to-k8s-sync-env:
1715
uses: ./.github/workflows/github-to-k8s-sync-env.yml

.github/workflows/deploy-opencrvs.yml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,7 @@ on:
2727
default: "dev"
2828
type: choice
2929
options:
30-
- demo
31-
- dev
32-
- dev-stg
30+
- ""
3331
reset:
3432
description: "Reset environment after deploy"
3533
required: false
@@ -102,17 +100,18 @@ jobs:
102100
-f environments/${ENV}/opencrvs-services/values.yaml \
103101
--create-namespace \
104102
--atomic \
103+
--debug \
105104
--wait \
106105
--wait-for-jobs \
107106
--set image.tag="$CORE_IMAGE_TAG" \
108107
--set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
109108
--set countryconfig.image.name="$COUNTRYCONFIG_IMAGE_NAME" \
110-
--set hostname=${{ vars.DOMAIN }}
109+
--set hostname=${{ vars.DOMAIN }} | sed '/USER-SUPPLIED VALUES:/,$d'
111110
- name: Cleanup Helm Locks
112111
if: failure() || cancelled()
113112
run: |
114113
kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \
115-
jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \
114+
jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade" or .metadata.labels.status=="pending-rollback") | .metadata.name' | \
116115
xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \
117116
echo "No helm locks found, all is good"
118117
reset-data:

.github/workflows/k8s-reindex.yml

Lines changed: 21 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,7 @@ on:
99
default: "dev"
1010
type: choice
1111
options:
12-
- demo
13-
- dev
14-
- dev-stg
12+
- ""
1513
workflow_call:
1614
inputs:
1715
environment:
@@ -40,13 +38,24 @@ jobs:
4038
.service.port = (.service.port | tostring)
4139
else . end
4240
' > ${namespace}.json
43-
- name: Reindex data
41+
- name: Create job elasticsearch-reindex from helm template and apply it
4442
run: |
45-
kubectl delete job -n ${namespace} elasticsearch-reindex || true
46-
helm template -f ${namespace}.json \
47-
--namespace ${namespace} \
48-
-s templates/elasticsearch-reindex.yaml \
49-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} -f -
50-
sleep 30;
51-
kubectl logs job/elasticsearch-reindex -f -n ${namespace} || true
52-
kubectl wait --for=condition=complete job/elasticsearch-reindex -n ${namespace} --timeout=600s;
43+
kubectl delete job -n ${namespace} --ignore-not-found=true elasticsearch-reindex
44+
helm template -f ${namespace}.json \
45+
--namespace ${namespace} \
46+
-s templates/elasticsearch-reindex-job.yaml \
47+
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply --wait -n ${namespace} -f -
48+
- name: Checking elasticsearch-reindex job status
49+
run: |
50+
while true; do
51+
kubectl wait --for=condition=ready pod -ljob-name=elasticsearch-reindex --timeout=300s -n ${namespace} && \
52+
kubectl logs job/elasticsearch-reindex --all-containers -f -n ${namespace} && \
53+
touch /tmp/logs_stramed-${namespace}-elasticsearch-reindex.txt || break;
54+
sleep 10; done &
55+
echo "---------------------- Waiting for job completion ----------------------"
56+
kubectl wait --for=condition=complete job/elasticsearch-reindex -n ${namespace} --timeout=600s; status=$? || true
57+
[ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
58+
[ ! -f /tmp/logs_stramed-${namespace}-elasticsearch-reindex.txt ] && kubectl logs job/elasticsearch-reindex --all-containers -n ${namespace} || \
59+
rm -vf /tmp/logs_stramed-${namespace}-elasticsearch-reindex.txt
60+
kill %1 2>/dev/null && echo "Stopped log streaming" || true
61+
exit $status

