-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #168 from datalab-mi/develop
Basegun on kube, with new algo
- Loading branch information
Showing
91 changed files
with
7,154 additions
and
2,345 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| secret_name: | ||
| required: false | ||
| type: string | ||
| description: "Secret name in kubernetes cluster" | ||
| default: "basegun-secret" | ||
| namespace: | ||
| required: true | ||
| type: string | ||
| description: "Namespace name in kubernetes cluster" | ||
| default: "basegun" | ||
| domain: | ||
| required: true | ||
| type: string | ||
| description: "Nom de domaine utilisé par l'application" | ||
| default: "basegun.fr" | ||
| branch: | ||
| required: true | ||
| type: string | ||
| description: "Branche de déploiement" | ||
| secrets: | ||
| KUBECONFIG: | ||
| description: 'Service account secret (run kubectl get serviceaccounts <service-account-name> -o yaml and copy the service-account-secret-name)' | ||
| required: true | ||
| X_OVH_TOKEN: | ||
| required: true | ||
| API_OVH_TOKEN: | ||
| required: true | ||
| OS_PASSWORD: | ||
| required: true | ||
| OS_PROJECT_NAME: | ||
| required: true | ||
| OS_USERNAME: | ||
| required: true | ||
| JOB_GITHUB_TOKEN: | ||
| required: true | ||
|
|
||
| jobs: | ||
| deployment: | ||
| name: Update deployment | ||
| runs-on: ubuntu-20.04 | ||
| steps: | ||
| - name: Checkout branch | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| ref: ${{ inputs.branch }} | ||
|
|
||
| - uses: azure/k8s-set-context@v3 | ||
| with: | ||
| method: kubeconfig | ||
| kubeconfig: ${{ secrets.KUBECONFIG }} | ||
|
|
||
| - name: Create secret for Kubernetes | ||
| uses: azure/k8s-create-secret@v4 | ||
| with: | ||
| namespace: ${{ inputs.namespace }} | ||
| secret-type: 'generic' | ||
| secret-name: ${{ inputs.secret_name }} | ||
| string-data: | | ||
| { | ||
| "OS_PASSWORD": "${{ secrets.OS_PASSWORD }}", | ||
| "OS_PROJECT_NAME": "${{ secrets.OS_PROJECT_NAME }}", | ||
| "OS_USERNAME": "${{ secrets.OS_USERNAME }}", | ||
| "X_OVH_TOKEN": "${{ secrets.X_OVH_TOKEN }}", | ||
| "API_OVH_TOKEN": "${{ secrets.API_OVH_TOKEN }}" | ||
| } | ||
| - name: Install yq | ||
| run: | | ||
| sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq | ||
| - name: Update Infra Version | ||
| run: | | ||
| export TAG=$(make get-current-tag) | ||
| yq -i '.backend.image.tag = strenv(TAG)' ./infra/kube/helm/values.yaml | ||
| yq -i '.frontend.image.tag = strenv(TAG)' ./infra/kube/helm/values.yaml | ||
| - name: Update ingress domaine | ||
| run: | | ||
| export DOMAIN="${{ inputs.domain }}" | ||
| yq -i '.ingress.hosts[0].host = strenv(DOMAIN)' ./infra/kube/helm/values.yaml | ||
| - name: Commit and push changes | ||
| uses: devops-infra/[email protected] | ||
| with: | ||
| github_token: ${{ secrets.JOB_GITHUB_TOKEN }} | ||
| commit_prefix: "[skip ci]" | ||
| commit_message: "Version updated" | ||
|
|
||
| # To generate a kubeconfig, fill this file with informations available in theses commands: | ||
| # - ${token} and ${ca} | ||
| # kubectl get secret -n <namespace> -o yaml <secret-service-account> | ||
| # - ${server} | ||
| # kubectl config view --minify -o 'jsonpath={.clusters[0].cluster.server}' | ||
|
|
||
| # apiVersion: v1 | ||
| # kind: Config | ||
| # clusters: | ||
| # - name: default-cluster | ||
| # cluster: | ||
| # certificate-authority-data: ${ca} | ||
| # server: ${server} | ||
| # contexts: | ||
| # - name: default-context | ||
| # context: | ||
| # cluster: default-cluster | ||
| # namespace: default | ||
| # user: default-user | ||
| # current-context: default-context | ||
| # users: | ||
| # - name: default-user | ||
| # user: | ||
| # token: ${token} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,45 +8,21 @@ jobs: | |
| tag-pr: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Tag PR | ||
| uses: release-drafter/release-drafter@v5 | ||
| with: | ||
| name: PR ${{ github.ref }} | ||
| prerelease: true | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - uses: actions/checkout@v2 | ||
| - name: Tag PR | ||
| uses: release-drafter/release-drafter@v5 | ||
| with: | ||
| name: PR ${{ github.ref }} | ||
| prerelease: true | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| check-files-modified: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| changed_files: ${{ steps.changed-files.outputs.all_modified_files }} | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Verify Changed files | ||
| uses: tj-actions/[email protected] | ||
| id: changed-files | ||
| with: | ||
| base_sha: ${{ github.event.pull_request.base.sha }} | ||
|
|
||
| build-backend-and-test: | ||
| runs-on: ubuntu-latest | ||
| needs: check-files-modified | ||
| if: ( contains(needs.check-files-modified.outputs.changed_files, 'backend/') ) | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Run backend tests | ||
