-
Notifications
You must be signed in to change notification settings - Fork 0
156 lines (130 loc) · 5.5 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# CD pipeline with timeout based cancellation logic to deploy the code on a brand new Scaleway instance
name: CD pipeline
on:
workflow_dispatch: # manual trigger
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
check-condition:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Run condition check
uses: ./.github/actions/deployment
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
approval-timeout:
runs-on: ubuntu-latest
needs: check-condition
if: ${{ needs.check-condition.outputs.RUN_DEPLOYMENT }} == 'true'
steps:
- name: Wait for approval or timeout
run: |
ENVIRONMENT_NAME="production"
TIMEOUT_MINUTES=15
echo "Waiting $TIMEOUT_MINUTES minutes for approval ..."
# iterative checks every minute
for ((i=1; i<=$TIMEOUT_MINUTES; i++)); do
if [[ $i -gt 1 ]]; then
MINUTE_STRING="minutes"
else
MINUTE_STRING="minute"
fi
sleep 60
echo "Checking status after $i $MINUTE_STRING ..."
DEPLOYMENT_RESPONSE=$(curl -s \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/deployments?environment=$ENVIRONMENT_NAME&per_page=1")
DEPLOYMENT_ID=$(echo "$DEPLOYMENT_RESPONSE" | jq -r '.[0].id')
STATUS_RESPONSE=$(curl -s \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/deployments/$DEPLOYMENT_ID/statuses")
STATUS=$(echo "$STATUS_RESPONSE" | jq -r '.[0].state')
if [[ ($STATUS == "error" || "$STATUS" == "waiting") && $i -lt $TIMEOUT_MINUTES ]]; then
echo "Approval not received yet - keep waiting for it"
else
break
fi
done
# tags: error, failure, inactive, in_progress, queued, pending, success
echo "Current deployment status is '$STATUS'"
if [[ $STATUS != "error" && "$STATUS" != "waiting" ]]; then
echo "--> Approval received"
exit 0
else
echo "--> No approval found - cancelling workflow ..."
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.BCTK_GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel"
echo "Workflow cancelled"
exit 1
fi
deployment:
runs-on: ubuntu-latest
environment:
name: production
env:
TF_LOG: DEBUG
# Scaleway credentials
TF_VAR_scaleway_access_key: ${{ secrets.SCALEWAY_ACCESS_KEY }}
TF_VAR_scaleway_secret_key: ${{ secrets.SCALEWAY_SECRET_KEY }}
TF_VAR_scaleway_project_id: ${{ secrets.SCALEWAY_PROJECT_ID }}
TF_VAR_scaleway_project_id_main: ${{ secrets.SCALEWAY_PROJECT_ID_MAIN }}
TF_VAR_scaleway_server_user: ${{ secrets.SCALEWAY_SERVER_USER }}
TF_VAR_scaleway_ssh_pub_key_name: ${{ secrets.SCALEWAY_SSH_PUB_KEY_NAME }}
TF_VAR_scaleway_ssh_private_key: ${{ secrets.SCALEWAY_SSH_PRIVATE_KEY }}
TF_VAR_scaleway_zone: ${{ secrets.SCALEWAY_ZONE }}
# Github secrets
TF_VAR_github_token: ${{ secrets.BCTK_GITHUB_TOKEN }}
TF_VAR_github_workspace: ${{ github.workspace }}
TF_VAR_github_repo_name: ${{ github.repository }}
# Terraform variables from variables.tf
TF_VAR_bctk_domain: ${{ secrets.BCTK_DOMAIN }}
TF_VAR_clickhouse_ip: ${{ secrets.CLICKHOUSE_IP }}
TF_VAR_clickhouse_port: ${{ secrets.CLICKHOUSE_PORT }}
TF_VAR_clickhouse_db: ${{ secrets.CLICKHOUSE_DB }}
TF_VAR_clickhouse_user: ${{ secrets.CLICKHOUSE_USER }}
TF_VAR_clickhouse_password: ${{ secrets.CLICKHOUSE_PASSWORD }}
TF_VAR_data_path: "../data"
TF_VAR_avalanche_rpc_url: ${{ secrets.AVALANCHE_RPC_URL }}
needs: check-condition
if: ${{ needs.check-condition.outputs.RUN_DEPLOYMENT }} == 'true'
steps:
- name: Set Secrets for Pull Request
if: github.event_name == 'pull_request'
run: echo "TF_VAR_github_repo_branch=${{ github.head_ref }}" >> $GITHUB_ENV
- name: Set repository branch environment variable
run: |
if [ -z "${{ env.TF_VAR_github_repo_branch }}" ]; then
echo "TF_VAR_github_repo_branch is not set"
echo "TF_VAR_github_repo_branch=${{ github.ref_name }}" >> $GITHUB_ENV
fi
echo "TF_VAR_github_repo_branch is set to: ${{ env.TF_VAR_github_repo_branch }}"
- name: Checkout repository
uses: actions/[email protected]
- name: Set up Terraform
uses: hashicorp/[email protected]
- name: Initialize Terraform
uses: ./.github/actions/terraform
with:
command: init
- name: Terraform Format
uses: ./.github/actions/terraform
with:
command: fmt -check
- name: Terraform Plan
uses: ./.github/actions/terraform
with:
command: plan
- name: Apply Terraform configuration
uses: ./.github/actions/terraform
with:
command: apply -auto-approve