-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (127 loc) · 5.08 KB
/
az-dc-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: DC Deploy AzureTest CD
run-name: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}
on:
push:
branches:
- develop
workflow_dispatch:
inputs:
docker_tag_name:
default: develop
description: Enter BranchName / Release Tag Name
required: true
type: string
env:
type: environment
description: Select the environment
required: true
default: alp-dev-sg-2
force-cleanup-containers:
description: Force cleanup all containers
type: boolean
default: true
env:
DOCKER_TAG_NAME: ${{ github.event.inputs.docker_tag_name || 'develop' }}
ENV_NAME: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}
ENV_TYPE: remote
concurrency:
group: az-dc-cd-${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}
cancel-in-progress: true
jobs:
deploy:
environment: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}
name: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}
runs-on:
[
"${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}",
self-hosted,
Linux,
X64,
]
steps:
- uses: actions/checkout@v4
with:
clean: false
- name: Install 1Password CLI
uses: 1Password/[email protected]
- name: Force cleanup containers
if: github.event.inputs.force-cleanup-containers
continue-on-error: true
run: docker rm -v -f $(docker ps -qa)
- name: Generate dotenv
env:
DOTENV_FILE: .env.${{ env.ENV_TYPE }}
DOTENV_YML: .env.${{ env.ENV_NAME }}.yml
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
OP_VAULT_NAME: ${{ secrets.OP_VAULT_NAME }}
OVERWRITE: true
run: |
./internal/scripts/get-op-ratelimit.sh
ACTIONS_STEP_DEBUG=false
# get env yml from 1password
yarn --cwd internal op:get:$ENV_TYPE
# mask sensitive values
internal/scripts/gha-mask.sh
# generate dotenv
yarn --cwd internal gen:env
cp $DOTENV_FILE ../$DOTENV_FILE-${GITHUB_RUN_ID:-ghRunId}-$(date '+%Y%m%dT%H%M%S')
echo DOCKER_TAG_NAME=$DOCKER_TAG_NAME | tee -a $DOTENV_FILE | tee -a $GITHUB_STEP_SUMMARY
echo HEAD_COMMIT_MESSAGE=$(git show -s --format=%s) | tee -a "$GITHUB_STEP_SUMMARY"
echo GITHUB_SHA_SHORT=$(git rev-parse --short HEAD) | tee -a "$GITHUB_STEP_SUMMARY"
- name: Load dotenv from 1password
uses: 1password/load-secrets-action@v2
id: op-load-secret
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
REGISTRY_USERNAME: "op://${{ secrets.OP_VAULT_NAME }}/az-alpCR/username"
REGISTRY_PASSWORD: "op://${{ secrets.OP_VAULT_NAME }}/az-alpCR/password"
- name: 1password ratelimit end
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
run: |
./internal/scripts/get-op-ratelimit.sh
- name: Upload stats.yml artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: stats
retention-days: 30
path: |
${{ github.job }}*.yml
- shell: bash
if: github.event_name == 'push'
id: enable_delay_for_docker_build_to_complete
run: |
sleep 240 # Temporary solution
- name: Pull docker images
uses: nick-fields/retry@v3
with:
timeout_seconds: 1800
retry_wait_seconds: 60
max_attempts: 10
retry_on: any
command: |
# customize dc.yml
yq -i '.services.alp-minerva-postgres.ports=["41190:5432"]' docker-compose.yml # expose PG port
yarn remote:minerva pull
docker pull ghcr.io/data2evidence/d2e-flow/base:${DOCKER_TAG_NAME} # To handle if not present
- name: docker compose up
run: |
yarn remote:minerva up --remove-orphans --force-recreate --wait
DC_EXIT_CODE=$?
echo DC_EXIT_CODE=$DC_EXIT_CODE | tee -a $GITHUB_STEP_SUMMARY
DOCKER_STATUS_FILE=../docker-status-${GITHUB_RUN_ID:-ghRunId}-$(date '+%Y%m%dT%H%M%S').txt
docker ps --format {{.Names}},{{.Status}} 2> /dev/null | sort | tee $DOCKER_STATUS_FILE | tee -a $GITHUB_STEP_SUMMARY
DC_FAIL_COUNT=$( grep -icE "starting|unhealthy" $DOCKER_STATUS_FILE || true )
echo DC_FAIL_COUNT=$DC_FAIL_COUNT | tee -a $GITHUB_STEP_SUMMARY
[ $DC_EXIT_CODE = 0 ] || { echo EXIT DC_EXIT_CODE=$DC_EXIT_CODE && exit $DC_EXIT_CODE; }
- name: Logs minerva
if: success() || failure()
run: |
yarn ci:logs:minerva
- name: Post cleanup
if: always()
run: |
docker rm -f alp-caddy-certs-mgmt || true # Cleanup cert mgmt container if job aborted