From 548bf6b6a14eb46685ce6672d414cb442e117240 Mon Sep 17 00:00:00 2001 From: Cyber MacGeddon Date: Fri, 11 Oct 2024 15:32:33 +0100 Subject: [PATCH] Have prod/dev stacks --- .../{deploy-demo.yaml => deploy-dev.yaml} | 12 ++-- .github/workflows/deploy-prod.yaml | 67 +++++++++++++++++++ .../{undeploy-demo.yaml => undeploy-dev.yaml} | 8 +-- .github/workflows/undeploy-prod.yaml | 45 +++++++++++++ pulumi/Pulumi.dev.yaml | 14 ++++ pulumi/{Pulumi.demo.yaml => Pulumi.prod.yaml} | 6 +- 6 files changed, 139 insertions(+), 13 deletions(-) rename .github/workflows/{deploy-demo.yaml => deploy-dev.yaml} (90%) create mode 100644 .github/workflows/deploy-prod.yaml rename .github/workflows/{undeploy-demo.yaml => undeploy-dev.yaml} (86%) create mode 100644 .github/workflows/undeploy-prod.yaml create mode 100644 pulumi/Pulumi.dev.yaml rename pulumi/{Pulumi.demo.yaml => Pulumi.prod.yaml} (84%) diff --git a/.github/workflows/deploy-demo.yaml b/.github/workflows/deploy-dev.yaml similarity index 90% rename from .github/workflows/deploy-demo.yaml rename to .github/workflows/deploy-dev.yaml index 9608e1c..07efbde 100644 --- a/.github/workflows/deploy-demo.yaml +++ b/.github/workflows/deploy-dev.yaml @@ -1,11 +1,11 @@ -name: Deploy to demo +name: Deploy to dev on: workflow_dispatch: push: - tags: - - v* + branch: + - dev permissions: contents: read @@ -16,7 +16,7 @@ jobs: deploy: - name: Deploy to demo + name: Deploy to dev runs-on: ubuntu-latest steps: @@ -58,9 +58,9 @@ jobs: uses: pulumi/actions@v3 with: command: up - stack-name: demo + stack-name: dev work-dir: pulumi - cloud-url: gs://trustgraph-deploy/config-ui/demo + cloud-url: gs://trustgraph-deploy/config-ui env: PULUMI_CONFIG_PASSPHRASE: "" IMAGE_VERSION: ${{ steps.version.outputs.VERSION }} diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml new file mode 100644 index 0000000..e98b2d7 --- /dev/null +++ b/.github/workflows/deploy-prod.yaml @@ -0,0 +1,67 @@ + +name: Deploy to prod + +on: + workflow_dispatch: + push: + branch: + - prod + +permissions: + contents: read + id-token: 'write' + packages: read + +jobs: + + deploy: + + name: Deploy to prod + runs-on: ubuntu-latest + + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Get version + id: version + run: echo VERSION=$(git describe --exact-match --tags | sed 's/^v//') >> $GITHUB_OUTPUT + + - name: Install deps + run: npm install + + - name: Build container + run: make VERSION=${{ steps.version.outputs.VERSION }} + + - id: auth + name: Authenticate with Google Cloud + uses: google-github-actions/auth@v2 + with: + token_format: access_token + workload_identity_provider: projects/583813057664/locations/global/workloadIdentityPools/deploy/providers/github + service_account: deploy@trustgraph-demo.iam.gserviceaccount.com + access_token_lifetime: 900s + create_credentials_file: true + + - name: Login to Artifact Registry + uses: redhat-actions/podman-login@v1 + with: + registry: us-central1-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + + - name: Install Pulumi + run: cd pulumi && npm install + + - name: Applying infrastructure 🚀🙏 + uses: pulumi/actions@v3 + with: + command: up + stack-name: prod + work-dir: pulumi + cloud-url: gs://trustgraph-deploy/config-ui + env: + PULUMI_CONFIG_PASSPHRASE: "" + IMAGE_VERSION: ${{ steps.version.outputs.VERSION }} + diff --git a/.github/workflows/undeploy-demo.yaml b/.github/workflows/undeploy-dev.yaml similarity index 