.github/workflows/build_deploy_staging.yml
name: build and deploy staging
on:
pull_request:
paths-ignore:
- 'CHANGELOG.md'
- 'README.md'
- 'yarn.lock'
branches: [master]
types:
- opened
- reopened
- synchronize
- ready_for_review
- unlocked
jobs:
build:
if: github.event.pull_request.draft == false
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
# - name: Check if there are gem updates
# id: gem-updates-check
# uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3
# with:
# files: |
# Gemfile
# Gemfile.lock
# - name: Login to container registry
# env:
# PASSWORD: ${{ secrets.GHCR }}
# run: |
# echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin
# - name: No changes in gems
# # feature branch has no changes in gems
# if: steps.gem-updates-check.outputs.any_changed == 'false'
# run: |
# echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV
# - name: Gems are changed
# # feature branch has new/updated gems
# if: steps.gem-updates-check.outputs.any_changed == 'true'
# run: |
# echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV
# - name: Set image tag
# run: |
# SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state
# echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV
# echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV
# echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV
# - name: Get pull request reference number
# run: |
# echo "$GITHUB_REF"
# echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV
# echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')
# - name: Set EPP port
# run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV
# - name: Set config files for build
# env:
# ST_APP: ${{ secrets.ST_APPLICATION_YML}}
# run: |
# mkdir log
# echo $ST_APP | base64 -di > config/application.yml
# cp config/database.yml.sample config/database.yml
# ls -l config/
# - name: Build registry image
# env:
# KEY_BASE: ${{ secrets.KEY_BASE}}
# run: |
# docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE .
# - name: Clone epp_proxy project
# run: |
# git clone https://github.com/internetee/epp_proxy.git
# - name: Configurate proxy build
# run: |
# cd epp_proxy/
# sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release
# echo "EXPOSE 700" >> Dockerfile.release
# cd config/
# sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config
# sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config
# sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config
# sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config
# sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config
# sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config
# sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config
# sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config
# - name: Build proxy image
# run: |
# cd epp_proxy
# docker build -t $PROXY_TAG -f Dockerfile.release .
# - name: Push Docker image to gh container registry
# run: |
# docker push $TAG
# docker push $PROXY_TAG
# - name: Get repo name
# run: |
# OIFS=$IFS
# IFS='/'
# read -a parts <<< "$GITHUB_REPOSITORY"
# IFS=OIFS
# echo "REPO=${parts[1]}" >> $GITHUB_ENV
# - name: Set deploy config
# env:
# OVPN: ${{ secrets.OVPN }}
# VPN_PWD: ${{ secrets.VPN_PWD }}
# P12: ${{ secrets.P12 }}
# K_CONFIG: ${{ secrets.KUBE_CONFIG }}
# SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }}
# EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }}
# run: |
# echo $VPN_PWD | base64 -di > client.pwd
# chmod 0600 client.pwd
# echo $OVPN | base64 -di > config.ovpn
# echo $P12 | base64 -di > cert.p12
# mkdir -p ~/.ssh
# echo $SSH_KEY | base64 -di > ~/.ssh/key
# chmod 0600 ~/.ssh/key
# mkdir -p $REPO/$PR_REF
# cd $REPO/$PR_REF
# echo "$SHORT_SHA" > TAG
# echo $K_CONFIG | base64 -di > kubeconfig
# chmod 0600 kubeconfig
# # - name: Install Open VPN
# run: |
# sudo apt-get update
# sudo apt-get install openvpn
# - name: Deploy from remote server
# timeout-minutes: 5
# env:
# TOKEN: ${{ secrets.CLOUD_TOKEN }}
# run: |
# sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon&
# sleep 15
# ping -c 1 192.168.99.12
# eval `ssh-agent`
# touch ~/.ssh/known_hosts
# ssh-add ~/.ssh/key
# ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts
# rsync -av "$REPO" runner@192.168.99.12:/home/runner/
# ssh -T runner@192.168.99.12 << EOSSH
# bash
# cd "$REPO"/"$PR_REF"
# export KUBECONFIG=./kubeconfig
# helm repo add eisrepo https://internetee.github.io/helm-charts/
# helm repo update
# helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin
# helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp
# helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api
# TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add
# rm kubeconfig
# echo "Setting up URLs"
# echo "server obs.tld.ee
# zone pilv.tld.ee
# update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
# update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
# update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee.
# send
# " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key
# if [ "$?" -eq "0" ]; then
# echo "CNAME updates were successful"
# else
# echo "CNAME updates failed"
# fi
# EOSSH
# - name: Notify developers
# timeout-minutes: 1
# env:
# NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}}
# run: |
# curl -i -X POST --data-urlencode 'payload={
# "text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n
# |Service | :net: |
# |:------------|:---------------------------------------:|
# | **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee |
# | **repp** | https://repp-'$PR_REF'.pilv.tld.ee |
# | **API** | https://reg-api-'$PR_REF'.pilv.tld.ee |
# | **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' |
# Please note that the API is only accessible from Riigipilv.
# "
# }' $NOTIFICATION_URL