From 00e7d79d6faa6b21d147bacd2d6452c9e3581992 Mon Sep 17 00:00:00 2001 From: Joe Banks Date: Sat, 14 Nov 2020 22:44:41 +0000 Subject: Add Kubernetes deployment stage to GitHub Actions --- .github/workflows/lint-build-deploy.yaml | 175 +++++++++++++++++++++++++++++++ .github/workflows/lint-build.yaml | 144 ------------------------- 2 files changed, 175 insertions(+), 144 deletions(-) create mode 100644 .github/workflows/lint-build-deploy.yaml delete mode 100644 .github/workflows/lint-build.yaml diff --git a/.github/workflows/lint-build-deploy.yaml b/.github/workflows/lint-build-deploy.yaml new file mode 100644 index 00000000..733328d4 --- /dev/null +++ b/.github/workflows/lint-build-deploy.yaml @@ -0,0 +1,175 @@ +name: Lint, Build & Deploy + +on: + push: + branches: + - master + pull_request_target: + + +jobs: + lint: + name: Lint using pre-commit & flake8 + runs-on: ubuntu-latest + env: + # Configure pip to cache dependencies and do a user install + PIP_NO_CACHE_DIR: false + PIP_USER: 1 + + # Hide the graphical elements from pipenv's output + PIPENV_HIDE_EMOJIS: 1 + PIPENV_NOSPIN: 1 + + # Make sure pipenv does not try reuse an environment it's running in + PIPENV_IGNORE_VIRTUALENVS: 1 + + # Specify explicit paths for python dependencies and the pre-commit + # environment so we know which directories to cache + PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base + PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache + + steps: + - name: Add custom PYTHONUSERBASE to PATH + run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH + + # We don't want to persist credentials, as our GitHub Action + # may be run when a PR is made from a fork. + - name: Checkout repository + uses: actions/checkout@v2 + with: + persist-credentials: false + + - name: Setup python + id: python + uses: actions/setup-python@v2 + with: + python-version: '3.8' + + # This step caches our Python dependencies. To make sure we + # only restore a cache when the dependencies, the python version, + # the runner operating system, and the dependency location haven't + # changed, we create a cache key that is a composite of those states. + # + # Only when the context is exactly the same, we will restore the cache. + - name: Python Dependency Caching + uses: actions/cache@v2 + id: python_cache + with: + path: ${{ env.PYTHONUSERBASE }} + key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\ + ${{ steps.python.outputs.python-version }}-\ + ${{ hashFiles('./Pipfile', './Pipfile.lock') }}" + + # Install our dependencies if we did not restore a dependency cache + - name: Install dependencies using pipenv + if: steps.python_cache.outputs.cache-hit != 'true' + run: | + pip install pipenv + pipenv install --dev --deploy --system + + # This step caches our pre-commit environment. To make sure we + # do create a new environment when our pre-commit setup changes, + # we create a cache key based on relevant factors. + - name: Pre-commit Environment Caching + uses: actions/cache@v2 + with: + path: ${{ env.PRE_COMMIT_HOME }} + key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\ + ${{ steps.python.outputs.python-version }}-\ + ${{ hashFiles('./.pre-commit-config.yaml') }}" + + # We will not run `flake8` here, as we will use a separate flake8 + # action. As pre-commit does not support user installs, we set + # PIP_USER=0 to not do a user install. + - name: Run pre-commit hooks + run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files + + # This step requires `pull_request_target` as we need "write" permissions + # to add annotations to the Actions results. A normal `pull_request` trigger + # does not get those permissions for security reasons. + - name: Run flake8 + uses: julianwachholz/flake8-action@v1 + with: + checkName: lint + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build-and-push: + name: Build and Push to Container Repositories + needs: lint + if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + + steps: + # Create a commit SHA-based tag for the container repositories + - name: Create SHA Container Tag + id: sha_tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "::set-output name=tag::$tag" + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to Github Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GHCR_TOKEN }} + + # This step currently pushes to both DockerHub and GHCR to + # make the migration easier. The DockerHub push will be + # removed once we've migrated to our K8s cluster. + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + cache-from: type=registry,ref=ghcr.io/python-discord/seasonalbot:latest + tags: | + ghcr.io/python-discord/seasonalbot:latest + ghcr.io/python-discord/seasonalbot:${{ steps.sha_tag.outputs.tag }} + pythondiscord/seasonalbot:latest + pythondiscord/seasonalbot:${{ steps.sha_tag.outputs.tag }} + + deploy: + name: Deploy to the Kubernetes cluster + needs: build-and-push + if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + # Create a commit SHA-based tag for the container repositories + - name: Create SHA Container Tag + id: sha_tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "::set-output name=tag::$tag" + + - name: Authenticate with Kubernetes + uses: azure/k8s-set-context@v1 + with: + method: kubeconfig + kubeconfig: ${{ secrets.KUBECONFIG }} + + - name: Deploy to Kubernetes + uses: Azure/k8s-deploy@v1 + with: + manifests: | + deployment.yaml + images: 'ghcr.io/python-discord/seasonalbot:${{ steps.sha_tag.outputs.tag }}' + kubectl-version: 'latest' diff --git a/.github/workflows/lint-build.yaml b/.github/workflows/lint-build.yaml deleted file mode 100644 index 7001bc66..00000000 --- a/.github/workflows/lint-build.yaml +++ /dev/null @@ -1,144 +0,0 @@ -name: Linting & Building - -on: - push: - branches: - - master - pull_request_target: - - -jobs: - lint: - name: Lint using pre-commit & flake8 - runs-on: ubuntu-latest - env: - # Configure pip to cache dependencies and do a user install - PIP_NO_CACHE_DIR: false - PIP_USER: 1 - - # Hide the graphical elements from pipenv's output - PIPENV_HIDE_EMOJIS: 1 - PIPENV_NOSPIN: 1 - - # Make sure pipenv does not try reuse an environment it's running in - PIPENV_IGNORE_VIRTUALENVS: 1 - - # Specify explicit paths for python dependencies and the pre-commit - # environment so we know which directories to cache - PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base - PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache - - steps: - - name: Add custom PYTHONUSERBASE to PATH - run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH - - # We don't want to persist credentials, as our GitHub Action - # may be run when a PR is made from a fork. - - name: Checkout repository - uses: actions/checkout@v2 - with: - persist-credentials: false - - - name: Setup python - id: python - uses: actions/setup-python@v2 - with: - python-version: '3.8' - - # This step caches our Python dependencies. To make sure we - # only restore a cache when the dependencies, the python version, - # the runner operating system, and the dependency location haven't - # changed, we create a cache key that is a composite of those states. - # - # Only when the context is exactly the same, we will restore the cache. - - name: Python Dependency Caching - uses: actions/cache@v2 - id: python_cache - with: - path: ${{ env.PYTHONUSERBASE }} - key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\ - ${{ steps.python.outputs.python-version }}-\ - ${{ hashFiles('./Pipfile', './Pipfile.lock') }}" - - # Install our dependencies if we did not restore a dependency cache - - name: Install dependencies using pipenv - if: steps.python_cache.outputs.cache-hit != 'true' - run: | - pip install pipenv - pipenv install --dev --deploy --system - - # This step caches our pre-commit environment. To make sure we - # do create a new environment when our pre-commit setup changes, - # we create a cache key based on relevant factors. - - name: Pre-commit Environment Caching - uses: actions/cache@v2 - with: - path: ${{ env.PRE_COMMIT_HOME }} - key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\ - ${{ steps.python.outputs.python-version }}-\ - ${{ hashFiles('./.pre-commit-config.yaml') }}" - - # We will not run `flake8` here, as we will use a separate flake8 - # action. As pre-commit does not support user installs, we set - # PIP_USER=0 to not do a user install. - - name: Run pre-commit hooks - run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files - - # This step requires `pull_request_target` as we need "write" permissions - # to add annotations to the Actions results. A normal `pull_request` trigger - # does not get those permissions for security reasons. - - name: Run flake8 - uses: julianwachholz/flake8-action@v1 - with: - checkName: lint - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build-and-push: - name: Build and Push to Container Repositories - needs: lint - if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - - steps: - # Create a commit SHA-based tag for the container repositories - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Github Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_TOKEN }} - - # This step currently pushes to both DockerHub and GHCR to - # make the migration easier. The DockerHub push will be - # removed once we've migrated to our K8s cluster. - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - cache-from: type=registry,ref=ghcr.io/python-discord/seasonalbot:latest - tags: | - ghcr.io/python-discord/seasonalbot:latest - ghcr.io/python-discord/seasonalbot:${{ steps.sha_tag.outputs.tag }} - pythondiscord/seasonalbot:latest - pythondiscord/seasonalbot:${{ steps.sha_tag.outputs.tag }} -- cgit v1.2.3 From 113c9f5e403753c7fc826f89691feb7b42953807 Mon Sep 17 00:00:00 2001 From: Joe Banks Date: Sat, 14 Nov 2020 22:44:58 +0000 Subject: Add Kubernetes deployment manifest --- deployment.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 deployment.yaml diff --git a/deployment.yaml b/deployment.yaml new file mode 100644 index 00000000..b04b528c --- /dev/null +++ b/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: seasonalbot +spec: + replicas: 1 + selector: + matchLabels: + app: seasonalbot + template: + metadata: + labels: + app: seasonalbot + spec: + containers: + - name: seasonalbot + image: ghcr.io/python-discord/seasonalbot:latest + imagePullPolicy: Always + envFrom: + - secretRef: + name: seasonalbot-env -- cgit v1.2.3 From b2521ad090cf899ae1af9a1c17ce26074a5b80f7 Mon Sep 17 00:00:00 2001 From: Joe Banks Date: Sat, 14 Nov 2020 22:51:04 +0000 Subject: Merge build and deploy stages --- .github/workflows/lint-build-deploy.yaml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/.github/workflows/lint-build-deploy.yaml b/.github/workflows/lint-build-deploy.yaml index 733328d4..7ce5d9a3 100644 --- a/.github/workflows/lint-build-deploy.yaml +++ b/.github/workflows/lint-build-deploy.yaml @@ -94,8 +94,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - build-and-push: - name: Build and Push to Container Repositories + build-and-deploy: + name: Build and Deploy to Kubernetes needs: lint if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' runs-on: ubuntu-latest @@ -143,23 +143,6 @@ jobs: pythondiscord/seasonalbot:latest pythondiscord/seasonalbot:${{ steps.sha_tag.outputs.tag }} - deploy: - name: Deploy to the Kubernetes cluster - needs: build-and-push - if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - # Create a commit SHA-based tag for the container repositories - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - name: Authenticate with Kubernetes uses: azure/k8s-set-context@v1 with: -- cgit v1.2.3