ballerine-io · MatanYadaev · Nov 20, 2024 · Nov 12, 2024 · Nov 13, 2024 · Nov 13, 2024
diff --git a/.github/workflows/hotfix-wf-service.yml b/.github/workflows/hotfix-wf-service.yml
@@ -0,0 +1,377 @@
+name: Under Testing - Hotfix on workflows-service
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment: 
+        type: choice
+        description: 'Choose Environment for Hotfix'
+        required: true
+        default: 'dev'
+        options:
+          - 'dev'
+          - 'sb'
+          - 'prod'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/workflows-service
+
+jobs:
+
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      sha_short: ${{ steps.version.outputs.sha_short }} # short sha of the commit
+      image_tags: ${{ steps.docker_meta.outputs.tags }} # <short_sha>-<branch_name>, <branch_name>, latest(for prod branch only)
+
+      version: ${{ steps.bump-version.outputs.version }} # [email protected]
+      bumped_tag: ${{ steps.bump-version.outputs.tag }} # bumped patched version X.X.X+1
+
+      docker_image: ${{ steps.docker-version.outputs.image }} # ghcr.io/ballerine-io/workflows-service
+      docker_tag: ${{ steps.docker-version.outputs.tag }} # <short_sha>-<branch_name>
+      docker_full_image: ${{ steps.docker-version.outputs.full_image }} # ghcr.io/ballerine-io/workflows-service:<short_sha>-<branch_name>
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Get tags
+        run: git fetch --tags origin
+
+      - name: Get version
+        id: version
+        run: |
+          TAG=$(git tag -l "$(echo workflow-service@)*" | sort -V -r | head -n 1)
+          echo "tag=$TAG"
+          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          echo "TAG=$TAG" >> "$GITHUB_ENV"
+
+          SHORT_SHA=$(git rev-parse --short HEAD)
+          echo "sha_short=$SHORT_SHA"
+          echo "sha_short=$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
+          echo "DEV_WF_SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
+
+      - name: Bump version
+        id: bump-version
+        uses: ./.github/actions/bump-version
+        with:
+          tag: ${{ steps.version.outputs.tag }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker images
+        id: docker_meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ github.ref_name }}
+            type=raw,value=dev
+            type=raw,value=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'prod') }}
+            type=sha,format=short
+
+      - name: Docker metadata version
+        id: docker-version
+        run: |
+          DOCKER_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          DOCKER_TAG=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
+          DOCKER_FULL_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
+
+          echo "DOCKER_IMAGE=$DOCKER_IMAGE"
+          echo "DOCKER_TAG=$DOCKER_TAG"
+          echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE"
+
+          echo "image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
+          echo "tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
+          echo "full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT
+
+      - name: Print docker version outputs
+        run: |
+          echo "Metadata: ${{ steps.docker_meta.outputs.tags }}"
+
+          echo "sha_short: ${{ steps.version.outputs.sha_short }}"
+          echo "docker_meta-tags: ${{ steps.docker_meta.outputs.tags }}"
+          echo "bump-version-version: ${{ steps.bump-version.outputs.version }}"
+          echo "bump-version-tag: ${{ steps.bump-version.outputs.tag }}"
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: services/workflows-service
+          platforms: linux/amd64
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          build-args: |
+            "RELEASE=${{ steps.bump-version.outputs.tag }}"
+            "SHORT_SHA=${{ steps.version.outputs.sha_short }}"
+
+      - name: Scan Docker Image
+        uses: aquasecurity/trivy-action@master
+        continue-on-error: true
+        with:
+          cache-dir:
+          image-ref: ${{ steps.docker-version.outputs.full_image }}
+          format: 'table'
+          ignore-unfixed: true
+          exit-code: 1
+          trivyignores: ./.trivyignore
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
+
+  build-and-push-ee-image:
+    runs-on: ubuntu-latest
+    needs: build-and-push-image
