-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(workflow): integrate with workflow identity pool (#4945)
* feat(workflows): add wif workflow * feat(workflows): add name of compute instance * feat(workflows): fix permissions * feat(workflows): add an OR true since github runs with -e * ci(testing-deployment): include GITHUB envs * ci(testing-deployment): move GCP information to secrets * ci(staging-deployment): wif workflow --------- Co-authored-by: Prashant Shahi <[email protected]>
- Loading branch information
1 parent
211fe4f
commit 7460e65
Showing
2 changed files
with
80 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,34 +9,46 @@ jobs: | |
name: Deploy latest develop branch to staging | ||
runs-on: ubuntu-latest | ||
environment: staging | ||
permissions: | ||
contents: 'read' | ||
id-token: 'write' | ||
steps: | ||
- name: Executing remote ssh commands using ssh key | ||
uses: appleboy/[email protected] | ||
- id: 'auth' | ||
uses: 'google-github-actions/auth@v2' | ||
with: | ||
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | ||
|
||
- name: 'sdk' | ||
uses: 'google-github-actions/setup-gcloud@v2' | ||
|
||
- name: 'ssh' | ||
shell: bash | ||
env: | ||
GITHUB_BRANCH: develop | ||
GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }} | ||
GITHUB_SHA: ${{ github.sha }} | ||
with: | ||
host: ${{ secrets.HOST_DNS }} | ||
username: ${{ secrets.USERNAME }} | ||
key: ${{ secrets.SSH_KEY }} | ||
envs: GITHUB_BRANCH,GITHUB_SHA | ||
command_timeout: 60m | ||
script: | | ||
echo "GITHUB_BRANCH: ${GITHUB_BRANCH}" | ||
echo "GITHUB_SHA: ${GITHUB_SHA}" | ||
export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it | ||
export OTELCOL_TAG="main" | ||
export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work | ||
docker system prune --force | ||
docker pull signoz/signoz-otel-collector:main | ||
docker pull signoz/signoz-schema-migrator:main | ||
cd ~/signoz | ||
git status | ||
git add . | ||
git stash push -m "stashed on $(date --iso-8601=seconds)" | ||
git fetch origin | ||
git checkout ${GITHUB_BRANCH} | ||
git pull | ||
make build-ee-query-service-amd64 | ||
make build-frontend-amd64 | ||
make run-signoz | ||
GCP_PROJECT: ${{ secrets.GCP_PROJECT }} | ||
GCP_ZONE: ${{ secrets.GCP_ZONE }} | ||
GCP_INSTANCE: ${{ secrets.GCP_INSTANCE }} | ||
run: | | ||
read -r -d '' COMMAND <<EOF || true | ||
echo "GITHUB_BRANCH: ${GITHUB_BRANCH}" | ||
echo "GITHUB_SHA: ${GITHUB_SHA}" | ||
export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it | ||
export OTELCOL_TAG="main" | ||
export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work | ||
docker system prune --force | ||
docker pull signoz/signoz-otel-collector:main | ||
docker pull signoz/signoz-schema-migrator:main | ||
cd ~/signoz | ||
git status | ||
git add . | ||
git stash push -m "stashed on $(date --iso-8601=seconds)" | ||
git fetch origin | ||
git checkout ${GITHUB_BRANCH} | ||
git pull | ||
make build-ee-query-service-amd64 | ||
make build-frontend-amd64 | ||
make run-signoz | ||
EOF | ||
gcloud compute ssh ${GCP_INSTANCE} --zone ${GCP_ZONE} --tunnel-through-iap --project ${GCP_PROJECT} --command "${COMMAND}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,35 +9,47 @@ jobs: | |
runs-on: ubuntu-latest | ||
environment: testing | ||
if: ${{ github.event.label.name == 'testing-deploy' }} | ||
permissions: | ||
contents: 'read' | ||
id-token: 'write' | ||
steps: | ||
- name: Executing remote ssh commands using ssh key | ||
uses: appleboy/[email protected] | ||
- id: 'auth' | ||
uses: 'google-github-actions/auth@v2' | ||
with: | ||
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | ||
|
||
- name: 'sdk' | ||
uses: 'google-github-actions/setup-gcloud@v2' | ||
|
||
- name: 'ssh' | ||
shell: bash | ||
env: | ||
GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }} | ||
GITHUB_SHA: ${{ github.sha }} | ||
with: | ||
host: ${{ secrets.HOST_DNS }} | ||
username: ${{ secrets.USERNAME }} | ||
key: ${{ secrets.SSH_KEY }} | ||
envs: GITHUB_BRANCH,GITHUB_SHA | ||
command_timeout: 60m | ||
script: | | ||
echo "GITHUB_BRANCH: ${GITHUB_BRANCH}" | ||
echo "GITHUB_SHA: ${GITHUB_SHA}" | ||
export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it | ||
export DEV_BUILD="1" | ||
export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work | ||
docker system prune --force | ||
cd ~/signoz | ||
git status | ||
git add . | ||
git stash push -m "stashed on $(date --iso-8601=seconds)" | ||
git fetch origin | ||
git checkout develop | ||
git pull | ||
# This is added to include the scenerio when new commit in PR is force-pushed | ||
git branch -D ${GITHUB_BRANCH} | ||
git checkout --track origin/${GITHUB_BRANCH} | ||
make build-ee-query-service-amd64 | ||
make build-frontend-amd64 | ||
make run-signoz | ||
GCP_PROJECT: ${{ secrets.GCP_PROJECT }} | ||
GCP_ZONE: ${{ secrets.GCP_ZONE }} | ||
GCP_INSTANCE: ${{ secrets.GCP_INSTANCE }} | ||
run: | | ||
read -r -d '' COMMAND <<EOF || true | ||
echo "GITHUB_BRANCH: ${GITHUB_BRANCH}" | ||
echo "GITHUB_SHA: ${GITHUB_SHA}" | ||
export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it | ||
export DEV_BUILD="1" | ||
export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work | ||
docker system prune --force | ||
cd ~/signoz | ||
git status | ||
git add . | ||
git stash push -m "stashed on $(date --iso-8601=seconds)" | ||
git fetch origin | ||
git checkout develop | ||
git pull | ||
# This is added to include the scenerio when new commit in PR is force-pushed | ||
git branch -D ${GITHUB_BRANCH} | ||
git checkout --track origin/${GITHUB_BRANCH} | ||
make build-ee-query-service-amd64 | ||
make build-frontend-amd64 | ||
make run-signoz | ||
EOF | ||
gcloud compute ssh ${GCP_INSTANCE} --zone ${GCP_ZONE} --tunnel-through-iap --project ${GCP_PROJECT} --command "${COMMAND}" |