forked from EGI-Federation/fedcloud-catchall-operations
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.sh
executable file
·114 lines (100 loc) · 3.05 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/sh
# Configure current host with ansible
# Expects as arguments:
# - a GitHub OAUTH_TOKEN to update the PR
# - the COMMIT_SHA
# - a locker for fedcloud secret to obtain the secrets
# - tags for the ansible configuration
# - the SHORT_SHA used for pulling the docker image to use
# - a SLACK_WEBHOOK_URL to report on the status
set -e
OAUTH_TOKEN="$1"
COMMIT_SHA="$2"
FEDCLOUD_SECRET_LOCKER="$3"
TAGS="$4"
SHORT_SHA="$5"
SLACK_WEBHOOK_URL="$6"
# create a virtual env for fedcloudclient
python3 -m venv "$PWD/.venv"
"$PWD/.venv/bin/pip" install fedcloudclient
TMP_SECRETS="$(mktemp)"
"$PWD/.venv/bin/fedcloud" secret get --locker-token "$FEDCLOUD_SECRET_LOCKER" \
deploy data >"$TMP_SECRETS" && mv "$TMP_SECRETS" secrets.yaml
cat >>extra-vars.yaml <<EOF
cloud_info_image: "ghcr.io/egi-federation/fedcloud-cloud-info:sha-$SHORT_SHA"
image_sync_image: "ghcr.io/egi-federation/fedcloud-image-sync:sha-$SHORT_SHA"
site_config_dir: "$(readlink -f ../sites)"
EOF
# Configure!
if ansible-playbook -i inventory.yaml \
--extra-vars @secrets.yaml \
--extra-vars @extra-vars.yaml \
--tags "$TAGS" \
playbook.yaml >ansible.log 2>&1; then
status_summary="success"
color="#6DBF59"
header="Successful deployment :rocket:"
else
status_summary="fail"
color="#EA4F47"
header="Failed deployment :boom:"
fi
# This is a temporary way to get the auto discovery working while we transition for all sites
# copy the secrets to the /etc/egi/vos dir which is readable from the containers
cp secrets.yaml /etc/egi/vos/secrets.yaml
# make sure the container user (1999) can access the files
chown -R 1999:1999 /etc/egi/
GITHUB_COMMIT_URL="https://api.github.com/repos/EGI-Federation/fedcloud-catchall-operations/commits/$COMMIT_SHA/pulls"
# Find out PR we need to update
ISSUE_NUMBER=$(curl \
-H "Accept: application/vnd.github.groot-preview+json" \
"$GITHUB_COMMIT_URL" | jq .[0].number)
GITHUB_ISSUE_URL="https://api.github.com/repos/EGI-Federation/fedcloud-catchall-operations/issues/$ISSUE_NUMBER/comments"
{
echo "### Ansible deployment: \`$status_summary\`"
echo '<details><summary>Deployment log</summary>'
echo
echo '```'
cat ansible.log
echo '```'
echo
echo '</details>'
} >github_body.txt
echo "{}" | jq --arg b "$(cat github_body.txt)" '{body: $b}' >github_body.json
# Let GitHub know
comment_url=$(curl -X POST \
-H "Authorization: token $OAUTH_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"$GITHUB_ISSUE_URL" \
--data @github_body.json |
jq -r .html_url)
cat >slack_body.json <<EOF
{
"attachments": [
{
"color": "$color",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "$header",
"emoji": true
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "fedcloud-catchall deployment was completed for <$comment_url| PR \`#$ISSUE_NUMBER\`> "
}
}
]
}
]
}
EOF
# Let Slack know
curl -X POST -H 'Content-type: application/json' \
--data @slack_body.json \
"$SLACK_WEBHOOK_URL"