mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-10 06:52:55 +00:00
f3dadfb3d0
276 lines
10 KiB
YAML
276 lines
10 KiB
YAML
name: Neon Deploy prod
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
dockerTag:
|
|
description: 'Docker tag to deploy'
|
|
required: true
|
|
type: string
|
|
branch:
|
|
description: 'Branch or commit used for deploy scripts and configs'
|
|
required: true
|
|
type: string
|
|
default: 'release'
|
|
deployStorage:
|
|
description: 'Deploy storage'
|
|
required: true
|
|
type: boolean
|
|
default: true
|
|
deployProxy:
|
|
description: 'Deploy proxy'
|
|
required: true
|
|
type: boolean
|
|
default: true
|
|
deployStorageBroker:
|
|
description: 'Deploy storage-broker'
|
|
required: true
|
|
type: boolean
|
|
default: true
|
|
disclamerAcknowledged:
|
|
description: 'I confirm that there is an emergency and I can not use regular release workflow'
|
|
required: true
|
|
type: boolean
|
|
default: false
|
|
|
|
concurrency:
|
|
group: deploy-prod
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
deploy-prod-new:
|
|
runs-on: prod
|
|
container: 093970136003.dkr.ecr.eu-central-1.amazonaws.com/ansible:latest
|
|
if: inputs.deployStorage && inputs.disclamerAcknowledged
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
strategy:
|
|
matrix:
|
|
target_region: [ us-east-2, us-west-2, eu-central-1, ap-southeast-1 ]
|
|
environment:
|
|
name: prod-${{ matrix.target_region }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
ref: ${{ inputs.branch }}
|
|
|
|
- name: Redeploy
|
|
run: |
|
|
export DOCKER_TAG=${{ inputs.dockerTag }}
|
|
cd "$(pwd)/.github/ansible"
|
|
|
|
./get_binaries.sh
|
|
|
|
ansible-galaxy collection install sivel.toiletwater
|
|
ansible-playbook deploy.yaml -i prod.${{ matrix.target_region }}.hosts.yaml -e @ssm_config -e CONSOLE_API_TOKEN=${{ secrets.NEON_PRODUCTION_API_KEY }} -e SENTRY_URL_PAGESERVER=${{ secrets.SENTRY_URL_PAGESERVER }} -e SENTRY_URL_SAFEKEEPER=${{ secrets.SENTRY_URL_SAFEKEEPER }}
|
|
rm -f neon_install.tar.gz .neon_current_version
|
|
|
|
deploy-proxy-prod-new:
|
|
runs-on: prod
|
|
container: 093970136003.dkr.ecr.eu-central-1.amazonaws.com/ansible:latest
|
|
if: inputs.deployProxy && inputs.disclamerAcknowledged
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- target_region: us-east-2
|
|
target_cluster: prod-us-east-2-delta
|
|
deploy_link_proxy: true
|
|
deploy_legacy_scram_proxy: false
|
|
- target_region: us-west-2
|
|
target_cluster: prod-us-west-2-eta
|
|
deploy_link_proxy: false
|
|
deploy_legacy_scram_proxy: true
|
|
- target_region: eu-central-1
|
|
target_cluster: prod-eu-central-1-gamma
|
|
deploy_link_proxy: false
|
|
deploy_legacy_scram_proxy: false
|
|
- target_region: ap-southeast-1
|
|
target_cluster: prod-ap-southeast-1-epsilon
|
|
deploy_link_proxy: false
|
|
deploy_legacy_scram_proxy: false
|
|
environment:
|
|
name: prod-${{ matrix.target_region }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
ref: ${{ inputs.branch }}
|
|
|
|
- name: Configure environment
|
|
run: |
|
|
helm repo add neondatabase https://neondatabase.github.io/helm-charts
|
|
aws --region ${{ matrix.target_region }} eks update-kubeconfig --name ${{ matrix.target_cluster }}
|
|
|
|
- name: Re-deploy scram proxy
|
|
run: |
|
|
DOCKER_TAG=${{ inputs.dockerTag }}
|
|
helm upgrade neon-proxy-scram neondatabase/neon-proxy --namespace neon-proxy --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.neon-proxy-scram.yaml --set image.tag=${DOCKER_TAG} --set settings.sentryUrl=${{ secrets.SENTRY_URL_PROXY }} --wait --timeout 15m0s
|
|
|
|
- name: Re-deploy link proxy
|
|
if: matrix.deploy_link_proxy
|
|
run: |
|
|
DOCKER_TAG=${{ inputs.dockerTag }}
|
|
helm upgrade neon-proxy-link neondatabase/neon-proxy --namespace neon-proxy --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.neon-proxy-link.yaml --set image.tag=${DOCKER_TAG} --set settings.sentryUrl=${{ secrets.SENTRY_URL_PROXY }} --wait --timeout 15m0s
|
|
|
|
- name: Re-deploy legacy scram proxy
|
|
if: matrix.deploy_legacy_scram_proxy
|
|
run: |
|
|
DOCKER_TAG=${{ inputs.dockerTag }}
|
|
helm upgrade neon-proxy-scram-legacy neondatabase/neon-proxy --namespace neon-proxy --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.neon-proxy-scram-legacy.yaml --set image.tag=${DOCKER_TAG} --set settings.sentryUrl=${{ secrets.SENTRY_URL_PROXY }} --wait --timeout 15m0s
|
|
|
|
deploy-storage-broker-prod-new:
|
|
runs-on: prod
|
|
container: 093970136003.dkr.ecr.eu-central-1.amazonaws.com/ansible:latest
|
|
if: inputs.deployStorageBroker && inputs.disclamerAcknowledged
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- target_region: us-east-2
|
|
target_cluster: prod-us-east-2-delta
|
|
- target_region: us-west-2
|
|
target_cluster: prod-us-west-2-eta
|
|
- target_region: eu-central-1
|
|
target_cluster: prod-eu-central-1-gamma
|
|
- target_region: ap-southeast-1
|
|
target_cluster: prod-ap-southeast-1-epsilon
|
|
environment:
|
|
name: prod-${{ matrix.target_region }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
ref: ${{ inputs.branch }}
|
|
|
|
- name: Configure environment
|
|
run: |
|
|
helm repo add neondatabase https://neondatabase.github.io/helm-charts
|
|
aws --region ${{ matrix.target_region }} eks update-kubeconfig --name ${{ matrix.target_cluster }}
|
|
|
|
- name: Deploy storage-broker
|
|
run:
|
|
helm upgrade neon-storage-broker-lb neondatabase/neon-storage-broker --namespace neon-storage-broker-lb --create-namespace --install --atomic -f .github/helm-values/${{ matrix.target_cluster }}.neon-storage-broker.yaml --set image.tag=${{ inputs.dockerTag }} --set settings.sentryUrl=${{ secrets.SENTRY_URL_BROKER }} --wait --timeout 5m0s
|
|
|
|
# Deploy to old account below
|
|
|
|
deploy:
|
|
runs-on: prod
|
|
container: 093970136003.dkr.ecr.eu-central-1.amazonaws.com/ansible:latest
|
|
if: inputs.deployStorage && inputs.disclamerAcknowledged
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
environment:
|
|
name: prod-old
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
ref: ${{ inputs.branch }}
|
|
|
|
- name: Redeploy
|
|
run: |
|
|
export DOCKER_TAG=${{ inputs.dockerTag }}
|
|
cd "$(pwd)/.github/ansible"
|
|
|
|
./get_binaries.sh
|
|
|
|
eval $(ssh-agent)
|
|
echo "${{ secrets.TELEPORT_SSH_KEY }}" | tr -d '\n'| base64 --decode >ssh-key
