Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/sb' into prod
Browse files Browse the repository at this point in the history 
# Conflicts:
#	services/workflows-service/prisma/data-migrations
  • Loading branch information
@MatanYadaev
MatanYadaev committed Nov 20, 2024
2 parents 195805e + 8121b8d commit a120d80
Show file tree
Hide file tree
Showing 184 changed files with 2,924 additions and 1,045 deletions.
377 changes: 377 additions & 0 deletions .github/workflows/hotfix-wf-service.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,377 @@
name: Under Testing - Hotfix on workflows-service

on:
workflow_dispatch:
inputs:
environment:
type: choice
description: 'Choose Environment for Hotfix'
required: true
default: 'dev'
options:
- 'dev'
- 'sb'
- 'prod'

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/workflows-service

jobs:

build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
sha_short: ${{ steps.version.outputs.sha_short }} # short sha of the commit
image_tags: ${{ steps.docker_meta.outputs.tags }} # <short_sha>-<branch_name>, <branch_name>, latest(for prod branch only)

version: ${{ steps.bump-version.outputs.version }} # workflow-service@vX.X.X
bumped_tag: ${{ steps.bump-version.outputs.tag }} # bumped patched version X.X.X+1

docker_image: ${{ steps.docker-version.outputs.image }} # ghcr.io/ballerine-io/workflows-service
docker_tag: ${{ steps.docker-version.outputs.tag }} # <short_sha>-<branch_name>
docker_full_image: ${{ steps.docker-version.outputs.full_image }} # ghcr.io/ballerine-io/workflows-service:<short_sha>-<branch_name>

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Get tags
run: git fetch --tags origin

- name: Get version
id: version
run: |
TAG=$(git tag -l "$(echo workflow-service@)*" | sort -V -r | head -n 1)
echo "tag=$TAG"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "TAG=$TAG" >> "$GITHUB_ENV"
SHORT_SHA=$(git rev-parse --short HEAD)
echo "sha_short=$SHORT_SHA"
echo "sha_short=$SHORT_SHA" >> $GITHUB_OUTPUT
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
echo "DEV_WF_SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
- name: Bump version
id: bump-version
uses: ./.github/actions/bump-version
with:
tag: ${{ steps.version.outputs.tag }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: 'arm64,arm'

- name: Cache Docker layers
id: cache
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
restore-keys: |
${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
${{ runner.os }}-docker-
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata for Docker images
id: docker_meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=${{ github.ref_name }}
type=raw,value=dev
type=raw,value=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'prod') }}
type=sha,format=short
- name: Docker metadata version
id: docker-version
run: |
DOCKER_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
DOCKER_TAG=${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
DOCKER_FULL_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.sha_short }}-${{ github.ref_name }}
echo "DOCKER_IMAGE=$DOCKER_IMAGE"
echo "DOCKER_TAG=$DOCKER_TAG"
echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE"
echo "image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
echo "tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
echo "full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT
- name: Print docker version outputs
run: |
echo "Metadata: ${{ steps.docker_meta.outputs.tags }}"
echo "sha_short: ${{ steps.version.outputs.sha_short }}"
echo "docker_meta-tags: ${{ steps.docker_meta.outputs.tags }}"
echo "bump-version-version: ${{ steps.bump-version.outputs.version }}"
echo "bump-version-tag: ${{ steps.bump-version.outputs.tag }}"
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: services/workflows-service
platforms: linux/amd64
push: true
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
tags: ${{ steps.docker_meta.outputs.tags }}
build-args: |
"RELEASE=${{ steps.bump-version.outputs.tag }}"
"SHORT_SHA=${{ steps.version.outputs.sha_short }}"
- name: Scan Docker Image
uses: aquasecurity/trivy-action@master
continue-on-error: true
with:
cache-dir:
image-ref: ${{ steps.docker-version.outputs.full_image }}
format: 'table'
ignore-unfixed: true
exit-code: 1
trivyignores: ./.trivyignore
vuln-type: 'os,library'
severity: 'CRITICAL'

build-and-push-ee-image:
runs-on: ubuntu-latest
needs: build-and-push-image
outputs:
SUBMODULE_SHORT_HASH: ${{ steps.lastcommit.outputs.shorthash }} # short sha of the commit
docker_tag: ${{ steps.docker-version.outputs.wf_m_tag }}

permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: 'recursive'
token: ${{ secrets.SUBMODULES_TOKEN }}

