-
Notifications
You must be signed in to change notification settings - Fork 2
152 lines (126 loc) · 5.45 KB
/
main.yml
File metadata and controls
152 lines (126 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
on: [push]
env:
ARGO_URL: https://github.com/argoproj/argo-workflows/releases/download/v3.6.12/argo-linux-amd64.gz
jobs:
main:
name: Build, Format and Test
runs-on: ubuntu-latest
steps:
- uses: linz/action-typescript@47be81e60ed1d891c696c3fb7f558876ba9a2b57 # v3.2.0
with:
node-version: 24.x
- name: Check formatting
run: npx prettier --check .
- name: Download actionlint
run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile
- name: Run actionlint to check workflow files
run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint -color
- name: Install Argo
run: |
curl --location --remote-name --silent "${{ env.ARGO_URL }}"
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
./argo-linux-amd64 version
- name: Lint workflows
run: |
./argo-linux-amd64 lint --offline templates/ workflows/
deploy-prod:
runs-on: ubuntu-latest
concurrency: deploy-prod-${{ github.ref }}
needs: [main]
if: ${{ github.ref == 'refs/heads/master' }}
environment:
name: prod
permissions:
id-token: write
contents: read
env:
CLUSTER_NAME: Workflows
steps:
- uses: linz/action-typescript@47be81e60ed1d891c696c3fb7f558876ba9a2b57 # v3.2.0
with:
node-version: 24.x
# Configure access to AWS / EKS
- name: Setup kubectl
uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v3
with:
version: 'latest'
- name: AWS Configure
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
with:
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_CI_ROLE }}
- name: Find Changes in Infra
id: get-infra-changes
run: |
mapfile -d '' modified_infra_files < <(git diff --name-only -z ${{ github.event.before }} ${{ github.event.after }} -- "infra/*" ":(exclude)infra/*.md")
if [[ "${#modified_infra_files[@]}" -ge 1 ]]; then
echo "run_infra=true" >> "$GITHUB_OUTPUT"
else
echo "run_infra=false" >> "$GITHUB_OUTPUT"
fi
- name: (CDK) Deploy infrastructure
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
npx cdk deploy --all \
-c maintainer-arns=${{ secrets.AWS_CI_ROLE }},${{ secrets.AWS_ADMIN_ROLE }},${{ secrets.AWS_ADMIN_SSO_ROLE }},${{ secrets.AWS_STORAGEMAINTAINER_ROLE }},${{ secrets.AWS_STORAGEMAINTAINER_SSO_ROLE }} \
-c aws-account-id=${{ secrets.AWS_ACCOUNT_ID }} \
-c rds-alerts=true \
--require-approval never
env:
NODE_ENV: production
- name: Login to EKS
run: |
aws eks update-kubeconfig --name ${{ env.CLUSTER_NAME }} --region ap-southeast-2
- name: Check EKS connection
run: |
kubectl get nodes
# Configure the Kubernetes cluster with CDK8s
- name: (CDK8s) Synth
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
npx cdk8s synth
# nb: kubectl diff - is somewhat dangerous as it dumps out secrets in plain text
# so it should not be used in this pipeline
# TODO use a --prune and --applyset to remove unused objects
- name: (CDK8s) Deploy
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
kubectl apply -f dist/
- name: Deploy workflows
if: github.ref == 'refs/heads/master'
run: |
# Deploy templates first
# Find all templates that have kind "WorkflowTemplate"
TEMPLATES=$(grep '^kind: WorkflowTemplate$' -R templates/ -H | cut -d ':' -f1)
# For each template attempt to deploy it using kubectl
for tpl in $TEMPLATES; do
kubectl apply -f "$tpl" --namespace argo
done
# Find all workflows that have kind "WorkflowTemplate"
WORKFLOWS=$(grep '^kind: WorkflowTemplate$' -R workflows/ -H | cut -d ':' -f1)
# For each workflow template attempt to deploy it using kubectl
for wf in $WORKFLOWS; do
kubectl apply -f "$wf" --namespace argo
done
# Find all cron workflows that have kind "CronWorkflow"
CRON_WORKFLOWS=$(grep '^kind: CronWorkflow$' -R workflows/ -H | cut -d ':' -f1)
# For each cron workflow attempt to deploy it using kubectl
for cwf in $CRON_WORKFLOWS; do
kubectl apply -f "$cwf" --namespace argo
done
EVENTS=$(grep '^kind: Sensor$' -R events/ -H | cut -d ':' -f1)
for evt in $EVENTS; do
kubectl apply -f "$evt" --namespace argo-events
done
- name: Install Argo
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
curl --location --remote-name --silent "${{ env.ARGO_URL }}"
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
- name: Smoke test
if: steps.get-infra-changes.outputs.run_infra == 'true'
run: |
./argo-linux-amd64 --namespace=argo submit --wait --from=wftmpl/imagery-standardising --parameter=validate=false --parameter=gsd=0.3 --parameter=start_datetime=2017-12-02 --parameter=end_datetime=2018-03-11 --parameter=lifecycle="under development" --generate-name="test-ci-is-"