Skip to content

Production release #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Apr 9, 2025
Merged

Production release #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
bc8ec6d
Add eks deployment pipeline (#21)
gayathridevii Mar 17, 2025
d157530
changed ci cd pipeline for conductor ui (#22)
gayathridevii Mar 25, 2025
7b41ca0
minor fix in eks cluster variable (#23)
gayathridevii Apr 1, 2025
8da72c7
Merge pull request #24 from KeyValueSoftwareSystems/dev
gayathridevii Apr 1, 2025
27fa7f9
fix: Add web identity setup in s3 config (#20)
anandu-kv Apr 2, 2025
18fc707
chore: Add procedure migrations (#25)
anandu-kv Apr 2, 2025
79232dc
DEV to STG
muhammad-keyvalue Apr 2, 2025
c361144
fetch values from infra repo
gayathridevii Apr 8, 2025
9a084ad
fix in fetching variables
gayathridevii Apr 8, 2025
89cacf8
typo fix in values path
gayathridevii Apr 8, 2025
18dcd06
DEV to STG
muhammad-keyvalue Apr 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 65 additions & 59 deletions .github/workflows/cd-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,28 +15,31 @@ on:
required: true
type: string
description: Provide tag (Eg:v3.14.0)

permissions:
id-token: write
contents: write
packages: read
actions: read
env:
SERVICE_NAME: conductor-server
SERVICE_NAME: conductor
AWS_REGION: "ap-south-1"

HELM_CHART_NAME: "application-helm-chart"

jobs:
prepare-env:
name: Prepare Env
runs-on: 'ubuntu-latest'
runs-on: "ubuntu-latest"
timeout-minutes: 2
outputs:
AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }}
ENV: ${{ steps.vars.outputs.ENV }}
PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }}
ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }}
ECS_SERVICE: ${{ steps.set_env.outputs.ECS_SERVICE }}
TASK_DEFINITION: ${{ steps.set_env.outputs.TASK_DEFINITION }}
CONTAINER_NAME: ${{ steps.set_env.outputs.CONTAINER_NAME }}
K8S_CLUSTER: ${{ steps.vars.outputs.K8S_CLUSTER }}
ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }}
ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }}
SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }}

AWS_ACCOUNT_ID: ${{ steps.vars.outputs.AWS_ACCOUNT_ID}}

steps:
- id: vars
shell: bash
Expand All @@ -45,7 +48,7 @@ jobs:
ENV=${{ github.event.inputs.environment }}
IMAGE_TAG=${{ github.event.inputs.tag }}
echo $BRANCH

if [ -z "$ENV" ]
then
case $BRANCH in
Expand All @@ -67,17 +70,23 @@ jobs:
then
echo "AWS_ROLE=PRD_AWS_ROLE" >> $GITHUB_OUTPUT
echo "PROJECT_PREFIX=sirn-prd-mb" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "AWS_ACCOUNT_ID=PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "K8S_CLUSTER=sirn-prd-mb-prime" >> $GITHUB_OUTPUT
elif [ $ENV == 'stg' ]
then
echo "AWS_ROLE=STG_AWS_ROLE" >> $GITHUB_OUTPUT
echo "PROJECT_PREFIX=sirn-stg-mb" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "K8S_CLUSTER=sirn-dev-mb-prime" >> $GITHUB_OUTPUT
elif [ $ENV == 'dev' ]
then
echo "AWS_ROLE=DEV_AWS_ROLE" >> $GITHUB_OUTPUT
echo "PROJECT_PREFIX=sirn-dev-mb" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "K8S_CLUSTER=sirn-dev-mb-prime" >> $GITHUB_OUTPUT
else
echo "Branch not configured!"
exit 1
Expand All @@ -89,68 +98,65 @@ jobs:
id: set_env
run: |
PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }}
echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster" >> $GITHUB_OUTPUT
echo "ECS_SERVICE=$PROJECT_PREFIX-svc-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "TASK_DEFINITION=$PROJECT_PREFIX-td-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "CONTAINER_NAME=$PROJECT_PREFIX-cntr-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment" >> $GITHUB_OUTPUT
echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY

echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-conductor-server" >> $GITHUB_OUTPUT

