From b3c6e869a2e9cb01afaf63e101d14f653e5d5517 Mon Sep 17 00:00:00 2001 From: Soule BA Date: Fri, 1 Mar 2024 12:47:26 +0100 Subject: [PATCH 1/3] Add a promotion workflow from staging to production Signed-off-by: Soule BA --- .github/workflows/production-promotion.yaml | 56 +++++++++++++++++++ README.md | 21 +++++++ components/backend/staging/kustomization.yaml | 2 +- .../backend/staging/production-promotion.yaml | 31 ++++++++++ .../frontend/staging/kustomization.yaml | 1 + .../staging/production-promotion.yaml | 29 ++++++++++ 6 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/production-promotion.yaml create mode 100644 components/backend/staging/production-promotion.yaml create mode 100644 components/frontend/staging/production-promotion.yaml diff --git a/.github/workflows/production-promotion.yaml b/.github/workflows/production-promotion.yaml new file mode 100644 index 0000000..05370f3 --- /dev/null +++ b/.github/workflows/production-promotion.yaml @@ -0,0 +1,56 @@ +name: production-promotion +on: + repository_dispatch: + types: + - HelmRelease/redis.backend + - HelmRelease/memcached.backend + - HelmRelease/podinfo.frontend + +permissions: + contents: write + pull-requests: write + +jobs: + promote: + runs-on: ubuntu-latest + # Start promotion when the staging cluster has successfully + # upgraded the Helm release to a new chart version. + if: | + github.event.client_payload.metadata.env == 'staging' && + github.event.client_payload.severity == 'info' + steps: + # Checkout main branch. + - uses: actions/checkout@v3 + with: + ref: production + #Parse the event metadata to determine the chart version deployed on staging. + - name: Get chart version from staging + id: staging + run: | + VERSION=$(echo ${{ github.event.client_payload.metadata.revision }} | cut -d '@' -f1) + NAME=$(echo ${{ github.event.client_payload.involvedObject.name }} | cut -d '@' -f1) + NAMESPACE=$(echo ${{ github.event.client_payload.involvedObject.namespace }} | cut -d '@' -f1) + echo VERSION=${VERSION} >> $GITHUB_OUTPUT + echo NAME=${NAME} >> $GITHUB_OUTPUT + echo NAMESPACE=${NAMESPACE} >> $GITHUB_OUTPUT + # Patch the chart version in the production Helm release manifest. + - name: Set chart version in production + id: production + env: + CHART_VERSION: ${{ steps.staging.outputs.version }} + NAME: ${{ steps.staging.outputs.name }} + NAMESPACE: ${{ steps.staging.outputs.namespace }} + run: | + echo "set chart version to ${CHART_VERSION}" + yq e '(select(.spec.chart.spec.version) | .spec.chart.spec.version) = env(CHART_VERSION)' -i ./components/${NAMESPACE}/base/${NAME}.yaml + # Open a Pull Request if an upgraded is needed in production. + - name: Open promotion PR + uses: peter-evans/create-pull-request@v6 + with: + branch: production-promotion-${{ steps.staging.outputs.name }}-${{ steps.staging.outputs.version }} + delete-branch: true + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }} + title: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }} + body: | + Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}. diff --git a/README.md b/README.md index d02c8f2..2f1cf36 100644 --- a/README.md +++ b/README.md @@ -100,3 +100,24 @@ When a new chart version is pushed to the container registry, and if it matches Flux will update the HelmRelease YAML definitions and will push the changes to the `main` branch. Then it will upgrade the Helm releases to the new version to the staging cluster. +### Promotion to Production + +After the HelmReleases are successfully installed or upgraded on the staging cluster, a promotion pipeline +is triggered to promote the changes to the production clusters. It effectively opens pull requests +on the `production` branch with the updated HelmChart versions. + +The promotion pipeline is defined in .github/workflows/production-promotion.yaml. +The `provider` and `alerts` used to trigger the promotion pipeline are defined in the `staging` directory +of each component: + +```shell +./components/ +├── backend +│ └── staging +│   ├── kustomization.yaml +│   └── production-promotion.yaml +└── frontend + └── staging + ├── kustomization.yaml + └── production-promotion.yaml +``` diff --git a/components/backend/staging/kustomization.yaml b/components/backend/staging/kustomization.yaml index 91b8567..8dc333f 100644 --- a/components/backend/staging/kustomization.yaml +++ b/components/backend/staging/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base + - production-promotion.yaml patches: - path: memcached-values.yaml - path: redis-values.yaml - diff --git a/components/backend/staging/production-promotion.yaml b/components/backend/staging/production-promotion.yaml new file mode 100644 index 0000000..5c67114 --- /dev/null +++ b/components/backend/staging/production-promotion.yaml @@ -0,0 +1,31 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: github + namespace: backend +spec: + type: githubdispatch + address: https://github.com/controlplaneio-fluxcd/d1-apps + secretRef: + name: flux-apps +--- +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: production-promotion + namespace: backend +spec: + providerRef: + name: github + summary: "Trigger promotion" + eventMetadata: + env: staging + cluster: staging-1 + eventSeverity: info + eventSources: + - kind: HelmRelease + name: redis + - kind: HelmRelease + name: memcached + inclusionList: + - ".*succeeded.*" diff --git a/components/frontend/staging/kustomization.yaml b/components/frontend/staging/kustomization.yaml index d34a054..d3c4a5d 100644 --- a/components/frontend/staging/kustomization.yaml +++ b/components/frontend/staging/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base + - production-promotion.yaml patches: - path: podinfo-values.yaml target: diff --git a/components/frontend/staging/production-promotion.yaml b/components/frontend/staging/production-promotion.yaml new file mode 100644 index 0000000..bf5e72a --- /dev/null +++ b/components/frontend/staging/production-promotion.yaml @@ -0,0 +1,29 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: github + namespace: frontend +spec: + type: githubdispatch + address: https://github.com/controlplaneio-fluxcd/d1-apps + secretRef: + name: flux-apps +--- +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: production-promotion + namespace: frontend +spec: + providerRef: + name: github + summary: "Trigger promotion" + eventMetadata: + env: staging + cluster: staging-1 + eventSeverity: info + eventSources: + - kind: HelmRelease + name: podinfo + inclusionList: + - ".*succeeded.*" From 0e8596396001f14ec0af556e4b0d0f690268fbb3 Mon Sep 17 00:00:00 2001 From: Soule BA Date: Thu, 7 Mar 2024 11:32:58 +0100 Subject: [PATCH 2/3] updating to have only one pull request with all changes from main Signed-off-by: Soule BA --- .github/workflows/production-promotion.yaml | 34 ++++++--------------- README.md | 5 +-- 2 files changed, 13 insertions(+), 26 deletions(-) diff --git a/.github/workflows/production-promotion.yaml b/.github/workflows/production-promotion.yaml index 05370f3..030c5ba 100644 --- a/.github/workflows/production-promotion.yaml +++ b/.github/workflows/production-promotion.yaml @@ -20,37 +20,23 @@ jobs: github.event.client_payload.severity == 'info' steps: # Checkout main branch. - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: production - #Parse the event metadata to determine the chart version deployed on staging. - - name: Get chart version from staging - id: staging + fetch-depth: 0 + # Commit changes from the main branch. + - name: Commit changes + id: commit run: | - VERSION=$(echo ${{ github.event.client_payload.metadata.revision }} | cut -d '@' -f1) - NAME=$(echo ${{ github.event.client_payload.involvedObject.name }} | cut -d '@' -f1) - NAMESPACE=$(echo ${{ github.event.client_payload.involvedObject.namespace }} | cut -d '@' -f1) - echo VERSION=${VERSION} >> $GITHUB_OUTPUT - echo NAME=${NAME} >> $GITHUB_OUTPUT - echo NAMESPACE=${NAMESPACE} >> $GITHUB_OUTPUT - # Patch the chart version in the production Helm release manifest. - - name: Set chart version in