From beb665eb13936ad445f1149a4ade11c1cd5ab704 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 14 Mar 2023 02:51:20 +0100 Subject: [PATCH] new secrets, test reseed --- .env.enc | Bin 141 -> 140 bytes .github/workflows/deploy.yml | 66 ++------------------------------- kubeconfig.yaml.enc | Bin 1520 -> 1520 bytes kubernetes/dns.values.yaml.enc | Bin 312 -> 311 bytes kubernetes/values.yaml.enc | Bin 1761 -> 1760 bytes 5 files changed, 4 insertions(+), 62 deletions(-) diff --git a/.env.enc b/.env.enc index bb1e88dca399249fec7d3c888c31863d1bd48272..d5e6094096f48c94c204455bcf7a3349b1e69c58 100644 GIT binary patch literal 140 zcmV;70CWG04Fm}T0zQAC0D-v{9rn_D0m13~;%Hv;W|t$!ctbkys9<}5*gEc=AKapU zf?T#6%Znc}-g`>4gg+989NZOJomiWY;WjWhd!W@=FBwxs5zX{$bv95gGONNkC v(9n`^5<%%MiJ@C-ee-l?eryEtXg9m=Z*G=5u5982N9jB(5YcllOjT*mb-G2> diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f4593fa..0349cd6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -36,65 +36,7 @@ jobs: path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - name: Decrypt all secrets run: ocelot/deployment/scripts/secrets.decrypt.sh - - name: Upgrade Cluster - run: ocelot/deployment/scripts/cluster.upgrade.sh - - # ########################################################################## - # # SET ENVS ############################################################### - # ########################################################################## - # - name: ENV - VERSION - # run: echo "VERSION=$(node -p -e "require('./package.json').version")" >> $GITHUB_ENV - # - name: ENV - BUILD_VERSION - # run: echo "BUILD_VERSION=${VERSION}-${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - # ########################################################################## - # # Install DigitalOceans doctl and set kubeconfig ######################### - # ########################################################################## - # - name: Install doctl - # uses: digitalocean/action-doctl@v2 - # with: - # token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - # - name: Save DigitalOcean kubeconfig with short-lived credentials - # run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 cluster-stage-ocelot-social - # ########################################################################## - # # Deploy new Docker images to DigitalOcean Kubernetes cluster ############ - # ########################################################################## - # # - name: Deploy 'latest' to DigitalOcean Kubernetes - # # run: | - # # kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:latest - # # kubectl -n default rollout restart deployment/ocelot-webapp - # # kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:latest - # # kubectl -n default rollout restart deployment/ocelot-backend - # # kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:latest - # # kubectl -n default rollout restart deployment/ocelot-maintenance - # # kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:latest - # # kubectl -n default rollout restart deployment/ocelot-neo4j - # - name: Deploy actual version '$BUILD_VERSION' to DigitalOcean Kubernetes - # run: | - # kubectl -n default set image deployment/ocelot-webapp container-ocelot-webapp=ocelotsocialnetwork/webapp:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-webapp - # kubectl -n default set image deployment/ocelot-backend container-ocelot-backend=ocelotsocialnetwork/backend:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-backend - # kubectl -n default set image deployment/ocelot-maintenance container-ocelot-maintenance=ocelotsocialnetwork/maintenance:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-maintenance - # kubectl -n default set image deployment/ocelot-neo4j container-ocelot-neo4j=ocelotsocialnetwork/neo4j-community:$BUILD_VERSION - # kubectl -n default rollout restart deployment/ocelot-neo4j - # # because this step 'kubectl -n default rollout status deployment/* --timeout=600s' does not work as expected - # # and we need the pods to be up again for cleaning and seeding the Neo4j database and the backend. - # # !!! this is not a perfect solution !!! - # # deployments are regularly up again after 3 minutes and 10 seconds - # - name: Sleep for 4 minutes, means 240 seconds - # run: sleep 240s - # shell: bash - # - name: Verify deployment and wait for the pods of each deployment to get ready for cleaning and seeding of the database - # run: | - # kubectl -n default rollout status deployment/ocelot-backend --timeout=600s - # kubectl -n default rollout status deployment/ocelot-neo4j --timeout=600s - # kubectl -n default rollout status deployment/ocelot-maintenance --timeout=600s - # kubectl -n default rollout status deployment/ocelot-webapp --timeout=600s - # - name: Run migrations for Neo4j database via backend for staging - # run: | - # kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "yarn prod:migrate up" - # - name: Reset and seed Neo4j database via backend for staging - # # db cleaning and seeding is only possible in production if env 'PRODUCTION_DB_CLEAN_ALLOW=true' is set in deployment - # run: | - # kubectl -n default exec -it $(kubectl -n default get pods | grep ocelot-backend | awk '{ print $1 }') -- /bin/sh -c "node --experimental-repl-await dist/db/clean.js && node --experimental-repl-await dist/db/seed.js" \ No newline at end of file + #- name: Upgrade Cluster + # run: ocelot/deployment/scripts/cluster.upgrade.sh + - name: Reset and seed Neo4j database + run: ocelot/deployment/scripts/cluster.reseed.sh \ No newline at end of file diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc index 1d6dfd0a6df495ddbdc27aa621a39767f8522b32..df0e6dab4512c30e30759b408c8b83f8d1a927e1 100644 GIT binary patch literal 1520 zcmVvt`tH(R`KG}T#;%t5HbxW}>)ho3Tgx-wIEIG7&oN83YStG38%Iq8V6fm4S{yRIy4 z{U@AW#GEo{W%M+@M;X}CbQl4kczAHgWoe!S+WBAk#kbfqo6Jaf2*y~a2>qKgrH3SO zFxk<3R98Mu>otF+6gr$J7CU!_--Pdn@y#{^_0hGv6i~U0y8K%w^yvskA;yH z?@1UO-ph{KH(B6Bsclh^Clvsv^2g|30T+8n#lP0rpTy$zIO|QBK~nqFie1C^_Iva) z$u(>d51oq|fXp|5vJ80u_Owx)m^>`pep9y-Ej0WrwVi~7OaeezM1Z0X#3=wJ%w?KP z&637xMjj4Lw>{*09XB^o4wJYsUeKqB$RU8Fb+C9L=<7sv;7Pf`FS6;OjZ^#7G0Nr^ zKy(}GK&im~zcn~E?M9ACL!aX}KY$;}WGTX!dw&e!6IsR`8elh7*kuYj2day`WN z%DJTogu$L35THkzK=< zN|)CPK#DiNHW>L|z!Co!8eaZziHfh>DUCFk5AyNaZ<5fn;9sNq4PbsfMPkq` zQ}n}WzXmY_LMdhRzsbZXX}vdPV%PP3_l;%WLb~}X!^A2RTFtZckkhNHpp&eI60Z*w zz8T%+t@W1vrOM|ZA6t)z#k@^N5!q!4u^p>clfspC;&h7JHlvUc*11{)+8GqmE>byT6!P!qG0$+T>eqv!^4@Ktbzq)W4K5z4Zi9!Ma)AOS)UCbf%u9s5h%1wP zzvF0zd7I2xOFVKV94B<|C;5Z7-?Jb*Ii?pLc$j-%#~>rRww0jKHy#s4)alQ{as@-l z-^=?udp$!4!5xjPJhXc#f}Ot>(U$l&dvwHizUC6J$*#A4XY`2(vkFkShixCd zP_BLDQBVK|=!0Sbv_HeVzmV`X`SJm4(7D zKpt2KP1k)9G15Cng$ar^D3==tRNNDzg281uI4k8eWC~^pStz)PpP|fU==DqNRv&2B ztEZN%MGY1bM`)x`I6}vE{lg8}$ym6W1_k%-fovCoavX8(65M%20xz3@ZVK@~wegEC ztwn|SslWJ&5B~$8g#T)4C(pva0^_&5!Ms3H1+6_d6V-0safZ@*NK%$Ls2PTMTs zv0>T=bBr#KLIOY4>7!U(l$>bzVEW66vH_=zbCMk1&XFPWYLcLX1)L6PutgS@6T-Qm WC5z$W&5mz$r5PnSDq4Xv*mFiPAoGy` literal 1520 zcmV$T`_?Do>?0bC#d!}aX)KkDT^OKAS}_4A>hk%$^djhZHp zfxP6Cgi}v@l29jB5s!_4#EH7NMl*Yq+{vIyAiwQ3(biSronp8tD`hI*ODgR_=wI2b~DH`(Vw%>=k0Oln!M8}OQ0N30l z`m9PQ*Vf8|CXk@ce#agQ*Wf(x6wu~U{!d_n`0r9T0J}()8jzZ<%5!