# Deploy Conductor UI Image to ECS
deploy-server-image:
name: Deploy Server Image
runs-on: 'ubuntu-latest'
timeout-minutes: 20
deploy-to-k8s:
name: Deploy to k8s
runs-on: ubuntu-latest
container:
image: public.ecr.aws/kvsiren-dev/pipeline/helm-deploy:latest
timeout-minutes: 15
permissions:
id-token: write
pull-requests: write
contents: read
needs: prepare-env
needs:
- prepare-env
env:
AWS_ROLE: ${{ needs.prepare-env.outputs.AWS_ROLE }}
ENV: ${{ needs.prepare-env.outputs.ENV }}
PROJECT_PREFIX: ${{needs.prepare-env.outputs.PROJECT_PREFIX}}
ECR_REPOSITORY: ${{needs.prepare-env.outputs.ECR_REPOSITORY}}
IMAGE_TAG: ${{ github.event.inputs.tag }}
ECS_CLUSTER: ${{ needs.prepare-env.outputs.ECS_CLUSTER }}
ECS_SERVICE: ${{ needs.prepare-env.outputs.ECS_SERVICE }}
TASK_DEFINITION: ${{ needs.prepare-env.outputs.TASK_DEFINITION }}
CONTAINER_NAME: ${{ needs.prepare-env.outputs.CONTAINER_NAME }}

AWS_ACCOUNT_ID: ${{ needs.prepare-env.outputs.AWS_ACCOUNT_ID }}
ECR_REPOSITORY: ${{ needs.prepare-env.outputs.ECR_REPOSITORY }}
steps:
- name: Checkout code from action
uses: actions/checkout@v2

- name: Checkout values.yaml from siren-infra
uses: actions/checkout@v4
with:
repository: KeyvalueSoftwareSystems/siren-infra
ref: main
token: ${{secrets.SIREN_PAT}}
sparse-checkout: |
k8s/siren-services/${{ env.SERVICE_NAME }}/${{ needs.prepare-env.outputs.ENV }}-values.yaml
sparse-checkout-cone-mode: false

- name: Rename values.yaml for Helm
shell: bash
run: |
cp k8s/siren-services/${{ env.SERVICE_NAME }}/${{ needs.prepare-env.outputs.ENV }}-values.yaml ./values.yaml
cat ./values.yaml

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets[env.AWS_ROLE] }}
role-to-assume: arn:aws:iam::${{ vars[env.AWS_ACCOUNT_ID] }}:role/github-actions
aws-region: ${{ env.AWS_REGION }}

- name: Amazon ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.7.0
- name: Deploy to Kubernetes
shell: bash
run: |
aws eks update-kubeconfig --name ${{ needs.prepare-env.outputs.K8S_CLUSTER }}
aws ecr get-login-password --region ${{ env.AWS_REGION }} | helm registry login --username AWS --password-stdin ${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com

- name: Check if image tag exists in ECR
id: check-image-existence
run: |
if aws ecr describe-images --repository-name "${{ env.ECR_REPOSITORY }}" --region "${{ env.AWS_REGION }}" --image-ids imageTag="${{ env.IMAGE_TAG }}" 2>&1 | grep -q "imageTag"; then
echo "Image tag $IMAGE_TAG exists in ECR"
else
echo "Error: Image tag $IMAGE_TAG does not exist in ECR"
exit 1
fi
# Construct base Helm command
HELM_CMD="helm upgrade --install ${{ env.SERVICE_NAME }} oci://${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.HELM_CHART_NAME }} \
--namespace ${{ needs.prepare-env.outputs.ENV }} \
--values values.yaml \
--set default.image.repository='${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY }}' \
--set default.image.tag='${{ github.event.inputs.tag }}'"

- name: Deploy backend
id: deploy_backend
uses: ./.github/actions/deploy-ecs
env:
APP_IMAGE: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
with:
aws-region : ${{ env.AWS_REGION }}
aws-role: ${{ secrets[env.AWS_ROLE] }}
task-definition: ${{ env.TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
ecs-service: ${{ env.ECS_SERVICE }}
ecs-cluster: ${{ env.ECS_CLUSTER }}
image: ${{ env.APP_IMAGE }}
# Run the Helm command
echo "Running: $HELM_CMD"
eval $HELM_CMD
115 changes: 61 additions & 54 deletions .github/workflows/cd-ui.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,15 @@ on:
required: true
type: string
description: Provide tag (Eg:v3.14.0)

permissions:
id-token: write
contents: write
packages: read
actions: read
env:
SERVICE_NAME: conductor-ui
AWS_REGION: "ap-south-1"
HELM_CHART_NAME: "application-helm-chart"

jobs:
prepare-env:
Expand All @@ -29,13 +34,12 @@ jobs:
AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }}
ENV: ${{ steps.vars.outputs.ENV }}
PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }}
ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }}
ECS_SERVICE: ${{ steps.set_env.outputs.ECS_SERVICE }}
TASK_DEFINITION: ${{ steps.set_env.outputs.TASK_DEFINITION }}
CONTAINER_NAME: ${{ steps.set_env.outputs.CONTAINER_NAME }}
K8S_CLUSTER: ${{ steps.vars.outputs.K8S_CLUSTER }}
ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }}
ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }}
SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }}