.github/workflows/k8s-reset-data.yml

Lines changed: 65 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,22 @@
11
name: Reset environment
22
run-name: "Reset ${{ inputs.environment }} environment"
3-
# FIXME:
4-
# - replace sleep 30 with kubectl wait for job completion
5-
# - add status code checks
6-
# - refactor multiple git hub steps into job list
7-
# instead of having multiple similar steps we may have a matrix job with max-parallel: 1
83
on:
94
workflow_dispatch:
105
inputs:
116
environment:
127
description: "Target environment"
138
required: true
14-
default: "dev"
159
type: choice
1610
options:
17-
- demo
18-
- dev
19-
- dev-stg
11+
- ""
2012
workflow_call:
2113
inputs:
2214
environment:
2315
type: string
2416
jobs:
25-
reset:
26-
environment: ${{ inputs.environment }}
17+
prepare:
18+
outputs:
19+
values-file: ${{ steps.get-values.outputs.values-file }}
2720
env:
2821
namespace: opencrvs-${{ inputs.environment }}
2922
runs-on:
@@ -32,77 +25,76 @@ jobs:
3225
- ${{ inputs.environment }}
3326
steps:
3427
- name: Get helm release values and Quote specific fields that are commonly numeric
28+
id: get-values
3529
run: |
3630
helm get values opencrvs -n ${namespace} -ojson | \
3731
jq '
32+
# Quote image tags
3833
if has("image") and (.image | has("tag")) and (.image.tag | type == "number") then
3934
.image.tag = (.image.tag | tostring)
4035
else . end |
36+
37+
# Quote version numbers
4138
if has("version") and (.version | type == "number") then
4239
.version = (.version | tostring)
4340
else . end |
41+
42+
# Quote port numbers if needed (optional)
4443
if has("service") and (.service | has("port")) and (.service.port | type == "number") then
4544
.service.port = (.service.port | tostring)
4645
else . end
47-
' > ${namespace}.json
48-
- name: Cleanup environment
49-
run: |
50-
kubectl delete job -n ${namespace} --ignore-not-found=true data-cleanup
51-
helm template -f ${namespace}.json \
52-
--set data_cleanup.enabled=true \
53-
--namespace ${namespace} \
54-
-s templates/data-cleanup-job.yaml \
55-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
56-
kubectl wait --for=condition=complete job/data-cleanup -n ${namespace} --timeout=600s || true
57-
kubectl logs job/data-cleanup -f --all-containers=true -n ${namespace} || true
58-
- name: Re-run postgres on-update-core
59-
run: |
60-
kubectl delete job -n ${namespace} --ignore-not-found=true postgres-on-update-core;
61-
helm template -f ${namespace}.json \
62-
--namespace ${namespace} \
63-
-s templates/postgres-on-update-core.yaml \
64-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
65-
kubectl wait --for=condition=complete job/postgres-on-update-core -n ${namespace} --timeout=600s || true
66-
kubectl logs job/postgres-on-update-core -f --all-containers=true -n ${namespace} || true
67-
- name: Re-run postgres-data-migration
68-
run: |
69-
kubectl delete job -n ${namespace} --ignore-not-found=true postgres-data-migration;
70-
helm template -f ${namespace}.json \
71-
--namespace ${namespace} \
72-
-s templates/postgres-migration-job.yaml \
73-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
74-
kubectl wait --for=condition=complete job/postgres-data-migration -n ${namespace} --timeout=600s || true
75-
kubectl logs job/postgres-data-migration -f --all-containers=true -n ${namespace} || true
76-
- name: Re-run postgres on-update-analytics
77-
run: |
78-
kubectl delete job -n ${namespace} --ignore-not-found=true postgres-on-update-analytics;
79-
helm template -f ${namespace}.json \
80-
-s templates/postgres-on-update-analytics.yaml \
81-
--namespace ${namespace} \
82-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
83-
kubectl wait --for=condition=complete job/postgres-on-update-analytics -n ${namespace} --timeout=600s || true
84-