@bO`F(6ZgkDb zJr-A(#u9eS;MjXRP_Y0zFN>WEF5UXr#48^Jkn5!oIT8dS&Cvb6dM%+wpD;rFd9HIe zA+t4`^qVP0E2v@c)#i!Wr2J-shWB;DQyBs}Nfk8t-kX%5=arIY` zjti0{^jwk*s$u?zAJ7e3XI%>zi<@(?x~1i2){SKewKG*8Q=|rOQKEN(As-SK<B zCA(uWR>pkzHC+z~_9ECN(GEGsz!jz!l|(;S=&OIQMQ?>6Tq7bNtA6X`%mI5rQ^C0G zzzt#l(vK;nf#*J%Z99O$>hKocac5rDI=g{v$F8764Sl&9^l<*?8Ne?0w(>L;>T$&s znl*6$mP3C3YgL=Z!6)+*1nC<8x1nhd@>OQpexW^OSk&;}{RRA|WdmTy7d?#**WoZa zgEVe7X@kvJ9=jHVUcrO6;DK~#m>!4gyeDo@ zo;h+~_45FBw|tVZ1eba1{+Takz(0*Wl`4^Vde3n>(LeU+>y1iG3S}=WxRM9RR529~ zjJCclx1n0=gBe%kHiU^eTD)S6lv|{$<5_?RxQ?}Exhj>{0ApNfo+wZ#oTP$;v;cZq zEN(SrCA3Jd4k^UyV3x10$lmXh<9qIE$Hg`BZKt{m{yWCz?I(6HZt1k2e%4spH&1l- zI>gn#`opYfcY$=03Lo!6|CtR+JWLy16E4ZJt$W*DRC1EJ-t+cJIYO5n&OpB5#7*cB z?3UZ@WkGM`!5#ALhXR&S#uJdZfjG;QjL^*HS-|Tme;#1$qWo(5XPCmv7Yw4-4j2J% zyCtA6Y@B2(rlJ`;n>V|(XQI#H_fh*niqZq~*x3xSh&2>L&W3ENkw2~fUI z)L{bhO6DtisIxq>NJ9~iJn%w!IXchB=`3}MEp)BW{;|$+7c}Oz|LzL!b7{=7Yc77) z_RADL9Ax(XITahKpn!a28{)`nJ@9|ErG1iBK=Ga*5015KllB}wJa`l$j@ph;_D$mP0UY6 zi_FQQq40d4M$^icA|3K|$In2tRZ_I2UF}qkp<5oXBnc8uJS>IC)|HkX=irZ6wCq9V z_6e+kVsP;`5Sm{y<}%~agRuQ9OvE`_G-$ic>q<*O7V(c6O0=!&`CLI^WJfnp21AT-hv(t41Fw<4%uhz~a WN_aSMLCB_~DSQ@VxD`dG9G!MssrexQ diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc index e9be5680e14ee0f4c9497eb3a329d945255f0fea..509e5d045ec9ee50f535184d485b016a619917c8 100644 GIT binary patch literal 311 zcmV-70m%N04Fm}T0&L;-jPfI~Q1;TmWdVMqTA5|XQR3}0%V`^GNCo-hEU0P);X^E^ zjy%=>)%jSqey|-$eOsq*svAt+FJ)L_&sKd5$vRn%GoxeCTbwUFaex%c;n1wyu;l6uI@9y~kO5=54&U}W)cjre z_o7JnFBzFC?S6uKH@DB9zLzOt`t8HUqrf&|NSwlWab+E18!Fl%2q3&t>y4&XuTz_lM= zkh1PBfE^ar1__z2`~L!@n{UahI_UI)fweq>V1|i|2<>O#uh~?Zi7Onrh1FliQr~!J z?{ogJ2%wy|rThBBcP7^-9t5u+}34{v4J4t&%GDS>y_=DMv^(SQ~UJyx6UmkKnnAG{;{9O7)JK} zHZrgQS~@Y%lV?UURf==_rfP~#*_&|g+iN?ru5Z82r73(%+T2=D2t}**Ci;hs!I~fD zVfvKYa!LEOSM0T;8Hs;KPD`>`T~&{liS~QyAU`ExP$f~p2cOVI{9Xz9fbaJ!kOT4~ z3^BRtojD(PD-!{sq_GQik5~47Hkqjw3(kR=)<7#&+Vhws^ii6Z`k#I1mgU~6$JAI7 zg22jdzBF9AUV=S^MdCb-S*uOl>_xA`i5#gK5Y|A?JU&6K-49i^njvkwmSQ_s{U0u(Mpg6%5joS{4Z4mds`1IBBH1AY|U%8}4k`MHE7dgH^1@xx%6ID)I; zU;?^H?H>ak`Bj59RKQ_*nbepno<#|Mj$h8gy|#o2xHOwH@Vv(jJ?0jf3XP^&5W*Jg z*42Ya9J>h8NdXyFFQg^g-Mzw-&ydC9d0o~S$|>z%W>4#){XeqDqjD*e(uIu`#_#g> zy5}+p6GSYtVXRN<$e+G?L%~pugImbk$2BPhWR%P@@cwJYG3OlDc_c z4$5R%*o6&1y@og9PC+xSM;6_BVYJsg2?EZIQxeL)HW5>YpRca6##6tzWF>uRra0Wv zVEU$~pd#_%`6M%3kK)<;iGpbu)`P_+vtk#V5*nV54rF zK?;CTx@rV9vt)8kiMqlht=cL<;o7rc>l-bF$fWUJ|A9d`#5xAQrajn)5h@`Cx#j?W z_*s{m$qER)wcNOdmrqY58;C!CsyLgo{SW{ROlu%3!d4IbkQLNKS*;Kolw2gP@AJkd zndlF|YGQis=~exFqq2FqKdb7;^*_Z#%a<$qdSTD*koQ);FMdvl*~ATQb>Pmm;@suPpr;3VM8UgliBent5%@ zm)b5Up>&A>BY*AMyVnHO=$|cEk2vHufhEOTN0C(ZC>_f*-Ggz>8yEQPq>YRcigl}5 z-`{v^Tc5Ik2e@!dVCF7%vP%s;=I2_+8u1Z_amBTlw@St!Se^@v0X)9VSi~@1D%WPm zSfpBAjYypD3WKJ)6HmJSVai!