+    outputs:
+      SUBMODULE_SHORT_HASH: ${{ steps.lastcommit.outputs.shorthash }} # short sha of the commit
+      docker_tag: ${{ steps.docker-version.outputs.wf_m_tag }} 
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+          submodules: 'recursive'
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+
+      - name: Cache Docker layers
+        id: cache
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+          restore-keys: |
+            ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
+            ${{ runner.os }}-docker-
+
+      - name: Checkout wf-data-migration
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/wf-data-migration
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+          ref: ${{ inputs.environment }}
+          fetch-depth: 1
+          path: services/workflows-service/prisma/data-migrations
+
+      - name: Get Latest Commit ID
+        id: lastcommit
+        uses: nmbgeek/github-action-get-latest-commit@main
+        with:
+          owner: ${{ github.repository_owner }}
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+          repo: wf-data-migration
+          branch: ${{ inputs.environment }}
+
+      - name: Set Commit Id as Env 
+        run: echo "SUBMODULE_SHORT_HASH=${{ steps.lastcommit.outputs.shorthash }}" >> $GITHUB_ENV
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: 'arm64,arm'
+
+      - name: Log in to the container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for ee Docker images
+        id: eemeta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{needs.build-and-push-image.outputs.docker_image}}-ee
+          tags: |
+            type=raw,value=${{ inputs.environment }}
+            type=raw,value=${{ needs.build-and-push-image.outputs.sha_short }}-${{ steps.lastcommit.outputs.shorthash }}-${{ inputs.environment }}
+            type=sha,format=short
+
+      - name: Docker metadata version
+        id: docker-version
+        run: |
+          DOCKER_IMAGE=${{needs.build-and-push-image.outputs.docker_image}}-ee
+          DOCKER_TAG=${{ needs.build-and-push-image.outputs.sha_short }}-${{ steps.lastcommit.outputs.shorthash }}-${{ inputs.environment }}
+          DOCKER_FULL_IMAGE=$DOCKER_IMAGE:$DOCKER_TAG
+
+          echo "DOCKER_IMAGE=$DOCKER_IMAGE"
+          echo "DOCKER_TAG=$DOCKER_TAG"
+          echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE"
+
+          echo "wf_m_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
+          echo "wf_m_tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
+          echo "wf_m_full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT
+
+      - name: Build and push ee Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: services/workflows-service
+          file: services/workflows-service/Dockerfile.ee
+          platforms: linux/amd64
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          tags: ${{ steps.eemeta.outputs.tags }}
+          build-args: |
+            "BASE_IMAGE=${{needs.build-and-push-image.outputs.docker_full_image}}"
+            "RELEASE=${{ needs.build-and-push-image.outputs.bumped_tag }}"
+            "SHORT_SHA=${{ needs.build-and-push-image.outputs.sha_short }}"
+
+  update-helm-chart:
+    runs-on: ubuntu-latest
+    needs: [build-and-push-ee-image,build-and-push-image]
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Checkout cloud-infra-config repository
+        uses: actions/checkout@v4
+        with:
+          repository: ballerine-io/cloud-infra-config
+          token: ${{ secrets.GIT_TOKEN }}
+          ref: main
+          fetch-depth: 1
+          sparse-checkout: |
+            kubernetes/helm/wf-service
+          sparse-checkout-cone-mode: true
+      - name: Check if values yaml file exists 
+        id: update_helm_check
+        shell: bash
+        run: |
+          if [ -f "kubernetes/helm/wf-service/${{ inputs.environment }}-custom-values.yaml" ]; then
+            echo "file_name=${{ inputs.environment }}-custom-values.yaml" >> "$GITHUB_OUTPUT"
+            echo ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
+          else
+            echo "file_name=dev-custom-values.yaml" >> "$GITHUB_OUTPUT"
+            echo ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
+          fi
+
+      - name: Update workflow-service image version in the HelmChart