kubectl logs job/postgres-on-update-analytics -f --all-containers=true -n ${namespace} || true
85-
- name: Migration
86-
run: |
87-
kubectl delete job -n ${namespace} --ignore-not-found=true data-migration-on-reset
88-
helm template -f ${namespace}.json \
89-
--set data_migration.job_name=data-migration-on-reset \
90-
-s templates/data-migration-job.yaml \
91-
--namespace ${namespace} \
92-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
93-
kubectl wait --for=condition=complete job/data-migration-on-reset -n ${namespace} --timeout=600s || true
94-
kubectl logs job/data-migration-on-reset -f -n ${namespace} || true
95-
- name: Seeding data
96-
run: |
97-
kubectl delete job -n ${namespace} --ignore-not-found=true data-seed
98-
kubectl delete pod -n ${namespace} -lapp=events;
99-
kubectl wait --for=condition=ready pod -n ${namespace} -lapp=events --timeout=600s;
100-
helm template -f ${namespace}.json \
101-
--set data_seed.enabled=true \
102-
--namespace ${namespace} \
103-
-s templates/data-seed-job.yaml \
104-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait -f -
105-
sleep 10;
106-
kubectl wait --for=condition=complete job/data-seed -n ${namespace} --timeout=600s || true
107-
kubectl logs job/data-seed -f -n ${namespace} || true
108-
kubectl delete pod -n ${namespace} -lapp=events;
46+
' > /tmp/${namespace}.json
47+
echo "values-file=/tmp/${namespace}.json" >> $GITHUB_OUTPUT
48+
- name: Upload helm release values file /tmp/opencrvs-${{ inputs.environment }}.json
49+
uses: actions/upload-artifact@v4
50+
with:
51+
name: opencrvs-${{ inputs.environment }}-values-file
52+
path: /tmp/opencrvs-${{ inputs.environment }}.json
53+
retention-days: 1
54+
reset:
55+
name: ${{ matrix.job-name }}
56+
needs: prepare
57+
env:
58+
namespace: opencrvs-${{ inputs.environment }}
59+
runs-on: [self-hosted, k8s, e2e]
60+
strategy:
61+
max-parallel: 1 # Ensure jobs run one by one
62+
fail-fast: true # Stop on first failure
63+
matrix:
64+
job-name:
65+
- data-cleanup
66+
- postgres-on-update-core
67+
- postgres-data-migration
68+
- postgres-on-update-analytics
69+
- data-migration
70+
- data-seed
71+
- elasticsearch-reindex
72+
steps:
73+
- name: Download helm release values file into /tmp/opencrvs-${{ inputs.environment }}.json
74+
uses: actions/download-artifact@v4
75+
with:
76+
name: opencrvs-${{ inputs.environment }}-values-file
77+
path: /tmp
78+
- name: Create job ${{ matrix.job-name }} from helm template and apply it
79+
run: |
80+
kubectl delete job -n ${namespace} --ignore-not-found=true ${{ matrix.job-name }}
81+
helm template -f ${{ needs.prepare.outputs.values-file }} \
82+
--set data_cleanup.enabled=true \
83+
--set data_seed.enabled=true \
84+
--namespace ${namespace} \
85+
-s templates/${{ matrix.job-name }}-job.yaml \
86+
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
87+
- name: Checking ${{ matrix.job-name }} job status
88+
run: |
89+
while true; do
90+
kubectl wait --for=condition=ready pod -ljob-name=${{ matrix.job-name }} --timeout=300s -n ${namespace} && \
91+
kubectl logs job/${{ matrix.job-name }} --all-containers -f -n ${namespace} && \
92+
touch /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt || break;
93+
sleep 1; done &
94+
echo "---------------------- Waiting for job completion ----------------------"
95+
kubectl wait --for=condition=complete job/${{ matrix.job-name }} -n ${namespace} --timeout=600s; status=$? || true
96+
[ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
97+
[ ! -f /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt ] && kubectl logs job/${{ matrix.job-name }} --all-containers -n ${namespace} || \
98+
rm -vf /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt
99+
kill %1 2>/dev/null && echo "Stopped log streaming" || true
100+
exit $status

