From 106c80b5bf36e120e34bc0bc1c968883d06f1cc3 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 29 Aug 2023 18:13:03 +0300 Subject: [PATCH 01/47] add migration execution job --- .github/workflows/migration-k8s.yml | 80 ++++++++++++++++++++++++ workflow-templates/ci-cd-development.yml | 16 +++++ 2 files changed, 96 insertions(+) create mode 100644 .github/workflows/migration-k8s.yml diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml new file mode 100644 index 0000000..0320bbe --- /dev/null +++ b/.github/workflows/migration-k8s.yml @@ -0,0 +1,80 @@ +on: + workflow_call: + inputs: + IMAGE_NAME: + required: true + type: string + KUBE_NAMESPACE: + required: true + type: string + k8s_cluster_name: + required: true + type: string + app_name: + required: true + type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + AWS_SESSION_TOKEN: + required: false + + +jobs: + deploy: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ inputs.aws_region }} + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional + + - name: use awscli + uses: unfor19/install-aws-cli-action@master + with: + version: 2 + + - run: aws --version + shell: bash + + - name: login to EKS + id: kubeconfig + run: | + echo "::add-mask::$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" + echo "::set-output name=KUBECONFIG::$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" + shell: bash + + - name: Generate k8s secret params + shell: bash + run: | + sed -i 's|image: ${{ inputs.IMAGE_NAME }}|image: ${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' migration.yaml + + - name: kubernets run migration + uses: kodermax/kubectl-aws-eks@master + env: + KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} + KUBECTL_VERSION: "v1.22.0" + IAM_VERSION: "0.5.6" + with: + args: apply -f migration.yaml -n ${{ inputs.KUBE_NAMESPACE }} + + - name: kubernets wair for migration to end + uses: kodermax/kubectl-aws-eks@master + env: + KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} + KUBECTL_VERSION: "v1.22.0" + IAM_VERSION: "0.5.6" + with: + args: wait --for=condition=complete job/${{ inputs.app_name }}-migration -n ${{ inputs.KUBE_NAMESPACE }} diff --git a/workflow-templates/ci-cd-development.yml b/workflow-templates/ci-cd-development.yml index f144c7d..31322fa 100644 --- a/workflow-templates/ci-cd-development.yml +++ b/workflow-templates/ci-cd-development.yml @@ -23,6 +23,21 @@ jobs: secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + call-workflow-k8s-migration: + needs: [call-workflow-init, call-workflow-docker-build] + if: github.event_name != 'pull_request' + uses: DistributedCollective/.github/.github/workflows/migration-k8s.yml@master # in case additional secrets is needed, this file must be changed and pushed to your repository + with: + IMAGE_NAME: ${{ needs.call-workflow-init.outputs.image_name }} + KUBE_NAMESPACE: ${{ needs.call-workflow-init.outputs.KUBE_NAMESPACE }} + aws_region: ${{ needs.call-workflow-init.outputs.aws_region }} + k8s_cluster_name: ${{ needs.call-workflow-init.outputs.k8s_cluster_name }} + app_name: ${{ needs.call-workflow-init.outputs.app_name }} + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} # optional + # addional secrets must me defined here call-workflow-k8s-deploy: needs: [call-workflow-init, call-workflow-docker-build] if: github.event_name != 'pull_request' @@ -30,6 +45,7 @@ jobs: with: IMAGE_NAME: ${{ needs.call-workflow-init.outputs.image_name }} KUBE_NAMESPACE: ${{ needs.call-workflow-init.outputs.KUBE_NAMESPACE }} + ci_env: ${{ needs.call-workflow-init.outputs.ci_env }} aws_region: ${{ needs.call-workflow-init.outputs.aws_region }} k8s_cluster_name: ${{ needs.call-workflow-init.outputs.k8s_cluster_name }} app_name: ${{ needs.call-workflow-init.outputs.app_name }} From ac0ced40441a4dc9ae9ea42184c0fb9783b2e234 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 29 Aug 2023 18:29:46 +0300 Subject: [PATCH 02/47] Update migration-k8s.yml --- .github/workflows/migration-k8s.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 0320bbe..62281ee 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -7,6 +7,9 @@ on: KUBE_NAMESPACE: required: true type: string + aws_region: + required: true + type: string k8s_cluster_name: required: true type: string From 748d21d8446e9c3bd33e839439643cc89840474a Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 12:41:22 +0300 Subject: [PATCH 03/47] Add ECR support --- .github/workflows/docker.yml | 97 ++++++++++++++++++++++++++++-------- 1 file changed, 76 insertions(+), 21 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9a6235a..5d27f7d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -10,12 +10,12 @@ on: event_name: required: true type: string - registry: - required: true - type: string dockerfile_path: required: true type: string + private_registry: + required: false + type: string secrets: DOCKER_USERNAME: required: true @@ -23,41 +23,96 @@ on: required: true jobs: + login-to-amazon-ecr-private: + runs-on: ubuntu-latest + if: inputs.private_registry == 'true' + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ inputs.aws_region }} + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + with: + mask-password: 'true' + registry-type: private + outputs: + registry: ${{ steps.login-ecr.outputs.registry }} + docker_username: ${{ steps.login-ecr.outputs.docker_username_768438872063_dkr_ecr_us_east_2_amazonaws_com }} + docker_password: ${{ steps.login-ecr.outputs.docker_password_768438872063_dkr_ecr_us_east_2_amazonaws_com }} + login-to-amazon-ecr-public: + if: inputs.private_registry == '' + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ inputs.aws_region }} + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + with: + mask-password: 'true' + registry-type: public + outputs: + registry: ${{ steps.login-ecr.outputs.registry }} + docker_username: ${{ steps.login-ecr.outputs.docker_username_public_ecr_aws }} + docker_password: ${{ steps.login-ecr.outputs.docker_password_public_ecr_aws }} build: + needs: [login-to-amazon-ecr-private, login-to-amazon-ecr-public] + if: | + always() && + ( + needs.login-to-amazon-ecr-private.result == 'success' || + needs.login-to-amazon-ecr-public.result == 'success' + ) runs-on: ubuntu-latest permissions: contents: read packages: write - steps: - name: Checkout repository uses: actions/checkout@v2 - # Login against a Docker registry except on PR - # https://github.com/docker/login-action + - name: Build, tag, and push docker image to Amazon ECR Public + run: | + if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then + echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV + echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV + echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" >> $GITHUB_ENV + elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then + echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV + echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }}" >> $GITHUB_ENV + echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" >> $GITHUB_ENV + fi + - name: Login to registry ${{ inputs.registry }} if: inputs.event_name != 'pull_request' uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: - registry: ${{ inputs.registry }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ inputs.registry }}/${{ inputs.IMAGE_NAME }} + registry: ${{ env.REGISTRY }} + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc with: context: . file: ${{ inputs.dockerfile_path }}/Dockerfile push: ${{ inputs.event_name != 'pull_request' }} - tags: ${{ inputs.registry }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ env.REGISTRY }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }} From 66e790d26b1373f2b99e37d07fbb5b2d0755947e Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 12:43:01 +0300 Subject: [PATCH 04/47] Add ECR support --- .github/workflows/docker.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5d27f7d..f8a4d15 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,11 +16,6 @@ on: private_registry: required: false type: string - secrets: - DOCKER_USERNAME: - required: true - DOCKER_PASSWORD: - required: true jobs: login-to-amazon-ecr-private: From db895c43e8930c6de2d2fe793321750a0c559531 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 13:16:58 +0300 Subject: [PATCH 05/47] wip --- .github/workflows/docker.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f8a4d15..4c31007 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -70,12 +70,12 @@ jobs: docker_password: ${{ steps.login-ecr.outputs.docker_password_public_ecr_aws }} build: needs: [login-to-amazon-ecr-private, login-to-amazon-ecr-public] - if: | - always() && - ( - needs.login-to-amazon-ecr-private.result == 'success' || - needs.login-to-amazon-ecr-public.result == 'success' - ) + if: > + always() && + ( + needs.login-to-amazon-ecr-private.result == 'success' || + needs.login-to-amazon-ecr-public.result == 'success' + ) runs-on: ubuntu-latest permissions: contents: read From bcfa3f08820ca2a482f5de1a6d46569092ec0b7f Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 13:53:20 +0300 Subject: [PATCH 06/47] wip --- .github/workflows/docker.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4c31007..78cf632 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,6 +16,9 @@ on: private_registry: required: false type: string + aws_region: + required: true + type: string jobs: login-to-amazon-ecr-private: @@ -96,7 +99,7 @@ jobs: echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" >> $GITHUB_ENV fi - - name: Login to registry ${{ inputs.registry }} + - name: Login to registry ${{ env.REGISTRY }} if: inputs.event_name != 'pull_request' uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: From bca77cfaf21630f015eda972fdd5cbf2fa311b1a Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 14:09:54 +0300 Subject: [PATCH 07/47] wip --- .github/workflows/docker.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 78cf632..9f85bf2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -19,6 +19,13 @@ on: aws_region: required: true type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + AWS_SESSION_TOKEN: + required: false jobs: login-to-amazon-ecr-private: From dd78bef3fb67eece74734a64364baaa22964d446 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 14:18:27 +0300 Subject: [PATCH 08/47] wip --- .github/workflows/init.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index 133422c..a0f3108 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -38,6 +38,7 @@ jobs: k8s_cluster_name: ${{ steps.setvars.outputs.k8s_cluster_name }} app_name: ${{ steps.setvars.outputs.app_name }} dockerfile_path: ${{ steps.setvars.outputs.dockerfile_path }} + private_registry: ${{ steps.setvars.outputs.private_registry }} steps: - name: Checkout repository uses: actions/checkout@v2 @@ -66,5 +67,6 @@ jobs: echo "::set-output name=registry::${{ env.registry }}" echo "::set-output name=aws_region::${{ env.aws_region }}" echo "::set-output name=k8s_cluster_name::${{ env.k8s_cluster_name }}" - echo "::set-output name=app_name::${{ env.app_name }}" echo "::set-output name=dockerfile_path::${{ env.dockerfile_path }}" + echo "::set-output name=dockerfile_path::${{ env.private_registry }}" + echo "::set-output name=app_name::${{ env.app_name }}" From cc8344aa22d70c3a052e87e4e26b4acd52c36ac9 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 14:36:46 +0300 Subject: [PATCH 09/47] fix input --- .github/workflows/init.