From 90706075d42251580cd6fd781fffbf45db19dd54 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 12 Sep 2024 11:03:30 -0400 Subject: [PATCH 01/25] Test arc-runner-set k8s self-hosted runner --- .github/workflows/test.yml | 114 +++++++++++++++++++------------------ 1 file changed, 58 insertions(+), 56 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 550ab85d..27f9697a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,60 +7,62 @@ on: jobs: test: - runs-on: ubuntu-20.04 - env: - DJANGO_SETTINGS_MODULE: hip.settings.dev - services: - postgres: - image: postgres - env: - POSTGRES_PASSWORD: postgres - POSTGRES_DB: hip_ci - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 5432:5432 + runs-on: arc-runner-set #ubuntu-20.04 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version: '16' - - name: Cache node modules - uses: actions/cache@v3 - env: - cache-name: cache-node-modules - with: - path: ~/.npm - key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-build-${{ env.cache-name }}- - ${{ runner.os }}-build- - ${{ runner.os }}- - - run: npm install - - run: npm run build - - uses: actions/setup-python@v4 - with: - python-version: '3.10' - cache: 'pip' - cache-dependency-path: 'requirements/*/**.txt' - - name: Cache pre-commit - uses: actions/cache@v3 - with: - path: ~/.cache/pre-commit - key: ${{ runner.os }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }} - restore-keys: | - ${{ runner.os }}-precommit- - - name: Install dependencies - run: | - python -m pip install --upgrade pip wheel pip-tools - pip-sync requirements/base/base.txt requirements/dev/dev.txt - - uses: pre-commit/action@v3.0.0 - - name: Run Tests - run: make run-tests - env: - DATABASE_URL: postgres://postgres:postgres@localhost:5432/hip_ci - - name: Test build deploy image - run: inv image.build + - run: echo "🎉 This job just ran on runner 'arc-runner-set' scale set runners!" + # env: + # DJANGO_SETTINGS_MODULE: hip.settings.dev + # services: + # postgres: + # image: postgres + # env: + # POSTGRES_PASSWORD: postgres + # POSTGRES_DB: hip_ci + # options: >- + # --health-cmd pg_isready + # --health-interval 10s + # --health-timeout 5s + # --health-retries 5 + # ports: + # - 5432:5432 + # steps: + # - uses: actions/checkout@v3 + # - uses: actions/setup-node@v3 + # with: + # node-version: '16' + # - name: Cache node modules + # uses: actions/cache@v3 + # env: + # cache-name: cache-node-modules + # with: + # path: ~/.npm + # key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} + # restore-keys: | + # ${{ runner.os }}-build-${{ env.cache-name }}- + # ${{ runner.os }}-build- + # ${{ runner.os }}- + # - run: npm install + # - run: npm run build + # - uses: actions/setup-python@v4 + # with: + # python-version: '3.10' + # cache: 'pip' + # cache-dependency-path: 'requirements/*/**.txt' + # - name: Cache pre-commit + # uses: actions/cache@v3 + # with: + # path: ~/.cache/pre-commit + # key: ${{ runner.os }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }} + # restore-keys: | + # ${{ runner.os }}-precommit- + # - name: Install dependencies + # run: | + # python -m pip install --upgrade pip wheel pip-tools + # pip-sync requirements/base/base.txt requirements/dev/dev.txt + # - uses: pre-commit/action@v3.0.0 + # - name: Run Tests + # run: make run-tests + # env: + # DATABASE_URL: postgres://postgres:postgres@localhost:5432/hip_ci + # - name: Test build deploy image + # run: inv image.build From 53292dfae98c70fb8c89ce673c5593eea5a90474 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 12 Sep 2024 13:30:33 -0400 Subject: [PATCH 02/25] Run test and deployment in self-hosted runner --- .github/workflows/deploy.yml | 4 +- .github/workflows/test.yml | 114 +++++++++++++++++------------------ deploy/group_vars/all.yml | 3 +- 3 files changed, 59 insertions(+), 62 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 05094cba..188bd9da 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -8,9 +8,7 @@ on: jobs: deploy: - runs-on: - - self-hosted - - philly-hip + runs-on: arc-runner-set env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 27f9697a..3a3f769a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,62 +7,60 @@ on: jobs: test: - runs-on: arc-runner-set #ubuntu-20.04 + runs-on: arc-runner-set + env: + DJANGO_SETTINGS_MODULE: hip.settings.dev + services: + postgres: + image: postgres + env: + POSTGRES_PASSWORD: postgres + POSTGRES_DB: hip_ci + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + - 5432:5432 steps: - - run: echo "🎉 This job just ran on runner 'arc-runner-set' scale set runners!" - # env: - # DJANGO_SETTINGS_MODULE: hip.settings.dev - # services: - # postgres: - # image: postgres - # env: - # POSTGRES_PASSWORD: postgres - # POSTGRES_DB: hip_ci - # options: >- - # --health-cmd pg_isready - # --health-interval 10s - # --health-timeout 5s - # --health-retries 5 - # ports: - # - 5432:5432 - # steps: - # - uses: actions/checkout@v3 - # - uses: actions/setup-node@v3 - # with: - # node-version: '16' - # - name: Cache node modules - # uses: actions/cache@v3 - # env: - # cache-name: cache-node-modules - # with: - # path: ~/.npm - # key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} - # restore-keys: | - # ${{ runner.os }}-build-${{ env.cache-name }}- - # ${{ runner.os }}-build- - # ${{ runner.os }}- - # - run: npm install - # - run: npm run build - # - uses: actions/setup-python@v4 - # with: - # python-version: '3.10' - # cache: 'pip' - # cache-dependency-path: 'requirements/*/**.txt' - # - name: Cache pre-commit - # uses: actions/cache@v3 - # with: - # path: ~/.cache/pre-commit - # key: ${{ runner.os }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }} - # restore-keys: | - # ${{ runner.os }}-precommit- - # - name: Install dependencies - # run: | - # python -m pip install --upgrade pip wheel pip-tools - # pip-sync requirements/base/base.txt requirements/dev/dev.txt - # - uses: pre-commit/action@v3.0.0 - # - name: Run Tests - # run: make run-tests - # env: - # DATABASE_URL: postgres://postgres:postgres@localhost:5432/hip_ci - # - name: Test build deploy image - # run: inv image.build + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: '16' + - name: Cache node modules + uses: actions/cache@v3 + env: + cache-name: cache-node-modules + with: + path: ~/.npm + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-build-${{ env.cache-name }}- + ${{ runner.os }}-build- + ${{ runner.os }}- + - run: npm install + - run: npm run build + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'pip' + cache-dependency-path: 'requirements/*/**.txt' + - name: Cache pre-commit + uses: actions/cache@v3 + with: + path: ~/.cache/pre-commit + key: ${{ runner.os }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }} + restore-keys: | + ${{ runner.os }}-precommit- + - name: Install dependencies + run: | + python -m pip install --upgrade pip wheel pip-tools + pip-sync requirements/base/base.txt requirements/dev/dev.txt + - uses: pre-commit/action@v3.0.0 + - name: Run Tests + run: make run-tests + env: + DATABASE_URL: postgres://postgres:postgres@localhost:5432/hip_ci + - name: Test build deploy image + run: inv image.build diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index b26cec5a..4e27b524 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -61,7 +61,8 @@ cloudformation_stack: AdministratorIPAddress: "{{ administrator_ip_cidrs[0] }}" # Stack allows only single IP here to SSH to bastion BastionAMI: "ami-0ad554caf874569d2" # https://cloud-images.ubuntu.com/locator/ec2/ [us-east-1 amd64] BastionKeyName: rluna_hip - BastionInstanceType: t3.small # Is this a proper size? + # Instance sizes - https://aws.amazon.com/ec2/instance-types/t3/ + BastionInstanceType: t3.small BastionType: SSH CustomerManagedCmkArn: "" DomainName: "{{ app_name }}-prod.caktus-built.com" From 953078cdfd3c41e4d2b0fced7fda8652cc97d89d Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 12 Sep 2024 16:52:09 -0400 Subject: [PATCH 03/25] Add current branch to push branches as test --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 188bd9da..ca9dc14c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,6 +5,7 @@ on: branches: - main - develop + - CU-8689pdzrr-k8s-self-hosted-runner jobs: deploy: From cee2fa22075cc4d1581def4ed1527dc4784f239b Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 10:27:58 -0400 Subject: [PATCH 04/25] Limit necessary reqs to build img --- .github/workflows/deploy.yml | 4 ++-- .github/workflows/test.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ca9dc14c..c4669ae2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,7 +9,7 @@ on: jobs: deploy: - runs-on: arc-runner-set + runs-on: arc-runner-set # K8s self hosted runner env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -27,7 +27,7 @@ jobs: id: pip-install run: | python -m pip install --upgrade pip wheel pip-tools - pip-sync requirements/base/base.txt requirements/dev/dev.txt + pip-sync requirements/dev/dev.txt - name: Login to Docker id: docker-login run: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3a3f769a..7eba9bd4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ on: jobs: test: - runs-on: arc-runner-set + runs-on: arc-runner-set # K8s self hosted runner env: DJANGO_SETTINGS_MODULE: hip.settings.dev services: From 0af401685f4fc10eb32673b74a65989f5b2add2c Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 10:41:29 -0400 Subject: [PATCH 05/25] Install apt dependencies on deploy --- .github/workflows/deploy.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c4669ae2..38b3a802 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,7 +22,12 @@ jobs: with: python-version: '3.10' cache: 'pip' - cache-dependency-path: 'requirements/*/**.txt' + cache-dependency-path: 'requirements/*/dev.txt' + - name: Install apt packages + uses: awalsh128/cache-apt-pkgs-action@v1.4.2 + with: + packages: git + version: 1.0 # cache version (increment if needed) - name: Install dependencies id: pip-install run: | From 1790b145a412e1f4205ae12d129b7f3395e0fcf9 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 10:46:10 -0400 Subject: [PATCH 06/25] Install apt dependencies on deploy --- .github/workflows/deploy.