+        uses: fjogeleit/yaml-update-action@main
+        with:
+          repository: ballerine-io/cloud-infra-config
+          branch: main
+          commitChange: true
+          message: "Performed HotFix to ${{ inputs.environment }} wf-service image Version to ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} - (Commit hash: ${{ github.sha }}, commit message: ${{ github.event.head_commit.message }})"
+          token: ${{ secrets.GIT_TOKEN }}
+          changes: |
+            {
+              "kubernetes/helm/wf-service/${{steps.update_helm_check.outputs.file_name}}": {
+                "image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
+                "prismaMigrate.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
+                "dbMigrate.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
+                "dataSync.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}"
+              }
+            }
+  send-to-slack:
+    runs-on: ubuntu-latest
+    needs: [update-helm-chart,build-and-push-ee-image,build-and-push-image]
+    if: ${{ needs.update-helm-chart.result == 'success' }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Send alert to Slack channel
+        id: slack
+        uses: slackapi/[email protected]
+        with:
+          channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
+          slack-message: "Hotfix on Wf-service Deployment in ${{ inputs.environment }} with tag ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} build result: ${{ job.status }}. successfully updated the hotfix on wf-service helm values for ${{ inputs.environment }}."
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}
+
+  release:
+    runs-on: ubuntu-latest
+    needs: [build-and-push-image,update-helm-chart]
+    if: ${{ needs.update-helm-chart.result=='success' }} && (startsWith(github.ref, 'refs/heads/prod') || startsWith(github.ref, 'refs/heads/dev') || startsWith(github.ref, 'refs/heads/sb') || github.event.inputs.environment == 'dev')
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Release
+        run: |
+          if [ "${{ inputs.environment }}" == "dev" ]; then
+            suffix="-dev-${{ needs.build-and-push-image.outputs.sha_short }}"
+          else
+            suffix=""
+          fi
+          prefix="hotfix-"
+          gh release create ${prefix}${{ needs.build-and-push-image.outputs.version }}${suffix} --notes-start-tag ${{ needs.build-and-push-image.outputs.bumped_tag }}
+
+  sentry:
+    runs-on: ubuntu-latest
+    needs: [release,build-and-push-image]
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # TODO: add caching for docker_full_image which build previously
+
+      - name: Run Container and Copy File
+        run: |
+          id=$(docker run --rm --name tmp -d ${{ needs.build-and-push-image.outputs.docker_full_image }} tail -f /dev/null)
+
+          mkdir -p ./dist
+
+          docker cp $id:/app/dist/ ./dist
+
+          curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION="2.31.0" bash
+
+          sentry-cli releases new "${{needs.build-and-push-image.outputs.version}}"
+          echo "sentry-cli releases new ${{needs.build-and-push-image.outputs.version}}"
+
+          sentry-cli releases set-commits "${{needs.build-and-push-image.outputs.version}}" --auto --ignore-missing
+          echo "sentry-cli releases set-commits ${{needs.build-and-push-image.outputs.version}} --auto --ignore-missing"
+
+          sentry-cli sourcemaps upload --dist="${{needs.build-and-push-image.outputs.sha_short}}" --release="${{needs.build-and-push-image.outputs.version}}" ./dist
+          echo "sentry-cli sourcemaps upload --dist=${{needs.build-and-push-image.outputs.sha_short}} --release=${{needs.build-and-push-image.outputs.version}} ./dist"
+
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.WF_SENTRY_PROJECT }}
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -57,6 +57,17 @@
       "internalConsoleOptions": "neverOpen",
       "disableOptimisticBPs": true,
       "program": "${workspaceFolder}/node_modules/.bin/npx"
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug Workflow Service",
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "start:debug"],
+      "cwd": "${workspaceFolder}/services/workflows-service",
+      "skipFiles": ["<node_internals>/**"],
+      "console": "integratedTerminal",
+      "sourceMaps": true
     }
   ]
 }