.github/workflows/k8s-seed-data.yml

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -9,16 +9,13 @@ on:
99
default: "dev"
1010
type: choice
1111
options:
12-
- demo
13-
- dev
14-
- dev-stg
12+
- ""
1513
workflow_call:
1614
inputs:
1715
environment:
1816
type: string
1917
jobs:
2018
seed:
21-
environment: ${{ inputs.environment }}
2219
env:
2320
namespace: opencrvs-${{ inputs.environment }}
2421
runs-on:
@@ -30,28 +27,39 @@ jobs:
3027
run: |
3128
helm get values opencrvs -n ${namespace} -ojson | \
3229
jq '
30+
# Quote image tags
3331
if has("image") and (.image | has("tag")) and (.image.tag | type == "number") then
3432
.image.tag = (.image.tag | tostring)
3533
else . end |
34+
# Quote version numbers
3635
if has("version") and (.version | type == "number") then
3736
.version = (.version | tostring)
3837
else . end |
38+
# Quote port numbers if needed (optional)
3939
if has("service") and (.service | has("port")) and (.service.port | type == "number") then
4040
.service.port = (.service.port | tostring)
4141
else . end
4242
' > ${namespace}.json
4343
- name: Seeding data
4444
run: |
45-
kubectl delete job -n opencrvs-${ENV} data-seed || true
46-
kubectl delete pod -n opencrvs-${ENV} -lapp=events;
47-
sleep 30;
48-
kubectl wait --for=condition=ready pod -n opencrvs-${ENV} -lapp=events;
49-
helm template -f ${namespace}.json \
50-
--set data_seed.enabled=true \
51-
--namespace opencrvs-${ENV} \
52-
-s templates/data-seed-job.yaml \
53-
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n opencrvs-${ENV} -f -
54-
sleep 30;
55-
kubectl logs job/data-seed -f -n opencrvs-${ENV} || true
56-
kubectl wait --for=condition=complete job/data-seed -n opencrvs-${ENV} --timeout=600s;
57-
kubectl delete pod -n opencrvs-${ENV} -lapp=events;
45+
kubectl delete job -n ${namespace} --ignore-not-found=true data-seed
46+
helm template -f ${namespace}.json \
47+
--set data_seed.enabled=true \
48+
--namespace ${namespace} \
49+
-s templates/data-seed-job.yaml \
50+
oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply --wait -n ${namespace} -f -
51+
52+
- name: Checking data-seed job status
53+
run: |
54+
while true; do
55+
kubectl wait --for=condition=ready pod -ljob-name=data-seed --timeout=300s -n ${namespace} && \
56+
kubectl logs job/data-seed --all-containers -f -n ${namespace} && \
57+
touch /tmp/logs_stramed-${namespace}-data-seed.txt || break;
58+
sleep 10; done &
59+
echo "---------------------- Waiting for job completion ----------------------"
60+
kubectl wait --for=condition=complete job/data-seed -n ${namespace} --timeout=600s; status=$? || true
61+
[ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
62+
[ ! -f /tmp/logs_stramed-${namespace}-data-seed.txt ] && kubectl logs job/data-seed --all-containers -n ${namespace} || \
63+
rm -vf /tmp/logs_stramed-${namespace}-data-seed.txt
64+
kill %1 2>/dev/null && echo "Stopped log streaming" || true
65+
exit $status

.github/workflows/provision.md

Whitespace-only changes.

.github/workflows/provision.yml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,7 @@ on:
99
default: 'demo'
1010
type: choice
1111
options:
12-
- dev
13-
- demo
12+
- ""
1413
tags:
1514
description: 'Tags to apply to the provisioned resources'
1615
required: true
@@ -27,8 +26,7 @@ on:
2726
- decrypt-on-boot
2827
- checks
2928
- containerd-setup
30-
- kubernetes-installation
31-
- join-workers
29+
- k8s
3230
- system-preparation
3331
jobs:
3432
provision:
@@ -62,7 +60,6 @@ jobs:
6260
smtp_from: "[email protected]"
6361
smtp_password: ${{ secrets.SMTP_PASSWORD }}
6462
alert_email: ${{ secrets.ALERT_EMAIL }}
65-
6663
- name: checkout repository
6764
uses: actions/checkout@v5
6865
- name: Run Ansible Playbook

.github/workflows/update-envs.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
- name: Extract available environment names
2828
id: extract_environment
2929
run: |
30-
ENVIRONMENTS=(`ls -1 environments`)
30+
ENVIRONMENTS=(`find environments/ -type d -mindepth 1 -maxdepth 1 -exec basename {} \;`)
3131
echo "env_list=${ENVIRONMENTS[@]}" >> "$GITHUB_OUTPUT"
3232
echo "List of existing environment configurations:"
3333
echo "${ENVIRONMENTS[@]}"
@@ -52,6 +52,7 @@ jobs:
5252
".github/workflows/deploy-opencrvs.yml"
5353
".github/workflows/k8s-reset-data.yml"
5454
".github/workflows/k8s-seed-data.yml"
55+
".github/workflows/k8s-reindex.yml"
5556
)
5657
path=".on.workflow_dispatch.inputs.environment.options"
5758

environments/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
This folder is used to store helm chart values.
2+
3+
Files in this folder are created by `yarn environment:init`, but all further updates should be done manually.

0 commit comments

Comments
 (0)