+9}%#XU^VS+l$z?o&`tlKzChhYyArw3WfoavNzQQI z1Bcaj0nj*Kd0XIp&SBUdpjx&8ak4FFn|5^qzLRt>JX^6bB2CNcc5(HQ_#V^whFjsV z?9@z_r`IQP;}@gfDg5UYO*nZ~GRk|7^NrO1GgdiPX<#9}9F|0nNe-lsq{fOHw`9xj z0&Z8;GGf{aI^HtL)o4D==Y7%Pe_lqa3|)%NWDnU#RLxwayT{0^tu-#0&+kQ85C)+2 z|G*5wP67WroDF&_-^A3o?Bz0@*R$kF}QDMp** zuC@$M-sMcLRz}_|jJ{X2O@|FB6;cfHmFK^nfoQ%!MBheClnpY7~dj|!1B CS!_`N literal 1761 zcmV<71|Ip04Fm}T0?Ecb%(QqIC-&0n0qEoVpV3~{#V$kl*+;6L zKOfjn{JyvT>kCj8V9dkGo`=~#zH}yD(M|z@&_jAHpWTzIS|ZkmS=n)US;hEM6m2x( zFRaHQbGF!NQPhyoK9fqnn9=vV5+tf_Q!|38ZMZx&1S3PpsAQ;k)A>`4o^kXXXo*VY z2+77XCkHmzbf8bneUmT~7*?BNVG=-UJ(9fO4R{wYjsg*ht3Q-!!JVA@4WDhONKd{Z zyAFCOgGslN)yhR;Y~R67N_7J7o~(9yQP{brs-;NDR-L`KJiz-hWc4n&(|F*zs-wt( zr=U(PQuie%L&&m9`p?jwqJKfF&&o=!*9G?Zx3$*#dw{2z_)Vr!*3~-hCG~-V2!o@X z^<6joNDe*N(>(7Hn2IE)Nao!E%1jKT7=6C&4^+>&HRV*^1;ij*btv9Cb@P8?XY;m% zx?>Y^F>~XE34|LKBRG*b`&2N5q3shRx^>55{_#0I$*$J?8bGqR2s#f;bz|Qpi4C%J z7o_+N&g?|3c0}$WTf1G74&j^9RV|uyVjoEomvqTs)!zL}7OWCgBk~Ep>T2gZl583R zEbxX2XA7SLMdO0&ywxgQihqUSfiHwk!Wy?$tMS-M!EI2i{RAq2zA%*#m#rXoC{X-z z5xWUN5?pat&g!a_7GA-TI}4x`-vcCMGRX`rUHtyyZ$I4-Ae|DH{rnXYzOWp#M)z~< zYau39&wd=7`7}_4yk#=JSr&gMz}{0tbme6yc#ALOIvU#MeM!Xr9mvZqA~IE79VuGM z)K1A}C^h3aaoK^kr1hG%Ug6WpH;dL5gu(c5K zfQMHV=g}AY*iFVD`^d{Q=Cj2&F}v}=%)_63HIhnsoP~kCoN{q5?I+m2xi9lI{~y?< zvBBFJw?l_N(hkYByI&Pzp=CD`^8HR@SDx-Hv zg5oWxBsS5<_Spc{DI>j zpACfUWbu`KBH}+qW)=hK-5?%6xc{9cYtt;V=@6Pkb4*8b$EQG=E)txAAy!?sM-b6+ z_{y88gF|Su=}5n|$FUI|t|0h(B$1lvFUuwiJrx^sl)Z5%ncjEf82v3~uSOzewSvKs zV2=x&h4ju@={7O(u^BOSqO%fEGb6cnc{xXxd)HE|gW94yRyn;;ZfSjg0kMf`Fp(YX z+k3i2TN>aCNKIVpy`k*?$XJCUL%*^YO3QIw55&{XE!^4lszUX3L&>IPcbDk^aBh%- zR@72sA+t6m{A)?28W1h8Ly2q|E_7%kZnT8K$m9T87(adRcQ*ug1y7vwBxbF&bmfoF z=M>QysA+mKb1O$2YHOHu-X2^_C{uw0L%Ua8?_Y$9EwFvK2sdV$G|RD>rmY<=05*F` z1J={8q;u?hAg=vA32)l#-YtnQvNVq`7w6{?hPuVz(>&;yx+=!BC7|Ak69$WrBH-(i6-cES>jXiN z2uTeUUHnyG29kcr;P1ITV*o4L`#HWAjl(tYSt81I`KWaFIy0MGKCmXY&{Z(zC+zEK zKK7u=dwbOj%ol-p*-M?YcdxxZ8VU2KZ`uk_&WAD>rJMB# zjqPGbT5gi5fvI;v`)$TM%#lWC@+C4zbBTHWIPT>{rTomalh8LjBDIboA$Jo&U}T{h z%HyOk(R+yo0pgE5@-_pGLjKQYf=p`t=9u!UYkC%biy~1#$`kXPi13)VR71~BuI8$c DE?{f3