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index a0f3108..361ffa2 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -25,6 +25,8 @@ on: value: ${{ jobs.init.outputs.app_name }} dockerfile_path: value: ${{ jobs.init.outputs.dockerfile_path }} + private_registry: + value: ${{ jobs.init.outputs.private_registry }} jobs: init: From 8370389ff2c9ce9a9dcfa80181ed6083fb599bf7 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 14:38:47 +0300 Subject: [PATCH 10/47] fix input --- .github/workflows/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index 361ffa2..194e581 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -70,5 +70,5 @@ jobs: echo "::set-output name=aws_region::${{ env.aws_region }}" echo "::set-output name=k8s_cluster_name::${{ env.k8s_cluster_name }}" echo "::set-output name=dockerfile_path::${{ env.dockerfile_path }}" - echo "::set-output name=dockerfile_path::${{ env.private_registry }}" + echo "::set-output name=private_registry::${{ env.private_registry }}" echo "::set-output name=app_name::${{ env.app_name }}" From c9b6729a6f627bc99ed30e932ef1efbefd0595eb Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 14:50:42 +0300 Subject: [PATCH 11/47] fix input --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9f85bf2..ebe4680 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -47,7 +47,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 with: - mask-password: 'true' + mask-password: 'false' registry-type: private outputs: registry: ${{ steps.login-ecr.outputs.registry }} @@ -72,7 +72,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 with: - mask-password: 'true' + mask-password: 'false' registry-type: public outputs: registry: ${{ steps.login-ecr.outputs.registry }} From 20b71bdb9acff7c56f80f0310d36ad83dd03cdbe Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 14:58:56 +0300 Subject: [PATCH 12/47] fix registry --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ebe4680..d97ea67 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -51,8 +51,8 @@ jobs: registry-type: private outputs: registry: ${{ steps.login-ecr.outputs.registry }} - docker_username: ${{ steps.login-ecr.outputs.docker_username_768438872063_dkr_ecr_us_east_2_amazonaws_com }} - docker_password: ${{ steps.login-ecr.outputs.docker_password_768438872063_dkr_ecr_us_east_2_amazonaws_com }} + docker_username: ${{ steps.login-ecr.outputs.docker_username_768438872063_dkr_ecr_us_east_1_amazonaws_com }} + docker_password: ${{ steps.login-ecr.outputs.docker_password_768438872063_dkr_ecr_us_east_1_amazonaws_com }} login-to-amazon-ecr-public: if: inputs.private_registry == '' runs-on: ubuntu-latest From 153d8e0276c60bb157f63744e7aba04fbdec615b Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:02:39 +0300 Subject: [PATCH 13/47] fix regisry var --- .github/workflows/docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d97ea67..8f24a41 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,6 +42,7 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ inputs.aws_region }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional + mask-aws-account-id: 'no' - name: Login to Amazon ECR id: login-ecr From 4a812059ecd50528c31b58a78a34ce506b1f7bd4 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:08:05 +0300 Subject: [PATCH 14/47] fix regisry var --- .github/workflows/docker.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8f24a41..952be15 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -112,8 +112,10 @@ jobs: uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: registry: ${{ env.REGISTRY }} - username: ${{ env.DOCKER_USERNAME }} - password: ${{ env.DOCKER_PASSWORD }} + #username: ${{ env.DOCKER_USERNAME }} + #password: ${{ env.DOCKER_PASSWORD }} + username: ${{ secrets.AWS_ACCESS_KEY_ID }} + password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc From f9b729dc211f59d0ea13def57d4a56559154e1c2 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:10:44 +0300 Subject: [PATCH 15/47] fix regisry var --- .github/workflows/docker.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 952be15..de146e1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -112,10 +112,9 @@ jobs: uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: registry: ${{ env.REGISTRY }} - #username: ${{ env.DOCKER_USERNAME }} - #password: ${{ env.DOCKER_PASSWORD }} - username: ${{ secrets.AWS_ACCESS_KEY_ID }} - password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + ecr: false - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc From a4909ca2440f94026517e4e1ec98d166e0e99264 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:12:46 +0300 Subject: [PATCH 16/47] wip --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index de146e1..927762e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -109,7 +109,7 @@ jobs: - name: Login to registry ${{ env.REGISTRY }} if: inputs.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + uses: docker/login-action@v2 with: registry: ${{ env.REGISTRY }} username: ${{ env.DOCKER_USERNAME }} From 0c6e0cebc91d166ea00abc418d0784dca26c3c54 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:32:34 +0300 Subject: [PATCH 17/47] wip --- .github/workflows/docker.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 927762e..9400b54 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -103,8 +103,10 @@ jobs: echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" >> $GITHUB_ENV elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV - echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }}" >> $GITHUB_ENV - echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" >> $GITHUB_ENV + DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }} + echo "::add-mask::$DOCKER_USERNAME" >> $GITHUB_ENV + DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }} + echo "::add-mask::$DOCKER_PASSWORD" >> $GITHUB_ENV fi - name: Login to registry ${{ env.REGISTRY }} @@ -117,7 +119,7 @@ jobs: ecr: false - name: Build and push Docker image - uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + uses: docker/build-push-action@v4 with: context: . file: ${{ inputs.dockerfile_path }}/Dockerfile From cf4b908a418edfaab0d67d221656d9f79d9a0ad6 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:35:25 +0300 Subject: [PATCH 18/47] wip --- .github/workflows/docker.