86% rename from .github/workflows/undeploy-demo.yaml rename to .github/workflows/undeploy-dev.yaml index 170e64a..2dc7643 100644 --- a/.github/workflows/undeploy-demo.yaml +++ b/.github/workflows/undeploy-dev.yaml @@ -1,5 +1,5 @@ -name: Undeploy to demo +name: Undeploy to dev on: workflow_dispatch: @@ -12,7 +12,7 @@ jobs: deploy: - name: Undeploy to demo + name: Undeploy to dev runs-on: ubuntu-latest steps: @@ -37,9 +37,9 @@ jobs: uses: pulumi/actions@v3 with: command: destroy - stack-name: demo + stack-name: dev work-dir: pulumi - cloud-url: gs://kalntera-deploy/cybersec-ai/demo + cloud-url: gs://trustgraph-deploy/config-ui env: PULUMI_CONFIG_PASSPHRASE: "" diff --git a/.github/workflows/undeploy-prod.yaml b/.github/workflows/undeploy-prod.yaml new file mode 100644 index 0000000..6d5c7f6 --- /dev/null +++ b/.github/workflows/undeploy-prod.yaml @@ -0,0 +1,45 @@ + +name: Undeploy to prod + +on: + workflow_dispatch: + +permissions: + contents: read + id-token: 'write' + +jobs: + + deploy: + + name: Undeploy to prod + runs-on: ubuntu-latest + + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - id: auth + name: Authenticate with Google Cloud + uses: google-github-actions/auth@v0 + with: + token_format: access_token + workload_identity_provider: projects/514167726704/locations/global/workloadIdentityPools/deploy/providers/deploy + service_account: deploy@kalntera-demo.iam.gserviceaccount.com + access_token_lifetime: 900s + create_credentials_file: true + + - name: Install Pulumi + run: cd pulumi && npm install + + - name: Destroy infrastructure ☠🔥 + uses: pulumi/actions@v3 + with: + command: destroy + stack-name: prod + work-dir: pulumi + cloud-url: gs://trustgraph-deploy/config-ui + env: + PULUMI_CONFIG_PASSPHRASE: "" + diff --git a/pulumi/Pulumi.dev.yaml b/pulumi/Pulumi.dev.yaml new file mode 100644 index 0000000..431ff4c --- /dev/null +++ b/pulumi/Pulumi.dev.yaml @@ -0,0 +1,14 @@ +encryptionsalt: v1:vQGk98eEeYI=:v1:tHg+f1b66tEydgA9:J1RGVNI0FssyjSXVhcKU7bfBofNFTg== +config: + config-ui:artifact-name: config-ui-dev + config-ui:artifact-repo: us-central1-docker.pkg.dev/trustgraph-demo/config-ui-dev + config-ui:artifact-repo-region: us-central1 + config-ui:cloud-run-region: us-central1 + config-ui:domain: demo.trustgraph.ai + config-ui:environment: dev + config-ui:gcp-project: trustgraph-demo + config-ui:gcp-region: us-central1 + config-ui:hostname: dev.config-ui.demo.trustgraph.ai + config-ui:managed-zone: demo + config-ui:max-scale: "2" + config-ui:min-scale: "0" diff --git a/pulumi/Pulumi.demo.yaml b/pulumi/Pulumi.prod.yaml similarity index 84% rename from pulumi/Pulumi.demo.yaml rename to pulumi/Pulumi.prod.yaml index cc4243b..96dfcf0 100644 --- a/pulumi/Pulumi.demo.yaml +++ b/pulumi/Pulumi.prod.yaml @@ -1,11 +1,11 @@ encryptionsalt: v1:vQGk98eEeYI=:v1:tHg+f1b66tEydgA9:J1RGVNI0FssyjSXVhcKU7bfBofNFTg== config: - config-ui:artifact-name: config-ui - config-ui:artifact-repo: us-central1-docker.pkg.dev/trustgraph-demo/config-ui + config-ui:artifact-name: config-ui-prod + config-ui:artifact-repo: us-central1-docker.pkg.dev/trustgraph-demo/config-ui-prod config-ui:artifact-repo-region: us-central1 config-ui:cloud-run-region: us-central1 config-ui:domain: demo.trustgraph.ai - config-ui:environment: demo + config-ui:environment: prod config-ui:gcp-project: trustgraph-demo config-ui:gcp-region: us-central1 config-ui:hostname: config-ui.demo.trustgraph.ai