Skip to content
Deploy coder

Deploy coder #227

Sign in to view logs

Deploy coder

Deploy coder #227

Workflow file for this run

.github/workflows/kubectl.yml at 0dc11bc
name: Deploy coder
on:
workflow_dispatch:
pull_request:
schedule:
- cron: "0 0 * * *"
env:
PROJECT_ENV: digital-defiance-cloud-infrastructure-prod
jobs:
start-runner:
runs-on: ubuntu-latest
environment: production
container:
image: ghcr.io/digital-defiance/cloud-infrastructure:latest
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
db_url: ${{ steps.get-aws-info.outputs.db_url }}
steps:
-
name: Checkout
id: checkout
uses: actions/checkout@v1
-
id: get-aws-info
shell: bash
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
TF_TOKEN_app_terraform_io: "op://${{ env.PROJECT_ENV }}/terraform_credentials/TF_TOKEN_app_terraform_io"
SECRET_ARN: ${{ secrets.SECRET_ARN }}
run: |
cd coder-deployment/terraform_info
op run -- terraform init
op run -- terraform apply -auto-approve -var="secret_arn=$SECRET_ARN"
TERRAFORM_OUTPUT=$( op run -- terraform output -json )
extract_out() {
echo "$TERRAFORM_OUTPUT" | jq ".$1.value" | tr -d '"'
}
save_env(){
echo "$1=$2" >> $GITHUB_ENV
}
save_env AMI $(extract_out ami)
save_env SECURITY_GROUP_ID $(extract_out security_group_id)
save_env SUBNET_ID $(extract_out subnet_ids)
-
name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-south-1
-
name: Start EC2 runner
id: start-ec2-runner
uses: digital-defiance/ec2-github-runner@feature/add-storage-option
with:
mode: start
root-volume-size: 80
ec2-instance-type: t3.small
subnet-id: ${{ env.SUBNET_ID }}
github-token: ${{ secrets.GH_PAT }}
ec2-image-id: ${{ env.AMI }}
security-group-id: ${{ env.SECURITY_GROUP_ID }}
pre-runner-script: |
sudo apt update -y
sudo apt -y install docker.io
sudo service docker start
sudo usermod -a -G docker ubuntu
sudo chmod 666 /var/run/docker.sock
docker version
kubectl:
name: Execute kubectl commands
environment: production
container:
image: ghcr.io/digital-defiance/cloud-infrastructure:latest
needs:
- start-runner
runs-on: ${{ needs.start-runner.outputs.label }}
steps:
-
name: Checkout
id: checkout
uses: actions/checkout@v1
-
shell: bash
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
AWS_SECRET_ACCESS_KEY: "op://${{ env.PROJECT_ENV }}/aws_credentials/AWS_SECRET_ACCESS_KEY"
AWS_ACCESS_KEY_ID: "op://${{ env.PROJECT_ENV }}/aws_credentials/AWS_ACCESS_KEY_ID"
TF_TOKEN_app_terraform_io: "op://${{ env.PROJECT_ENV }}/terraform_credentials/TF_TOKEN_app_terraform_io"
SECRET_ARN: ${{ secrets.SECRET_ARN }}
run: |
extract_out() {
echo "$TERRAFORM_OUTPUT" | jq ".$1.value" | tr -d '"'
}
cd coder-deployment/terraform_info
op run -- terraform init
op run -- terraform apply -auto-approve -var="secret_arn=$SECRET_ARN"
TERRAFORM_OUTPUT=$( op run -- terraform output -json )
DB_MASTER_USERNAME=$(extract_out db_instance_master_username )
DB_INSTANCE_ENDPOINT=$(extract_out db_instance_endpoint )
DB_PASSWORD=$( extract_out db_instance_password )
DB_PASSWORD_URLENCODED=$(jq -rn --arg x "$DB_PASSWORD" '$x|@uri')
export DB_URL="postgresql://$DB_MASTER_USERNAME:$DB_PASSWORD_URLENCODED@$DB_INSTANCE_ENDPOINT/postgres"
cd ../../
make kubectl_deploy
stop-runner:
if: ${{ always() }}
runs-on: ubuntu-latest
name: "Deprovision infrastructure"
environment: production
needs:
- start-runner
- kubectl
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-south-1
- name: Stop EC2 runner
uses: digital-defiance/ec2-github-runner@v2
with:
mode: stop
github-token: ${{ secrets.GH_PAT }}
label: ${{ needs.start-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}