Merge branch 'develop' into ocrvs-9792

adskyiproger · web-flow · commit b4964f2d3f1f · 2025-10-21T16:00:02.000+03:00
diff --git a/.github/workflows/deploy-opencrvs.yml b/.github/workflows/deploy-opencrvs.yml
@@ -100,17 +100,18 @@ jobs:
             -f environments/${ENV}/opencrvs-services/values.yaml \
             --create-namespace \
             --atomic \
+            --debug \
             --wait \
             --wait-for-jobs \
             --set image.tag="$CORE_IMAGE_TAG" \
             --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
             --set countryconfig.image.name="$COUNTRYCONFIG_IMAGE_NAME" \
-            --set hostname=${{ vars.DOMAIN }}
+            --set hostname=${{ vars.DOMAIN }} | sed '/USER-SUPPLIED VALUES:/,$d'
       - name: Cleanup Helm Locks
         if: failure() || cancelled()
         run: |
           kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \
-          jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \
+          jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade" or .metadata.labels.status=="pending-rollback") | .metadata.name' | \
           xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \
           echo "No helm locks found, all is good"
   reset-data:
diff --git a/.github/workflows/k8s-reindex.yml b/.github/workflows/k8s-reindex.yml
@@ -38,13 +38,24 @@ jobs:
                 .service.port = (.service.port | tostring)
               else . end
             ' > ${namespace}.json
-      - name: Reindex data
+      - name: Create job elasticsearch-reindex from helm template and apply it
         run: |
-          kubectl delete job -n ${namespace} elasticsearch-reindex || true
-          helm template -f ${namespace}.json \
-              --namespace ${namespace} \
-              -s templates/elasticsearch-reindex.yaml \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} -f -
-          sleep 30;
-          kubectl logs job/elasticsearch-reindex -f -n ${namespace} || true
-          kubectl wait --for=condition=complete job/elasticsearch-reindex -n ${namespace} --timeout=600s;
+            kubectl delete job -n ${namespace} --ignore-not-found=true elasticsearch-reindex
+            helm template -f ${namespace}.json \
+                --namespace ${namespace} \
+                -s templates/elasticsearch-reindex-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply --wait -n ${namespace} -f -
+      - name: Checking elasticsearch-reindex job status
+        run: |
+          while true; do
+            kubectl wait --for=condition=ready pod -ljob-name=elasticsearch-reindex --timeout=300s -n ${namespace} && \
+            kubectl logs job/elasticsearch-reindex --all-containers -f -n ${namespace} && \
+            touch /tmp/logs_stramed-${namespace}-elasticsearch-reindex.txt  || break;
+            sleep 10; done &
+          echo "---------------------- Waiting for job completion ----------------------"
+          kubectl wait --for=condition=complete job/elasticsearch-reindex -n ${namespace} --timeout=600s; status=$? || true
+          [ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
+          [ ! -f /tmp/logs_stramed-${namespace}-elasticsearch-reindex.txt ] && kubectl logs job/elasticsearch-reindex --all-containers -n ${namespace} || \
+            rm -vf /tmp/logs_stramed-${namespace}-elasticsearch-reindex.txt
+          kill %1 2>/dev/null && echo "Stopped log streaming" || true
+          exit $status
diff --git a/.github/workflows/k8s-reset-data.yml b/.github/workflows/k8s-reset-data.yml
@@ -1,17 +1,11 @@
 name: Reset environment
 run-name: "Reset ${{ inputs.environment }} environment"
-# FIXME:
-# - replace sleep 30 with kubectl wait for job completion
-# - add status code checks
-# - refactor multiple git hub steps into job list
-#   instead of having multiple similar steps we may have a matrix job with max-parallel: 1
 on:
   workflow_dispatch:
     inputs:
       environment:
         description: "Target environment"
         required: true
-        default: "dev"
         type: choice
         options:
           - ""
@@ -20,8 +14,9 @@ on:
       environment:
         type: string
 jobs:
-  reset:
-    environment: ${{ inputs.environment }}
+  prepare:
+    outputs:
+      values-file: ${{ steps.get-values.outputs.values-file }}
     env:
       namespace: opencrvs-${{ inputs.environment }}
     runs-on:
@@ -30,77 +25,76 @@ jobs:
       - ${{ inputs.environment }}
     steps:
       - name: Get helm release values and Quote specific fields that are commonly numeric
+        id: get-values
         run: |
           helm get values opencrvs -n ${namespace} -ojson | \
             jq '
+              # Quote image tags
               if has("image") and (.image | has("tag")) and (.image.tag | type == "number") then
                 .image.tag = (.image.tag | tostring)
               else . end |
+              
+              # Quote version numbers
               if has("version") and (.version | type == "number") then