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 38b3a802..3ebd2d67 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -24,10 +24,7 @@ jobs: cache: 'pip' cache-dependency-path: 'requirements/*/dev.txt' - name: Install apt packages - uses: awalsh128/cache-apt-pkgs-action@v1.4.2 - with: - packages: git - version: 1.0 # cache version (increment if needed) + run: sudo apt-get install -y git - name: Install dependencies id: pip-install run: | From 0703e105213c8861c8e7ad602500242c71c50b00 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 10:49:13 -0400 Subject: [PATCH 07/25] Add apt-get update --- .github/workflows/deploy.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3ebd2d67..3e203d3e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -24,7 +24,9 @@ jobs: cache: 'pip' cache-dependency-path: 'requirements/*/dev.txt' - name: Install apt packages - run: sudo apt-get install -y git + run: | + sudo apt-get update + sudo apt-get install -y git - name: Install dependencies id: pip-install run: | From 1c6fbcefb9ec59ca10cc6a963a22d6ac905ed926 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 10:59:15 -0400 Subject: [PATCH 08/25] Divide deployment job --- .github/workflows/deploy.yml | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3e203d3e..072138e5 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -8,8 +8,8 @@ on: - CU-8689pdzrr-k8s-self-hosted-runner jobs: - deploy: - runs-on: arc-runner-set # K8s self hosted runner + build-push: + runs-on: ubuntu-22.04 # standard (not self-hosted) runner env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -23,10 +23,6 @@ jobs: python-version: '3.10' cache: 'pip' cache-dependency-path: 'requirements/*/dev.txt' - - name: Install apt packages - run: | - sudo apt-get update - sudo apt-get install -y git - name: Install dependencies id: pip-install run: | @@ -37,16 +33,36 @@ jobs: run: | inv aws.docker-login - name: Build, tag, push, and deploy image - id: build-tag-push-deploy + id: build-tag-push run: | [ "$GITHUB_REF" = refs/heads/main ] && ENV="production" || ENV="staging" echo "env is $ENV" - inv $ENV image deploy --verbosity=0 + inv $ENV image push --verbosity=0 - uses: act10ns/slack@v1 with: status: ${{ job.status }} steps: ${{ toJson(steps) }} # always() means to notify regardless of status if: always() + deploy: + runs-on: arc-runner-set # K8s self-hosted runner + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + # https://github.com/marketplace/actions/slack-github-actions-slack-integration + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'pip' + cache-dependency-path: 'requirements/*/dev.txt' + - name: Install dependencies + id: pip-install + run: | + python -m pip install --upgrade pip wheel pip-tools + pip-sync requirements/dev/dev.txt From d4e0f5f09f89ec26a4c0bf1361f0cd724dd7348b Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:02:30 -0400 Subject: [PATCH 09/25] Improve deploy & test files --- .github/workflows/deploy.yml | 3 ++- .github/workflows/test.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 072138e5..c3728060 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -39,7 +39,7 @@ jobs: ENV="production" || ENV="staging" echo "env is $ENV" - inv $ENV image push --verbosity=0 + inv $ENV image.push --verbosity=0 - uses: act10ns/slack@v1 with: status: ${{ job.status }} @@ -48,6 +48,7 @@ jobs: if: always() deploy: runs-on: arc-runner-set # K8s self-hosted runner + needs: [build-push] env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7eba9bd4..7307f365 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,7 +7,7 @@ on: jobs: test: - runs-on: arc-runner-set # K8s self hosted runner + runs-on: ubuntu-22.04 # standard (not self-hosted) runner env: DJANGO_SETTINGS_MODULE: hip.settings.dev services: From 9c90c5b223128b565ea0228a6a960763406bfdb5 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:07:31 -0400 Subject: [PATCH 10/25] Remove non-existing flag --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c3728060..dd7bcaeb 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -39,7 +39,7 @@ jobs: ENV="production" || ENV="staging" echo "env is $ENV" - inv $ENV image.push --verbosity=0 + inv $ENV image.push - uses: act10ns/slack@v1 with: status: ${{ job.status }} From dd44bc487583323b8e2f7d7735694b5400fd8f70 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:24:50 -0400 Subject: [PATCH 11/25] Pass tags in between jobs --- .github/workflows/deploy.yml | 39 ++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dd7bcaeb..2564c0aa 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,7 +32,7 @@ jobs: id: docker-login run: | inv aws.docker-login - - name: Build, tag, push, and deploy image + - name: Build, tag, and push image id: build-tag-push run: | [ "$GITHUB_REF" = refs/heads/main ] && @@ -40,12 +40,17 @@ jobs: ENV="staging" echo "env is $ENV" inv $ENV image.push - - uses: act10ns/slack@v1 + - shell: bash + run: | + inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4 > docker-tag.txt + - name: Upload docker tag from build-push job + uses: actions/upload-artifact@v4 with: - status: ${{ job.status }} - steps: ${{ toJson(steps) }} - # always() means to notify regardless of status - if: always() + name: docker_tag + path: docker-tag.txt + + # The deploy needs to run from within the cluster, since