Merge pull request #2450 from Budibase/feature/helm-aws-support

Feature/helm aws support

.github/workflows/ecs_deploy.yml

@@ -1,85 +0,0 @@
-# This workflow will build and push a new container image to Amazon ECR,
-# and then will deploy a new task definition to Amazon ECS, when a release is created
-#
-# To use this workflow, you will need to complete the following set-up steps:
-#
-# 1. Create an ECR repository to store your images.
-#    For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
-#    Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
-#    Replace the value of `aws-region` in the workflow below with your repository's region.
-#
-# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
-#    For example, follow the Getting Started guide on the ECS console:
-#      https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
-#    Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
-#
-# 3. Store your ECS task definition as a JSON file in your repository.
-#    The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
-#    Replace the value of `task-definition` in the workflow below with your JSON file's name.
-#    Replace the value of `container-name` in the workflow below with the name of the container
-#    in the `containerDefinitions` section of the task definition.
-#
-# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
-#    See the documentation for each action used below for the recommended IAM policies for this IAM user,
-#    and best practices on handling the access key credentials.
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-name: Deploy to Amazon ECS
-
-jobs:
-  deploy:
-    name: deploy
-    runs-on: ubuntu-16.04
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: eu-west-1
-
-    - name: Download task definition
-      run: |
-        aws ecs describe-task-definition --task-definition ProdAppServerStackprodbudiapplbfargateserviceprodbudiappserverfargatetaskdefinition2EF7F1E7 --query taskDefinition > task-definition.json
-      
-    - name: Login to Amazon ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v1
-
-    - name: Build, tag, and push image to Amazon ECR
-      id: build-image
-      env:
-        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        ECR_REPOSITORY: prod-budi-app-server
-        IMAGE_TAG: ${{ github.sha }}
-      run: |
-        # Build a docker container and
-        # push it to ECR so that it can
-        # be deployed to ECS
-        cd packages/server
-        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-        echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
-    - name: Fill in the new image ID in the Amazon ECS task definition
-      id: task-def
-      uses: aws-actions/amazon-ecs-render-task-definition@v1
-      with:
-        task-definition: task-definition.json
-        container-name: prod-budi-app-server 
-        image: ${{ steps.build-image.outputs.image }}
-
-    - name: Deploy Amazon ECS task definition
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      with:
-        task-definition: ${{ steps.task-def.outputs.task-definition }}
-        service: prod-budi-app-server-service
-        cluster: prod-budi-app-server
-        wait-for-service-stability: true

.github/workflows/release.yml

@@ -42,6 +42,10 @@ jobs:
           echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} >> .npmrc 
           yarn release
 
+      - name: Get Previous tag
+          id: previoustag
+          uses: "WyriHaximus/github-action-get-previous-tag@v1"
+
       - name: Build/release Docker images
         run: | 
           docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
@@ -50,15 +54,18 @@ jobs:
         env:
           DOCKER_USER: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }}
+          BUDIBASE_RELEASE_VERSION: ${{ steps.previoustag.outputs.tag }}
 
-    - uses: azure/setup-helm@v1
+      - uses: azure/setup-helm@v1
-      id: install
+        id: install
 
-    - run: yarn release:helm
+      # So, we need to inject the values into this
+      - run: yarn release:helm
 
-    - name: Run chart-releaser
+      - name: Run chart-releaser
-      uses: helm/chart-releaser-action@v1.1.0
+        uses: helm/chart-releaser-action@v1.1.0
-      with:
+        with:
-        charts_dir: docs
+          charts_dir: docs
-      env:
+        env:
-        CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+    

hosting/kubernetes/budibase/Chart.yaml

@@ -38,3 +38,4 @@ dependencies:
   - name: ingress-nginx
     version: 3.35.0 
     repository: https://github.com/kubernetes/ingress-nginx
+    condition: services.ingress.nginx

hosting/kubernetes/budibase/templates/alb-ingress.yaml

@@ -0,0 +1,35 @@
+{{- if .Values.ingress.aws }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-budibase
+  annotations:
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    {{- if .Values.ingress.certificateArn }}
+    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
+    alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.certificateArn }} 
+    {{- end }}
+spec:
+  rules:
+    - http:
+        paths:
+        {{- if .Values.ingress.certificateArn }}
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: ssl-redirect
+              port:
+                name: use-annotation
+        {{- end }}
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: proxy-service
+              port:
+                number: {{ .Values.services.proxy.port }}
+{{- end }}

hosting/kubernetes/budibase/templates/app-service-deployment.yaml

@@ -58,6 +58,10 @@ spec:
               key: jwtSecret
         - name: LOG_LEVEL
           value: {{ .Values.services.apps.logLevel | default "info" | quote }}
+        {{ if .Values.services.objectStore.region }}
+        - name: AWS_REGION
+          value: {{ .Values.services.objectStore.region }}
+        {{ end }}
         - name: MINIO_ACCESS_KEY
           valueFrom:
             secretKeyRef:

hosting/kubernetes/budibase/templates/worker-service-deployment.yaml

@@ -55,6 +55,10 @@ spec:
             secretKeyRef:
               name: {{ template "budibase.fullname" . }}
               key: jwtSecret
+        {{ if .Values.services.objectStore.region }}
+        - name: AWS_REGION
+          value: {{ .Values.services.objectStore.region }}
+        {{ end }}
         - name: MINIO_ACCESS_KEY
           valueFrom:
             secretKeyRef:

hosting/kubernetes/budibase/values.yaml

@@ -41,6 +41,7 @@ service:
 
 ingress:
   enabled: true
+  nginx: true
   certificateArn: ""
   className: ""
   annotations: 
@@ -135,6 +136,7 @@ services:
     replicaCount: 1
     accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key
     secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret 
+    region: "" # AWS_REGION if using S3 or existing minio secret 
     url: "" # only change if pointing to existing minio cluster and minio: false 
     storage: 100Mi
 

hosting/scripts/linux/release-to-docker-hub.sh

@@ -1,12 +1,23 @@
 #!/bin/bash
 
 tag=$1
-tag=${tag:-latest}
+production=$2
 
-echo "Tagging images with SHA: $GITHUB_SHA and tag: $tag"
+if [[ ! "$tag" ]]; then
+	echo "No tag present. You must pass a tag to this script"
+	exit 1
+fi
+
+echo "Tagging images with tag: $tag"
 
 docker tag app-service budibase/apps:$tag
 docker tag worker-service budibase/worker:$tag
 
-docker push budibase/apps:$tag 
+if [[ "$production" ]]; then
-docker push budibase/worker:$tag
+	echo "Production Deployment. Tagging latest.."
+	docker tag app-service budibase/apps:latest
+	docker tag worker-service budibase/worker:latest
+fi
+
+docker push --all-tags budibase/apps 
+docker push --all-tags budibase/worker

package.json

@@ -43,7 +43,7 @@
     "lint:fix": "yarn run lint:fix:ts && yarn run lint:fix:prettier && yarn run lint:fix:eslint",
     "test:e2e": "lerna run cy:test",
     "test:e2e:ci": "lerna run cy:ci",
-    "build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh && cd -",
+    "build:docker": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION release && cd -",
     "build:docker:develop": "node scripts/pinVersions && lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -",
     "release:helm": "./scripts/release_helm_chart.sh",
     "multi:enable": "lerna run multi:enable",