feat: staging-preprod

input-output-hk · Sep 18, 2024 · 0a9e761 · 0a9e761
1 parent effa6de
commit 0a9e761
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 23 deletions.
diff --git a/.github/workflows/earthly.yml b/.github/workflows/earthly.yml
@@ -178,7 +178,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.ACTIONS_PAT }}
         run: |
-          cd .github/workflows/argocd
+          cd .github/workflows/modules/argocd
           bash generate-manifest.sh ${{ github.sha }}
 
       - name: Wait for 12 minutes (ArgoCD refresh interval is 3 minutes + 1 minute to build + 8 minutes for node to start producing blocks)

diff --git a/...hub/workflows/argocd/generate-manifest.sh → ...flows/modules/argocd/generate-manifest.sh b/...hub/workflows/argocd/generate-manifest.sh → ...flows/modules/argocd/generate-manifest.sh
diff --git a/.github/workflows/argocd/manifest.yaml → ...ub/workflows/modules/argocd/manifest.yaml b/.github/workflows/argocd/manifest.yaml → ...ub/workflows/modules/argocd/manifest.yaml
diff --git a/.github/workflows/modules/staging-preprod-deploy.yml b/.github/workflows/modules/staging-preprod-deploy.yml
@@ -0,0 +1,112 @@
+name: Deploy Staging
+
+on:
+
+  workflow_call:
+    inputs:
+      image:
+        description: "Node Image"
+        required: true
+      chain-spec-secret:
+        description: "Chain Spec Secret Name"
+        required: true
+
+env:
+  AWS_REGION: "eu-central-1"
+  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
+jobs:
+  deploy-staging-preview:
+    runs-on: [self-hosted, eks]
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout sidechains-infra-priv repo
+        uses: actions/checkout@v4
+        with:
+          repository: input-output-hk/sidechains-infra-priv
+          token: ${{ secrets.ACTIONS_PAT }}
+          path: sidechains-infra-priv
+
+      - name: Acquire AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.ECR_REGISTRY_SECRET }}
+
+      - name: Install kubectl, kubernetes-helm and awscli
+        run: |
+          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x ./kubectl
+          sudo mv ./kubectl /usr/local/bin/kubectl
+          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
+          sudo apt-get install apt-transport-https --yes
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+          sudo apt-get update
+          sudo apt-get install helm
+  
+      - name: Configure kubectl
+        run: |
+          echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
+          kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
+          kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
+          kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
+          kubectl config use-context my-context
+  
+      - name: Delete pods
+        continue-on-error: true
+        run: |
+          kubectl delete pod validator-1 -n staging-preprod || true
+          kubectl delete pod validator-2 -n staging-preprod || true
+          kubectl delete pod validator-3 -n staging-preprod || true
+          kubectl delete pod validator-4 -n staging-preprod || true
+          echo "Waiting for pods to delete..."
+          kubectl wait --for=delete pod/validator-1 pod/validator-2 pod/validator-3 pod/validator-4 -n staging-preprod --timeout=120s || true
+  
+      - name: Delete substrate PVCs
+        continue-on-error: true
+        run: |
+          kubectl delete pvc validator-1-claim-substrate-node-data -n staging-preprod
+          kubectl delete pvc validator-2-claim-substrate-node-data -n staging-preprod
+          kubectl delete pvc validator-3-claim-substrate-node-data -n staging-preprod
+          kubectl delete pvc validator-4-claim-substrate-node-data -n staging-preprod
+          echo "Waiting for PVCs to delete..."
+          kubectl wait --for=delete pvc/validator-1-claim-substrate-node-data pvc/validator-2-claim-substrate-node-data pvc/validator-3-claim-substrate-node-data pvc/validator-4-claim-substrate-node-data -n staging-preprod --timeout=120s
+  
+      - name: Deploy with chain-spec and image override
+        run: |
+          cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
+          helm upgrade --install validator-1 . -f values/chains/staging-preprod.yaml -f values/nodes/staging/validator/validator-1 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-2 . -f values/chains/staging-preprod.yaml -f values/nodes/staging/validator/validator-2 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-3 . -f values/chains/staging-preprod.yaml -f values/nodes/staging/validator/validator-3 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-4 . -f values/chains/staging-preprod.yaml -f values/nodes/staging/validator/validator-4 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+  
+      - name: Wait
+        run: |
+          echo "Waiting for validator-1..."
+          kubectl wait --for=condition=ready pod validator-1 -n staging-preprod --timeout=300s
+          echo "Waiting for validator-2..."
+          kubectl wait --for=condition=ready pod validator-2 -n staging-preprod --timeout=300s
+          echo "Waiting for validator-3..."
+          kubectl wait --for=condition=ready pod validator-3 -n staging-preprod --timeout=300s
+          echo "Waiting for validator-4..."
+          kubectl wait --for=condition=ready pod validator-4 -n staging-preprod --timeout=300s
+  
+      - name: Validate
+        run: |
+          echo "Checking validator-1..."
+          kubectl get pod validator-1 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+          echo "Checking validator-2..."
+          kubectl get pod validator-2 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+          echo "Checking validator-3..."
+          kubectl get pod validator-3 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+          echo "Checking validator-4..."
+          kubectl get pod validator-4 -n staging-preprod -o jsonpath="{.status.containerStatuses[*].ready}"
+          kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(validator-1|validator-2|validator-3|validator-4)' | awk '{if ($2 != "true,true,true,true") exit 1}'
+          echo "All pods are 4/4 up and ready"
diff --git a/.github/workflows/modules/staging-preview-deploy.yml b/.github/workflows/modules/staging-preview-deploy.yml
@@ -62,51 +62,51 @@ jobs:
       - name: Delete pods
         continue-on-error: true
         run: |
-          kubectl delete pod validator-1 -n staging || true
-          kubectl delete pod validator-2 -n staging || true
-          kubectl delete pod validator-3 -n staging || true
-          kubectl delete pod validator-4 -n staging || true
+          kubectl delete pod validator-1 -n staging-preview || true
+          kubectl delete pod validator-2 -n staging-preview || true
+          kubectl delete pod validator-3 -n staging-preview || true
+          kubectl delete pod validator-4 -n staging-preview || true
           echo "Waiting for pods to delete..."
-          kubectl wait --for=delete pod/validator-1 pod/validator-2 pod/validator-3 pod/validator-4 -n staging --timeout=120s || true
+          kubectl wait --for=delete pod/validator-1 pod/validator-2 pod/validator-3 pod/validator-4 -n staging-preview --timeout=120s || true
   
