From 22beab86d9e68d8fe3f96e5bb536033fe929ee5a Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 21:46:12 -0400 Subject: [PATCH 1/9] Add Second alternative --- .github/workflows/deploy-pm4.yml | 288 +++++++++++++++++-------------- 1 file changed, 159 insertions(+), 129 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 120686f754..c115d6383e 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -5,6 +5,9 @@ on: types: [opened, reopened, synchronize, edited, closed] #schedule: # - cron: '30 2 * * *' # every day at midnight + push: + branches: + - FOUR-13153 workflow_dispatch: workflow_call: env: @@ -15,7 +18,7 @@ env: pull_req_id: ${{github.event.pull_request.number}} DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g') CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g') - CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'next' }} + CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'FOUR-13151' }} CI_PROJECT: ${{github.event.pull_request.head.repo.name || 'processmaker' }} CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g") @@ -32,134 +35,161 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - imageEKS: - name: build-docker-image-EKS - if: github.event.action != 'closed' + deploy: runs-on: ${{ vars.RUNNER }} + steps: - - name: Set image name - run: | - RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} - echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - - name: Clone repo K8S - run: | - echo "IMAGE: ${{ env.IMAGE }}" - git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution - - name: Generate image EKS - run: | - cd pm4-k8s-distribution/images - branch=$CI_PACKAGE_BRANCH tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - - name: List Images - run: | - docker images - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: processmaker/enterprise:${{ env.VERSION }} - format: 'table' - exit-code: '0' - ignore-unfixed: false - vuln-type: 'os,library' - scanners: 'vuln,secret' - severity: 'MEDIUM,HIGH,CRITICAL' - env: - TRIVY_TIMEOUT: 30m - - name: Login to Harbor - uses: docker/login-action@v2 - with: - registry: ${{ secrets.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - name: Push Enterprise Image to Harbor - run: | - docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - deployEKS: - name: build-deploy-EKS - if: contains(github.event.pull_request.body, 'ci:deploy') - needs: imageEKS - runs-on: self-hosted - steps: - - name: Clone private repository - run: | - git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd - - name: CreateDB - run: | - cd argocd - deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml - kubectl get namespace ci-processmaker-ns-pm4 - namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') - kubectl apply -f template-db.yaml - - name: Install pm4-tools - run: | - git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution - cd pm4-k8s-distribution/images/pm4-tools - composer install --no-interaction - cd .. - - name: Deploy instance EKS - run: | - cd argocd - deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10) - echo "NAMESPACE : ci-$deploy-ns-pm4" - helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update - if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then - echo "Creating Deploy :: $deploy" - sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml - sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml - cat template-instance.yaml - helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 - else - echo "Bouncing Instance "; - sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml - sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml - helm upgrade --timeout 20m ci-$deploy processmaker/enterprise --version 2.1.0 - kubectl apply -f template-bounce.yaml - fi - export INSTANCE_URL=https://ci-$deploy$DOM_EKS - echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" - ../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready - - name: Comment Instance - run: | - echo "Instance URL: '${INSTANCE_URL}'" - bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" - deleteEKS: - name: Delete Instance - if: github.event.action == 'closed' - runs-on: self-hosted - steps: - - name: Delete instance EKS - run: | - deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10) - echo "Deleting Instace :: ci-$deploy" - helm delete ci-$deploy - kubectl delete namespace