-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (137 loc) · 6.18 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Provision environment
run-name: Provision ${{ github.event.inputs.environment }}
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Machine to provision
default: qa
required: true
options:
- staging
- qa
- production
branch_name:
description: Branch to provision from
default: develop
required: true
jobs:
provision:
environment: ${{ github.event.inputs.environment }}
runs-on: ubuntu-20.04
outputs:
outcome: ${{ steps.deploy.outcome }}
timeout-minutes: 60
strategy:
matrix:
node-version: [16.20.0]
steps:
- name: Clone country config resource package
uses: actions/checkout@v3
with:
fetch-depth: 0
path: './${{ github.event.repository.name }}'
- name: Set environment type ENV_TYPE
run: |
if [ "${{ github.event.inputs.environment }}" == "production" ]; then
echo "ENV_TYPE=production" >> "$GITHUB_ENV"
else
echo "ENV_TYPE=qa" >> "$GITHUB_ENV"
fi
#
# Uncomment if using VPN
#
#- name: Install openconnect ppa
# run: sudo add-apt-repository ppa:dwmw2/openconnect -y && sudo apt update
#- name: Install openconnect
# run: sudo apt install -y openconnect
#- name: Connect to VPN
# run: |
# echo "${{ secrets.VPN_PWD }}" | sudo openconnect -u ${{ secrets.VPN_USER }} --passwd-on-stdin --protocol=${{ secrets.VPN_PROTOCOL }} ${{ secrets.VPN_HOST }}:${{ secrets.VPN_PORT }} --servercert ${{ secrets.VPN_SERVERCERT }} --background
#- name: Test if IP is reachable
# run: |
# ping -c4 ${{ secrets.SSH_HOST }}
- name: Set variables for ansible in production environments
id: ansible-production-variables
if: env.ENV_TYPE == 'production'
run: |
JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(env) }}
EOF)
JSON_WITHOUT_NEWLINES=$(echo $JSON_WITH_NEWLINES | jq -R -c .)
echo "EXTRA_VARS=$JSON_WITHOUT_NEWLINES" >> $GITHUB_OUTPUT
env:
encrypted_disk_size: ${{ vars.DISK_SPACE }}
disk_encryption_key: ${{ secrets.ENCRYPTION_KEY }}
dockerhub_username: ${{ secrets.DOCKER_USERNAME }}
dockerhub_password: ${{ secrets.DOCKER_TOKEN }}
mongodb_admin_username: ${{ secrets.MONGODB_ADMIN_USER }}
mongodb_admin_password: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
elasticsearch_superuser_password: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
external_backup_server_remote_directory: ${{ vars.BACKUP_DIRECTORY }}
external_backup_server_user: ${{ secrets.SSH_USER }}
external_backup_server_ssh_port: 22
external_backup_server_ip: ${{ secrets.BACKUP_HOST }}
manager_production_server_ip: ${{ secrets.SSH_HOST }}
ansible_user: ${{ secrets.SSH_USER }}
# ansible_sudo_pass: ${{ secrets.SUDO_PASSWORD }} in case your user is not root
- name: Set variables for ansible in qa environments
id: ansible-variables
if: env.ENV_TYPE == 'qa'
run: |
JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(env) }}
EOF)
JSON_WITHOUT_NEWLINES=$(echo $JSON_WITH_NEWLINES | jq -R -c .)
echo "EXTRA_VARS=$JSON_WITHOUT_NEWLINES" >> $GITHUB_OUTPUT
env:
encrypted_disk_size: ${{ vars.DISK_SPACE }}
disk_encryption_key: ${{ secrets.ENCRYPTION_KEY }}
dockerhub_username: ${{ secrets.DOCKER_USERNAME }}
dockerhub_password: ${{ secrets.DOCKER_TOKEN }}
mongodb_admin_username: ${{ secrets.MONGODB_ADMIN_USER }}
mongodb_admin_password: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
elasticsearch_superuser_password: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
# ansible_sudo_pass: ${{ secrets.SUDO_PASSWORD }} in case your user is not root
# TODO: Iterate for 3 or 5 replicas
- name: Create ini file for 1 replica
id: ini-file
run: |
touch ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
echo "[docker-manager-first]" > ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
echo "manager1 ansible_host=\"${{ secrets.SSH_HOST }}\" ansible_user=${{ secrets.SSH_USER }} ansible_ssh_private_key_file=/tmp/server.pem" >> ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
echo "" >> ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
echo "[all:vars]" >> ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
echo "data1_hostname=${{ vars.HOSTNAME }}" >> ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
- name: Check ini content
run: |
cat ${{ github.event.repository.name }}/infrastructure/server-setup/replicas-1.ini
- name: Run playbook on 1 replica in qa
uses: dawidd6/action-ansible-playbook@v2
if: vars.REPLICAS == 1 && env.ENV_TYPE == 'qa'
env:
ANSIBLE_PERSISTENT_COMMAND_TIMEOUT: 30
ANSIBLE_SSH_TIMEOUT: 30
ANSIBLE_SSH_RETRIES: 20
with:
playbook: playbook-1.yml
directory: ${{ github.event.repository.name }}/infrastructure/server-setup
options: |
--verbose
--inventory replicas-1.ini
--extra-vars ""${{ steps.ansible-variables.outputs.EXTRA_VARS }}""
- name: Run playbook on 1 replica in production
uses: dawidd6/action-ansible-playbook@v2
if: vars.REPLICAS == 1 && env.ENV_TYPE == 'production'
env:
ANSIBLE_PERSISTENT_COMMAND_TIMEOUT: 30
ANSIBLE_SSH_TIMEOUT: 30
ANSIBLE_SSH_RETRIES: 20
with:
playbook: playbook-1.yml
directory: ${{ github.event.repository.name }}/infrastructure/server-setup
options: |
--verbose
--inventory replicas-1.ini
--extra-vars ""${{ steps.ansible-production-variables.outputs.EXTRA_VARS }}""