Add GitHub workflow/scripts for deploying to staging/production

This adds to GitHub a workflow named ".github/workflows/deploy.yml", available at https://github.com/seekingalpha/Rocket.Chat/actions/workflows/deploy.yml and adds to it a "Run workflow" button which presents a form for deploying an RC tarball to a selectable environment (staging or production).
seekingalpha · Apr 8, 2024 · 7e25863 · 7e25863
1 parent b7de7f3
commit 7e25863
Show file tree

Hide file tree

Showing 2 changed files with 159 additions and 0 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,73 @@
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        description: |
+          version:
+          
+            RC version + git commit number.
+
+            For a list of available versions, look in
+
+            s3://seekingalpha-rocketchat-builds/
+
+            for rocket.chat-VERSION.tgz
+
+            Special versions:
+
+            latest  = version last built
+
+            staging = version last deployed to staging
+
+            production = version last deployed to production
+        required: true
+
+      environment:
+        type: choice
+        description: chose the AWS environment
+        options:
+          - staging
+          - production
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ inputs.environment }}
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  deploy:
+    name: deploy
+    environment: ${{ inputs.environment }}
+    runs-on: [rocketchat]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: install dependencies.
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y cloud-utils
+          sudo apt-get install -y pssh
+          sudo apt-get install -y gettext
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      #this is the private key for ci user, used by jenkins slave, can be found in ssm parameter staging jenkins slave. that allows ssh to airflow.
+      - name: install the ci private key
+        uses: webfactory/[email protected]
+        with:
+          ssh-private-key: '${{ secrets.CI_SSH_PRIVATE_KEY }}'
+
+      - name: Run deployment
+        run: "$GITHUB_WORKSPACE/github.sh"
+        shell: bash
+        env:
+          ENVIRONMENT_NAME: ${{ inputs.environment }}
+          version: ${{ inputs.version }}
diff --git a/github.sh b/github.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+set -o errexit
+
+case $ENVIRONMENT_NAME in
+  *staging*)    environment=staging ;;
+  *production*) environment=production ;;
+  *)            echo "ERROR: Can’t infer environment from job name!"; exit 99 ;;
+esac
+
+echo $environment
+
+rc_dir="/opt/rocket-chat"
+s3_bucket="seekingalpha-rocketchat-builds"
+
+## Note: $version is a Jenkins job parameter.
+## We accept either the full tarball filename or just its version substring.
+if [[ "$version" == rocket.chat-*.tgz ]]
+then
+  rc_tarball="$version"
+else
+  rc_tarball="rocket.chat-$version.tgz"
+fi
+
+function hr() {
+  echo "==========================================================================="
+}
+
+
+## Strip off the trailing letter from the region: Use us-west-2, not us-west-2a
+export AWS_DEFAULT_REGION=$(ec2metadata --availability-zone | awk '{print substr($0,1,length($0)-1)}')
+
+## EXPORTED variables ending in _ENVSUBST are for expansion in the .tpl template files.
+export AWS_DEFAULT_REGION_ENVSUBST=$AWS_DEFAULT_REGION
+export ENV_ENVSUBST=$environment
+export RC_DIR_ENVSUBST=$rc_dir
+export S3_BUCKET_ENVSUBST=$s3_bucket
+export RC_TARBALL_ENVSUBST=$rc_tarball
+
+#append all "_ENVSUBST" env vars keys to a online commas separated.
+b=""; for i in $(printenv | grep "_ENVSUBST" | sed 's;=.*;;'); do echo "$i"; b="$b\$$i,"; done; b=${b::-1};
+envsubst_varlist="$b"
+
+## Render Script Templates
+envsubst "$envsubst_varlist" < ./pre_install.sh.tpl  > ./pre_install.sh
+envsubst "$envsubst_varlist" < ./rotate_version.sh.tpl > ./rotate_version.sh
+
+## Get instance IPs one per line (multiline string)
+rc_instance_ips=$(
+  aws ec2 describe-instances \
+      --filters Name=instance-state-name,Values=running \
+                Name=tag:aws:autoscaling:groupName,Values=rocketchat \
+      --query "Reservations[*].Instances[*].NetworkInterfaces[0].PrivateIpAddress" \
+      --output text
+)
+
+## Install RC tarball (and its dependencies) onto all RC nodes
+hr
+echo "Installing new build onto all RC nodes:"
+parallel-ssh \
+  -x  "-o StrictHostKeyChecking=no" \
+  --inline --timeout 600 --user deploy \
+  --hosts <(echo "$rc_instance_ips") \
+  --send-input < ./pre_install.sh
+hr
+
+## Activate new version
+echo "Activating new build on all RC nodes:"
+parallel-ssh \
+  -x  "-o StrictHostKeyChecking=no" \
+  --inline --timeout 600 --user deploy \
+  --hosts <(echo "$rc_instance_ips") \
+  --send-input < ./rotate_version.sh
+hr
+
+## Update the version marker file
+echo "Mark which RC build is now active..."
+current_marker_file="rocket.chat-$environment.tgz"
+aws s3 cp "s3://$s3_bucket/$rc_tarball" "s3://$s3_bucket/$current_marker_file" --acl public-read
+hr
+
+## Flush CDN
+echo "Flushing $environment CDN"
+FASTLY_SERVICE=$(aws ssm get-parameter --name /rocketchat/fastly_service_id --with-decryption --query Parameter.Value --output text)
+FASTLY_TOKEN=$(aws ssm get-parameter --name /rocketchat/fastly_api_key --with-decryption --query Parameter.Value --output text)
+curl -X POST -H "Fastly-Key: $FASTLY_TOKEN" "https://api.fastly.com/service/$FASTLY_SERVICE/purge/$environment"