                 .version = (.version | tostring)
               else . end |
+              
+              # Quote port numbers if needed (optional)
               if has("service") and (.service | has("port")) and (.service.port | type == "number") then
                 .service.port = (.service.port | tostring)
               else . end
-            ' > ${namespace}.json
-      - name: Cleanup environment
-        run: |
-          kubectl delete job -n ${namespace} --ignore-not-found=true data-cleanup
-          helm template -f ${namespace}.json \
-              --set data_cleanup.enabled=true \
-              --namespace ${namespace} \
-              -s templates/data-cleanup-job.yaml \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
-          kubectl wait --for=condition=complete job/data-cleanup -n ${namespace} --timeout=600s || true
-          kubectl logs job/data-cleanup -f --all-containers=true -n ${namespace} || true
-      - name: Re-run postgres on-update-core
-        run: |
-          kubectl delete job -n ${namespace} --ignore-not-found=true postgres-on-update-core;
-          helm template -f ${namespace}.json \
-              --namespace ${namespace} \
-              -s templates/postgres-on-update-core.yaml \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
-          kubectl wait --for=condition=complete job/postgres-on-update-core -n ${namespace} --timeout=600s || true
-          kubectl logs job/postgres-on-update-core -f --all-containers=true -n ${namespace} || true
-      - name: Re-run postgres-data-migration
-        run: |
-          kubectl delete job -n ${namespace} --ignore-not-found=true postgres-data-migration;
-          helm template -f ${namespace}.json \
-              --namespace ${namespace} \
-              -s templates/postgres-migration-job.yaml \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
-          kubectl wait --for=condition=complete job/postgres-data-migration -n ${namespace} --timeout=600s || true
-          kubectl logs job/postgres-data-migration -f --all-containers=true -n ${namespace} || true
-      - name: Re-run postgres on-update-analytics
-        run: |
-          kubectl delete job -n ${namespace} --ignore-not-found=true postgres-on-update-analytics;
-          helm template -f ${namespace}.json \
-              -s templates/postgres-on-update-analytics.yaml \
-              --namespace ${namespace} \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
-          kubectl wait --for=condition=complete job/postgres-on-update-analytics -n ${namespace} --timeout=600s || true
-          kubectl logs job/postgres-on-update-analytics -f --all-containers=true -n ${namespace} || true
-      - name: Migration
-        run: |
-          kubectl delete job -n ${namespace} --ignore-not-found=true data-migration-on-reset
-          helm template -f ${namespace}.json \
-              --set data_migration.job_name=data-migration-on-reset \
-              -s templates/data-migration-job.yaml \
-              --namespace ${namespace} \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
-          kubectl wait --for=condition=complete job/data-migration-on-reset -n ${namespace} --timeout=600s || true
-          kubectl logs job/data-migration-on-reset -f -n ${namespace} || true
-      - name: Seeding data
-        run: |
-          kubectl delete job -n ${namespace} --ignore-not-found=true data-seed
-          kubectl delete pod -n ${namespace} -lapp=events;
-          kubectl wait --for=condition=ready pod -n ${namespace} -lapp=events --timeout=600s;
-          helm template  -f ${namespace}.json \
-              --set data_seed.enabled=true \
-              --namespace ${namespace} \
-              -s templates/data-seed-job.yaml \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait -f -
-          sleep 10;
-          kubectl wait --for=condition=complete job/data-seed -n ${namespace} --timeout=600s || true
-          kubectl logs job/data-seed -f -n ${namespace} || true
-          kubectl delete pod -n ${namespace} -lapp=events;
+            ' > /tmp/${namespace}.json
+            echo "values-file=/tmp/${namespace}.json" >> $GITHUB_OUTPUT
+      - name: Upload helm release values file /tmp/opencrvs-${{ inputs.environment }}.json
+        uses: actions/upload-artifact@v4
+        with:
+          name: opencrvs-${{ inputs.environment }}-values-file
+          path: /tmp/opencrvs-${{ inputs.environment }}.json
+          retention-days: 1
+  reset:
+    name: ${{ matrix.job-name }}
+    needs: prepare
+    env:
+      namespace: opencrvs-${{ inputs.environment }}
+    runs-on: [self-hosted, k8s, e2e]
+    strategy:
+      max-parallel: 1  # Ensure jobs run one by one
+      fail-fast: true  # Stop on first failure
+      matrix:
+        job-name:
+          - data-cleanup
+          - postgres-on-update-core
+          - postgres-data-migration
+          - postgres-on-update-analytics
+          - data-migration
+          - data-seed
