pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1178 from dod-ccpo/staging-ci

Browse Source 
Add CircleCI config for staging deployment.
This commit is contained in:
dandds 2019-11-14 12:42:00 -05:00 committed by GitHub
commit a813ffa07a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 104 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
.circleci/config.yml
View File

@ -54,6 +54,75 @@ commands:
name: Apply the default permission sets name: Apply the default permission sets
command: docker run --network atat -e PGDATABASE=<< parameters.pgdatabase >> << parameters.container_env >> atat:builder .venv/bin/python script/seed_roles.py command: docker run --network atat -e PGDATABASE=<< parameters.pgdatabase >> << parameters.container_env >> atat:builder .venv/bin/python script/seed_roles.py
deploy:
parameters:
namespace:
type: string
default: atat
tag:
type: string
default: ${AZURE_SERVER_NAME}/atat:latest
steps:
- checkout
- setup_remote_docker:
docker_layer_caching: true
version: 18.06.0-ce
- restore_docker_image
- run:
name: Install Azure CLI
command: |
apk update
apk add bash py-pip
apk add --virtual=build \
linux-headers gcc libffi-dev musl-dev openssl-dev python-dev make
pip --no-cache-dir install -U pip
pip --no-cache-dir install azure-cli
apk del --purge build
- run:
name: Login to Azure CLI
command: |
az login \
--service-principal \
--tenant $AZURE_SP_TENANT \
--password $AZURE_SP_PASSWORD \
--username $AZURE_SP
echo "Successfully logged in to Azure CLI."
az acr login --name $AZURE_REGISTRY
- run:
name: Install kubectl
command: |
apk add curl
export KUBECTL_VERSION=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin
- run:
name: Configure kubectl
command: |
apk add libssl1.0
az aks get-credentials --name ${CLUSTER_NAME} --resource-group ${RESOURCE_GROUP}
- run:
name: Tag images
command: |
docker tag atat:latest << parameters.tag >>
- run:
name: Push image
command: |
docker push << parameters.tag >>
- run:
name: Add gettext package
command: apk add gettext
- run:
command: K8S_NAMESPACE=<< parameters.namespace >> CONTAINER_IMAGE=<< parameters.tag >> /bin/sh ./script/cluster_migration
name: Apply Migrations and Seed Roles
- run:
name: Update Kubernetes cluster
command: |
kubectl set image deployment.apps/atst atst=<< parameters.tag >> --namespace=<< parameters.namespace >>
kubectl set image deployment.apps/atst-worker atst-worker=<< parameters.tag >> --namespace=<< parameters.namespace >>
kubectl set image deployment.apps/atst-beat atst-beat=<< parameters.tag >> --namespace=<< parameters.namespace >>
kubectl set image cronjobs.batch/crls crls=<< parameters.tag >> --namespace=<< parameters.namespace >>
jobs: jobs:
docker-build: docker-build:
docker: docker:
@ -160,7 +229,7 @@ jobs:
atat:builder \ atat:builder \
/bin/sh -c "pipenv install --dev && /bin/sh script/sync-crls && pipenv run pytest --no-cov tests/check_crl_parse.py" /bin/sh -c "pipenv install --dev && /bin/sh script/sync-crls && pipenv run pytest --no-cov tests/check_crl_parse.py"
deploy: deploy-staging:
docker: docker:
- image: docker:18.06.0-ce-git - image: docker:18.06.0-ce-git
environment: environment:
@ -168,67 +237,21 @@ jobs:
RESOURCE_GROUP: atat RESOURCE_GROUP: atat
CLUSTER_NAME: atat-cluster CLUSTER_NAME: atat-cluster
steps: steps:
- checkout - deploy:
- setup_remote_docker: namespace: staging
docker_layer_caching: true tag: ${AZURE_SERVER_NAME}/atat:staging-${CIRCLE_SHA1}
version: 18.06.0-ce
- restore_docker_image deploy-master:
- run: docker:
name: Install Azure CLI - image: docker:18.06.0-ce-git
command: | environment:
apk update AZURE_REGISTRY: pwatat
apk add bash py-pip RESOURCE_GROUP: atat
apk add --virtual=build \ CLUSTER_NAME: atat-cluster
linux-headers gcc libffi-dev musl-dev openssl-dev python-dev make steps:
pip --no-cache-dir install -U pip - deploy:
pip --no-cache-dir install azure-cli namespace: atat
apk del --purge build tag: ${AZURE_SERVER_NAME}/atat:master-${CIRCLE_SHA1}
- run:
name: Login to Azure CLI
command: |
az login \
--service-principal \
--tenant $AZURE_SP_TENANT \
--password $AZURE_SP_PASSWORD \
--username $AZURE_SP
echo "Successfully logged in to Azure CLI."
az acr login --name $AZURE_REGISTRY
- run:
name: Install kubectl
command: |
apk add curl
export KUBECTL_VERSION=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl
chmod +x ./kubectl
mv ./kubectl /usr/local/bin
- run:
name: Configure kubectl
command: |
apk add libssl1.0
az aks get-credentials --name ${CLUSTER_NAME} --resource-group ${RESOURCE_GROUP}
- run:
name: Tag images
command: |
docker tag atat:latest ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1}
docker tag atat:latest ${AZURE_SERVER_NAME}/atat:latest
- run:
name: Push image
command: |
docker push ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1}
docker push ${AZURE_SERVER_NAME}/atat:latest
- run:
name: Add gettext package
command: apk add gettext
- run:
command: CONTAINER_IMAGE=${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} /bin/sh ./script/cluster_migration
name: Apply Migrations and Seed Roles
- run:
name: Update Kubernetes cluster
command: |
kubectl set image deployment.apps/atst atst=${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} --namespace=atat
kubectl set image deployment.apps/atst-worker atst-worker=${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} --namespace=atat
kubectl set image deployment.apps/atst-beat atst-beat=${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} --namespace=atat
kubectl set image cronjobs.batch/crls crls=${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} --namespace=atat
workflows: workflows:
version: 2 version: 2
@ -241,7 +264,15 @@ workflows:
- integration-tests: - integration-tests:
requires: requires:
- docker-build - docker-build
- deploy: - deploy-staging:
requires:
- test
- integration-tests
filters:
branches:
only:
- staging
- deploy-master:
requires: requires:
- test - test
- integration-tests - integration-tests

