diff --git a/.github/workflows/deploy-production.yaml b/.github/workflows/deploy-production.yaml deleted file mode 100644 index 9e66203..0000000 --- a/.github/workflows/deploy-production.yaml +++ /dev/null @@ -1,124 +0,0 @@ -name: Deploy production - -on: - push: - branches: - - add-charm - -env: - CHARMCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true - ROCKCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true - -jobs: - pack-charm: - runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Setup LXD - uses: canonical/setup-lxd@main - - - name: Setup Charmcraft - run: sudo snap install charmcraft --classic --channel=latest/edge - - - name: Pack charm - run: charmcraft pack -v --project-dir ./charm - - - name: Upload charm - uses: actions/upload-artifact@v4 - with: - name: cs-canonical-com-charm - path: ./*.charm - - pack-rock: - runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Use Node.js - uses: actions/setup-node@v3 - - - name: Build Assets - run: | - yarn install - yarn run build - - - name: Setup LXD - uses: canonical/setup-lxd@main - - - name: Create repositories directory - run: | - mkdir -p repositories - mkdir -p tree-cache - - - name: Setup Rockcraft - run: sudo snap install rockcraft --classic --channel=latest/edge - - - name: Pack Rock - run: rockcraft pack - - - name: Upload Rock - uses: actions/upload-artifact@v4 - with: - name: cs-canonical-com-rock - path: ./*.rock - - publish-image: - runs-on: ubuntu-latest - needs: pack-rock - outputs: - image_url: ${{ steps.set_image_url.outputs.image_url }} - steps: - - name: Get Rock - uses: actions/download-artifact@v4 - with: - name: cs-canonical-com-rock - - - name: Set image URL - id: set_image_url - run: echo "image_url=ghcr.io/canonical/cs.canonical.com:$(date +%s)-${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT - - - name: Push to GHCR - run: skopeo --insecure-policy copy oci-archive:$(ls *.rock) docker://${{ steps.set_image_url.outputs.image_url }} --dest-creds "canonical:${{ secrets.GITHUB_TOKEN }}" - - deploy-production: - runs-on: [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium] - needs: [pack-charm, publish-image] - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Install Dependencies - run: | - sudo snap install juju --channel=3.6/stable --classic - sudo snap install vault --classic - - - name: Download Charm Artifact - uses: actions/download-artifact@v4 - with: - name: cs-canonical-com-charm - - - name: Configure Vault and Juju - run: | - export VAULT_ADDR=https://vault.admin.canonical.com:8200 - export TF_VAR_login_approle_role_id=${{ secrets.PROD_VAULT_APPROLE_ROLE_ID }} - export TF_VAR_login_approle_secret_id=${{ secrets.PROD_VAULT_APPROLE_SECRET_ID }} - export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/prod-cs-canonical-com - export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common - VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id=${TF_VAR_login_approle_role_id} secret_id=${TF_VAR_login_approle_secret_id}) - export VAULT_TOKEN - mkdir -p ~/.local/share/juju - vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/juju-controller-36-staging-ps6" | base64 -d > ~/.local/share/juju/controllers.yaml - USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju") - PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju") - printf "controllers:\n juju-controller-36-staging-ps6:\n user: %s\n password: %s\n" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml - - - name: Deploy Application to production - run: | - export JUJU_MODEL=admin/prod-cs-canonical-com - export JUJU_CONTROLLER=juju-controller-36-production-ps6 - juju switch $JUJU_CONTROLLER - juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }} - juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")' diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index ba950a9..28ccdc3 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -121,4 +121,40 @@ jobs: juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }} juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")' - \ No newline at end of file + deploy-production: + runs-on: [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium] + needs: [pack-charm, publish-image] + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Install Dependencies + run: | + sudo snap install juju --channel=3.6/stable --classic + sudo snap install vault --classic + + - name: Download Charm Artifact + uses: actions/download-artifact@v4 + with: + name: cs-canonical-com-charm + + - name: Configure Vault and Juju + run: | + export VAULT_ADDR=https://vault.admin.canonical.com:8200 + export TF_VAR_login_approle_role_id=${{ secrets.PROD_VAULT_APPROLE_ROLE_ID }} + export TF_VAR_login_approle_secret_id=${{ secrets.PROD_VAULT_APPROLE_SECRET_ID }} + export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/prod-cs-canonical-com + export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common + VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id=${TF_VAR_login_approle_role_id} secret_id=${TF_VAR_login_approle_secret_id}) + export VAULT_TOKEN + mkdir -p ~/.local/share/juju + vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/juju-controller-36-production-ps6" | base64 -d > ~/.local/share/juju/controllers.yaml + USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju") + PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju") + printf "controllers:\n juju-controller-36-production-ps6:\n user: %s\n password: %s\n" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml + + - name: Deploy Application to production + run: | + export JUJU_MODEL=admin/prod-cs-canonical-com + juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }} + juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")'