the cluster + # is not exposed to the public internet deploy: runs-on: arc-runner-set # K8s self-hosted runner needs: [build-push] @@ -57,6 +62,14 @@ jobs: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} steps: - uses: actions/checkout@v3 + - name: Download docker tag from build-push job + uses: actions/download-artifact@v4 + with: + name: docker_tag + - name: Set variables + run: | + DOCKER_TAG=$(cat docker-tag.txt) + echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV - uses: actions/setup-python@v4 with: python-version: '3.10' @@ -67,3 +80,17 @@ jobs: run: | python -m pip install --upgrade pip wheel pip-tools pip-sync requirements/dev/dev.txt + - name: Deploy the image + id: deploy + run: | + [ "$GITHUB_REF" = refs/heads/main ] && + ENV="production" || + ENV="staging" + echo "env is $ENV" + inv $ENV deploy --tag=${{ env.DOCKER_TAG }} + - uses: act10ns/slack@v1 + with: + status: ${{ job.status }} + steps: ${{ toJson(steps) }} + # always() means to notify regardless of status + if: always() From cff73d822b40d85ffa7a77f2e837483b8d84196a Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:34:01 -0400 Subject: [PATCH 12/25] Document and install git --- .github/workflows/deploy.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2564c0aa..a76ca55c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -50,7 +50,10 @@ jobs: path: docker-tag.txt # The deploy needs to run from within the cluster, since the cluster - # is not exposed to the public internet + # is not exposed to the public internet. This step is split out into + # its own job to reduce the amount of work done on the self-hosted runner + # and avoid the need to run a privileged docker container (with the + # capability of building a docker container itself). deploy: runs-on: arc-runner-set # K8s self-hosted runner needs: [build-push] @@ -70,6 +73,10 @@ jobs: run: | DOCKER_TAG=$(cat docker-tag.txt) echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV + - name: Install apt packages + run: | + sudo apt-get update + sudo apt-get install -y git - uses: actions/setup-python@v4 with: python-version: '3.10' From 2feb319f1ff9ebd25acb140dcb9ef8eb6db198f5 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:46:20 -0400 Subject: [PATCH 13/25] Improve deploy --- .github/workflows/deploy.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a76ca55c..49b6f672 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,6 +32,13 @@ jobs: id: docker-login run: | inv aws.docker-login + - shell: bash + run: | + inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4 > docker-tag.txt + - name: Set variables + run: | + DOCKER_TAG=$(cat docker-tag.txt) + echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV - name: Build, tag, and push image id: build-tag-push run: | @@ -39,10 +46,7 @@ jobs: ENV="production" || ENV="staging" echo "env is $ENV" - inv $ENV image.push - - shell: bash - run: | - inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4 > docker-tag.txt + inv $ENV image.push --tag=${{ env.DOCKER_TAG }} - name: Upload docker tag from build-push job uses: actions/upload-artifact@v4 with: From b93c55ff3190f30cbbed406ae0b428d6389c0b14 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:52:20 -0400 Subject: [PATCH 14/25] Test --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 49b6f672..0a753327 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,9 @@ jobs: run: | inv aws.docker-login - shell: bash + # https://github.com/caktus/invoke-kubesae/blob/main/kubesae/image.py#L24C24-L24C42 run: | + git status --short inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4 > docker-tag.txt - name: Set variables run: | From 5cd3516e2b165ad5a18d3b411766e7ee35b21e38 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 11:58:26 -0400 Subject: [PATCH 15/25] Test --- .github/workflows/deploy.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0a753327..a9e49fb6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,15 +32,11 @@ jobs: id: docker-login run: | inv aws.docker-login - - shell: bash - # https://github.com/caktus/invoke-kubesae/blob/main/kubesae/image.py#L24C24-L24C42 - run: | - git status --short - inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4 > docker-tag.txt - name: Set variables run: | - DOCKER_TAG=$(cat docker-tag.txt) + DOCKER_TAG=$(inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4) echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV + echo "$DOCKER_TAG" > docker-tag.txt - name: Build, tag, and push image id: build-tag-push run: | From 89f864669870b950710e02fc2796708907aee341 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 12:05:58 -0400 Subject: [PATCH 16/25] Test --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a9e49fb6..d6b7f955 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,7 +32,7 @@ jobs: id: docker-login run: | inv aws.docker-login - - name: Set variables + - name: Set DOCKER_TAG and save to file for artifact upload run: | DOCKER_TAG=$(inv image.tag | grep 'Set config.tag to' | cut -d' ' -f4) echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV @@ -44,7 +44,7 @@ jobs: ENV="production" || ENV="staging" echo "env is $ENV" - inv $ENV image.push --tag=${{ env.DOCKER_TAG }} + inv $ENV image.build --tag=${{ env.DOCKER_TAG }} image.push --tag=${{ env.DOCKER_TAG }} - name: Upload docker tag from build-push job uses: actions/upload-artifact@v4 with: From d84f5fb6d379b7f8b19a485b991d190bd4c3488d Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Thu, 19 Sep 2024 12:17:19 -0400 Subject: [PATCH 17/25] Remove some verbosity from img creation --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d6b7f955..aa3ea200 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,7 @@ jobs: ENV="production" || ENV="staging" echo "env is $ENV" + export BUILDKIT_PROGRESS=plain inv $ENV image.build --tag=${{ env.DOCKER_TAG }} image.push --tag=${{ env.DOCKER_TAG }} - name: Upload docker tag from build-push job uses: actions/upload-artifact@v4 From ba22e931cb5c5973ad1c3d30f7375355ea3a6e6b Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 1 Oct 2024 12:11:28 -0400 Subject: [PATCH 18/25] Remove github deploy runner --- deploy/deploy-runner.yml | 9 +++++- deploy/group_vars/all.yml | 6 ---- deploy/remove-runner.yml | 66 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 deploy/remove-runner.yml diff --git a/deploy/deploy-runner.yml b/deploy/deploy-runner.yml index aa773fa8..1c102f09 100644 --- a/deploy/deploy-runner.yml +++ b/deploy/deploy-runner.yml @@ -28,6 +28,8 @@ ansible.builtin.user: name: "{{ github_runner_user }}" comment: Github Actions Runner + state: absent + # Install Docker # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository - name: Install dependencies @@ -58,6 +60,8 @@ - docker-buildx-plugin - docker-compose-plugin update_cache: yes + state: absent + - name: Task name stat: path: /home/{{ github_runner_user }}/runner @@ -106,10 +110,13 @@ name: "{{ github_runner_user }}" groups: docker append: yes + state: absent + - name: Restart docker service ansible.builtin.service: name: docker - state: restarted + state: stopped + - name: Install the runner [If error, RUNNER_CFG_PAT might be missing or expired! See README.md] ansible.builtin.shell: cmd: > diff --git a/deploy/group_vars/all.yml b/deploy/group_vars/all.yml index 4e27b524..3faa0078 100644 --- a/deploy/group_vars/all.yml +++ b/deploy/group_vars/all.yml @@ -58,12 +58,6 @@ cloudformation_stack: template_parameters: UseAES256Encryption: "true" - AdministratorIPAddress: "{{ administrator_ip_cidrs[0] }}" # Stack allows only single IP here to SSH to bastion - BastionAMI: "ami-0ad554caf874569d2" # https://cloud-images.ubuntu.com/locator/ec2/ [us-east-1 amd64] - BastionKeyName: rluna_hip - # Instance sizes - https://aws.amazon.com/ec2/instance-types/t3/ - BastionInstanceType: t3.small - BastionType: SSH CustomerManagedCmkArn: "" DomainName: "{{ app_name }}-prod.caktus-built.com" DomainNameAlternates: "" diff --git a/deploy/remove-runner.yml b/deploy/remove-runner.yml new file mode 100644 index 00000000..765563c5 --- /dev/null +++ b/deploy/remove-runner.yml @@ -0,0 +1,66 @@ +--- +- name: Remove GitHub Actions Runner + hosts: runner + become: yes + tags: runner_removal + tasks: + - name: Stop the runner service + ansible.builtin.shell: + cmd: > + curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/remove-svc.sh + | bash -s {{ github_scope }} + chdir: /home/{{ github_runner_user }} + environment: + RUNNER_CFG_PAT: "{{ github_pat }}" + ignore_errors: True + + - name: Delete the runner from GitHub (Unregister) + ansible.builtin.shell: + cmd: > + curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/delete.sh + | bash -s {{ github_scope }} {{ github_runner_name }} + chdir: /home/{{ github_runner_user }} + environment: + RUNNER_CFG_PAT: "{{ github_pat }}" + ignore_errors: True + + - name: Remove runner directory and files + ansible.builtin.file: + path: "/home/{{ github_runner_user }}/runner" + state: absent + ignore_errors: True + + - name: Uninstall Docker packages + ansible.builtin.package: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: absent + ignore_errors: True + + - name: Remove Docker GPG key + ansible.builtin.apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: absent + ignore_errors: True + + - name: Remove Docker repository + ansible.builtin.apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable + state: absent + ignore_errors: True + + - name: Remove GitHub runner user + ansible.builtin.user: + name: "{{ github_runner_user }}" + state: absent + ignore_errors: True + + - name: Remove docker group + ansible.builtin.group: + name: docker + state: absent + ignore_errors: True \ No newline at end of file From a78bf0b899691e0614f04505f460f865165737c1 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 1 Oct 2024 12:11:44 -0400 Subject: [PATCH 19/25] Remove github deploy runner --- .github/workflows/deploy.yml | 1 - README.md | 35 +---------------------------------- 2 files changed, 1 insertion(+), 35 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index aa3ea200..efc7203c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,7 +5,6 @@ on: branches: - main - develop - - CU-8689pdzrr-k8s-self-hosted-runner jobs: build-push: diff --git a/README.md b/README.md index 044056b5..79538bd7 