production - id: production - env: - CHART_VERSION: ${{ steps.staging.outputs.version }} - NAME: ${{ steps.staging.outputs.name }} - NAMESPACE: ${{ steps.staging.outputs.namespace }} - run: | - echo "set chart version to ${CHART_VERSION}" - yq e '(select(.spec.chart.spec.version) | .spec.chart.spec.version) = env(CHART_VERSION)' -i ./components/${NAMESPACE}/base/${NAME}.yaml + git pull origin main # Open a Pull Request if an upgraded is needed in production. - name: Open promotion PR uses: peter-evans/create-pull-request@v6 with: - branch: production-promotion-${{ steps.staging.outputs.name }}-${{ steps.staging.outputs.version }} + branch: production-promotion delete-branch: true token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }} - title: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }} + commit-message: Promote chart + title: Promote new changes to production body: | - Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}. + Promote new changes to production diff --git a/README.md b/README.md index 2f1cf36..efeb170 100644 --- a/README.md +++ b/README.md @@ -103,8 +103,9 @@ Then it will upgrade the Helm releases to the new version to the staging cluster ### Promotion to Production After the HelmReleases are successfully installed or upgraded on the staging cluster, a promotion pipeline -is triggered to promote the changes to the production clusters. It effectively opens pull requests -on the `production` branch with the updated HelmChart versions. +is triggered to promote the changes to the production clusters. It effectively opens a pull request +on the `production` branch with the updated changes from the `main` branch. The pull request will +keep the changes in sync between the `main` and `production` branches as long as the pull request is open. The promotion pipeline is defined in .github/workflows/production-promotion.yaml. The `provider` and `alerts` used to trigger the promotion pipeline are defined in the `staging` directory From 80d2a7bc3c83c97138a1f44fe1d07f933cabb771 Mon Sep 17 00:00:00 2001 From: Soule BA Date: Thu, 7 Mar 2024 14:26:32 +0100 Subject: [PATCH 3/3] taking into account review comments Signed-off-by: Soule BA --- .github/workflows/production-promotion.yaml | 4 +--- components/backend/staging/production-promotion.yaml | 8 +++----- components/frontend/staging/production-promotion.yaml | 6 +++--- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/production-promotion.yaml b/.github/workflows/production-promotion.yaml index 030c5ba..0f8b98c 100644 --- a/.github/workflows/production-promotion.yaml +++ b/.github/workflows/production-promotion.yaml @@ -2,9 +2,7 @@ name: production-promotion on: repository_dispatch: types: - - HelmRelease/redis.backend - - HelmRelease/memcached.backend - - HelmRelease/podinfo.frontend + - HelmRelease/* # Trigger on HelmRelease events permissions: contents: write diff --git a/components/backend/staging/production-promotion.yaml b/components/backend/staging/production-promotion.yaml index 5c67114..fdbcd56 100644 --- a/components/backend/staging/production-promotion.yaml +++ b/components/backend/staging/production-promotion.yaml @@ -19,13 +19,11 @@ spec: name: github summary: "Trigger promotion" eventMetadata: - env: staging - cluster: staging-1 + env: ${ENVIRONMENT} + cluster: ${CLUSTER_NAME} eventSeverity: info eventSources: - kind: HelmRelease - name: redis - - kind: HelmRelease - name: memcached + name: '*' inclusionList: - ".*succeeded.*" diff --git a/components/frontend/staging/production-promotion.yaml b/components/frontend/staging/production-promotion.yaml index bf5e72a..c3cf9b2 100644 --- a/components/frontend/staging/production-promotion.yaml +++ b/components/frontend/staging/production-promotion.yaml @@ -19,11 +19,11 @@ spec: name: github summary: "Trigger promotion" eventMetadata: - env: staging - cluster: staging-1 + env: ${ENVIRONMENT} + cluster: ${CLUSTER_NAME} eventSeverity: info eventSources: - kind: HelmRelease - name: podinfo + name: '*' inclusionList: - ".*succeeded.*"