AWS_ACCOUNT_ID: ${{ steps.vars.outputs.AWS_ACCOUNT_ID}}

steps:
- id: vars
shell: bash
Expand All @@ -44,7 +48,7 @@ jobs:
ENV=${{ github.event.inputs.environment }}
IMAGE_TAG=${{ github.event.inputs.tag }}
echo $BRANCH

if [ -z "$ENV" ]
then
case $BRANCH in
Expand All @@ -67,16 +71,22 @@ jobs:
echo "AWS_ROLE=PRD_AWS_ROLE" >> $GITHUB_OUTPUT
echo "PROJECT_PREFIX=sirn-prd-mb" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=PRD_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "AWS_ACCOUNT_ID=PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "K8S_CLUSTER=sirn-prd-mb-prime" >> $GITHUB_OUTPUT
elif [ $ENV == 'stg' ]
then
echo "AWS_ROLE=STG_AWS_ROLE" >> $GITHUB_OUTPUT
echo "PROJECT_PREFIX=sirn-stg-mb" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "K8S_CLUSTER=sirn-dev-mb-prime" >> $GITHUB_OUTPUT
elif [ $ENV == 'dev' ]
then
echo "AWS_ROLE=DEV_AWS_ROLE" >> $GITHUB_OUTPUT
echo "PROJECT_PREFIX=sirn-dev-mb" >> $GITHUB_OUTPUT
echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT
echo "AWS_ACCOUNT_ID=NON_PRD_AWS_ACCOUNT_ID" >> $GITHUB_OUTPUT
echo "K8S_CLUSTER=sirn-dev-mb-prime" >> $GITHUB_OUTPUT
else
echo "Branch not configured!"
exit 1
Expand All @@ -88,68 +98,65 @@ jobs:
id: set_env
run: |
PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }}
echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster" >> $GITHUB_OUTPUT
echo "ECS_SERVICE=$PROJECT_PREFIX-svc-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "TASK_DEFINITION=$PROJECT_PREFIX-td-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "CONTAINER_NAME=$PROJECT_PREFIX-cntr-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment" >> $GITHUB_OUTPUT
echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY

echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-conductor-ui" >> $GITHUB_OUTPUT

# Deploy Conductor UI Image to ECS
deploy-ui-image:
name: Deploy UI Image
runs-on: 'ubuntu-latest'
timeout-minutes: 20
deploy-to-k8s:
name: Deploy to k8s
runs-on: ubuntu-latest
container:
image: public.ecr.aws/kvsiren-dev/pipeline/helm-deploy:latest
timeout-minutes: 15
permissions:
id-token: write
pull-requests: write
contents: read
needs: prepare-env
needs:
- prepare-env
env:
AWS_ROLE: ${{ needs.prepare-env.outputs.AWS_ROLE }}
ENV: ${{ needs.prepare-env.outputs.ENV }}
PROJECT_PREFIX: ${{needs.prepare-env.outputs.PROJECT_PREFIX}}
ECR_REPOSITORY: ${{needs.prepare-env.outputs.ECR_REPOSITORY}}
IMAGE_TAG: ${{ github.event.inputs.tag }}
ECS_CLUSTER: ${{ needs.prepare-env.outputs.ECS_CLUSTER }}
ECS_SERVICE: ${{ needs.prepare-env.outputs.ECS_SERVICE }}
TASK_DEFINITION: ${{ needs.prepare-env.outputs.TASK_DEFINITION }}
CONTAINER_NAME: ${{ needs.prepare-env.outputs.CONTAINER_NAME }}

AWS_ACCOUNT_ID: ${{ needs.prepare-env.outputs.AWS_ACCOUNT_ID }}
ECR_REPOSITORY: ${{ needs.prepare-env.outputs.ECR_REPOSITORY }}
steps:
- name: Checkout code from action
uses: actions/checkout@v2

- name: Checkout values.yaml from siren-infra
uses: actions/checkout@v4
with:
repository: KeyvalueSoftwareSystems/siren-infra
ref: main
token: ${{secrets.SIREN_PAT}}
sparse-checkout: |
k8s/siren-services/${{ env.SERVICE_NAME }}/${{ needs.prepare-env.outputs.ENV }}-values.yaml
sparse-checkout-cone-mode: false

- name: Rename values.yaml for Helm
shell: bash
run: |
cp k8s/siren-services/${{ env.SERVICE_NAME }}/${{ needs.prepare-env.outputs.ENV }}-values.yaml ./values.yaml
cat ./values.yaml

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets[env.AWS_ROLE] }}
role-to-assume: arn:aws:iam::${{ vars[env.AWS_ACCOUNT_ID] }}:role/github-actions
aws-region: ${{ env.AWS_REGION }}

- name: Amazon ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.7.0
- name: Deploy to Kubernetes
shell: bash
run: |
aws eks update-kubeconfig --name ${{ needs.prepare-env.outputs.K8S_CLUSTER }}
aws ecr get-login-password --region ${{ env.AWS_REGION }} | helm registry login --username AWS --password-stdin ${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com

- name: Check if image tag exists in ECR
id: check-image-existence
run: |
if aws ecr describe-images --repository-name "${{ env.ECR_REPOSITORY }}" --region "${{ env.AWS_REGION }}" --image-ids imageTag="${{ env.IMAGE_TAG }}" 2>&1 | grep -q "imageTag"; then
echo "Image tag $IMAGE_TAG exists in ECR"
else
echo "Error: Image tag $IMAGE_TAG does not exist in ECR"
exit 1
fi
# Construct base Helm command
HELM_CMD="helm upgrade --install ${{ env.SERVICE_NAME }} oci://${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.HELM_CHART_NAME }} \
--namespace ${{ needs.prepare-env.outputs.ENV }} \
--values values.yaml \
--set default.image.repository='${{ vars[env.AWS_ACCOUNT_ID] }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY }}' \
--set default.image.tag='${{ github.event.inputs.tag }}'"

- name: Deploy backend
id: deploy_backend
uses: ./.github/actions/deploy-ecs
env:
APP_IMAGE: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}
with:
aws-region : ${{ env.AWS_REGION }}
aws-role: ${{ secrets[env.AWS_ROLE] }}
task-definition: ${{ env.TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
ecs-service: ${{ env.ECS_SERVICE }}
ecs-cluster: ${{ env.ECS_CLUSTER }}
image: ${{ env.APP_IMAGE }}
# Run the Helm command
echo "Running: $HELM_CMD"
eval $HELM_CMD
6 changes: 0 additions & 6 deletions .github/workflows/ci-server-.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ jobs:
AWS_ROLE: ${{ steps.vars.outputs.AWS_ROLE }}
ENV: ${{ steps.vars.outputs.ENV }}
PROJECT_PREFIX: ${{ steps.vars.outputs.PROJECT_PREFIX }}
ECS_CLUSTER: ${{ steps.set_env.outputs.ECS_CLUSTER }}
ECR_REPOSITORY: ${{ steps.set_env.outputs.ECR_REPOSITORY }}
ENVIRONMENT_BUCKET: ${{ steps.set_env.outputs.ENVIRONMENT_BUCKET }}
SLACK_WEBHOOK_URL: ${{ steps.vars.outputs.SLACK_WEBHOOK_URL }}
Expand Down Expand Up @@ -88,7 +87,6 @@ jobs:
id: set_env
run: |
PROJECT_PREFIX=${{ steps.vars.outputs.PROJECT_PREFIX }}
echo "ECS_CLUSTER=$PROJECT_PREFIX-ecs-cluster" >> $GITHUB_OUTPUT
echo "ECR_REPOSITORY=$PROJECT_PREFIX-ecr-$SERVICE_NAME" >> $GITHUB_OUTPUT
echo "ENVIRONMENT_BUCKET=$PROJECT_PREFIX-s3-environment" >> $GITHUB_OUTPUT
echo ":seedling: Branch:${GITHUB_REF#refs/heads/}" >> $GITHUB_STEP_SUMMARY
Expand Down Expand Up @@ -133,10 +131,6 @@ jobs:
role-to-assume: ${{ secrets[env.AWS_ROLE] }}
aws-region: ${{ env.AWS_REGION }}

- name: Download S3 file
run: |
aws s3 cp s3://${PROJECT_PREFIX}-s3-environment/conductor-server/conductor-server.properties ./docker/server/config/conductor-server.properties

- name: Amazon ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1.7.0
Expand Down
Loading
Loading