+          - elasticsearch-reindex
+    steps:
+        - name: Download helm release values file into /tmp/opencrvs-${{ inputs.environment }}.json
+          uses: actions/download-artifact@v4
+          with:
+            name: opencrvs-${{ inputs.environment }}-values-file
+            path: /tmp
+        - name: Create job ${{ matrix.job-name }} from helm template and apply it
+          run: |
+            kubectl delete job -n ${namespace} --ignore-not-found=true ${{ matrix.job-name }}
+            helm template -f ${{ needs.prepare.outputs.values-file }} \
+                --set data_cleanup.enabled=true \
+                --set data_seed.enabled=true \
+                --namespace ${namespace} \
+                -s templates/${{ matrix.job-name }}-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
+        - name: Checking ${{ matrix.job-name }} job status
+          run: |
+            while true; do
+              kubectl wait --for=condition=ready pod -ljob-name=${{ matrix.job-name }} --timeout=300s -n ${namespace} && \
+              kubectl logs job/${{ matrix.job-name }} --all-containers -f -n ${namespace} && \
+              touch /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt || break; 
+              sleep 1; done &
+            echo "---------------------- Waiting for job completion ----------------------"
+            kubectl wait --for=condition=complete job/${{ matrix.job-name }} -n ${namespace} --timeout=600s; status=$? || true
+            [ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
+            [ ! -f /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt ] && kubectl logs job/${{ matrix.job-name }} --all-containers -n ${namespace} || \
+              rm -vf /tmp/logs_stramed-${namespace}-${{ matrix.job-name }}.txt
+            kill %1 2>/dev/null && echo "Stopped log streaming" || true
+            exit $status
diff --git a/.github/workflows/k8s-seed-data.yml b/.github/workflows/k8s-seed-data.yml
@@ -16,7 +16,6 @@ on:
         type: string
 jobs:
   seed:
-    environment: ${{ inputs.environment }}
     env:
       namespace: opencrvs-${{ inputs.environment }}
     runs-on:
@@ -28,25 +27,39 @@ jobs:
         run: |
           helm get values opencrvs -n ${namespace} -ojson | \
             jq '
+              # Quote image tags
               if has("image") and (.image | has("tag")) and (.image.tag | type == "number") then
                 .image.tag = (.image.tag | tostring)
               else . end |
+              # Quote version numbers
               if has("version") and (.version | type == "number") then
                 .version = (.version | tostring)
               else . end |
+              # Quote port numbers if needed (optional)
               if has("service") and (.service | has("port")) and (.service.port | type == "number") then
                 .service.port = (.service.port | tostring)
               else . end
             ' > ${namespace}.json
       - name: Seeding data
         run: |
-          kubectl delete job --wait -n ${namespace} data-seed || true
-          helm template -f ${namespace}.json \
-              --set data_seed.enabled=true \
-              --namespace ${namespace} \
-              -s templates/data-seed-job.yaml \
-              oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait --timeout=600s -f -
-          kubectl get pods -n ${namespace} -lapp=data-seed
-          kubectl wait --for=condition=Complete job/data-seed -n ${namespace} --timeout=600s; RES=$?
-          kubectl logs job/data-seed -f -n ${namespace}
-          exit $RES
+            kubectl delete job -n ${namespace} --ignore-not-found=true data-seed
+            helm template -f ${namespace}.json \
+                --set data_seed.enabled=true \
+                --namespace ${namespace} \
+                -s templates/data-seed-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply --wait -n ${namespace} -f -
+
+        - name: Checking data-seed job status
+          run: |
+            while true; do
+              kubectl wait --for=condition=ready pod -ljob-name=data-seed --timeout=300s -n ${namespace} && \
+              kubectl logs job/data-seed --all-containers -f -n ${namespace} && \
+              touch /tmp/logs_stramed-${namespace}-data-seed.txt  || break;
+              sleep 10; done &
+            echo "---------------------- Waiting for job completion ----------------------"
+            kubectl wait --for=condition=complete job/data-seed -n ${namespace} --timeout=600s; status=$? || true
+            [ $status -ne 0 ] && kubectl get pods -n ${namespace} --show-labels && kubectl describe pod -ljob-name=${job_name} -n ${namespace};
+            [ ! -f /tmp/logs_stramed-${namespace}-data-seed.txt ] && kubectl logs job/data-seed --all-containers -n ${namespace} || \
+              rm -vf /tmp/logs_stramed-${namespace}-data-seed.txt
+            kill %1 2>/dev/null && echo "Stopped log streaming" || true
+            exit $status