ci-$deploy-ns-pm4 + - name: Checkout code + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }} + aws-region: ${{ secrets.aws-region }} + + - name: Set up kubectl + run: | + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + sudo mv kubectl /usr/local/bin/ + - name: Authenticate with Amazon EKS + run: aws eks update-kubeconfig --region us-east-1 --name next-qa-cluster + - name: Deploy to Amazon EKS + run: kubectl get nodes + #imageEKS: + # name: build-docker-image-EKS + # if: github.event.action != 'closed' + # runs-on: ${{ vars.RUNNER }} + # steps: + # - name: Set image name + # run: | + # RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} + # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + # - name: Clone repo K8S + # run: | + # echo "IMAGE: ${{ env.IMAGE }}" + # git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution + # - name: Generate image EKS + # run: | + # cd pm4-k8s-distribution/images + # branch=$CI_PACKAGE_BRANCH tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + # - name: List Images + # run: | + # docker images + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: processmaker/enterprise:${{ env.VERSION }} + # format: 'table' + # exit-code: '0' + # ignore-unfixed: false + # vuln-type: 'os,library' + # scanners: 'vuln,secret' + # severity: 'MEDIUM,HIGH,CRITICAL' + # env: + # TRIVY_TIMEOUT: 30m + # - name: Login to Harbor + # uses: docker/login-action@v2 + # with: + # registry: ${{ secrets.REGISTRY_HOST }} + # username: ${{ secrets.REGISTRY_USERNAME }} + # password: ${{ secrets.REGISTRY_PASSWORD }} + # - name: Push Enterprise Image to Harbor + # run: | + # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + #deployEKS: + # name: build-deploy-EKS + # #if: contains(github.event.pull_request.body, 'ci:deploy') + # #needs: imageEKS + # runs-on: self-hosted + # steps: + # - name: Clone private repository + # run: | + # git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd + # - name: CreateDB + # run: | + # cd argocd + # deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) + # sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml + # kubectl get namespace ci-processmaker-ns-pm4 + # namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') + # kubectl apply -f template-db.yaml + # - name: Install pm4-tools + # run: | + # git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution + # cd pm4-k8s-distribution/images/pm4-tools + # composer install --no-interaction + # cd .. + # - name: Deploy instance EKS + # run: | + # cd argocd + # deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) + # current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10) + # echo "NAMESPACE : ci-$deploy-ns-pm4" + # helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update + # if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then + # echo "Creating Deploy :: $deploy" + # sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml + # sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml + # cat template-instance.yaml + # helm install --timeout 0m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 + # sed -i "s/{{instance}}/ci-$deploy/" template-cert.yaml + # sed -i "s/{{tls-crt}}/${{ secrets.TLS_CRT }}/" template-cert.yaml + # sed -i "s/{{tls-key}}/${{ secrets.TLS_KEY }}/" template-cert.yaml + # kubectl apply -f template-cert.yaml + # else + # echo "Bouncing Instance "; + # sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml + # sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml + # helm upgrade --timeout 20m ci-$deploy processmaker/enterprise --version 2.1.0 + # kubectl apply -f template-bounce.yaml + # fi + # export INSTANCE_URL=https://ci-$deploy$DOM_EKS + # echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" + # ../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready + # - name: Comment Instance + # run: | + # echo "Instance URL: '${INSTANCE_URL}'" + # bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" + #deleteEKS: + # name: Delete Instance + # if: github.event.action == 'closed' + # runs-on: self-hosted + # steps: + # - name: Delete instance EKS + # run: | + # deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10) + # echo "Deleting Instace :: ci-$deploy" + # helm delete ci-$deploy + # kubectl delete namespace ci-$deploy-ns-pm4 - runPhpUnit: - name: run-phpunit - if: github.event.action != 'closed' - needs: imageEKS - runs-on: ${{ vars.RUNNER }} - steps: - - name: Export Params - run: | - echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}" >> $GITHUB_ENV - - name: Clone repo K8S - run: | - echo "IMAGE: ${{ env.IMAGE }}" - git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution - - name: Login to Harbor - uses: docker/login-action@v2 - with: - registry: ${{ secrets.REGISTRY_HOST }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - name: PHPUnits - run: | - cd pm4-k8s-distribution/images/pm4-tools - docker pull $IMAGE - docker-compose down -v - docker-compose build phpunit - docker-compose run phpunit + #runPhpUnit: + # name: run-phpunit + # if: github.event.action != 'closed' + # needs: imageEKS + # runs-on: ${{ vars.RUNNER }} + # steps: + # - name: Export Params + # run: | + # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}" >> $GITHUB_ENV + # - name: Clone repo K8S + # run: | + # echo "IMAGE: ${{ env.IMAGE }}" + # git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution + # - name: Login to Harbor + # uses: docker/login-action@v2 + # with: + # registry: ${{ secrets.REGISTRY_HOST }} + # username: ${{ secrets.REGISTRY_USERNAME }} + # password: ${{ secrets.REGISTRY_PASSWORD }} + # - name: PHPUnits + # run: | + # cd pm4-k8s-distribution/images/pm4-tools + # docker pull $IMAGE + # docker-compose down -v + # docker-compose build phpunit + # docker-compose run phpunit \ No newline at end of file From 051d78fea208bf871f5590db3d6394a744626121 Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 21:48:24 -0400 Subject: [PATCH 2/9] Add Second alternative --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index c115d6383e..44a4cb78b6 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -47,7 +47,7 @@ jobs: with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }} - aws-region: ${{ secrets.aws-region }} + aws-region: ${{ secrets.AWS_REGION }} - name: Set up kubectl run: | From 34ca24a071784331d537ff4e9b3a6cf8b110a67e Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 22:14:30 -0400 Subject: [PATCH 3/9] Add Second alternative --- .github/workflows/deploy-pm4.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 44a4cb78b6..ce3a5bbe07 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -56,8 +56,10 @@ jobs: sudo mv kubectl /usr/local/bin/ - name: Authenticate with Amazon EKS run: aws eks update-kubeconfig --region us-east-1 --name next-qa-cluster - - name: Deploy to Amazon EKS - run: kubectl get nodes + #- name: Deploy to Amazon EKS + # run: kubectl get nodes + - name: Helm list + run: helm version && helm list #imageEKS: # name: build-docker-image-EKS # if: github.event.action != 'closed' From 3ed250a8a3a8ada02badc7907f6ef65b64941b67 Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 22:16:43 -0400 Subject: [PATCH 4/9] Add Second alternative --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index ce3a5bbe07..ee2bb1c743 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -55,7 +55,7 @@ jobs: chmod +x kubectl sudo mv kubectl /usr/local/bin/ - name: Authenticate with Amazon EKS - run: aws eks update-kubeconfig --region us-east-1 --name next-qa-cluster + run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng #- name: Deploy to Amazon EKS # run: kubectl get nodes - name: Helm list From 494a7a0e32068d95880d60d79d9d51227c2b3d45 Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 23:00:54 -0400 Subject: [PATCH 5/9] Fix CICD --- .github/workflows/deploy-pm4.yml | 128 ++++++++++++++++++++----------- 1 file changed, 83 insertions(+), 45 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index ee2bb1c743..269c957deb 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -3,11 +3,11 @@ run-name: ${{ github.actor }} send deploy EKS 🚀 on: pull_request: types: [opened, reopened, synchronize, edited, closed] - #schedule: - # - cron: '30 2 * * *' # every day at midnight push: branches: - FOUR-13153 + #schedule: + # - cron: '30 2 * * *' # every day at midnight workflow_dispatch: workflow_call: env: @@ -35,31 +35,6 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - deploy: - runs-on: ${{ vars.RUNNER }} - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }} - aws-region: ${{ secrets.AWS_REGION }} - - - name: Set up kubectl - run: | - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x kubectl - sudo mv kubectl /usr/local/bin/ - - name: Authenticate with Amazon EKS - run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng - #- name: Deploy to Amazon EKS - # run: kubectl get nodes - - name: Helm list - run: helm version && helm list #imageEKS: # name: build-docker-image-EKS # if: github.event.action != 'closed' @@ -103,10 +78,77 @@ jobs: # run: | # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + deployEKS: + name: build-deploy-EKS + #if: contains(github.event.pull_request.body, 'ci:deploy') + #needs: imageEKS + runs-on: ${{ vars.RUNNER }} + steps: + - name: Clone private repository + run: | + git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd + - name: CreateDB + run: | + cd argocd + deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) + sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml + kubectl get namespace ci-processmaker-ns-pm4 + namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') + kubectl apply -f template-db.yaml + - name: Install pm4-tools + run: | + git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution + cd pm4-k8s-distribution/images/pm4-tools + composer install --no-interaction + cd .. + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID1 }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY1 }} + aws-region: ${{ secrets.AWS_REGION }} + - name: Set up kubectl + run: | + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + sudo mv kubectl /usr/local/bin/ + - name: Authenticate with Amazon EKS + run: aws eks update-kubeconfig --region us-east-1 --name pm4-eng + - name: Deploy instance EKS + run: | + cd argocd + deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) + current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10) + echo "NAMESPACE : ci-$deploy-ns-pm4" + helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update + if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then + echo "Creating Deploy :: $deploy" + sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml + sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml + cat template-instance.yaml + helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 + sed -i "s/{{instance}}/ci-$deploy/" template-cert.yaml + sed -i "s/{{tls-crt}}/${{ secrets.TLS_CRT }}/" template-cert.yaml + sed -i "s/{{tls-key}}/${{ secrets.TLS_KEY }}/" template-cert.yaml + kubectl apply -f template-cert.yaml + else + echo "Bouncing Instance "; + sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml + sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml + helm upgrade --timeout 20m ci-$deploy processmaker/enterprise --version 2.1.0 + kubectl apply -f template-bounce.yaml + fi + export INSTANCE_URL=https://ci-$deploy$DOM_EKS + echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" + ../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready + - name: Comment Instance + run: | + echo "Instance URL: '${INSTANCE_URL}'" + bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" #deployEKS: # name: build-deploy-EKS - # #if: contains(github.event.pull_request.body, 'ci:deploy') - # #needs: imageEKS + # if: contains(github.event.pull_request.body, 'ci:deploy') + # needs: imageEKS # runs-on: self-hosted # steps: # - name: Clone private repository @@ -138,11 +180,7 @@ jobs: # sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml # sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml # cat template-instance.yaml - # helm install --timeout 0m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 - # sed -i "s/{{instance}}/ci-$deploy/" template-cert.yaml - # sed -i "s/{{tls-crt}}/${{ secrets.TLS_CRT }}/" template-cert.yaml - # sed -i "s/{{tls-key}}/${{ secrets.TLS_KEY }}/" template-cert.yaml - # kubectl apply -f template-cert.yaml + # helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 # else # echo "Bouncing Instance "; # sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml @@ -157,17 +195,17 @@ jobs: # run: | # echo "Instance URL: '${INSTANCE_URL}'" # bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" - #deleteEKS: - # name: Delete Instance - # if: github.event.action == 'closed' - # runs-on: self-hosted - # steps: - # - name: Delete instance EKS - # run: | - # deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10) - # echo "Deleting Instace :: ci-$deploy" - # helm delete ci-$deploy - # kubectl delete namespace ci-$deploy-ns-pm4 + deleteEKS: + name: Delete Instance + if: github.event.action == 'closed' + runs-on: self-hosted + steps: + - name: Delete instance EKS + run: | + deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10) + echo "Deleting Instace :: ci-$deploy" + helm delete ci-$deploy + kubectl delete namespace ci-$deploy-ns-pm4 #runPhpUnit: # name: run-phpunit From 3970ae0c0e48724f46c632429e3d438c0440ab08 Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 23:04:33 -0400 Subject: [PATCH 6/9] Fix CICD --- .github/workflows/deploy-pm4.yml | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 269c957deb..98080c5fd5 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -78,12 +78,9 @@ jobs: # run: | # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - deployEKS: - name: build-deploy-EKS - #if: contains(github.event.pull_request.body, 'ci:deploy') - #needs: imageEKS - runs-on: ${{ vars.RUNNER }} - steps: + prepareDB: + runs-on: self-hosted + steps: - name: Clone private repository run: | git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd @@ -94,7 +91,24 @@ jobs: sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml kubectl get namespace ci-processmaker-ns-pm4 namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') - kubectl apply -f template-db.yaml + kubectl apply -f template-db.yaml + deployEKS: + name: build-deploy-EKS + #if: contains(github.event.pull_request.body, 'ci:deploy') + #needs: imageEKS + runs-on: ${{ vars.RUNNER }} + steps: + - name: Clone private repository + run: | + git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd + #- name: CreateDB + # run: | + # cd argocd + # deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) + # sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml + # kubectl get namespace ci-processmaker-ns-pm4 + # namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') + # kubectl apply -f template-db.yaml - name: Install pm4-tools run: | git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution From 4917e8601ba7b50b6bd9c02e1360d0a538db994d Mon Sep 17 00:00:00 2001 From: mavalosn Date: Mon, 15 Jan 2024 23:30:08 -0400 Subject: [PATCH 7/9] Fix CICD --- .github/workflows/deploy-pm4.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 98080c5fd5..efce6edd66 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -140,7 +140,7 @@ jobs: sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml cat template-instance.yaml - helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 + helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise sed -i "s/{{instance}}/ci-$deploy/" template-cert.yaml sed -i "s/{{tls-crt}}/${{ secrets.TLS_CRT }}/" template-cert.yaml sed -i "s/{{tls-key}}/${{ secrets.TLS_KEY }}/" template-cert.yaml From 0f476868289c11a2f4f893d1512bea02201da053 Mon Sep 17 00:00:00 2001 From: mavalosn Date: Tue, 16 Jan 2024 08:02:34 -0400 Subject: [PATCH 8/9] Test nes instance --- .github/workflows/deploy-pm4.yml | 90 ++++++++++++++++---------------- 1 file changed, 46 insertions(+), 44 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index efce6edd66..218b4b70fa 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -18,7 +18,7 @@ env: pull_req_id: ${{github.event.pull_request.number}} DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g') CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g') - CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'FOUR-13151' }} + CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'FOUR-13153' }} CI_PROJECT: ${{github.event.pull_request.head.repo.name || 'processmaker' }} CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g") @@ -35,50 +35,51 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - #imageEKS: - # name: build-docker-image-EKS - # if: github.event.action != 'closed' - # runs-on: ${{ vars.RUNNER }} - # steps: - # - name: Set image name - # run: | - # RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} - # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV - # - name: Clone repo K8S - # run: | - # echo "IMAGE: ${{ env.IMAGE }}" - # git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution - # - name: Generate image EKS - # run: | - # cd pm4-k8s-distribution/images - # branch=$CI_PACKAGE_BRANCH tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh - # echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV - # - name: List Images - # run: | - # docker images - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: processmaker/enterprise:${{ env.VERSION }} - # format: 