Merge pull request #3 from floatic-unicorn/cd-workflows

Add cd
floatic-unicorn · Feb 1, 2023 · ae21fa4 · ae21fa4
2 parents 2a92ef3 + 025d450
commit ae21fa4
Show file tree

Hide file tree

Showing 10 changed files with 159 additions and 441 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,11 +0,0 @@
-################################################################################
-# Repo
-
-.circleci/
-.github/
-.git/
-.github/
-.dockerignore
-.gitignore
-**Dockerfile
-**.Dockerfile

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
diff --git a/.github/actions/aws-mfa-login/action.yml b/.github/actions/aws-mfa-login/action.yml
@@ -0,0 +1,49 @@
+name: aws-mfa-login
+author: dev@floatic.io
+description: mfa login for aws
+
+inputs:
+  access_key_id: 
+    description: 'AWS access key id'
+    required: true
+  secret_access_key:
+    description: 'AWS access secret key'
+    required: true
+  mfa_key:
+    description: 'MFA Key'
+    required: true
+  mfa_arn:
+    description: 'MFA arn'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - run: sudo apt install awscli -y
+      shell: bash
+
+    - run: sudo -S -k apt-get install -y oathtool jq
+      shell: bash
+
+    - uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ inputs.access_key_id }}
+        aws-secret-access-key: ${{ inputs.secret_access_key }}
+        aws-region: ap-northeast-2
+
+    - run: |
+        token=$(oathtool -b --totp ${{ inputs.mfa_key }})
+        aws sts get-session-token --duration-seconds 36000 --serial-number ${{ inputs.mfa_arn }} --token-code $token  > mfa-temp.json
+        accessKeyId=$(cat mfa-temp.json | jq -r .Credentials.AccessKeyId)
+        secretAccessKey=$(cat mfa-temp.json | jq -r .Credentials.SecretAccessKey)
+        sessionToken=$(cat mfa-temp.json | jq -r .Credentials.SessionToken)
+        echo ${accessKeyId}
+        echo ${secretAccessKey}
+        echo ${sessionToken}
+        aws configure set aws_access_key_id $accessKeyId
+        aws configure set aws_secret_access_key $secretAccessKey
+        aws configure set aws_session_token $sessionToken
+        aws configure set region ap-northeast-2
+      shell: bash
+    - run: aws sts get-caller-identity
+      shell: bash
diff --git a/.github/actions/floatic-ppa-access/action.yml b/.github/actions/floatic-ppa-access/action.yml
@@ -0,0 +1,31 @@
+name: floatic-ppa-access
+author: kein@floatic.io
+description: ppa server inbound setting
+
+inputs:
+  target_group_name:
+    description: "aws ec2 scurity group name"
+    required: true
+
+  protocol:
+    description: "inbound protocol"
+    required: true
+    default: tcp
+
+  port:
+    description: "inbound port"
+    required: true
+    default: 443
+
+runs:
+  using: "composite"
+  steps:
+    - id: get_public_ip
+      uses: haythem/public-ip@v1.2
+
+    - run: aws ec2 authorize-security-group-ingress --group-name ${{ inputs.target_group_name }} --protocol ${{ inputs.protocol }} --port ${{ inputs.port }} --cidr ${{ steps.get_public_ip.outputs.ipv4 }}/32
+      shell: bash
+
+    - uses: webiny/action-post-run@3.0.0
+      with:
+        run: aws ec2 revoke-security-group-ingress --group-name ${{ inputs.target_group_name }} --protocol ${{ inputs.protocol }} --port ${{ inputs.port }} --cidr ${{ steps.get_public_ip.outputs.ipv4 }}/32
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/mergify.yml b/.github/mergify.yml
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -0,0 +1,77 @@
+name: CD
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  ecr_setting:
+    # if: contains(github.event.comment.html_url, '/pull/') && contains(github.event.comment.body, '/deploy')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: AWS Mfa login
+        uses: ./.github/actions/aws-mfa-login
+        with:
+          access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          mfa_key: ${{ secrets.MFA_KEY }}
+          mfa_arn: ${{ secrets.MFA_ARN }}
+
+      - id: get_ecr_password
+        name: Get ECR password
+        run: |
+          PROIFLE_REGION=$(aws configure get region)
+          ECR_PASSWORD=$(aws ecr get-login-password --region $PROIFLE_REGION)
+          echo "ECR_PASSWORD=$ECR_PASSWORD" >> $GITHUB_OUTPUT
+    outputs:
+      ecr_password: ${{ steps.get_ecr_password.outputs.ECR_PASSWORD }}
+
+  debian_build:
+    needs: ecr_setting
+    runs-on: ubuntu-latest
+    container:
+      image: 557571393534.dkr.ecr.ap-northeast-2.amazonaws.com/floom
+      credentials:
+        username: AWS
+        password: ${{ needs.ecr_setting.outputs.ecr_password }}
+    steps:
+      - name: Update dist
+        run: sudo apt update
+
+      - uses: actions/checkout@v3
+        with:
+          path: 'flody_ws/etc/'
+
+      - name: AWS Mfa login
+        uses: ./flody_ws/etc/.github/actions/aws-mfa-login
+        with:
+          access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          mfa_key: ${{ secrets.MFA_KEY }}
+          mfa_arn: ${{ secrets.MFA_ARN }}
+
+      - name: PPA server access
+        uses: ./flody_ws/etc/.github/actions/floatic-ppa-access
+        with:
+          target_group_name: ${{ secrets.SECURITY_GROUP_NAME }}
+
+      - name: Checkout submodules
+        run: |
+          cd flody_ws/etc
+          git submodule update --init --recursive
+      
+      - name: Generate debian file
+        run: |
+          source /opt/floatic/debian/ros/humble/setup.bash
+          cd flody_ws/etc
+          floom-generate rosdebian
+          ls debian_results/*.deb
+        shell: bash
+
+      - name: Upload to S3
+        run: |
+          ls flody_ws/etc/debian_results/
+          aws s3 cp flody_ws/etc/debian_results s3://robotics-workflow-archive/navigation2 --include "*.deb" --recursive