From a71ce448f44c5c466fc836af72a4f68eebd41058 Mon Sep 17 00:00:00 2001 From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com> Date: Thu, 23 Dec 2021 06:14:10 -0800 Subject: [PATCH] Change QA deploy SP & Re-enable feature branch deploy (#1358) --- .github/workflows/build.yml | 56 +++++++++++++++--------------- .github/workflows/crowdin-pull.yml | 4 +-- .github/workflows/qa-deploy.yml | 35 +++++++++---------- 3 files changed, 47 insertions(+), 48 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f12d041c..db16daaa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,7 +55,7 @@ jobs: - name: Cache npm id: npm-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 with: path: "~/.npm" key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -82,7 +82,7 @@ jobs: zip -r web-$_VERSION-selfhosted-open-source.zip build - name: Upload build artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: web-${{ env._VERSION }}-selfhosted-open-source.zip path: ./web-${{ env._VERSION }}-selfhosted-open-source.zip @@ -102,7 +102,7 @@ jobs: - name: Cache npm id: npm-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 with: path: "~/.npm" key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -129,7 +129,7 @@ jobs: zip -r web-$_VERSION-cloud-COMMERCIAL.zip build - name: Upload build artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: web-${{ env._VERSION }}-cloud-COMMERCIAL.zip path: ./web-${{ env._VERSION }}-cloud-COMMERCIAL.zip @@ -149,7 +149,7 @@ jobs: - name: Cache npm id: npm-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 with: path: "~/.npm" key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -191,7 +191,7 @@ jobs: zip -r web-$_VERSION-selfhosted-COMMERCIAL.zip build - name: Upload build artifact - uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 with: name: web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip path: ./web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip @@ -255,7 +255,7 @@ jobs: - name: Cache npm id: npm-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 with: path: "~/.npm" key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -304,21 +304,21 @@ jobs: docker --version docker build -t bitwardenqa.azurecr.io/web . - # - name: Get image tag - # id: image-tag - # run: | - # IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}') - # TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }} + - name: Get image tag + id: image-tag + run: | + IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") + TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }} - # if [[ $TAG_EXTENSION ]]; then - # IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION - # fi - # echo "::set-output name=value::$IMAGE_TAG" + if [[ $TAG_EXTENSION ]]; then + IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION + fi + echo "::set-output name=value::$IMAGE_TAG" - # - name: Tag image - # env: - # IMAGE_TAG: ${{ steps.image-tag.outputs.value }} - # run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG" + - name: Tag image + env: + IMAGE_TAG: ${{ steps.image-tag.outputs.value }} + run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG" - name: Tag dev if: github.ref == 'refs/heads/master' @@ -327,10 +327,10 @@ jobs: - name: List Docker images run: docker images - # - name: Push image - # env: - # IMAGE_TAG: ${{ steps.image-tag.outputs.value }} - # run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG" + - name: Push image + env: + IMAGE_TAG: ${{ steps.image-tag.outputs.value }} + run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG" - name: Push dev images if: github.ref == 'refs/heads/master' @@ -353,7 +353,7 @@ jobs: - name: Cache npm id: npm-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 with: path: "~/.npm" key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -401,7 +401,7 @@ jobs: _CROWDIN_PROJECT_ID: "308189" steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a @@ -416,7 +416,7 @@ jobs: secrets: "crowdin-api-token" - name: Upload Sources - uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2 + uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} @@ -485,7 +485,7 @@ jobs: secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure - uses: act10ns/slack@e4e71685b9b239384b0f676a63c32367f59c2522 # v1.2.2 + uses: act10ns/slack@e4e71685b9b239384b0f676a63c32367f59c2522 # v1.2.2 if: failure() env: SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index 95c62307..0c959fea 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -15,7 +15,7 @@ jobs: _CROWDIN_PROJECT_ID: "308189" steps: - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a @@ -30,7 +30,7 @@ jobs: secrets: "crowdin-api-token" - name: Download translations - uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2 + uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index 4598d5cc..d654dd92 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -9,8 +9,8 @@ on: required: false env: - _QA_CLUSTER_RESOURCE_GROUP: "bitwarden-devops" - _QA_CLUSTER_NAME: "dev-aks" + _QA_CLUSTER_RESOURCE_GROUP: "bw-env-qa" + _QA_CLUSTER_NAME: "bw-aks-qa" _QA_K8S_NAMESPACE: "bw-qa" _QA_K8S_APP_NAME: "bw-web" @@ -35,37 +35,36 @@ jobs: uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-qa-kv" - secrets: "dev-aks-kubectl-credentials" + secrets: "qa-aks-kubectl-credentials" - - name: Login to dev-aks-kubectl SP + - name: Login with qa-aks-kubectl-credentials SP uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: - creds: ${{ env.dev-aks-kubectl-credentials }} + creds: ${{ env.qa-aks-kubectl-credentials }} - name: Setup AKS access - env: - USER_ID: ${{ env.qa-kubectl-managed-identity-clientId }} + #env: + # USER_ID: ${{ env.qa-kubectl-managed-identity-clientId }} run: | echo "---az install---" az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin echo "---az get-creds---" az aks get-credentials -n $_QA_CLUSTER_NAME -g $_QA_CLUSTER_RESOURCE_GROUP - # - name: Get image tag - # id: image_tag - # run: | - # IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}') - # TAG_EXTENSION=${{ github.event.inputs.image_extension }} + - name: Get image tag + id: image_tag + run: | + IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g") + TAG_EXTENSION=${{ github.event.inputs.image_extension }} - # if [[ $TAG_EXTENSION ]]; then - # IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION - # fi - # echo "::set-output name=value::$IMAGE_TAG" + if [[ $TAG_EXTENSION ]]; then + IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION + fi + echo "::set-output name=value::$IMAGE_TAG" - name: Deploy Web image env: - # IMAGE_TAG: ${{ steps.image_tag.outputs.value }} - IMAGE_TAG: dev + IMAGE_TAG: ${{ steps.image_tag.outputs.value }} run: | kubectl set image -n $_QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record kubectl rollout restart -n $_QA_K8S_NAMESPACE deployment/web