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9400b54..f96ea06 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -99,8 +99,10 @@ jobs: run: | if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV - echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV - echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" >> $GITHUB_ENV + DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }} + echo "::add-mask::$DOCKER_USERNAME" >> $GITHUB_ENV + DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }} + echo "::add-mask::$DOCKER_PASSWORD" >> $GITHUB_ENV elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }} From e5681152eaacb47b82ec45f706963dfa07521d07 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:45:37 +0300 Subject: [PATCH 19/47] wip --- .github/workflows/docker.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f96ea06..bbff290 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -98,19 +98,18 @@ jobs: - name: Build, tag, and push docker image to Amazon ECR Public run: | if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then + echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV + PASSWORD_VALUE="${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" + echo "::add-mask::$PASSWORD_VALUE" + echo "DOCKER_PASSWORD=$PASSWORD_VALUE" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV - DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }} - echo "::add-mask::$DOCKER_USERNAME" >> $GITHUB_ENV - DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }} - echo "::add-mask::$DOCKER_PASSWORD" >> $GITHUB_ENV elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then + echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }}" >> $GITHUB_ENV + PASSWORD_VALUE="${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" + echo "::add-mask::$PASSWORD_VALUE" + echo "DOCKER_PASSWORD=$PASSWORD_VALUE" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV - DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }} - echo "::add-mask::$DOCKER_USERNAME" >> $GITHUB_ENV - DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }} - echo "::add-mask::$DOCKER_PASSWORD" >> $GITHUB_ENV fi - - name: Login to registry ${{ env.REGISTRY }} if: inputs.event_name != 'pull_request' uses: docker/login-action@v2 From b3020ff7355dcd32ee955734a7f762953757cc0b Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:50:29 +0300 Subject: [PATCH 20/47] wip --- .github/workflows/docker.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bbff290..23ab050 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -96,18 +96,20 @@ jobs: uses: actions/checkout@v2 - name: Build, tag, and push docker image to Amazon ECR Public + env: + PASSWORD_FROM_OUTPUT1: ${{ needs.login-to-amazon-ecr-private.outputs.docker_password }} + PASSWORD_FROM_OUTPUT2: ${{ needs.login-to-amazon-ecr-public.outputs.docker_password }} + run: | run: | if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV - PASSWORD_VALUE="${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" - echo "::add-mask::$PASSWORD_VALUE" - echo "DOCKER_PASSWORD=$PASSWORD_VALUE" >> $GITHUB_ENV + echo "::add-mask::$PASSWORD_FROM_OUTPUT1" + echo "DOCKER_PASSWORD=$PASSWORD_FROM_OUTPUT1" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }}" >> $GITHUB_ENV - PASSWORD_VALUE="${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" - echo "::add-mask::$PASSWORD_VALUE" - echo "DOCKER_PASSWORD=$PASSWORD_VALUE" >> $GITHUB_ENV + echo "::add-mask::$PASSWORD_FROM_OUTPUT2" + echo "DOCKER_PASSWORD=$PASSWORD_FROM_OUTPUT2" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV fi - name: Login to registry ${{ env.REGISTRY }} From 5e9b33ed50c623813e511ff35140ba882e11706a Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:51:53 +0300 Subject: [PATCH 21/47] wip --- .github/workflows/docker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 23ab050..9379a24 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -99,7 +99,6 @@ jobs: env: PASSWORD_FROM_OUTPUT1: ${{ needs.login-to-amazon-ecr-private.outputs.docker_password }} PASSWORD_FROM_OUTPUT2: ${{ needs.login-to-amazon-ecr-public.outputs.docker_password }} - run: | run: | if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV From 2a1e1c1efa49279876c086170f2a4af6b7b52619 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 15:57:27 +0300 Subject: [PATCH 22/47] wip --- .github/workflows/docker.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9379a24..3f6a53e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -96,19 +96,16 @@ jobs: uses: actions/checkout@v2 - name: Build, tag, and push docker image to Amazon ECR Public - env: - PASSWORD_FROM_OUTPUT1: ${{ needs.login-to-amazon-ecr-private.outputs.docker_password }} - PASSWORD_FROM_OUTPUT2: ${{ needs.login-to-amazon-ecr-public.outputs.docker_password }} run: | if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then + echo "::add-mask::${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV - echo "::add-mask::$PASSWORD_FROM_OUTPUT1" - echo "DOCKER_PASSWORD=$PASSWORD_FROM_OUTPUT1" >> $GITHUB_ENV + echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then + echo "::add-mask::${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }}" >> $GITHUB_ENV - echo "::add-mask::$PASSWORD_FROM_OUTPUT2" - echo "DOCKER_PASSWORD=$PASSWORD_FROM_OUTPUT2" >> $GITHUB_ENV + echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV fi - name: Login to registry ${{ env.REGISTRY }} From d1345729e636b6b86486a9d6a07e673384ff71d2 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 16:00:09 +0300 Subject: [PATCH 23/47] wip --- .github/workflows/docker.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3f6a53e..f50fcb2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -95,17 +95,20 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ inputs.aws_region }} + aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional + mask-aws-account-id: 'no' + - name: Build, tag, and push docker image to Amazon ECR Public run: | if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then - echo "::add-mask::${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" - echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-private.outputs.docker_username }}" >> $GITHUB_ENV - echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-private.outputs.docker_password }}" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then - echo "::add-mask::${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" - echo "DOCKER_USERNAME=${{ needs.login-to-amazon-ecr-public.outputs.docker_username }}" >> $GITHUB_ENV - echo "DOCKER_PASSWORD=${{ needs.login-to-amazon-ecr-public.outputs.docker_password }}" >> $GITHUB_ENV echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV fi - name: Login to registry ${{ env.REGISTRY }} @@ -113,9 +116,6 @@ jobs: uses: docker/login-action@v2 with: registry: ${{ env.REGISTRY }} - username: ${{ env.DOCKER_USERNAME }} - password: ${{ env.DOCKER_PASSWORD }} - ecr: false - name: Build and push Docker image uses: docker/build-push-action@v4 From d5e47cf1743995df5fdf74daf3233b58a35ca5a7 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 16:51:15 +0300 Subject: [PATCH 24/47] wip --- .github/workflows/docker.yml | 67 +----------------------------------- 1 file changed, 1 insertion(+), 66 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f50fcb2..174debc 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -13,7 +13,7 @@ on: dockerfile_path: required: true type: string - private_registry: + registry: required: false type: string aws_region: @@ -28,65 +28,7 @@ on: required: false jobs: - login-to-amazon-ecr-private: - runs-on: ubuntu-latest - if: inputs.private_registry == 'true' - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ inputs.aws_region }} - aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional - mask-aws-account-id: 'no' - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - with: - mask-password: 'false' - registry-type: private - outputs: - registry: ${{ steps.login-ecr.outputs.registry }} - docker_username: ${{ steps.login-ecr.outputs.docker_username_768438872063_dkr_ecr_us_east_1_amazonaws_com }} - docker_password: ${{ steps.login-ecr.outputs.docker_password_768438872063_dkr_ecr_us_east_1_amazonaws_com }} - login-to-amazon-ecr-public: - if: inputs.private_registry == '' - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ inputs.aws_region }} - aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - with: - mask-password: 'false' - registry-type: public - outputs: - registry: ${{ steps.login-ecr.outputs.registry }} - docker_username: ${{ steps.login-ecr.outputs.docker_username_public_ecr_aws }} - docker_password: ${{ steps.login-ecr.outputs.docker_password_public_ecr_aws }} build: - needs: [login-to-amazon-ecr-private, login-to-amazon-ecr-public] - if: > - always() && - ( - needs.login-to-amazon-ecr-private.result == 'success' || - needs.login-to-amazon-ecr-public.result == 'success' - ) runs-on: ubuntu-latest permissions: contents: read @@ -104,13 +46,6 @@ jobs: aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional mask-aws-account-id: 'no' - - name: Build, tag, and push docker image to Amazon ECR Public - run: | - if [[ "${{ needs.login-to-amazon-ecr-private.result }}" == "success" ]]; then - echo "REGISTRY=${{ needs.login-to-amazon-ecr-private.outputs.registry }}" >> $GITHUB_ENV - elif [[ "${{ needs.login-to-amazon-ecr-public.result }}" == "success" ]]; then - echo "REGISTRY=${{ needs.login-to-amazon-ecr-public.outputs.registry }}" >> $GITHUB_ENV - fi - name: Login to registry ${{ env.REGISTRY }} if: inputs.event_name != 'pull_request' uses: docker/login-action@v2 From 9b3043814a1432b1f9300ab6f10b02229143d92d Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 16:53:38 +0300 Subject: [PATCH 25/47] wip --- .github/workflows/init.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index 194e581..a34fa62 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -25,8 +25,6 @@ on: value: ${{ jobs.init.outputs.app_name }} dockerfile_path: value: ${{ jobs.init.outputs.dockerfile_path }} - private_registry: - value: ${{ jobs.init.outputs.private_registry }} jobs: init: @@ -40,7 +38,6 @@ jobs: k8s_cluster_name: ${{ steps.setvars.outputs.k8s_cluster_name }} app_name: ${{ steps.setvars.outputs.app_name }} dockerfile_path: ${{ steps.setvars.outputs.dockerfile_path }} - private_registry: ${{ steps.setvars.outputs.private_registry }} steps: - name: Checkout repository uses: actions/checkout@v2 @@ -70,5 +67,4 @@ jobs: echo "::set-output name=aws_region::${{ env.aws_region }}" echo "::set-output name=k8s_cluster_name::${{ env.k8s_cluster_name }}" echo "::set-output name=dockerfile_path::${{ env.dockerfile_path }}" - echo "::set-output name=private_registry::${{ env.private_registry }}" echo "::set-output name=app_name::${{ env.app_name }}" From d93eadefc2a8d86d84c5a7e6cffe0ecea6d720bf Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 17:03:00 +0300 Subject: [PATCH 26/47] wip --- .github/workflows/docker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 174debc..891d654 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -46,11 +46,11 @@ jobs: aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional mask-aws-account-id: 'no' - - name: Login to registry ${{ env.REGISTRY }} + - name: Login to registry ${{ inputs.registry }} if: inputs.event_name != 'pull_request' uses: docker/login-action@v2 with: - registry: ${{ env.REGISTRY }} + registry: ${{ inputs.registry }} - name: Build and push Docker image uses: docker/build-push-action@v4 @@ -58,4 +58,4 @@ jobs: context: . file: ${{ inputs.dockerfile_path }}/Dockerfile push: ${{ inputs.event_name != 'pull_request' }} - tags: ${{ env.REGISTRY }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }} + tags: ${{ inputs.registry }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }} From 26d70283099039b3986bd6b46945a175edef0ba1 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 17:12:04 +0300 Subject: [PATCH 27/47] wip --- .github/workflows/deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index c8ff0bd..abb0fed 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -90,7 +90,7 @@ jobs: - name: Generate k8s secret params shell: bash run: | - sed -i 's|image: ${{ inputs.IMAGE_NAME }}|image: ${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' deployment.yaml + sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' deployment.yaml - name: kubernets apply config uses: kodermax/kubectl-aws-eks@master From ca9077e7b46bb1685438b623aa401101a2716d00 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 17:29:36 +0300 Subject: [PATCH 28/47] Add tag template for migration --- .github/workflows/deploy-k8s.