100644 --- a/README.md +++ b/README.md @@ -293,37 +293,4 @@ To reset your local database from a deployed environment: As mentioned in the Database setup instructions, you may need to visit [/cms/sites](http://localhost:8000/cms/sites/) and change the first entry's -`Hostname` field to `localhost` to enable page previews in the Wagtail admin. - -### GitHub Actions Runner - -There are [GitHub Actions self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) deployed on a virtual machine within the same VPC. Other runners may be added in the future, if needed. - -Setup instructions: - -* Obtain a [GitHub PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `admin:org` scope that's valid for one week (it needs to be active only for the initial deployment). Add this to a local environment variable `RUNNER_CFG_PAT`: - -```sh -export RUNNER_CFG_PAT="gh......" -``` - -* Run the playbook to deploy the runner: - -```sh -cd deploy/ -# first time: connect as ubuntu user -ansible-playbook -u ubuntu deploy-runner.yml -# second time and beyond -ansible-playbook deploy-runner.yml -``` - -* The runner can be forcibly reinstalled by passing `-e force_reinstall=yes` or removed by passing `-e force_removal=yes`. - -Run OS updates: - -```sh -cd deploy/ -ansible-playbook run-os-updates.yml -# You may need to specify your username -ansible-playbook -u myusername run-os-updates.yaml -``` \ No newline at end of file +`Hostname` field to `localhost` to enable page previews in the Wagtail admin. \ No newline at end of file From 2048e58efdd26006b58d079be2e89b9589dae135 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 1 Oct 2024 12:14:34 -0400 Subject: [PATCH 20/25] Remove runner playbooks --- deploy/deploy-runner.yml | 132 --------------------------------------- deploy/remove-runner.yml | 66 -------------------- 2 files changed, 198 deletions(-) delete mode 100644 deploy/deploy-runner.yml delete mode 100644 deploy/remove-runner.yml diff --git a/deploy/deploy-runner.yml b/deploy/deploy-runner.yml deleted file mode 100644 index 1c102f09..00000000 --- a/deploy/deploy-runner.yml +++ /dev/null @@ -1,132 +0,0 @@ ---- -- hosts: runner - become: yes - tags: base - roles: - - caktus.hosting_services.users - tasks: - - name: Set hostname - hostname: - name: "{{ inventory_hostname_short }}" - when: inventory_hostname_short is defined and inventory_hostname_short - - name: Add new hostname to /etc/hosts - lineinfile: - path: /etc/hosts - regexp: '^127\.0\.1\.1' - line: '127.0.1.1 {{ inventory_hostname_short }}' - owner: root - group: root - mode: 0644 - when: inventory_hostname_short is defined and inventory_hostname_short - -- name: Install GitHub Actions Runner - hosts: runner - tags: runner - become: yes - tasks: - - name: Create runner user - ansible.builtin.user: - name: "{{ github_runner_user }}" - comment: Github Actions Runner - state: absent - - # Install Docker - # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository - - name: Install dependencies - ansible.builtin.package: - name: - - jq - - ca-certificates - - curl - - gnupg - - lsb-release - - libpq-dev - - python3.10 - - python3.10-dev - - name: Add Docker's official GPG key - ansible.builtin.apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - - name: Add Docker repository - ansible.builtin.apt_repository: - repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable - state: present - - name: Install Docker Engine - ansible.builtin.package: - name: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-buildx-plugin - - docker-compose-plugin - update_cache: yes - state: absent - - - name: Task name - stat: - path: /home/{{ github_runner_user }}/runner - register: runner_dir - - name: Set vars - set_fact: - run_removal_tasks: >- - {{ - runner_dir.stat.exists - and ( - (force_reinstall is defined and force_reinstall == "yes") - or (force_removal is defined and force_removal == "yes") - ) - }} - # Various complicated Ansible roles exist, but this just works: - # https://github.com/actions/runner/blob/main/docs/automate.md - - name: Remove the runner - ansible.builtin.shell: - cmd: > - curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/remove-svc.sh - | bash -s {{ github_scope }} - chdir: /home/{{ github_runner_user }} - environment: - RUNNER_CFG_PAT: "{{ github_pat }}" - when: run_removal_tasks - ignore_errors: True - - name: Delete the runner - ansible.builtin.shell: - cmd: > - curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/delete.sh - | bash -s {{ github_scope }} {{ github_runner_name }} - chdir: /home/{{ github_runner_user }} - environment: - RUNNER_CFG_PAT: "{{ github_pat }}" - when: run_removal_tasks - ignore_errors: True - - name: Remove old runner directory and files - ansible.builtin.file: - path: "{{ item }}" - state: absent - loop: - - /home/{{ github_runner_user }}/runner - when: run_removal_tasks - - name: Add user '{{ github_runner_user }}' to group docker - user: - name: "{{ github_runner_user }}" - groups: docker - append: yes - state: absent - - - name: Restart docker service - ansible.builtin.service: - name: docker - state: stopped - - - name: Install the runner [If error, RUNNER_CFG_PAT might be missing or expired! See README.md] - ansible.builtin.shell: - cmd: > - curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/create-latest-svc.sh - | bash -s -- - -s {{ github_scope }} - -n {{ github_runner_name }} - -l {{ github_runner_location }},self-hosted - -u {{ github_runner_user }} - chdir: /home/{{ github_runner_user }} - environment: - RUNNER_CFG_PAT: "{{ github_pat }}" - when: (not runner_dir.stat.exists) or (force_reinstall is defined and force_reinstall=="yes") \ No newline at end of file diff --git a/deploy/remove-runner.yml b/deploy/remove-runner.yml deleted file mode 100644 index 765563c5..00000000 --- a/deploy/remove-runner.