|
|
echo "${{ secrets.TELEPORT_SSH_CERT }}" | tr -d '\n'| base64 --decode >ssh-key-cert.pub
|
|
chmod 0600 ssh-key
|
|
ssh-add ssh-key
|
|
rm -f ssh-key ssh-key-cert.pub
|
|
ANSIBLE_CONFIG=./ansible.cfg ansible-galaxy collection install sivel.toiletwater
|
|
ANSIBLE_CONFIG=./ansible.cfg ansible-playbook deploy.yaml -i production.hosts.yaml -e CONSOLE_API_TOKEN=${{ secrets.NEON_PRODUCTION_API_KEY }} -e SENTRY_URL_PAGESERVER=${{ secrets.SENTRY_URL_PAGESERVER }} -e SENTRY_URL_SAFEKEEPER=${{ secrets.SENTRY_URL_SAFEKEEPER }}
|
|
rm -f neon_install.tar.gz .neon_current_version
|
|
|
|
# Cleanup script fails otherwise - rm: cannot remove '/nvme/actions-runner/_work/_temp/_github_home/.ansible/collections': Permission denied
|
|
- name: Cleanup ansible folder
|
|
run: rm -rf ~/.ansible
|
|
|
|
deploy-proxy:
|
|
runs-on: [ self-hosted, gen3, small ]
|
|
container: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/ansible:pinned
|
|
if: inputs.deployProxy && inputs.disclamerAcknowledged
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
environment:
|
|
name: prod-old
|
|
env:
|
|
KUBECONFIG: .kubeconfig
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
ref: ${{ inputs.branch }}
|
|
|
|
- name: Store kubeconfig file
|
|
run: |
|
|
echo "${{ secrets.PRODUCTION_KUBECONFIG_DATA }}" | base64 --decode > ${KUBECONFIG}
|
|
chmod 0600 ${KUBECONFIG}
|
|
|
|
- name: Add neon helm chart
|
|
run: helm repo add neondatabase https://neondatabase.github.io/helm-charts
|
|
|
|
- name: Re-deploy proxy
|
|
run: |
|
|
DOCKER_TAG=${{ inputs.dockerTag }}
|
|
helm upgrade neon-proxy-scram neondatabase/neon-proxy --namespace neon-proxy --install --atomic -f .github/helm-values/production.proxy-scram.yaml --set image.tag=${DOCKER_TAG} --set settings.sentryUrl=${{ secrets.SENTRY_URL_PROXY }} --wait --timeout 15m0s
|
|
|
|
- name: Cleanup helm folder
|
|
run: rm -rf ~/.cache
|
|
|
|
deploy-storage-broker:
|
|
name: deploy storage broker on old staging and old prod
|
|
runs-on: [ self-hosted, gen3, small ]
|
|
container: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/ansible:pinned
|
|
if: inputs.deployStorageBroker && inputs.disclamerAcknowledged
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
environment:
|
|
name: prod-old
|
|
env:
|
|
KUBECONFIG: .kubeconfig
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: true
|
|
fetch-depth: 0
|
|
ref: ${{ inputs.branch }}
|
|
|
|
- name: Store kubeconfig file
|
|
run: |
|
|
echo "${{ secrets.PRODUCTION_KUBECONFIG_DATA }}" | base64 --decode > ${KUBECONFIG}
|
|
chmod 0600 ${KUBECONFIG}
|
|
|
|
- name: Add neon helm chart
|
|
run: helm repo add neondatabase https://neondatabase.github.io/helm-charts
|
|
|
|
- name: Deploy storage-broker
|
|
run:
|
|
helm upgrade neon-storage-broker neondatabase/neon-storage-broker --namespace neon-storage-broker --create-namespace --install --atomic -f .github/helm-values/production.neon-storage-broker.yaml --set image.tag=${{ inputs.dockerTag }} --set settings.sentryUrl=${{ secrets.SENTRY_URL_BROKER }} --wait --timeout 5m0s
|
|
|
|
- name: Cleanup helm folder
|
|
run: rm -rf ~/.cache
|