initial draft of deploy script, newly encrypted secrets

2023-03-14 02:01:41 +01:00 · 2023-03-14 02:01:41 +01:00 · 55f1cddb35
commit 55f1cddb35
parent 4726942368
4 changed files with 102 additions and 2 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -0,0 +1,99 @@
+name: deploy
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  deploy:
+    # see example https://github.com/do-community/example-doctl-action
+    # see example https://github.com/do-community/example-doctl-action/blob/main/.github/workflows/workflow.yaml
+    name: Deploy defined version to stage.ocelot.social cluster at DigitalOcean
+    runs-on: ubuntu-latest
+    env:
+      SECRET: ${{ secrets.SECRET }}
+      CONFIGURATION: "this"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Decrypt .env
+        run: gpg --quiet --batch --yes --decrypt --passphrase="${SECRET}" --output .env .env.enc
+      - name: Load .env
+        uses: aarcangeli/load-dotenv@v1.0.0
+        with:
+          quiet: false
+      - name: Checkout Ocelot code
+        uses: actions/checkout@v3
+        with:
+          repository: 'Ocelot-Social-Community/Ocelot-Social'
+          ref: '${OCELOT_SOCIAL_TAG}'
+          path: 'ocelot/'
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          path: 'ocelot/deployment/configurations/${CONFIGURATION}'
+      - name: Decrypt all secrets
+        run: ocelot/deployment/scripts/secrets.decrypt.sh
+      - name: Upgrade Cluster
+        run: ocelot/deployment/scripts/cluster.upgrade.sh
+
+      # ##########################################################################
+      # # SET ENVS ###############################################################
+      # ##########################################################################
+      # - name: ENV - VERSION
+      #   run: echo "VERSION=$(node -p -e "require('./package.json').version")" >> $GITHUB_ENV
+      # - name: ENV - BUILD_VERSION
+      #   run: echo "BUILD_VERSION=${VERSION}-${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV
+      # ##########################################################################
+      # # Install DigitalOceans doctl and set kubeconfig #########################
+      # ##########################################################################
+      # - name: Install doctl
+      #   uses: digitalocean/action-doctl@v2
+      #   with:
+      #     token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      # - name: Save DigitalOcean kubeconfig with short-lived credentials
+      #   run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 cluster-stage-ocelot-social
+      # ##########################################################################
+      # # Deploy new Docker images to DigitalOcean Kubernetes cluster ############
+      # ##########################################################################
+      # # - name: Deploy 'latest' to DigitalOcean Kubernetes
+      # #   run: |
+      # #     kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:latest
+      # #     kubectl -n default rollout restart deployment/ocelot-webapp
+      # #     kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:latest
+      # #     kubectl -n default rollout restart deployment/ocelot-backend
+      # #     kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:latest
+      # #     kubectl -n default rollout restart deployment/ocelot-maintenance
+      # #     kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:latest
+      # #     kubectl -n default rollout restart deployment/ocelot-neo4j
+      # - name: Deploy actual version '$BUILD_VERSION' to DigitalOcean Kubernetes
+      #   run: |
+      #     kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:$BUILD_VERSION
+      #     kubectl -n default rollout restart deployment/ocelot-webapp
+      #     kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:$BUILD_VERSION
+      #     kubectl -n default rollout restart deployment/ocelot-backend
+      #     kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:$BUILD_VERSION
+      #     kubectl -n default rollout restart deployment/ocelot-maintenance
+      #     kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:$BUILD_VERSION
+      #     kubectl -n default rollout restart deployment/ocelot-neo4j
+      # # because this step 'kubectl -n default rollout status deployment/* --timeout=600s' does not work as expected
+      # #   and we need the pods to be up again for cleaning and seeding the Neo4j database and the backend.
+      # #   !!! this is not a perfect solution !!!
+      # # deployments are regularly up again after 3 minutes and 10 seconds
+      # - name: Sleep for 4 minutes, means 240 seconds
+      #   run: sleep 240s
+      #   shell: bash
+      # - name: Verify deployment and wait for the pods of each deployment to get ready for cleaning and seeding of the database
+      #   run: |
+      #     kubectl -n default rollout status deployment/ocelot-backend --timeout=600s
+      #     kubectl -n default rollout status deployment/ocelot-neo4j --timeout=600s
+      #     kubectl -n default rollout status deployment/ocelot-maintenance --timeout=600s
+      #     kubectl -n default rollout status deployment/ocelot-webapp --timeout=600s
+      # - name: Run migrations for Neo4j database via backend for staging
+      #   run: |
+      #     kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "yarn prod:migrate up"
+      # - name: Reset and seed Neo4j database via backend for staging
+      #   # db cleaning and seeding is only possible in production if env 'PRODUCTION_DB_CLEAN_ALLOW=true' is set in deployment
+      #   run: |
+      #     kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "node --experimental-repl-await dist/db/clean.js && node --experimental-repl-await dist/db/seed.js"
--- a/kubeconfig.yaml.enc
+++ b/kubeconfig.yaml.enc
--- a/kubernetes/dns.values.yaml.enc
+++ b/kubernetes/dns.values.yaml.enc
@ -1,2 +1,3 @@
-Œ
	«“Ö8<C396>–ÃöÒÀdàŒIÀß^ý1Õ¶Šéˆ|<7C>œõ¯M!<21>ƒdÖ¦†Õö[šB¥ãiÇ*Êä™HøAKU+B
-Ï;¢LæFúpfƒÉ‘Â³“ÇÑRÕË6hU0qÑ?sV)ô
åÝ<C3A5>ÏVåÒÌìú)lë_ta1â™§h”xË†B(VÖ'±bâ…â¢%AHuJ‚åŽùÂ…Y:ùz=±àŽÝÙ(¾MíMöL´¹ÿ‘£¿¾–	ðbðŠ0ÝÜ\ž2¤,¨q<>|~¾¯P<C2AF>p*;IIcsækVC THÐ–%‚Ù,Y»kjñ£';s¡kü*£¯>mU7as;w9 <]É¶ÕQ†AJfÿ—³•ï@êÊëÛTKŠÈ¤¾}ø“wÀ×þÈÊÌJ,³¬L–Â@¶<> fº
+Œ
	nŸ©®Täm0öÒÀe6øØñ«	Zfü´úè2èùS_¿2 òû'!Ü™ý¾fqm¥-<2D>ö¤j{cÞ±øKvc!m»N®'=£Üw¹ÛÒ½|JÔ[É¯€,ë•=|<02>òá?$ÍW¼	ˆ==ù
+2pVªÁœk<EFBFBD>«ÐH"tÁ5êh|‚*+F½¦*<2A>"yÉ„)U¸žpŠi6€¨p“²Ï¢—™ªÒçç8JkÉ‰î*¡–Z<E28093>m-í;Ëô»*eéý½“›zO\.å<>³3ä·&Vj»“øÂÆ=£ó!°a&'÷°cí|Õ•&ìve¶„^ÑÒ<14>´€®(Ãã+ð"ÿdè¬Ç›%ì:Ö
+¸/Í²n·&ygõ°§ì°ª…Ä¯Ä[Æ¦Q¨²Zº
--- a/kubernetes/values.yaml.enc
+++ b/kubernetes/values.yaml.enc