-
Notifications
You must be signed in to change notification settings - Fork 20
241 lines (236 loc) · 10.9 KB
/
site_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
# This workflow will deploy the VCell full application (server +- client) to alpha or release
name: CD-sites
# Controls when the workflow will run
on:
workflow_dispatch:
inputs:
vcell_version:
description: 'version.major.minor'
required: true
default: '7.6.0'
vcell_build:
description: 'build number'
required: true
default: '18'
vcell_site:
description: 'rel or alpha or test'
required: true
default: 'alpha'
server_only:
description: 'Deploy only the server components?'
required: true
default: 'false'
jobs:
build:
name: Build client installers
runs-on: ubuntu-20.04
steps:
- name: checkout tag
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build }}
- name: setup global environment variables
run: |
echo "VCELL_VERSION=${{ github.event.inputs.vcell_version }}" >> $GITHUB_ENV
echo "VCELL_BUILD=${{ github.event.inputs.vcell_build }}" >> $GITHUB_ENV
echo "VCELL_SITE=${{ github.event.inputs.vcell_site }}" >> $GITHUB_ENV
echo "VCELL_TAG=`git rev-parse --short HEAD`" >> $GITHUB_ENV
echo "VCELL_REPO_NAMESPACE=ghcr.io/virtualcell" >> $GITHUB_ENV
echo "VCELL_DEPLOY_REMOTE_DIR=/share/apps/vcell3/deployed_github" >> $GITHUB_ENV
echo "VCELL_WEBHELP_REMOTE_DIR=/share/apps/vcell3/apache_webroot/htdocs/webstart/VCell_Tutorials/VCell_Help" >> $GITHUB_ENV
if [ "${{ github.event.inputs.vcell_site }}" == "rel" ]; then\
echo "VCELL_MANAGER_NODE=vcellapi.cam.uchc.edu" >> $GITHUB_ENV;\
echo "VCELL_INSTALLER_REMOTE_DIR="/share/apps/vcell3/apache_webroot/htdocs/webstart/Rel"" >> $GITHUB_ENV;\
else if [ "${{ github.event.inputs.vcell_site }}" == "alpha" ]; then\
echo "VCELL_MANAGER_NODE=vcellapi.cam.uchc.edu" >> $GITHUB_ENV;\
echo "VCELL_INSTALLER_REMOTE_DIR="/share/apps/vcell3/apache_webroot/htdocs/webstart/Alpha"" >> $GITHUB_ENV;\
else if [ "${{ github.event.inputs.vcell_site }}" == "test" ]; then\
echo "VCELL_MANAGER_NODE=vcellapi.cam.uchc.edu" >> $GITHUB_ENV;\
echo "VCELL_INSTALLER_REMOTE_DIR="/share/apps/vcell3/apache_webroot/htdocs/webstart/Test"" >> $GITHUB_ENV;\
else echo "Unknown site name ${{ github.event.inputs.vcell_site }}"; exit 1; fi; fi; fi
- name: setup ssh-agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.VC_KEY }}
- name: get installer secrets
run: |
ssh-keyscan $VCELL_MANAGER_NODE >> ~/.ssh/known_hosts
sudo mkdir /usr/local/deploy
sudo chmod 777 /usr/local/deploy
cd /usr/local/deploy
scp ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/deploy_dir_2023_07_30.tar .
cd ..
sudo tar -xvf deploy/deploy_dir_2023_07_30.tar
sudo chmod 777 -R deploy
- name: setup config
run: |
cd docker/swarm
export VCELL_CONFIG_FILE_NAME="server_${VCELL_SITE}_${VCELL_VERSION}_${VCELL_BUILD}_${VCELL_TAG}.config"
echo "VCELL_CONFIG_FILE_NAME=$VCELL_CONFIG_FILE_NAME" >> $GITHUB_ENV
echo "| $VCELL_SITE | $VCELL_REPO_NAMESPACE | $VCELL_TAG | $VCELL_VERSION | $VCELL_BUILD | $VCELL_CONFIG_FILE_NAME |"
./serverconfig-uch.sh $VCELL_SITE $VCELL_REPO_NAMESPACE $VCELL_TAG $VCELL_VERSION $VCELL_BUILD $VCELL_CONFIG_FILE_NAME
env | grep VCELL > variables
- name: send home config file and variables
run: |
scp docker/build/admin/vcell-su.sh ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/config
scp docker/swarm/$VCELL_CONFIG_FILE_NAME ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}
scp docker/swarm/variables ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/variables_$VCELL_TAG
- name: upload variables
uses: actions/upload-artifact@v3
with:
name: variables
path: docker/swarm/variables
retention-days: 1
- name: build client installers
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
cd docker/swarm
sudo docker login -u ${{ secrets.ACTION_USER }} -p ${{ secrets.ACTION_TOKEN }} ghcr.io
sudo docker pull $VCELL_REPO_NAMESPACE/vcell-clientgen:$VCELL_TAG
./generate_installers.sh ./${VCELL_CONFIG_FILE_NAME}
- name: upload generated installers
if: ${{ github.event.inputs.server_only != 'true' }}
uses: actions/upload-artifact@v3
with:
name: installers
path: docker/swarm/generated_installers
retention-days: 1
- name: Setup tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
notarize:
name: Notarize the MacOS client
runs-on: macos-latest
needs: build
steps:
- name: download generated installers
if: ${{ github.event.inputs.server_only != 'true' }}
uses: actions/download-artifact@v3
- name: notarize mac installer
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
set -x
set +e
cd installers
export MAC_INSTALLER=`ls *dmg`
xcrun notarytool submit --output-format normal --no-progress --no-wait --team-id "${{ secrets.MACTEAMID }}" --apple-id "${{ secrets.MACID }}" --password "${{ secrets.MACPW }}" $MAC_INSTALLER > submit_output
