From f7135203de46f3a82ed3857b249a749d9172df6b Mon Sep 17 00:00:00 2001 From: Yarden Asado Date: Sun, 31 Mar 2024 23:22:29 -0400 Subject: [PATCH 1/2] create workflow --- .github/workflows/deploy.yml | 49 ++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 000000000000..7f993e1d9324 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,49 @@ +on: + workflow_dispatch: + inputs: + version: + type: string + description: | + RC version + git commit number. + + For a list of available versions, look in + + s3://seekingalpha-rocketchat-builds/ + + for rocket.chat-VERSION.tgz + + Special versions: + + latest = version last built + + staging = version last deployed to staging + + production = version last deployed to production + required: true + + environment: + type: choice + description: chose the AWS environment + options: + - staging + - production + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + +defaults: + run: + shell: bash + +jobs: + deploy: + name: deploy + environment: ${{ inputs.environment }} + runs-on: [rocketchat] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: test + run: | + echo "test" From e2e62cce43885538ba7383d1c505048f5df753f2 Mon Sep 17 00:00:00 2001 From: Yarden Asado Date: Sun, 31 Mar 2024 23:37:43 -0400 Subject: [PATCH 2/2] create gh script --- github.sh | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 github.sh diff --git a/github.sh b/github.sh new file mode 100644 index 000000000000..6b0550f166f9 --- /dev/null +++ b/github.sh @@ -0,0 +1,103 @@ +#!/bin/bash + +set -o errexit + +case $JOB_BASE_NAME in + *staging*) environment=staging ;; + *production*) environment=production ;; + *) echo "ERROR: Can’t infer environment from job name!"; exit 99 ;; +esac + +rc_dir="/opt/rocket-chat" +s3_bucket="seekingalpha-rocketchat-builds" + +## Note: $version is a Jenkins job parameter. +## We accept either the full tarball filename or just its version substring. +if [[ "$version" == rocket.chat-*.tgz ]] +then + rc_tarball="$version" +else + rc_tarball="rocket.chat-$version.tgz" +fi + +function hr() { + echo "===========================================================================" +} + + +## Strip off the trailing letter from the region: Use us-west-2, not us-west-2a +export AWS_DEFAULT_REGION=$(ec2metadata --availability-zone | awk '{print substr($0,1,length($0)-1)}') + +## EXPORTED variables ending in _ENVSUBST are for expansion in the .tpl template files. +export AWS_DEFAULT_REGION_ENVSUBST=$AWS_DEFAULT_REGION +export ENV_ENVSUBST=$environment +export RC_DIR_ENVSUBST=$rc_dir +export S3_BUCKET_ENVSUBST=$s3_bucket +export RC_TARBALL_ENVSUBST=$rc_tarball + +## Render Script Templates +envsubst_varlist=$( ruby -e 'puts ENV.keys.select{ |name| name.end_with?("_ENVSUBST") }.map{ |name| "$#{name}" }.join(",")' ) +envsubst "$envsubst_varlist" < ./pre_install.sh.tpl > ./pre_install.sh +envsubst "$envsubst_varlist" < ./rotate_version.sh.tpl > ./rotate_version.sh + +## When deploying to production, run using the "rocketchat-deploy" role +if [[ $environment == production ]] ; then + assumed_role_json=$( + aws \ + --output json \ + sts assume-role \ + --role-arn arn:aws:iam::618678420696:role/switch-account-deploy-rocket-chat \ + --role-session-name rocketchat-deploy + ) + assumed_role_variables=$( + echo "${assumed_role_json}" | jq -r \ + ' + "export AWS_SESSION_TOKEN=" + .Credentials.SessionToken + "\n" + + "export AWS_ACCESS_KEY_ID=" + .Credentials.AccessKeyId + "\n" + + "export AWS_SECRET_ACCESS_KEY=" + .Credentials.SecretAccessKey + "\n" + ' + ) + eval "$assumed_role_variables" +fi + +## Get instance IPs one per line (multiline string) +rc_instance_ips=$( + aws ec2 describe-instances \ + --filters Name=instance-state-name,Values=running \ + Name=tag:aws:autoscaling:groupName,Values=rocketchat \ + --query "Reservations[*].Instances[*].NetworkInterfaces[0].PrivateIpAddress" \ + --output text +) + + +## Install RC tarball (and its dependencies) onto all RC nodes +hr +echo "Installing new build onto all RC nodes:" +parallel-ssh \ + --inline --timeout 600 --user deploy \ + --hosts <(echo "$rc_instance_ips") \ + --send-input < ./pre_install.sh +hr + +## Activate new version +echo "Activating new build on all RC nodes:" +parallel-ssh \ + --inline --timeout 600 --user deploy \ + --hosts <(echo "$rc_instance_ips") \ + --send-input < ./rotate_version.sh +hr + +## Update the version marker file +echo "Mark which RC build is now active..." +current_marker_file="rocket.chat-$environment.tgz" +aws s3 cp "s3://$s3_bucket/$rc_tarball" "s3://$s3_bucket/$current_marker_file" --acl public-read +hr + +## Flush CDN +echo "Flushing $environment CDN" +unset AWS_SESSION_TOKEN +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +FASTLY_SERVICE=$(aws ssm get-parameter --name /rocketchat/fastly_service_id --with-decryption --query Parameter.Value --output text) +FASTLY_TOKEN=$(aws ssm get-parameter --name /rocketchat/fastly_api_key --with-decryption --query Parameter.Value --output text) +curl -X POST -H "Fastly-Key: $FASTLY_TOKEN" "https://api.fastly.com/service/$FASTLY_SERVICE/purge/$environment"