From 4cb057d6ab1880331fac5ede77e9116efb9740cc Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 24 Aug 2021 16:58:10 +0100 Subject: [PATCH 1/2] automate release tag in helm charts, remove superfluous build scripts --- .github/workflows/ecs_deploy.yml | 85 ------------------- .github/workflows/release.yml | 25 ++++-- hosting/kubernetes/budibase/Chart.yaml | 1 + .../budibase/templates/alb-ingress.yaml | 35 ++++++++ .../templates/app-service-deployment.yaml | 4 + .../templates/worker-service-deployment.yaml | 4 + hosting/kubernetes/budibase/values.yaml | 2 + .../scripts/linux/release-to-docker-hub.sh | 2 +- package.json | 2 +- 9 files changed, 64 insertions(+), 96 deletions(-) delete mode 100644 .github/workflows/ecs_deploy.yml create mode 100644 hosting/kubernetes/budibase/templates/alb-ingress.yaml diff --git a/.github/workflows/ecs_deploy.yml b/.github/workflows/ecs_deploy.yml deleted file mode 100644 index 0d662c9c28..0000000000 --- a/.github/workflows/ecs_deploy.yml +++ /dev/null @@ -1,85 +0,0 @@ -# This workflow will build and push a new container image to Amazon ECR, -# and then will deploy a new task definition to Amazon ECS, when a release is created -# -# To use this workflow, you will need to complete the following set-up steps: -# -# 1. Create an ECR repository to store your images. -# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`. -# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name. -# Replace the value of `aws-region` in the workflow below with your repository's region. -# -# 2. Create an ECS task definition, an ECS cluster, and an ECS service. -# For example, follow the Getting Started guide on the ECS console: -# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun -# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names. -# -# 3. Store your ECS task definition as a JSON file in your repository. -# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`. -# Replace the value of `task-definition` in the workflow below with your JSON file's name. -# Replace the value of `container-name` in the workflow below with the name of the container -# in the `containerDefinitions` section of the task definition. -# -# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. -# See the documentation for each action used below for the recommended IAM policies for this IAM user, -# and best practices on handling the access key credentials. - -on: - push: - tags: - - 'v*' - -name: Deploy to Amazon ECS - -jobs: - deploy: - name: deploy - runs-on: ubuntu-16.04 - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: Download task definition - run: | - aws ecs describe-task-definition --task-definition ProdAppServerStackprodbudiapplbfargateserviceprodbudiappserverfargatetaskdefinition2EF7F1E7 --query taskDefinition > task-definition.json - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Build, tag, and push image to Amazon ECR - id: build-image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: prod-budi-app-server - IMAGE_TAG: ${{ github.sha }} - run: | - # Build a docker container and - # push it to ECR so that it can - # be deployed to ECS - cd packages/server - docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" - - name: Fill in the new image ID in the Amazon ECS task definition - id: task-def - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: task-definition.json - container-name: prod-budi-app-server - image: ${{ steps.build-image.outputs.image }} - - - name: Deploy Amazon ECS task definition - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.task-def.outputs.task-definition }} - service: prod-budi-app-server-service - cluster: prod-budi-app-server - wait-for-service-stability: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d016c10520..588f0c54ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,10 @@ jobs: echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} >> .npmrc yarn release + - name: Get Previous tag + id: previoustag + uses: "WyriHaximus/github-action-get-previous-tag@v1" + - name: Build/release Docker images run: | docker login -u $DOCKER_USER -p $DOCKER_PASSWORD @@ -50,15 +54,18 @@ jobs: env: DOCKER_USER: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }} + BUDIBASE_RELEASE_VERSION: ${{ steps.previoustag.outputs.tag }} - - uses: azure/setup-helm@v1 - id: install + - uses: azure/setup-helm@v1 + id: install - - run: yarn release:helm + # So, we need to inject the values into this + - run: yarn release:helm - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.1.0 - with: - charts_dir: docs - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.1.0 + with: + charts_dir: docs + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + \ No newline at end of file diff --git a/hosting/kubernetes/budibase/Chart.yaml b/hosting/kubernetes/budibase/Chart.yaml index bcba5f5059..b82cb3bab2 100644 --- a/hosting/kubernetes/budibase/Chart.yaml +++ b/hosting/kubernetes/budibase/Chart.yaml @@ -38,3 +38,4 @@ dependencies: - name: ingress-nginx version: 3.35.0 repository: https://github.com/kubernetes/ingress-nginx + condition: services.ingress.nginx diff --git a/hosting/kubernetes/budibase/templates/alb-ingress.yaml b/hosting/kubernetes/budibase/templates/alb-ingress.yaml new file mode 100644 index 0000000000..ea3bd674d5 --- /dev/null +++ b/hosting/kubernetes/budibase/templates/alb-ingress.yaml @@ -0,0 +1,35 @@ +{{- if .Values.ingress.aws }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-budibase + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip + {{- if .Values.ingress.certificateArn }} + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.certificateArn }} + {{- end }} +spec: + rules: + - http: + paths: + {{- if .Values.ingress.certificateArn }} + - path: / + pathType: Prefix + backend: + service: + name: ssl-redirect + port: + name: use-annotation + {{- end }} + - path: / + pathType: Prefix + backend: + service: + name: proxy-service + port: + number: {{ .Values.services.proxy.port }} +{{- end }} \ No newline at end of file diff --git a/hosting/kubernetes/budibase/templates/app-service-deployment.yaml b/hosting/kubernetes/budibase/templates/app-service-deployment.yaml index daee03620f..b101ab7854 100644 --- a/hosting/kubernetes/budibase/templates/app-service-deployment.yaml +++ b/hosting/kubernetes/budibase/templates/app-service-deployment.yaml @@ -58,6 +58,10 @@ spec: key: jwtSecret - name: LOG_LEVEL value: {{ .Values.services.apps.logLevel | default "info" | quote }} + {{ if .Values.services.objectStore.region }} + - name: AWS_REGION + value: {{ .Values.services.objectStore.region }} + {{ end }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: diff --git a/hosting/kubernetes/budibase/templates/worker-service-deployment.yaml b/hosting/kubernetes/budibase/templates/worker-service-deployment.yaml index 1af289f4aa..703d59c075 100644 --- a/hosting/kubernetes/budibase/templates/worker-service-deployment.yaml +++ b/hosting/kubernetes/budibase/templates/worker-service-deployment.yaml @@ -55,6 +55,10 @@ spec: secretKeyRef: name: {{ template "budibase.fullname" . }} key: jwtSecret + {{ if .Values.services.objectStore.region }} + - name: AWS_REGION + value: {{ .Values.services.objectStore.region }} + {{ end }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: diff --git a/hosting/kubernetes/budibase/values.yaml b/hosting/kubernetes/budibase/values.yaml index e5ce7f141f..30594f95e3 100644 --- a/hosting/kubernetes/budibase/values.yaml +++ b/hosting/kubernetes/budibase/values.yaml @@ -41,6 +41,7 @@ service: ingress: enabled: true + nginx: true certificateArn: "" className: "" annotations: @@ -135,6 +136,7 @@ services: replicaCount: 1 accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret + region: "" # AWS_REGION if using S3 or existing minio secret url: "" # only change if pointing to existing minio cluster and minio: false storage: 100Mi diff --git a/hosting/scripts/linux/release-to-docker-hub.sh b/hosting/scripts/linux/release-to-docker-hub.sh index b3c380f729..5e3a01002f 100755 --- a/hosting/scripts/linux/release-to-docker-hub.sh +++ b/hosting/scripts/linux/release-to-docker-hub.sh @@ -3,7 +3,7 @@ tag=$1 tag=${tag:-latest} -echo "Tagging images with SHA: $GITHUB_SHA and tag: $tag" +echo "Tagging images with tag: $tag" docker tag app-service budibase/apps:$tag docker tag worker-service budibase/worker:$tag diff --git a/package.json b/package.json index 43d0014e55..431184a70a 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "lint:fix": "yarn run lint:fix:ts && yarn run lint:fix:prettier && yarn run lint:fix:eslint", "test:e2e": "lerna run cy:test", "test:e2e:ci": "lerna run cy:ci", - "build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh && cd -", + "build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION && cd -", "build:docker:develop": "node scripts/pinVersions && lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -", "release:helm": "./scripts/release_helm_chart.sh", "multi:enable": "lerna run multi:enable", From a22f4759a7018c6c726891e780f0c9d0d9bc46ea Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 24 Aug 2021 17:16:45 +0100 Subject: [PATCH 2/2] a more robust docker release process that only tags latest in prod --- hosting/scripts/linux/release-to-docker-hub.sh | 17 ++++++++++++++--- package.json | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/hosting/scripts/linux/release-to-docker-hub.sh b/hosting/scripts/linux/release-to-docker-hub.sh index 5e3a01002f..ccb5fa09a0 100755 --- a/hosting/scripts/linux/release-to-docker-hub.sh +++ b/hosting/scripts/linux/release-to-docker-hub.sh @@ -1,12 +1,23 @@ #!/bin/bash tag=$1 -tag=${tag:-latest} +production=$2 + +if [[ ! "$tag" ]]; then + echo "No tag present. You must pass a tag to this script" + exit 1 +fi echo "Tagging images with tag: $tag" docker tag app-service budibase/apps:$tag docker tag worker-service budibase/worker:$tag -docker push budibase/apps:$tag -docker push budibase/worker:$tag +if [[ "$production" ]]; then + echo "Production Deployment. Tagging latest.." + docker tag app-service budibase/apps:latest + docker tag worker-service budibase/worker:latest +fi + +docker push --all-tags budibase/apps +docker push --all-tags budibase/worker diff --git a/package.json b/package.json index 431184a70a..05c69e54dc 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "lint:fix": "yarn run lint:fix:ts && yarn run lint:fix:prettier && yarn run lint:fix:eslint", "test:e2e": "lerna run cy:test", "test:e2e:ci": "lerna run cy:ci", - "build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION && cd -", + "build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION release && cd -", "build:docker:develop": "node scripts/pinVersions && lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -", "release:helm": "./scripts/release_helm_chart.sh", "multi:enable": "lerna run multi:enable",