echo "output returned by notarytool submit:"
cat submit_output
cat submit_output | grep "id:" | cut -d ':' -f2 > UUID
for minutes in {1..5}
do
sleep 60
xcrun notarytool info --output-format normal --no-progress --team-id "${{ secrets.MACTEAMID }}" --apple-id "${{ secrets.MACID }}" --password "${{ secrets.MACPW }}" `cat UUID` > info_output
echo "output returned by notarytool info:"
cat info_output
grep -q Accepted info_output
if [[ $? == 0 ]]; then
echo "notarized succesfully"
break
else
echo "wait another minute and check again"
fi
done
grep -q Accepted info_output
if [[ $? == 0 ]]; then
xcrun stapler staple $MAC_INSTALLER
else
echo "notarization did not succeed in 5 minutes, giving up"
exit 1
fi
- name: update generated installers
if: ${{ github.event.inputs.server_only != 'true' }}
uses: actions/upload-artifact@v3
with:
name: installers
path: installers
retention-days: 1
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ failure() }}
deploy:
name: Deploy to site
runs-on: ubuntu-20.04
needs: notarize
steps:
- name: checkout tag
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build }}
- name: retrieve installers and variables
uses: actions/download-artifact@v3
- name: setenv
run: |
for line in $(cat variables/variables); do echo $line >> $GITHUB_ENV; done
- name: stage installers
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
cd installers
mkdir ../docker/swarm/generated_installers
mv * ../docker/swarm/generated_installers
- name: setup ssh-agent
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.VC_KEY }}
- name: retrieve config file
run: |
set -ux
ssh-keyscan $VCELL_MANAGER_NODE >> ~/.ssh/known_hosts
cd docker/swarm
scp ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE}:${VCELL_DEPLOY_REMOTE_DIR}/${VCELL_CONFIG_FILE_NAME} .
- name: setup java 17 with maven cache (for documentation build)
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: build documentation for web help
if: ${{ github.event.inputs.server_only != 'true' }}
run: |
set -ux
mvn clean install -DskipTests
- name: deploy installers and web help to vcell.org
run: |
set -ux
cd docker/swarm
ssh -t ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE} sudo docker login -u ${{ secrets.ACTION_USER }} -p ${{ secrets.ACTION_TOKEN }} ghcr.io
if ${{ github.event.inputs.server_only != 'true' }}; then
# build and install the client installers, and the web help (kubernetes cluster deployments are separate)
./deploy-action-kubernetes.sh \
--ssh-user ${{ secrets.CD_FULL_USER }} \
--build-installers \
--installer-deploy-dir $VCELL_INSTALLER_REMOTE_DIR \
--webhelp-local-dir ../../vcell-client/target/classes/vcellDoc \
--webhelp-deploy-dir $VCELL_WEBHELP_REMOTE_DIR \
${VCELL_MANAGER_NODE} \
./${VCELL_CONFIG_FILE_NAME}
export VCELL_SITE_CAMEL=`cat $VCELL_CONFIG_FILE_NAME | grep VCELL_SITE_CAMEL | cut -d"=" -f2`
ssh ${{ secrets.CD_FULL_USER }}@${VCELL_MANAGER_NODE} \
installer_deploy_dir=$VCELL_INSTALLER_REMOTE_DIR vcell_siteCamel=$VCELL_SITE_CAMEL vcell_version=$VCELL_VERSION vcell_build=$VCELL_BUILD \
'bash -s' < link-installers.sh
fi
- name: Capitalize first character of site name
id: capitalize
run: |
SITE="${{ github.event.inputs.vcell_site }}"
SITE_CAPITALIZED="$(tr '[:lower:]' '[:upper:]' <<< ${SITE:0:1})${SITE:1}"
VCELL_SWVERSION="${SITE_CAPITALIZED}_Version_${{ github.event.inputs.vcell_version }}_build_${{ github.event.inputs.vcell_build}}"
KUSTOMIZE_OVERLAY='not-specified'
if [ "${{ github.event.inputs.vcell_site }}" == "rel" ]; then KUSTOMIZE_OVERLAY="prod"; fi
if [ "${{ github.event.inputs.vcell_site }}" == "alpha" ]; then KUSTOMIZE_OVERLAY="dev"; fi
if [ "${{ github.event.inputs.vcell_site }}" == "test" ]; then KUSTOMIZE_OVERLAY="stage"; fi
CONTAINER_IMAGE_TAG="${{ github.event.inputs.vcell_version }}.${{ github.event.inputs.vcell_build}}"
echo "VCELL_SWVERSION=${VCELL_SWVERSION}" >> $GITHUB_ENV
echo "KUSTOMIZE_OVERLAY=${KUSTOMIZE_OVERLAY}" >> $GITHUB_ENV
echo "CONTAINER_IMAGE_TAG=${CONTAINER_IMAGE_TAG}" >> $GITHUB_ENV
- name: Call webhook to deploy to kubernetes cluster (overlay 'prod', 'dev' or 'stage')
run: |
git_sha=$(git rev-parse --short "$GITHUB_SHA")
echo '{"ref": "main","inputs":{"overlay": "'${KUSTOMIZE_OVERLAY}'","tag":"'${CONTAINER_IMAGE_TAG}'","swversion": "'${VCELL_SWVERSION}'"}}' >body
curl -X POST 'https://api.github.com/repos/virtualcell/vcell-fluxcd/actions/workflows/deploy.yaml/dispatches' \
-H 'Authorization: Bearer ${{ secrets.ACTION_TOKEN }}' \
-H 'Content-Type: application/json' \
--data "@body"
- name: Setup tmate session 3
uses: mxschmitt/action-tmate@v3
if: ${{ failure() }}