-
Notifications
You must be signed in to change notification settings - Fork 0
187 lines (157 loc) · 6.91 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# CD pipeline with timeout based cancellation logic to deploy the code on a brand new Scaleway instance
name: CD pipeline
on:
workflow_dispatch: # manual trigger
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
check-condition:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Run condition check
uses: ./.github/actions/deployment
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
approval-timeout:
runs-on: ubuntu-latest
needs: check-condition
if: ${{ needs.check-condition.outputs.RUN_DEPLOYMENT }} == 'true'
steps:
- name: Wait for approval or timeout
run: |
ENVIRONMENT_NAME="production"
TIMEOUT_MINUTES=15
echo "Waiting $TIMEOUT_MINUTES minutes for approval ..."
# iterative checks every minute
for ((i=1; i<=$TIMEOUT_MINUTES; i++)); do
if [[ $i -gt 1 ]]; then
MINUTE_STRING="minutes"
else
MINUTE_STRING="minute"
fi
sleep 60
echo "Checking status after $i $MINUTE_STRING ..."
DEPLOYMENT_RESPONSE=$(curl -s \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/deployments?environment=$ENVIRONMENT_NAME&per_page=1")
DEPLOYMENT_ID=$(echo "$DEPLOYMENT_RESPONSE" | jq -r '.[0].id')
STATUS_RESPONSE=$(curl -s \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/deployments/$DEPLOYMENT_ID/statuses")
STATUS=$(echo "$STATUS_RESPONSE" | jq -r '.[0].state')
if [[ ($STATUS == "error" || "$STATUS" == "waiting") && $i -lt $TIMEOUT_MINUTES ]]; then
echo "Approval not received yet - keep waiting for it"
else
break
fi
done
# tags: error, failure, inactive, in_progress, queued, pending, success
echo "Current deployment status is '$STATUS'"
if [[ $STATUS != "error" && "$STATUS" != "waiting" ]]; then
echo "--> Approval received"
exit 0
else
echo "--> No approval found - cancelling workflow ..."
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.BCTK_GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel"
echo "Workflow cancelled"
exit 1
fi
deployment:
runs-on: ubuntu-latest
environment:
name: production
env:
TF_LOG: DEBUG
# Scaleway credentials
TF_VAR_scaleway_access_key: ${{ secrets.SCALEWAY_ACCESS_KEY }}
TF_VAR_scaleway_secret_key: ${{ secrets.SCALEWAY_SECRET_KEY }}
TF_VAR_scaleway_organization_id: ${{ secrets.SCALEWAY_ORGANIZATION_ID }}
TF_VAR_scaleway_project_id: ${{ secrets.SCALEWAY_PROJECT_ID }}
TF_VAR_scaleway_server_user: ${{ secrets.SCALEWAY_SERVER_USER }}
TF_VAR_scaleway_ssh_pub_key_name: ${{ secrets.SCALEWAY_SSH_PUB_KEY_NAME }}
TF_VAR_scaleway_ssh_private_key: ${{ secrets.SCALEWAY_SSH_PRIVATE_KEY }}
TF_VAR_scaleway_zone: ${{ secrets.SCALEWAY_ZONE }}
# Data stored in Scaleway
TF_VAR_scaleway_awscli_config: ${{ secrets.SCALEWAY_AWSCLI_CONFIG }}
TF_VAR_data_bucket: ${{ secrets.DATA_BUCKET }}
TF_VAR_data_source: ${{ secrets.DATA_SOURCE }}
# Github secrets
TF_VAR_github_token: ${{ secrets.BCTK_GITHUB_TOKEN }}
TF_VAR_github_workspace: ${{ github.workspace }}
TF_VAR_github_repo_name: ${{ github.repository }}
# Terraform variables from variables.tf
TF_VAR_bctk_domain: ${{ secrets.BCTK_DOMAIN }}
TF_VAR_clickhouse_ip: ${{ secrets.CLICKHOUSE_IP }}
TF_VAR_clickhouse_port: ${{ secrets.CLICKHOUSE_PORT }}
TF_VAR_clickhouse_db: ${{ secrets.CLICKHOUSE_DB }}
TF_VAR_clickhouse_user: ${{ secrets.CLICKHOUSE_USER }}
TF_VAR_clickhouse_password: ${{ secrets.CLICKHOUSE_PASSWORD }}
# TF_VAR_data_path: "../data"
TF_VAR_avalanche_rpc_url: ${{ secrets.AVALANCHE_RPC_URL }}
needs: check-condition
if: ${{ needs.check-condition.outputs.RUN_DEPLOYMENT }} == 'true'
steps:
- name: Set Secrets for Pull Request
if: github.event_name == 'pull_request'
run: echo "TF_VAR_github_repo_branch=${{ github.head_ref }}" >> $GITHUB_ENV
- name: Set repository branch environment variable
run: |
if [ -z "${{ env.TF_VAR_github_repo_branch }}" ]; then
echo "TF_VAR_github_repo_branch is not set"
echo "TF_VAR_github_repo_branch=${{ github.ref_name }}" >> $GITHUB_ENV
fi
echo "TF_VAR_github_repo_branch is set to: ${{ env.TF_VAR_github_repo_branch }}"
- name: Checkout repository
uses: actions/[email protected]
- name: Delete deprecated DNS records
run: |
# Install Scaleway CLI
ZONE=${{ secrets.SCALEWAY_ZONE }}
REGION="${ZONE:0:-2}"
echo 'Installing Scaleway CLI ...'
curl -s https://raw.githubusercontent.com/scaleway/scaleway-cli/master/scripts/get.sh | sh
mkdir -p ~/.config/scw
tee ~/.config/scw/config.yaml << EOF
access_key: ${{ secrets.SCALEWAY_ACCESS_KEY }}
secret_key: ${{ secrets.SCALEWAY_SECRET_KEY }}
default_organization_id: ${{ secrets.SCALEWAY_ORGANIZATION_ID }}
default_project_id: ${{ secrets.SCALEWAY_PROJECT_ID }}
default_zone: ${{ secrets.SCALEWAY_ZONE }}
default_region: $REGION
api_url: https://api.scaleway.com
EOF
# Delete previous DNS records
ROOT_DOMAIN=$(echo "$(echo ${{ secrets.BCTK_DOMAIN }} | cut -d'.' -f2).$(echo ${{ secrets.BCTK_DOMAIN }} | cut -d'.' -f3)")
SUB_DOMAIN=$(echo ${{ secrets.BCTK_DOMAIN }} | cut -d'.' -f1)
echo 'Deleting previous DNS records for '$SUB_DOMAIN' in '$ROOT_DOMAIN' ...'
scw dns record delete $ROOT_DOMAIN name=$SUB_DOMAIN type=A
scw dns record delete $ROOT_DOMAIN name=$SUB_DOMAIN type=AAAA
- name: Set up Terraform
uses: hashicorp/[email protected]
- name: Initialize Terraform
uses: ./.github/actions/terraform
with:
command: init
- name: Terraform Format
uses: ./.github/actions/terraform
with:
command: fmt -check
- name: Terraform Plan
uses: ./.github/actions/terraform
with:
command: plan
- name: Apply Terraform configuration
uses: ./.github/actions/terraform
with:
command: apply -auto-approve