diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0fabf50..33cdcc7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,5 +3,3 @@ repos: rev: v0.7.0 hooks: - id: action-readme - # TODO: After the `slack` and `deploy` actions are removed, remove this `files` input - files: "^(docker-build|docker-push)/" diff --git a/deploy/action.yaml b/deploy/action.yaml deleted file mode 100644 index 6812c95..0000000 --- a/deploy/action.yaml +++ /dev/null @@ -1,204 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at https://mozilla.org/MPL/2.0/. - -name: Deploy Helm Chart -author: Mozilla -description: Obtain credentials for GKE cluster & install Helm chart - -inputs: - app_name: - description: Name of tenant app to deploy to, e.g. testapp1 - required: true - tag_value_path: - description: Path to Helm value for the image tag - default: image.tag - required: false - image_tag: - description: Name of the image tag - required: true - infra_repo: - description: Infrastructure repository contain Helm charts, e.g. mozilla/helm-charts - required: true - infra_repo_ref: - description: Infrastructure repository git reference to checkout, defaults to `main` - required: false - default: main - infra_repo_ssh_key: - description: SSH key with permissions to checkout infrastructure repository, typically a deploy key - required: true - env_name: - description: Name of tenant env to deploy to, e.g. dev - required: true - realm_name: - description: Name of tenant realm to deploy to, e.g. nonprod - required: true - workload_identity_pool_project_number: - description: Project number of workload identity pool used for OIDC authentication - required: true - k8s_cluster_name: - description: Kubernetes cluster name, e.g. mozilla-nonprod - required: true - k8s_cluster_location: - description: Kubernetes cluster location, e.g. us-west1 - required: true - k8s_cluster_project: - description: Kubernetes cluster project, e.g. mozilla-firefox-nonprod - required: true - helm_release_name: - description: Helm chart release name, defaults to `gha` - required: false - default: gha - helm_chart_path: - description: Helm chart path within infrastructure repository , e.g. testapp1/k8s/testapp1/ - required: true - helm_timeout: - description: Helm chart timeout, defaults to `600s` - required: false - default: "600s" - helm_values: - description: Helm values specified with '--set' flag value, e.g. "--set 'foo.bar=value'" - required: false - default: "" - helm_value_files: - description: Helm chart value files within the infrastructure repository specified with "-f" flag value, e.g. "-f values-dev.yaml -f values-dev-additional.yaml", defaults to "-f values-$env_name.yaml" - required: false - default: "" - project_id: - description: GCP project_id used to construct deployment service account. Use this when your project_id doesn't follow the normal patterns, i.e. uses a random id in project_id. - required: false - default: "" - -runs: - using: composite - steps: - - name: checkout the infra repo ${{ inputs.infra_repo }} - uses: actions/checkout@v4 - with: - path: infra_repo - repository: ${{ inputs.infra_repo }} - ref: ${{ inputs.infra_repo_ref }} - ssh-key: ${{ inputs.infra_repo_ssh_key }} - persist-credentials: false - - - id: deployment_service_account - name: deployment service account - shell: bash - run: | - if [[ "$PROJECT_ID" == "" ]]; then - echo "SERVICE_ACCOUNT=deploy-$ENV_NAME@moz-fx-$APP_NAME-$REALM_NAME.iam.gserviceaccount.com" >> $GITHUB_OUTPUT - else - echo "SERVICE_ACCOUNT=deploy-$ENV_NAME@$PROJECT_ID.iam.gserviceaccount.com" >> $GITHUB_OUTPUT - fi - env: - PROJECT_ID: ${{ inputs.project_id }} - REALM: ${{ inputs.realm_name }} - APP_NAME: ${{ inputs.app_name }} - ENV_NAME: ${{ inputs.env_name }} - - - name: gcp authentication - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f #v2.1.7 - with: - service_account: ${{ steps.deployment_service_account.outputs.SERVICE_ACCOUNT }} - workload_identity_provider: projects/${{ inputs.workload_identity_pool_project_number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions - - - name: get gke credentials - uses: google-github-actions/get-gke-credentials@9025e8f90f2d8e0c3dafc3128cc705a26d992a6a #v2.3.0 - with: - cluster_name: ${{ inputs.k8s_cluster_name }} - location: ${{ inputs.k8s_cluster_location }} - project_id: ${{ inputs.k8s_cluster_project }} - - - name: set the helm values flag - id: helm_values - shell: bash - run: | - if [[ "${HELM_VALUE_FILES}" == "" ]]; then - echo "FILES=-f values-${ENV_NAME}.yaml" >> $GITHUB_OUTPUT - else - echo "FILES=${HELM_VALUE_FILES}" >> $GITHUB_OUTPUT - fi - env: - ENV_NAME: ${{ inputs.env_name }} - HELM_VALUE_FILES: ${{ inputs.helm_value_files }} - - - name: helm version - shell: bash - run: helm version - - - name: helm list - shell: bash - run: helm list -n ${APP_NAME}-${ENV_NAME} -a - env: - APP_NAME: ${{ inputs.app_name }} - ENV_NAME: ${{ inputs.env_name }} - - # Workaround for --dependency-update flag failing to update OCI packaged charts - - name: helm dependency update - shell: bash - working-directory: infra_repo/${HELM_CHART_PATH} - run: helm dependency update - env: - HELM_CHART_PATH: ${{ inputs.helm_chart_path }} - - # FIXME - # - Look at adding --atomic or --wait as flags - - name: helm install - shell: bash - working-directory: infra_repo/${HELM_CHART_PATH} - run: | - helm upgrade ${HELM_RELEASE_NAME} . \ - --install \ - --dependency-update \ - --namespace ${APP_NAME}-${ENV_NAME} \ - ${VALUES} \ - --set ${TAG_VALUE_PATH}=${IMAGE_TAG} \ - --timeout ${HELM_TIMEOUT} \ - ${HELM_VALUES} - env: - APP_NAME: ${{ inputs.app_name }} - ENV_NAME: ${{ inputs.env_name }} - HELM_CHART_PATH: ${{ inputs.helm_chart_path }} - HELM_RELEASE_NAME: ${{ inputs.helm_release_name }} - HELM_TIMEOUT: ${{ inputs.helm_timeout }} - HELM_VALUES: ${{ inputs.helm_values }} - IMAGE_TAG: ${{ inputs.image_tag }} - TAG_VALUE_PATH: ${{ inputs.tag_value_path }} - VALUES: ${{ steps.helm_values.outputs.FILES }} - - # List installed charts after upgrade - - name: helm list - if: always() - shell: bash - run: helm list -n ${APP_NAME}-${ENV_NAME} -a - env: - APP_NAME: ${{ inputs.app_name }} - ENV_NAME: ${{ inputs.env_name }} - - - name: helm app version - if: always() - id: helm_app_version - shell: bash - run: | - helm list \ - --filter ${HELM_RELEASE_NAME} \ - --namespace ${APP_NAME}-${ENV_NAME} \ - --no-headers | awk '{printf "deployed_chart_app_version=%s",$10}' | tee $GITHUB_OUTPUT - env: - APP_NAME: ${{ inputs.app_name }} - ENV_NAME: ${{ inputs.env_name }} - HELM_RELEASE_NAME: ${{ inputs.helm_release_name }} - - - name: helm chart version - if: always() - id: helm_chart_version - shell: bash - run: | - helm list \ - --filter ${HELM_RELEASE_NAME} \ - --namespace ${APP_NAME}-${ENV_NAME} \ - --no-headers | awk '{printf "deployed_chart_version=%s",$9}' | tee $GITHUB_OUTPUT - env: - APP_NAME: ${{ inputs.app_name }} - ENV_NAME: ${{ inputs.env_name }} - HELM_RELEASE_NAME: ${{ inputs.helm_release_name }} diff --git a/slack/action.yaml b/slack/action.yaml deleted file mode 100644 index f008226..0000000 --- a/slack/action.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at https://mozilla.org/MPL/2.0/. -# -name: Slack notifications -description: Slack notifications for deployments - -inputs: - app_name: - description: Name of tenant app_name to deploy to, e.g. testapp1 - required: true - type: string - env_name: - description: Name of tenant env to deploy to, e.g. dev - required: true - type: string - type: - description: Message type to be sent, supported values 'start', 'end', 'failed', 'custom' - required: true - type: string - channel_id: - description: Slack channel id to send messages - required: true - type: string - slack_bot_token: - description: Slack bot token oauth secret - required: true - type: string - ref: - description: Deployment ref - required: false - type: string - message: - description: Custom message when inputs.type is set to 'custom' - required: false - type: string - default: "" - color: - description: Custom color when inputs.type is set to 'custom' - required: false - type: string - default: "#28a745" - mentions: - description: Slack users or groups to mention in the message - required: false - type: string - default: "" - update_ts: - description: Message ts for updating sent messages - required: false - type: string -outputs: - ts: - description: Slack ts for updating messages - value: ${{ steps.slack.outputs.ts }} - -runs: - using: composite - steps: - - id: slack - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 #v1.25.0 - env: - SLACK_BOT_TOKEN: ${{ inputs.SLACK_BOT_TOKEN }} - MESSAGE: >- - { - "start": { - "attachments": [ - { - "color": "#dbab09", - "fallback": "${{ inputs.app_name }} ${{ inputs.env_name }}: start", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "${{ inputs.app_name }} ${{ inputs.env_name }}: Deploy started - ${{ inputs.ref }} ${{ inputs.mentions }}" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": "Github Actions", - "emoji": true - }, - "value": "click", - "url": "${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}", - "action_id": "button-action" - } - } - ] - } - ] - }, - "end": { - "attachments": [ - { - "color": "#28a745", - "fallback": "${{ inputs.app_name }} ${{ inputs.env_name }}: end", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "${{ inputs.app_name }} ${{ inputs.env_name }}: Deploy complete - ${{ inputs.ref }} ${{ inputs.mentions }}" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": "Github Actions", - "emoji": true - }, - "value": "click", - "url": "${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}", - "action_id": "button-action" - } - } - ] - } - ] - }, - "failed": { - "attachments": [ - { - "color": "#a72841", - "fallback": "${{ inputs.app_name }} ${{ inputs.env_name }}: failed", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "${{ inputs.app_name }} ${{ inputs.env_name }}: Deploy failed - ${{ inputs.ref }} ${{ inputs.mentions }}" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": "Github Actions", - "emoji": true - }, - "value": "click", - "url": "${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}", - "action_id": "button-action" - } - } - ] - } - ] - }, - "custom": { - "attachments": [ - { - "color": "${{ inputs.color }}", - "fallback": "${{ inputs.app_name }} ${{ inputs.env_name }}: custom", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "${{ inputs.app_name }} ${{ inputs.env_name }}: ${{ inputs.message }}" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": "Github Actions", - "emoji": true - }, - "value": "click", - "url": "${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}", - "action_id": "button-action" - } - } - ] - } - ] - } - } - with: - channel-id: ${{ inputs.channel_id }} - payload: ${{ toJSON(fromJson(env.MESSAGE)[inputs.type]) }} - update-ts: ${{ inputs.update_ts }}