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -- name: Remove GitHub Actions Runner - hosts: runner - become: yes - tags: runner_removal - tasks: - - name: Stop the runner service - ansible.builtin.shell: - cmd: > - curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/remove-svc.sh - | bash -s {{ github_scope }} - chdir: /home/{{ github_runner_user }} - environment: - RUNNER_CFG_PAT: "{{ github_pat }}" - ignore_errors: True - - - name: Delete the runner from GitHub (Unregister) - ansible.builtin.shell: - cmd: > - curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/delete.sh - | bash -s {{ github_scope }} {{ github_runner_name }} - chdir: /home/{{ github_runner_user }} - environment: - RUNNER_CFG_PAT: "{{ github_pat }}" - ignore_errors: True - - - name: Remove runner directory and files - ansible.builtin.file: - path: "/home/{{ github_runner_user }}/runner" - state: absent - ignore_errors: True - - - name: Uninstall Docker packages - ansible.builtin.package: - name: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-buildx-plugin - - docker-compose-plugin - state: absent - ignore_errors: True - - - name: Remove Docker GPG key - ansible.builtin.apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: absent - ignore_errors: True - - - name: Remove Docker repository - ansible.builtin.apt_repository: - repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable - state: absent - ignore_errors: True - - - name: Remove GitHub runner user - ansible.builtin.user: - name: "{{ github_runner_user }}" - state: absent - ignore_errors: True - - - name: Remove docker group - ansible.builtin.group: - name: docker - state: absent - ignore_errors: True \ No newline at end of file From 56aa3291980b9b41de82ca49a0d7d33c1376e7d6 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Wed, 2 Oct 2024 14:48:25 -0400 Subject: [PATCH 21/25] Include helm config to deploy runner --- deploy/deploy-runner.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 deploy/deploy-runner.yml diff --git a/deploy/deploy-runner.yml b/deploy/deploy-runner.yml new file mode 100644 index 00000000..4fe6458d --- /dev/null +++ b/deploy/deploy-runner.yml @@ -0,0 +1,31 @@ +--- +- name: Install Actions Runner Controller and configure runner scale set + hosts: cluster + vars: + ansible_connection: local + ansible_python_interpreter: "{{ ansible_playbook_python }}" + gather_facts: false + tasks: + - name: Installing Actions Runner Controller + kubernetes.core.helm: + context: "{{ k8s_context|mandatory }}" + kubeconfig: "{{ k8s_kubeconfig }}" + chart_ref: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller + release_name: arc + release_namespace: arc-systems + create_namespace: true + wait: yes + + - name: Configuring a runner scale set + kubernetes.core.helm: + context: "{{ k8s_context|mandatory }}" + kubeconfig: "{{ k8s_kubeconfig }}" + chart_ref: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set + release_name: arc-runner-set + release_namespace: arc-runners + create_namespace: true + release_values: + githubConfigUrl: "https://github.com/" + githubConfigSecret: + github_token: "" + wait: yes From f676a6908712d7cb92a4ece2e5663b0db225f506 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 3 Dec 2024 16:13:46 -0500 Subject: [PATCH 22/25] update values & test deploy self-hosted runner --- deploy/deploy-runner.yml | 28 ++++++++++++++++++++++------ deploy/host_vars/runner.yml | 35 ----------------------------------- 2 files changed, 22 insertions(+), 41 deletions(-) delete mode 100644 deploy/host_vars/runner.yml diff --git a/deploy/deploy-runner.yml b/deploy/deploy-runner.yml index 4fe6458d..924a1ad5 100644 --- a/deploy/deploy-runner.yml +++ b/deploy/deploy-runner.yml @@ -4,28 +4,44 @@ vars: ansible_connection: local ansible_python_interpreter: "{{ ansible_playbook_python }}" + runner_namespace: github-runner + chart_version: "0.9.3" gather_facts: false tasks: + # https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/quickstart-for-actions-runner-controller + # + # Ansible task to automate: + # helm install arc \ + # --namespace "${NAMESPACE}" \ + # --create-namespace \ + # oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller - name: Installing Actions Runner Controller kubernetes.core.helm: context: "{{ k8s_context|mandatory }}" - kubeconfig: "{{ k8s_kubeconfig }}" chart_ref: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller + chart_version: "{{ chart_version }}" release_name: arc - release_namespace: arc-systems + release_namespace: "{{ runner_namespace }}" create_namespace: true wait: yes + # Ansible task to automate: + # helm install "${INSTALLATION_NAME}" \ + # --namespace "${NAMESPACE}" \ + # --create-namespace \ + # --set githubConfigUrl="https://github.com/caktus/philly-hip" \ + # --set githubConfigSecret.github_token="${RUNNER_CFG_PAT}" \ + # oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set - name: Configuring a runner scale set kubernetes.core.helm: context: "{{ k8s_context|mandatory }}" - kubeconfig: "{{ k8s_kubeconfig }}" chart_ref: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set + chart_version: "{{ chart_version }}" release_name: arc-runner-set - release_namespace: arc-runners + release_namespace: "{{ runner_namespace }}" create_namespace: true release_values: - githubConfigUrl: "https://github.com/" + githubConfigUrl: "https://github.com/caktus/philly-hip" githubConfigSecret: - github_token: "" + github_token: "{{ lookup('env', 'RUNNER_CFG_PAT') }}" wait: yes diff --git a/deploy/host_vars/runner.yml b/deploy/host_vars/runner.yml deleted file mode 100644 index 23c68172..00000000 --- a/deploy/host_vars/runner.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -## users role configuration ## -users_groups: [adm, dialout, docker, sudo] -users_shell: /bin/bash - -# when removing a user, add their username to this list: -users_remove: - # Remove default user installed by Ubuntu. You might need to comment this out - # temporarily when first configuring a server, and possibly even reboot the - # server before the user can be removed. - - ubuntu - -# users to provision on all servers -# find your ssh key with: `cat ~/.ssh/id_*.pub` (should be one line) -# optionally generate password via `mkpasswd -m sha-512 -R 2000000` -users: - # in alphabetical order - - username: copelco - authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMtpiB+QFK/YDEx3qiq62zUcxKOiuIOe1CNmD+NQYKt copelco@caktusgroup.com - - username: ronardlunagerman - authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhNwSFktLJpdP/e04FPZxEwXsZyqTi8URd2IBjuw0Je rluna@caktusgroup.com - - username: tobias - authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFti2WxKH5TJh6SN44pkvG2V4268sJfirn00YrKLy+lY tobias@red-ed25519 - -# On GitHub -github_pat: "{{ lookup('env', 'RUNNER_CFG_PAT') }}" -github_scope: caktus - -# On the VM -github_runner_user: runner -github_runner_name: philly-hip-runner -github_runner_location: philly-hip \ No newline at end of file From 6b6e4c5e5596c8b4e8f2d71595aada0353ccd3aa Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 3 Dec 2024 16:22:19 -0500 Subject: [PATCH 23/25] Return runner copy to documentation --- .github/workflows/deploy.yml | 1 + README.md | 21 ++++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index efc7203c..aa3ea200 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,6 +5,7 @@ on: branches: - main - develop + - CU-8689pdzrr-k8s-self-hosted-runner jobs: build-push: diff --git a/README.md b/README.md index 79538bd7..0242c846 100644 --- a/README.md +++ b/README.md @@ -293,4 +293,23 @@ To reset your local database from a deployed environment: As mentioned in the Database setup instructions, you may need to visit [/cms/sites](http://localhost:8000/cms/sites/) and change the first entry's -`Hostname` field to `localhost` to enable page previews in the Wagtail admin. \ No newline at end of file +`Hostname` field to `localhost` to enable page previews in the Wagtail admin. + +### GitHub Actions Runner + +There are [GitHub Actions self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) deployed in the Kubernetes cluster along side the application. + +Setup instructions: + +* Obtain a [GitHub PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `repo` scope that's valid for one week (it needs to be active only for the initial deployment). Add this to a local environment variable `RUNNER_CFG_PAT`: + +```sh +export RUNNER_CFG_PAT="gh......" +``` + +* Run the playbook to deploy the runner: + +```sh +cd deploy/ +ansible-playbook deploy-runner.yml +``` From 7ebc3b612ff96986f6a77cc7c99fe753ecfd4f16 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 3 Dec 2024 16:40:30 -0500 Subject: [PATCH 24/25] Less verbosity on deploy --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index aa3ea200..3c5548cd 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -96,8 +96,8 @@ jobs: [ "$GITHUB_REF" = refs/heads/main ] && ENV="production" || ENV="staging" - echo "env is $ENV" - inv $ENV deploy --tag=${{ env.DOCKER_TAG }} + echo "env is $ENV" --verbosity=0 + inv $ENV deploy --tag=${{ env.DOCKER_TAG }} --verbosity=0 - uses: act10ns/slack@v1 with: status: ${{ job.status }} From f7ec5409858bef40a49979f77cf5d3fe90a2e022 Mon Sep 17 00:00:00 2001 From: ronardcaktus Date: Tue, 3 Dec 2024 16:52:49 -0500 Subject: [PATCH 25/25] Remove test branch from production deploy --- .github/workflows/deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3c5548cd..4946aa41 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -5,7 +5,6 @@ on: branches: - main - develop - - CU-8689pdzrr-k8s-self-hosted-runner jobs: build-push: