Merge pull request #2450 from Budibase/feature/helm-aws-support
Feature/helm aws support
This commit is contained in:
commit
0365054a34
|
@ -1,85 +0,0 @@
|
||||||
# This workflow will build and push a new container image to Amazon ECR,
|
|
||||||
# and then will deploy a new task definition to Amazon ECS, when a release is created
|
|
||||||
#
|
|
||||||
# To use this workflow, you will need to complete the following set-up steps:
|
|
||||||
#
|
|
||||||
# 1. Create an ECR repository to store your images.
|
|
||||||
# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
|
|
||||||
# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
|
|
||||||
# Replace the value of `aws-region` in the workflow below with your repository's region.
|
|
||||||
#
|
|
||||||
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
|
|
||||||
# For example, follow the Getting Started guide on the ECS console:
|
|
||||||
# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
|
|
||||||
# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
|
|
||||||
#
|
|
||||||
# 3. Store your ECS task definition as a JSON file in your repository.
|
|
||||||
# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
|
|
||||||
# Replace the value of `task-definition` in the workflow below with your JSON file's name.
|
|
||||||
# Replace the value of `container-name` in the workflow below with the name of the container
|
|
||||||
# in the `containerDefinitions` section of the task definition.
|
|
||||||
#
|
|
||||||
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
|
|
||||||
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
|
|
||||||
# and best practices on handling the access key credentials.
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
tags:
|
|
||||||
- 'v*'
|
|
||||||
|
|
||||||
name: Deploy to Amazon ECS
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
deploy:
|
|
||||||
name: deploy
|
|
||||||
runs-on: ubuntu-16.04
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
|
|
||||||
- name: Configure AWS credentials
|
|
||||||
uses: aws-actions/configure-aws-credentials@v1
|
|
||||||
with:
|
|
||||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
||||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
||||||
aws-region: eu-west-1
|
|
||||||
|
|
||||||
- name: Download task definition
|
|
||||||
run: |
|
|
||||||
aws ecs describe-task-definition --task-definition ProdAppServerStackprodbudiapplbfargateserviceprodbudiappserverfargatetaskdefinition2EF7F1E7 --query taskDefinition > task-definition.json
|
|
||||||
|
|
||||||
- name: Login to Amazon ECR
|
|
||||||
id: login-ecr
|
|
||||||
uses: aws-actions/amazon-ecr-login@v1
|
|
||||||
|
|
||||||
- name: Build, tag, and push image to Amazon ECR
|
|
||||||
id: build-image
|
|
||||||
env:
|
|
||||||
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
|
|
||||||
ECR_REPOSITORY: prod-budi-app-server
|
|
||||||
IMAGE_TAG: ${{ github.sha }}
|
|
||||||
run: |
|
|
||||||
# Build a docker container and
|
|
||||||
# push it to ECR so that it can
|
|
||||||
# be deployed to ECS
|
|
||||||
cd packages/server
|
|
||||||
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
|
|
||||||
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
|
|
||||||
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
|
|
||||||
- name: Fill in the new image ID in the Amazon ECS task definition
|
|
||||||
id: task-def
|
|
||||||
uses: aws-actions/amazon-ecs-render-task-definition@v1
|
|
||||||
with:
|
|
||||||
task-definition: task-definition.json
|
|
||||||
container-name: prod-budi-app-server
|
|
||||||
image: ${{ steps.build-image.outputs.image }}
|
|
||||||
|
|
||||||
- name: Deploy Amazon ECS task definition
|
|
||||||
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
|
|
||||||
with:
|
|
||||||
task-definition: ${{ steps.task-def.outputs.task-definition }}
|
|
||||||
service: prod-budi-app-server-service
|
|
||||||
cluster: prod-budi-app-server
|
|
||||||
wait-for-service-stability: true
|
|
|
@ -42,6 +42,10 @@ jobs:
|
||||||
echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} >> .npmrc
|
echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} >> .npmrc
|
||||||
yarn release
|
yarn release
|
||||||
|
|
||||||
|
- name: Get Previous tag
|
||||||
|
id: previoustag
|
||||||
|
uses: "WyriHaximus/github-action-get-previous-tag@v1"
|
||||||
|
|
||||||
- name: Build/release Docker images
|
- name: Build/release Docker images
|
||||||
run: |
|
run: |
|
||||||
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
|
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
|
||||||
|
@ -50,10 +54,12 @@ jobs:
|
||||||
env:
|
env:
|
||||||
DOCKER_USER: ${{ secrets.DOCKER_USERNAME }}
|
DOCKER_USER: ${{ secrets.DOCKER_USERNAME }}
|
||||||
DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }}
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }}
|
||||||
|
BUDIBASE_RELEASE_VERSION: ${{ steps.previoustag.outputs.tag }}
|
||||||
|
|
||||||
- uses: azure/setup-helm@v1
|
- uses: azure/setup-helm@v1
|
||||||
id: install
|
id: install
|
||||||
|
|
||||||
|
# So, we need to inject the values into this
|
||||||
- run: yarn release:helm
|
- run: yarn release:helm
|
||||||
|
|
||||||
- name: Run chart-releaser
|
- name: Run chart-releaser
|
||||||
|
@ -62,3 +68,4 @@ jobs:
|
||||||
charts_dir: docs
|
charts_dir: docs
|
||||||
env:
|
env:
|
||||||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||||
|
|
|
@ -38,3 +38,4 @@ dependencies:
|
||||||
- name: ingress-nginx
|
- name: ingress-nginx
|
||||||
version: 3.35.0
|
version: 3.35.0
|
||||||
repository: https://github.com/kubernetes/ingress-nginx
|
repository: https://github.com/kubernetes/ingress-nginx
|
||||||
|
condition: services.ingress.nginx
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
{{- if .Values.ingress.aws }}
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: ingress-budibase
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: alb
|
||||||
|
alb.ingress.kubernetes.io/scheme: internet-facing
|
||||||
|
alb.ingress.kubernetes.io/target-type: ip
|
||||||
|
{{- if .Values.ingress.certificateArn }}
|
||||||
|
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
|
||||||
|
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
|
||||||
|
alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.certificateArn }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- http:
|
||||||
|
paths:
|
||||||
|
{{- if .Values.ingress.certificateArn }}
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: ssl-redirect
|
||||||
|
port:
|
||||||
|
name: use-annotation
|
||||||
|
{{- end }}
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: proxy-service
|
||||||
|
port:
|
||||||
|
number: {{ .Values.services.proxy.port }}
|
||||||
|
{{- end }}
|
|
@ -58,6 +58,10 @@ spec:
|
||||||
key: jwtSecret
|
key: jwtSecret
|
||||||
- name: LOG_LEVEL
|
- name: LOG_LEVEL
|
||||||
value: {{ .Values.services.apps.logLevel | default "info" | quote }}
|
value: {{ .Values.services.apps.logLevel | default "info" | quote }}
|
||||||
|
{{ if .Values.services.objectStore.region }}
|
||||||
|
- name: AWS_REGION
|
||||||
|
value: {{ .Values.services.objectStore.region }}
|
||||||
|
{{ end }}
|
||||||
- name: MINIO_ACCESS_KEY
|
- name: MINIO_ACCESS_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
|
@ -55,6 +55,10 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ template "budibase.fullname" . }}
|
name: {{ template "budibase.fullname" . }}
|
||||||
key: jwtSecret
|
key: jwtSecret
|
||||||
|
{{ if .Values.services.objectStore.region }}
|
||||||
|
- name: AWS_REGION
|
||||||
|
value: {{ .Values.services.objectStore.region }}
|
||||||
|
{{ end }}
|
||||||
- name: MINIO_ACCESS_KEY
|
- name: MINIO_ACCESS_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
|
@ -41,6 +41,7 @@ service:
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
nginx: true
|
||||||
certificateArn: ""
|
certificateArn: ""
|
||||||
className: ""
|
className: ""
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -135,6 +136,7 @@ services:
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key
|
accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key
|
||||||
secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret
|
secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret
|
||||||
|
region: "" # AWS_REGION if using S3 or existing minio secret
|
||||||
url: "" # only change if pointing to existing minio cluster and minio: false
|
url: "" # only change if pointing to existing minio cluster and minio: false
|
||||||
storage: 100Mi
|
storage: 100Mi
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,23 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
tag=$1
|
tag=$1
|
||||||
tag=${tag:-latest}
|
production=$2
|
||||||
|
|
||||||
echo "Tagging images with SHA: $GITHUB_SHA and tag: $tag"
|
if [[ ! "$tag" ]]; then
|
||||||
|
echo "No tag present. You must pass a tag to this script"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Tagging images with tag: $tag"
|
||||||
|
|
||||||
docker tag app-service budibase/apps:$tag
|
docker tag app-service budibase/apps:$tag
|
||||||
docker tag worker-service budibase/worker:$tag
|
docker tag worker-service budibase/worker:$tag
|
||||||
|
|
||||||
docker push budibase/apps:$tag
|
if [[ "$production" ]]; then
|
||||||
docker push budibase/worker:$tag
|
echo "Production Deployment. Tagging latest.."
|
||||||
|
docker tag app-service budibase/apps:latest
|
||||||
|
docker tag worker-service budibase/worker:latest
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker push --all-tags budibase/apps
|
||||||
|
docker push --all-tags budibase/worker
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
"lint:fix": "yarn run lint:fix:ts && yarn run lint:fix:prettier && yarn run lint:fix:eslint",
|
"lint:fix": "yarn run lint:fix:ts && yarn run lint:fix:prettier && yarn run lint:fix:eslint",
|
||||||
"test:e2e": "lerna run cy:test",
|
"test:e2e": "lerna run cy:test",
|
||||||
"test:e2e:ci": "lerna run cy:ci",
|
"test:e2e:ci": "lerna run cy:ci",
|
||||||
"build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh && cd -",
|
"build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION release && cd -",
|
||||||
"build:docker:develop": "node scripts/pinVersions && lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -",
|
"build:docker:develop": "node scripts/pinVersions && lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -",
|
||||||
"release:helm": "./scripts/release_helm_chart.sh",
|
"release:helm": "./scripts/release_helm_chart.sh",
|
||||||
"multi:enable": "lerna run multi:enable",
|
"multi:enable": "lerna run multi:enable",
|
||||||
|
|
Loading…
Reference in New Issue