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index abb0fed..68ec927 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -91,6 +91,8 @@ jobs: shell: bash run: | sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' deployment.yaml + [ -f migration.yaml ] && sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' migration.yaml + - name: kubernets apply config uses: kodermax/kubectl-aws-eks@master From 26cb53388d5d69290a8e74bfd1e08782059e4c52 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Fri, 1 Sep 2023 17:39:07 +0300 Subject: [PATCH 29/47] Add tag template for migration --- .github/workflows/deploy-k8s.yml | 2 -- .github/workflows/migration-k8s.yml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index 68ec927..abb0fed 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -91,8 +91,6 @@ jobs: shell: bash run: | sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' deployment.yaml - [ -f migration.yaml ] && sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' migration.yaml - - name: kubernets apply config uses: kodermax/kubectl-aws-eks@master diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 62281ee..e749a61 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -62,7 +62,7 @@ jobs: - name: Generate k8s secret params shell: bash run: | - sed -i 's|image: ${{ inputs.IMAGE_NAME }}|image: ${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' migration.yaml + sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' migration.yaml - name: kubernets run migration uses: kodermax/kubectl-aws-eks@master From 8069f6f52bccb6dc04a14f3cfae2f162db9aa8eb Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 5 Sep 2023 10:15:24 +0300 Subject: [PATCH 30/47] add dev dockerfile build for migration --- .github/workflows/migration-k8s.yml | 23 +++++++++++++++++++++++ workflow-templates/ci-cd-development.yml | 3 +++ 2 files changed, 26 insertions(+) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index e749a61..9445f28 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -7,6 +7,15 @@ on: KUBE_NAMESPACE: required: true type: string + event_name: + required: true + type: string + dockerfile_path: + required: true + type: string + registry: + required: true + type: string aws_region: required: true type: string @@ -44,6 +53,20 @@ jobs: aws-region: ${{ inputs.aws_region }} aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional + - name: Login to registry ${{ inputs.registry }} + if: inputs.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{ inputs.registry }} + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + file: ${{ inputs.dockerfile_path }}/Dockerfile-dev + push: ${{ inputs.event_name != 'pull_request' }} + tags: ${{ inputs.registry }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }} + - name: use awscli uses: unfor19/install-aws-cli-action@master with: diff --git a/workflow-templates/ci-cd-development.yml b/workflow-templates/ci-cd-development.yml index 31322fa..5362bab 100644 --- a/workflow-templates/ci-cd-development.yml +++ b/workflow-templates/ci-cd-development.yml @@ -33,6 +33,9 @@ jobs: aws_region: ${{ needs.call-workflow-init.outputs.aws_region }} k8s_cluster_name: ${{ needs.call-workflow-init.outputs.k8s_cluster_name }} app_name: ${{ needs.call-workflow-init.outputs.app_name }} + event_name: ${{ github.event_name }} + registry: ${{ needs.call-workflow-init.outputs.registry }} + dockerfile_path: ${{ needs.call-workflow-init.outputs.dockerfile_path }} secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 7e135d75fb1e15d63c4496fde6c69daa1cd6fd8b Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 5 Sep 2023 10:23:15 +0300 Subject: [PATCH 31/47] change dev image tag --- .github/workflows/migration-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 9445f28..6745239 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -65,7 +65,7 @@ jobs: context: . file: ${{ inputs.dockerfile_path }}/Dockerfile-dev push: ${{ inputs.event_name != 'pull_request' }} - tags: ${{ inputs.registry }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }} + tags: ${{ inputs.registry }}/${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}Migration - name: use awscli uses: unfor19/install-aws-cli-action@master From 2fe1e199c79bfd70a3ed8e07f4cf052e1f2c3894 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 5 Sep 2023 10:26:11 +0300 Subject: [PATCH 32/47] change dev image tag --- .github/workflows/migration-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 6745239..5eb3c19 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -85,7 +85,7 @@ jobs: - name: Generate k8s secret params shell: bash run: | - sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' migration.yaml + sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}Migration|' migration.yaml - name: kubernets run migration uses: kodermax/kubectl-aws-eks@master From 56e31569bcf7ff467c76c55cd2844875bf3403b6 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 5 Sep 2023 10:39:17 +0300 Subject: [PATCH 33/47] Add k8s migration --- .github/workflows/migration-k8s.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 5eb3c19..7ed1e7c 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -104,3 +104,12 @@ jobs: IAM_VERSION: "0.5.6" with: args: wait --for=condition=complete job/${{ inputs.app_name }}-migration -n ${{ inputs.KUBE_NAMESPACE }} + + - name: kubernets wair for migration to end + uses: kodermax/kubectl-aws-eks@master + env: + KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} + KUBECTL_VERSION: "v1.22.0" + IAM_VERSION: "0.5.6" + with: + args: delete job ${{ inputs.app_name }}-migration -n ${{ inputs.KUBE_NAMESPACE }} From 3351397912ee65d4344a305fa0f36dbf2e6c3025 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:43:59 +0300 Subject: [PATCH 34/47] Update deploy-k8s.yml --- .github/workflows/deploy-k8s.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index abb0fed..bda4f3a 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -48,7 +48,7 @@ jobs: aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} # optional - name: use awscli - uses: unfor19/install-aws-cli-action@master + uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 with: version: 2 @@ -79,7 +79,7 @@ jobs: echo "${{ steps.genparams.outputs.k8sparams }}" - name: Create kubernetes secret with service parameters - uses: kodermax/kubectl-aws-eks@master + uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" @@ -93,7 +93,7 @@ jobs: sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' deployment.yaml - name: kubernets apply config - uses: kodermax/kubectl-aws-eks@master + uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" @@ -102,7 +102,7 @@ jobs: args: apply -f deployment.yaml -n ${{ inputs.KUBE_NAMESPACE }} - name: rollout - uses: kodermax/kubectl-aws-eks@master + uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" From 22a0c1766e2a61bbeb47bcc946affda7e483a881 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:45:23 +0300 Subject: [PATCH 35/47] Update init.yml --- .github/workflows/init.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index a34fa62..4f2e59c 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -55,16 +55,16 @@ jobs: id: setvars run: | if [[ "${{ inputs.base_ref }}" == "${{ env.prod_branch }}" || "${{ inputs.ref }}" == "refs/heads/${{ env.prod_branch }}" ]]; then - echo "::set-output name=k8s_namespace::production" - echo "::set-output name=ci_env::PROD" + echo "k8s_namespace=production" >> $GITHUB_OUTPUT + echo "ci_env=PROD" >> $GITHUB_OUTPUT fi if [[ "${{ inputs.base_ref }}" == "${{ env.dev_branch }}" || "${{ inputs.ref }}" == "refs/heads/${{ env.dev_branch }}" ]]; then - echo "::set-output name=k8s_namespace::test" - echo "::set-output name=ci_env::DEV" + echo "k8s_namespace=test" >> $GITHUB_OUTPUT + echo "ci_env=DEV" >> $GITHUB_OUTPUT fi - echo "::set-output name=image_name::${{ env.image_name }}" - echo "::set-output name=registry::${{ env.registry }}" - echo "::set-output name=aws_region::${{ env.aws_region }}" - echo "::set-output name=k8s_cluster_name::${{ env.k8s_cluster_name }}" - echo "::set-output name=dockerfile_path::${{ env.dockerfile_path }}" - echo "::set-output name=app_name::${{ env.app_name }}" + echo "image_name=${{ env.image_name }}" >> $GITHUB_OUTPUT + echo "registry=${{ env.registry }}" >> $GITHUB_OUTPUT + echo "aws_region=${{ env.aws_region }}" >> $GITHUB_OUTPUT + echo "k8s_cluster_name=${{ env.k8s_cluster_name }}" >> $GITHUB_OUTPUT + echo "app_name=${{ env.app_name }}" >> $GITHUB_OUTPUT + echo "dockerfile_path=${{ env.dockerfile_path }}" >> $GITHUB_OUTPUT From f9349f47dd75b0871288add92e6abf530f0bc222 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:46:39 +0300 Subject: [PATCH 36/47] Update migration-k8s.yml --- .github/workflows/migration-k8s.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 7ed1e7c..b678364 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -88,7 +88,7 @@ jobs: sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}Migration|' migration.yaml - name: kubernets run migration - uses: kodermax/kubectl-aws-eks@master + uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" @@ -97,7 +97,7 @@ jobs: args: apply -f migration.yaml -n ${{ inputs.KUBE_NAMESPACE }} - name: kubernets wair for migration to end - uses: kodermax/kubectl-aws-eks@master + uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" @@ -106,7 +106,7 @@ jobs: args: wait --for=condition=complete job/${{ inputs.app_name }}-migration -n ${{ inputs.KUBE_NAMESPACE }} - name: kubernets wair for migration to end - uses: kodermax/kubectl-aws-eks@master + uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" From 92850ef723785fb1dc43160b057df4feebe02aea Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:49:23 +0300 Subject: [PATCH 37/47] Update deploy-k8s.yml --- .github/workflows/deploy-k8s.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index bda4f3a..7be53f7 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -1,4 +1,4 @@ -on: +35on: workflow_call: inputs: IMAGE_NAME: @@ -59,7 +59,7 @@ jobs: id: kubeconfig run: | echo "::add-mask::$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" - echo "::set-output name=KUBECONFIG::$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" + echo "KUBECONFIG=$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" >> $GITHUB_OUTPUT shell: bash - name: Generate k8s secret params @@ -71,7 +71,7 @@ jobs: echo "result: ${{ inputs.ci_env }}_ENV_VARS" for i in `cat .github/workflows/ci-properties.json | jq -r .${{ inputs.ci_env }}_ENV_VARS | jq -r 'keys[]' || true`; do params="${params} --from-literal=$i=$(cat .github/workflows/ci-properties.json | jq -r .${{ inputs.ci_env }}_ENV_VARS.$i)"; done echo "ENV VARS from ci-properties.json: $params" - echo "::set-output name=k8sparams::$params" + echo "k8sparams=$params" >> $GITHUB_OUTPUT - name: print k8sparams id: print From 309ced83828417da7c3d99a5b046029f55037f04 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:51:51 +0300 Subject: [PATCH 38/47] Update migration-k8s.yml --- .github/workflows/migration-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index b678364..2f2cb51 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -79,7 +79,7 @@ jobs: id: kubeconfig run: | echo "::add-mask::$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" - echo "::set-output name=KUBECONFIG::$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" + echo "KUBECONFIG=$(aws eks --region ${{ inputs.aws_region }} update-kubeconfig --name ${{ inputs.k8s_cluster_name }} --dry-run | base64 -w 0)" >> $GITHUB_OUTPUT shell: bash - name: Generate k8s secret params From 3d91c9a221e6fa611e3e0051a1ec8f9f3ed56981 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:54:32 +0300 Subject: [PATCH 39/47] Update deploy-k8s.yml --- .github/workflows/deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index 7be53f7..31f9be8 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -1,4 +1,4 @@ -35on: +on: workflow_call: inputs: IMAGE_NAME: From 56cab22082d6a9cce60c75b8697924529fa1b705 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 11:59:39 +0300 Subject: [PATCH 40/47] bump version --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 891d654..2f15c2f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@v2 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 6e3ec90fd88e859eee002079e214aafe925449ab Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 12:00:13 +0300 Subject: [PATCH 41/47] bump version --- .github/workflows/deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index 31f9be8..495f6c6 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -40,7 +40,7 @@ jobs: uses: actions/checkout@v2 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 608ea81ea4bffe3cdebe7d5bb2d836b1c67c3a80 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 12:00:33 +0300 Subject: [PATCH 42/47] bump version --- .github/workflows/migration-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 2f2cb51..99256d8 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -46,7 +46,7 @@ jobs: uses: actions/checkout@v2 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 884b9e9cf9eb009c5be0da455ef7b8120042aa46 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 12:09:13 +0300 Subject: [PATCH 43/47] bump checkout version --- .github/workflows/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index 4f2e59c..7964237 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -40,7 +40,7 @@ jobs: dockerfile_path: ${{ steps.setvars.outputs.dockerfile_path }} steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4.1.0 - name: Read repo properties shell: bash From 89e104ce9ed81fd8d1a603f8e7e14a6334489d36 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 12:09:34 +0300 Subject: [PATCH 44/47] Update migration-k8s.yml --- .github/workflows/migration-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/migration-k8s.yml b/.github/workflows/migration-k8s.yml index 99256d8..54667e0 100644 --- a/.github/workflows/migration-k8s.yml +++ b/.github/workflows/migration-k8s.yml @@ -43,7 +43,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4.1.0 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 From 577cfac82ab97d10dffce8ab05bad90fad317f71 Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 12:09:47 +0300 Subject: [PATCH 45/47] Update docker.yml --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2f15c2f..b9c0097 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -35,7 +35,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4.1.0 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 From 6fd34d66a170886d0e1418e6a4d94c42e5ab13ce Mon Sep 17 00:00:00 2001 From: Renat Gofman Date: Tue, 26 Sep 2023 12:10:01 +0300 Subject: [PATCH 46/47] Update deploy-k8s.yml --- .github/workflows/deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index 495f6c6..aecce3e 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -37,7 +37,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4.1.0 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 From 58b791cc0cf8c71717bbf8223f224d4fd0cfb6d9 Mon Sep 17 00:00:00 2001 From: Renat Skitsan Date: Thu, 25 Jan 2024 11:05:04 +0200 Subject: [PATCH 47/47] Cherry-pick (#6) * fix deprecated warnings and set action version (#3) * fix set output syntax * bump version * bump version * bump chechout version * fix aws-iam-authenticator latest release * Add optional ingress apply * Add domain name into ingress --- .github/workflows/deploy-k8s.yml | 20 +++++++++++++++++--- .github/workflows/docker.yml | 3 ++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-k8s.yml b/.github/workflows/deploy-k8s.yml index aecce3e..9d0a00d 100644 --- a/.github/workflows/deploy-k8s.yml +++ b/.github/workflows/deploy-k8s.yml @@ -79,7 +79,7 @@ jobs: echo "${{ steps.genparams.outputs.k8sparams }}" - name: Create kubernetes secret with service parameters - uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 + uses: kodermax/kubectl-aws-eks@7e223308593f74c42b45782d230783715e131d51 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" @@ -93,7 +93,7 @@ jobs: sed -i 's|${{ inputs.IMAGE_NAME }}|${{ inputs.IMAGE_NAME }}:${{ inputs.KUBE_NAMESPACE }}|' deployment.yaml - name: kubernets apply config - uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 + uses: kodermax/kubectl-aws-eks@7e223308593f74c42b45782d230783715e131d51 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" @@ -102,10 +102,24 @@ jobs: args: apply -f deployment.yaml -n ${{ inputs.KUBE_NAMESPACE }} - name: rollout - uses: kodermax/kubectl-aws-eks@214195db51c87cdd4d7c1e33e43f7638b5849186 + uses: kodermax/kubectl-aws-eks@7e223308593f74c42b45782d230783715e131d51 env: KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} KUBECTL_VERSION: "v1.22.0" IAM_VERSION: "0.5.6" with: args: rollout restart deploy/${{ inputs.app_name }} -n ${{ inputs.KUBE_NAMESPACE }} + + - name: Template ingress (optional) + shell: bash + run: | + sed -i "s|host: ingress.hostname|host: $(cat .github/workflows/ci-properties.json | jq -r .${{ inputs.ci_env }}_ENV_VARS.INGRESS_HOSTNAME)|" ingress.yaml || true + + - name: apply ingress (optional) + uses: kodermax/kubectl-aws-eks@7e223308593f74c42b45782d230783715e131d51 + env: + KUBE_CONFIG_DATA: ${{ steps.kubeconfig.outputs.KUBECONFIG }} + KUBECTL_VERSION: "v1.22.0" + IAM_VERSION: "0.5.6" + with: + args: apply -f ingress.yaml -n ${{ inputs.KUBE_NAMESPACE }} || true diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b9c0097..870d4a0 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -48,12 +48,13 @@ jobs: - name: Login to registry ${{ inputs.registry }} if: inputs.event_name != 'pull_request' + uses: docker/login-action@v2 with: registry: ${{ inputs.registry }} - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5.0.0 with: context: . file: ${{ inputs.dockerfile_path }}/Dockerfile