2
deploy/shared/migration.yaml
View File

@ -2,7 +2,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: migration name: migration
namespace: atat namespace: $K8S_NAMESPACE
spec: spec:
ttlSecondsAfterFinished: 100 ttlSecondsAfterFinished: 100
backoffLimit: 2 backoffLimit: 2

14
script/cluster_migration
View File

@ -10,15 +10,19 @@ if [ -z "${MIGRATION_TIMEOUT+is_set}" ]; then
MIGRATION_TIMEOUT=120s MIGRATION_TIMEOUT=120s
fi fi
if [ -z "${K8S_NAMESPACE+is_set}" ]; then
K8S_NAMESPACE=atat
fi
echo "Creating job..." echo "Creating job..."
envsubst < deploy/shared/migration.yaml | $K8S_CMD -n atat apply -f - envsubst < deploy/shared/migration.yaml | $K8S_CMD -n ${K8S_NAMESPACE} apply -f -
echo "Wait for job to finish or timeout..." echo "Wait for job to finish or timeout..."
JOB_SUCCESS=$(${K8S_CMD} -n atat wait --for=condition=complete --timeout=${MIGRATION_TIMEOUT} job/migration) JOB_SUCCESS=$(${K8S_CMD} -n ${K8S_NAMESPACE} wait --for=condition=complete --timeout=${MIGRATION_TIMEOUT} job/migration)
delete_job () { delete_job () {
echo "Deleting job..." echo "Deleting job..."
$K8S_CMD -n atat delete job migration $K8S_CMD -n ${K8S_NAMESPACE} delete job migration
} }
if echo "$JOB_SUCCESS" | grep -q "condition met"; then if echo "$JOB_SUCCESS" | grep -q "condition met"; then
@ -26,9 +30,9 @@ if echo "$JOB_SUCCESS" | grep -q "condition met"; then
delete_job delete_job
exit 0 exit 0
else else
POD_NAME=$(${K8S_CMD} -n atat get pods -l job-name=migration -o=jsonpath='{.items[0].metadata.name}') POD_NAME=$(${K8S_CMD} -n ${K8S_NAMESPACE} get pods -l job-name=migration -o=jsonpath='{.items[0].metadata.name}')
echo "Job failed:" echo "Job failed:"
$K8S_CMD -n atat logs $POD_NAME $K8S_CMD -n ${K8S_NAMESPACE} logs $POD_NAME
delete_job delete_job
exit 1 exit 1
fi fi