| run: make test-backend | ||
| env: | ||
| OS_USERNAME: ${{ secrets.OS_USERNAME }} | ||
| OS_PASSWORD: ${{ secrets.OS_PASSWORD }} | ||
| OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }} | ||
|
|
||
| build-frontend-and-test: | ||
| runs-on: ubuntu-latest | ||
| needs: check-files-modified | ||
| if: ( contains(needs.check-files-modified.outputs.changed_files, 'frontend/') ) | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - name: Run frontend tests | ||
| run: make test-frontend | ||
| build-and-test: | ||
| uses: ./.github/workflows/test-on-kube.yml | ||
| needs: tag-pr | ||
| secrets: | ||
| API_OVH_TOKEN: ${{ secrets.API_OVH_TOKEN }} | ||
| OS_PASSWORD: ${{ secrets.OS_PASSWORD }} | ||
| OS_PROJECT_NAME: ${{ secrets.OS_PROJECT_NAME }} | ||
| OS_USERNAME: ${{ secrets.OS_USERNAME }} | ||
| X_OVH_TOKEN: ${{ secrets.PREPROD_OVH_TOKEN }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| name: Test on kubernetes | ||
|
|
||
| on: | ||
| workflow_call: | ||
| secrets: | ||
| API_OVH_TOKEN: | ||
| required: true | ||
| OS_PASSWORD: | ||
| required: true | ||
| OS_PROJECT_NAME: | ||
| required: true | ||
| OS_USERNAME: | ||
| required: true | ||
| X_OVH_TOKEN: | ||
| required: true | ||
|
|
||
|
|
||
| jobs: | ||
| test-app-k8s: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| LOCAL_DOMAIN: basegun.kubernetes.local | ||
| steps: | ||
| - name: Checkout to code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Create k8s Kind Cluster | ||
| uses: helm/[email protected] | ||
| with: | ||
| cluster_name: basegun-testing | ||
| config: ./infra/kube/kind/kind-config.yml | ||
| wait: 60s | ||
| verbosity: 2 | ||
|
|
||
| - name: Set up Helm | ||
| uses: azure/setup-helm@v3 | ||
| with: | ||
| version: v3.11.2 | ||
|
|
||
| - name: Set up ingress controller | ||
| run: | | ||
| helm repo add traefik https://traefik.github.io/charts && helm repo update | ||
| helm install --namespace ingress-traefik --create-namespace traefik traefik/traefik --values ./infra/kube/kind/traefik-values.yml | ||
| - name: Add hosts to /etc/hosts | ||
| run: | | ||
| sudo echo "127.0.0.1 $LOCAL_DOMAIN" | sudo tee -a /etc/hosts | ||
| # we are forced to attribute a DNS to kube cluster for it to work properly | ||
|
|
||
| - name: Build and install basegun with helm, and test if deployment is successful | ||
| id: tests | ||
| run: | | ||
| TAG=$(make get-current-tag) BUILD_TARGET=test docker-compose -f docker-compose-prod.yml build | ||
| kind load docker-image \ | ||
| basegun-backend:$(make get-current-tag)-prod \ | ||
| basegun-frontend:$(make get-current-tag)-prod \ | ||
| --name basegun-testing | ||
| helm upgrade --install basegun ./infra/kube/helm/ \ | ||
| --set ingress.hosts[0].host="$LOCAL_DOMAIN" \ | ||
| --set ingress.hosts[0].paths[0].path="/" \ | ||
| --set ingress.hosts[0].paths[0].pathType="Prefix" \ | ||
| --set backend.image.repository="basegun-backend" \ | ||
| --set backend.image.tag="$(make get-current-tag)-prod" \ | ||
| --set frontend.image.repository="basegun-frontend" \ | ||
| --set frontend.image.tag="$(make get-current-tag)-prod" \ | ||
| --set backend.secret.create="true" \ | ||
| --set-string backend.secret.values.OS_USERNAME="${{ secrets.OS_USERNAME }}" \ | ||
| --set-string backend.secret.values.OS_PASSWORD="${{ secrets.OS_PASSWORD }}" \ | ||
| --set-string backend.secret.values.OS_PROJECT_NAME="${{ secrets.OS_PROJECT_NAME }}" \ | ||
| --set-string backend.secret.values.X_OVH_TOKEN="${{ secrets.X_OVH_TOKEN }}" \ | ||
| --set-string backend.secret.values.API_OVH_TOKEN="${{ secrets.API_OVH_TOKEN }}" | ||
| for i in $(kubectl get deploy -o name); do kubectl rollout status $i -w --timeout=130s; done | ||
| - name: Display pod logs on failure | ||
| if: failure() && steps.tests.outcome == 'failure' | ||
| run: | | ||
| kubectl describe pods | ||
| kubectl logs deploy/basegun-backend --all-containers --ignore-errors | ||
| kubectl logs deploy/basegun-frontend --all-containers --ignore-errors | ||
| - name: Test unitests on backend | ||
| run : | | ||
| kubectl exec deploy/basegun-backend -c basegun-backend -- python -m unittest discover -v | ||
| - name: Setup nodejs (for cypress) | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: 18 | ||
| check-latest: true | ||
| cache: "npm" | ||
| cache-dependency-path: "frontend/package-lock.json" | ||
|
|
||
| - name: Install npm packages (for cypress) | ||
| run: npm ci | ||
| working-directory: ./frontend | ||
|
|
||
| - name: Test end to end (cypress) | ||
| run: FRONTEND_HOST=$LOCAL_DOMAIN FRONTEND_PORT=80 npm run test:e2e-ci | ||
| working-directory: ./frontend | ||
|
|
||
| - name: Send artifacts | ||
| uses: actions/upload-artifact@v3 | ||
| if: ${{ failure() }} | ||
| with: | ||
| name: cypress-screenshots | ||
| path: | | ||
| ./frontend/cypress/screenshots/ |
Oops, something went wrong.