'table' - # exit-code: '0' - # ignore-unfixed: false - # vuln-type: 'os,library' - # scanners: 'vuln,secret' - # severity: 'MEDIUM,HIGH,CRITICAL' - # env: - # TRIVY_TIMEOUT: 30m - # - name: Login to Harbor - # uses: docker/login-action@v2 - # with: - # registry: ${{ secrets.REGISTRY_HOST }} - # username: ${{ secrets.REGISTRY_USERNAME }} - # password: ${{ secrets.REGISTRY_PASSWORD }} - # - name: Push Enterprise Image to Harbor - # run: | - # docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} - # docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + imageEKS: + name: build-docker-image-EKS + if: github.event.action != 'closed' + runs-on: ${{ vars.RUNNER }} + steps: + - name: Set image name + run: | + RESOLVED_IMAGE_TAG=${{ env.IMAGE_TAG }} + echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:$RESOLVED_IMAGE_TAG" >> $GITHUB_ENV + - name: Clone repo K8S + run: | + echo "IMAGE: ${{ env.IMAGE }}" + git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution + - name: Generate image EKS + run: | + cd pm4-k8s-distribution/images + branch=$CI_PACKAGE_BRANCH tag=${{env.IMAGE_TAG}} bash build.k8s-cicd.sh + echo "VERSION=${{ env.IMAGE_TAG }}" >> $GITHUB_ENV + - name: List Images + run: | + docker images + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: processmaker/enterprise:${{ env.VERSION }} + format: 'table' + exit-code: '0' + ignore-unfixed: false + vuln-type: 'os,library' + scanners: 'vuln,secret' + severity: 'MEDIUM,HIGH,CRITICAL' + env: + TRIVY_TIMEOUT: 30m + - name: Login to Harbor + uses: docker/login-action@v2 + with: + registry: ${{ secrets.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Push Enterprise Image to Harbor + run: | + docker tag processmaker/enterprise:${{env.IMAGE_TAG}} ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} + docker push ${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}} prepareDB: + needs: imageEKS runs-on: self-hosted steps: - name: Clone private repository @@ -93,6 +94,7 @@ jobs: namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') kubectl apply -f template-db.yaml deployEKS: + needs: imageEKS name: build-deploy-EKS #if: contains(github.event.pull_request.body, 'ci:deploy') #needs: imageEKS From 8fdb8fb2f1d1242a645ade17b9f9f8a4e19c2a3f Mon Sep 17 00:00:00 2001 From: mavalosn Date: Tue, 16 Jan 2024 16:22:07 -0400 Subject: [PATCH 9/9] Fix CICD --- .github/workflows/deploy-pm4.yml | 125 ++++++++----------------------- 1 file changed, 31 insertions(+), 94 deletions(-) diff --git a/.github/workflows/deploy-pm4.yml b/.github/workflows/deploy-pm4.yml index 218b4b70fa..9f2f048483 100644 --- a/.github/workflows/deploy-pm4.yml +++ b/.github/workflows/deploy-pm4.yml @@ -3,9 +3,6 @@ run-name: ${{ github.actor }} send deploy EKS 🚀 on: pull_request: types: [opened, reopened, synchronize, edited, closed] - push: - branches: - - FOUR-13153 #schedule: # - cron: '30 2 * * *' # every day at midnight workflow_dispatch: @@ -18,7 +15,7 @@ env: pull_req_id: ${{github.event.pull_request.number}} DATE: $(date -d '-1 day' '+%Y-%m-%d'|sed 's/-//g') CURRENT_DATE: $(date '+%Y-%m-%d %H:%M:%S'|sed 's/-//g') - CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'FOUR-13153' }} + CI_PACKAGE_BRANCH: ${{github.event.pull_request.head.ref || 'next' }} CI_PROJECT: ${{github.event.pull_request.head.repo.name || 'processmaker' }} CI_PR_BODY: ${{ github.event_name == 'schedule' && 'No ci tags needed here' || github.event.pull_request.body }} IMAGE_TAG: $(echo "$CI_PROJECT-$CI_PACKAGE_BRANCH" | sed "s;/;-;g") @@ -94,23 +91,14 @@ jobs: namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') kubectl apply -f template-db.yaml deployEKS: - needs: imageEKS name: build-deploy-EKS - #if: contains(github.event.pull_request.body, 'ci:deploy') - #needs: imageEKS + if: contains(github.event.pull_request.body, 'ci:deploy') + needs: imageEKS runs-on: ${{ vars.RUNNER }} steps: - name: Clone private repository run: | - git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd - #- name: CreateDB - # run: | - # cd argocd - # deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - # sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml - # kubectl get namespace ci-processmaker-ns-pm4 - # namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') - # kubectl apply -f template-db.yaml + git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd - name: Install pm4-tools