       - name: Delete substrate PVCs
         continue-on-error: true
         run: |
-          kubectl delete pvc validator-1-claim-substrate-node-data -n staging
-          kubectl delete pvc validator-2-claim-substrate-node-data -n staging
-          kubectl delete pvc validator-3-claim-substrate-node-data -n staging
-          kubectl delete pvc validator-4-claim-substrate-node-data -n staging
+          kubectl delete pvc validator-1-claim-substrate-node-data -n staging-preview
+          kubectl delete pvc validator-2-claim-substrate-node-data -n staging-preview
+          kubectl delete pvc validator-3-claim-substrate-node-data -n staging-preview
+          kubectl delete pvc validator-4-claim-substrate-node-data -n staging-preview
           echo "Waiting for PVCs to delete..."
-          kubectl wait --for=delete pvc/validator-1-claim-substrate-node-data pvc/validator-2-claim-substrate-node-data pvc/validator-3-claim-substrate-node-data pvc/validator-4-claim-substrate-node-data -n staging --timeout=120s
+          kubectl wait --for=delete pvc/validator-1-claim-substrate-node-data pvc/validator-2-claim-substrate-node-data pvc/validator-3-claim-substrate-node-data pvc/validator-4-claim-substrate-node-data -n staging-preview --timeout=120s
   
       - name: Deploy with chain-spec and image override
         run: |
           cd sidechains-infra-priv/src/kube/substrate-poc/environments/helm/substrate-node-stack-chart/
-          helm upgrade --install validator-1 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-1 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
-          helm upgrade --install validator-2 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-2 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
-          helm upgrade --install validator-3 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-3 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
-          helm upgrade --install validator-4 . -f values/chains/staging.yaml -f values/nodes/staging/validator/validator-4 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-1 . -f values/chains/staging-preview.yaml -f values/nodes/staging/validator/validator-1 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-2 . -f values/chains/staging-preview.yaml -f values/nodes/staging/validator/validator-2 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-3 . -f values/chains/staging-preview.yaml -f values/nodes/staging/validator/validator-3 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
+          helm upgrade --install validator-4 . -f values/chains/staging-preview.yaml -f values/nodes/staging/validator/validator-4 --set images.substrateNode="${{ inputs.image }}" --set chain.chainspec_secretName="${{ inputs.chain-spec-secret }}"
   
       - name: Wait
         run: |
           echo "Waiting for validator-1..."
-          kubectl wait --for=condition=ready pod validator-1 -n staging --timeout=300s
+          kubectl wait --for=condition=ready pod validator-1 -n staging-preview --timeout=300s
           echo "Waiting for validator-2..."
-          kubectl wait --for=condition=ready pod validator-2 -n staging --timeout=300s
+          kubectl wait --for=condition=ready pod validator-2 -n staging-preview --timeout=300s
           echo "Waiting for validator-3..."
-          kubectl wait --for=condition=ready pod validator-3 -n staging --timeout=300s
+          kubectl wait --for=condition=ready pod validator-3 -n staging-preview --timeout=300s
           echo "Waiting for validator-4..."
-          kubectl wait --for=condition=ready pod validator-4 -n staging --timeout=300s
+          kubectl wait --for=condition=ready pod validator-4 -n staging-preview --timeout=300s
   
       - name: Validate
         run: |
           echo "Checking validator-1..."
-          kubectl get pod validator-1 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
+          kubectl get pod validator-1 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
           echo "Checking validator-2..."
-          kubectl get pod validator-2 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
+          kubectl get pod validator-2 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
           echo "Checking validator-3..."
-          kubectl get pod validator-3 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
+          kubectl get pod validator-3 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
           echo "Checking validator-4..."
-          kubectl get pod validator-4 -n staging -o jsonpath="{.status.containerStatuses[*].ready}"
+          kubectl get pod validator-4 -n staging-preview -o jsonpath="{.status.containerStatuses[*].ready}"
           kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(validator-1|validator-2|validator-3|validator-4)' | awk '{if ($2 != "true,true,true,true") exit 1}'
           echo "All pods are 4/4 up and ready"