run: | git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution @@ -161,56 +149,6 @@ jobs: run: | echo "Instance URL: '${INSTANCE_URL}'" bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" - #deployEKS: - # name: build-deploy-EKS - # if: contains(github.event.pull_request.body, 'ci:deploy') - # needs: imageEKS - # runs-on: self-hosted - # steps: - # - name: Clone private repository - # run: | - # git clone --depth 1 -b eng "https://$GITHUB_TOKEN@github.com/ProcessMaker/argocd.git" argocd - # - name: CreateDB - # run: | - # cd argocd - # deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - # sed -i "s/{{instance}}/ci-$deploy/" template-db.yaml - # kubectl get namespace ci-processmaker-ns-pm4 - # namespace=$(kubectl get namespace $deploy-ns-pm4|grep $deploy|awk '{print $1}') - # kubectl apply -f template-db.yaml - # - name: Install pm4-tools - # run: | - # git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution - # cd pm4-k8s-distribution/images/pm4-tools - # composer install --no-interaction - # cd .. - # - name: Deploy instance EKS - # run: | - # cd argocd - # deploy=$(echo -n ${{env.IMAGE_TAG}} | md5sum | head -c 10) - # current_datetime=$(echo -n ${{env.CURRENT_DATE}} | md5sum | head -c 10) - # echo "NAMESPACE : ci-$deploy-ns-pm4" - # helm repo add processmaker ${{ secrets.HELM_REPO }} --username ${{ secrets.HELM_USERNAME }} --password ${{ secrets.HELM_PASSWORD }} && helm repo update - # if ! kubectl get namespace/ci-$deploy-ns-pm4 ; then - # echo "Creating Deploy :: $deploy" - # sed -i "s/{{instance}}/ci-$deploy/" template-instance.yaml - # sed -i "s/{{image}}/${{env.IMAGE_TAG}}/" template-instance.yaml - # cat template-instance.yaml - # helm install --timeout 40m -f template-instance.yaml ci-$deploy processmaker/enterprise --version 2.1.0 - # else - # echo "Bouncing Instance "; - # sed -i "s/{{instance}}/ci-$deploy/g" template-bounce.yaml - # sed -i "s/{{current_datetime}}/$current_datetime/g" template-bounce.yaml - # helm upgrade --timeout 20m ci-$deploy processmaker/enterprise --version 2.1.0 - # kubectl apply -f template-bounce.yaml - # fi - # export INSTANCE_URL=https://ci-$deploy$DOM_EKS - # echo "INSTANCE_URL=${INSTANCE_URL}" >> "$GITHUB_ENV" - # ../pm4-k8s-distribution/images/pm4-tools/pm wait-for-instance-ready - # - name: Comment Instance - # run: | - # echo "Instance URL: '${INSTANCE_URL}'" - # bash argocd/gh_comment.sh "$CI_PROJECT" "$pull_req_id" deleteEKS: name: Delete Instance if: github.event.action == 'closed' @@ -221,31 +159,30 @@ jobs: deploy=$(echo -n $IMAGE_TAG | md5sum | head -c 10) echo "Deleting Instace :: ci-$deploy" helm delete ci-$deploy - kubectl delete namespace ci-$deploy-ns-pm4 - - #runPhpUnit: - # name: run-phpunit - # if: github.event.action != 'closed' - # needs: imageEKS - # runs-on: ${{ vars.RUNNER }} - # steps: - # - name: Export Params - # run: | - # echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}" >> $GITHUB_ENV - # - name: Clone repo K8S - # run: | - # echo "IMAGE: ${{ env.IMAGE }}" - # git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution - # - name: Login to Harbor - # uses: docker/login-action@v2 - # with: - # registry: ${{ secrets.REGISTRY_HOST }} - # username: ${{ secrets.REGISTRY_USERNAME }} - # password: ${{ secrets.REGISTRY_PASSWORD }} - # - name: PHPUnits - # run: | - # cd pm4-k8s-distribution/images/pm4-tools - # docker pull $IMAGE - # docker-compose down -v - # docker-compose build phpunit - # docker-compose run phpunit \ No newline at end of file + kubectl delete namespace ci-$deploy-ns-pm4 + runPhpUnit: + name: run-phpunit + if: github.event.action != 'closed' + needs: imageEKS + runs-on: ${{ vars.RUNNER }} + steps: + - name: Export Params + run: | + echo "IMAGE=${{ secrets.REGISTRY_HOST }}/processmaker/enterprise:${{env.IMAGE_TAG}}" >> $GITHUB_ENV + - name: Clone repo K8S + run: | + echo "IMAGE: ${{ env.IMAGE }}" + git clone --depth 1 -b "$K8S_BRANCH" "https://$GITHUB_TOKEN@github.com/ProcessMaker/pm4-k8s-distribution.git" pm4-k8s-distribution + - name: Login to Harbor + uses: docker/login-action@v2 + with: + registry: ${{ secrets.REGISTRY_HOST }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - name: PHPUnits + run: | + cd pm4-k8s-distribution/images/pm4-tools + docker pull $IMAGE + docker-compose down -v + docker-compose build phpunit + docker-compose run phpunit \ No newline at end of file