- name: Cache Docker layers
id: cache
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
restore-keys: |
${{ runner.os }}-docker-${{ hashFiles('**/Dockerfile') }}
${{ runner.os }}-docker-
- name: Checkout wf-data-migration
uses: actions/checkout@v4
with:
repository: ballerine-io/wf-data-migration
token: ${{ secrets.SUBMODULES_TOKEN }}
ref: ${{ inputs.environment }}
fetch-depth: 1
path: services/workflows-service/prisma/data-migrations

- name: Get Latest Commit ID
id: lastcommit
uses: nmbgeek/github-action-get-latest-commit@main
with:
owner: ${{ github.repository_owner }}
token: ${{ secrets.SUBMODULES_TOKEN }}
repo: wf-data-migration
branch: ${{ inputs.environment }}

- name: Set Commit Id as Env
run: echo "SUBMODULE_SHORT_HASH=${{ steps.lastcommit.outputs.shorthash }}" >> $GITHUB_ENV

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: 'arm64,arm'

- name: Log in to the container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata for ee Docker images
id: eemeta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{needs.build-and-push-image.outputs.docker_image}}-ee
tags: |
type=raw,value=${{ inputs.environment }}
type=raw,value=${{ needs.build-and-push-image.outputs.sha_short }}-${{ steps.lastcommit.outputs.shorthash }}-${{ inputs.environment }}
type=sha,format=short
- name: Docker metadata version
id: docker-version
run: |
DOCKER_IMAGE=${{needs.build-and-push-image.outputs.docker_image}}-ee
DOCKER_TAG=${{ needs.build-and-push-image.outputs.sha_short }}-${{ steps.lastcommit.outputs.shorthash }}-${{ inputs.environment }}
DOCKER_FULL_IMAGE=$DOCKER_IMAGE:$DOCKER_TAG
echo "DOCKER_IMAGE=$DOCKER_IMAGE"
echo "DOCKER_TAG=$DOCKER_TAG"
echo "DOCKER_FULL_IMAGE=$DOCKER_FULL_IMAGE"
echo "wf_m_image=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
echo "wf_m_tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
echo "wf_m_full_image=$DOCKER_FULL_IMAGE" >> $GITHUB_OUTPUT
- name: Build and push ee Docker image
uses: docker/build-push-action@v5
with:
context: services/workflows-service
file: services/workflows-service/Dockerfile.ee
platforms: linux/amd64
push: true
cache-from: type=local,src=/tmp/.buildx-cache
tags: ${{ steps.eemeta.outputs.tags }}
build-args: |
"BASE_IMAGE=${{needs.build-and-push-image.outputs.docker_full_image}}"
"RELEASE=${{ needs.build-and-push-image.outputs.bumped_tag }}"
"SHORT_SHA=${{ needs.build-and-push-image.outputs.sha_short }}"
update-helm-chart:
runs-on: ubuntu-latest
needs: [build-and-push-ee-image,build-and-push-image]
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Checkout cloud-infra-config repository
uses: actions/checkout@v4
with:
repository: ballerine-io/cloud-infra-config
token: ${{ secrets.GIT_TOKEN }}
ref: main
fetch-depth: 1
sparse-checkout: |
kubernetes/helm/wf-service
sparse-checkout-cone-mode: true
- name: Check if values yaml file exists
id: update_helm_check
shell: bash
run: |
if [ -f "kubernetes/helm/wf-service/${{ inputs.environment }}-custom-values.yaml" ]; then
echo "file_name=${{ inputs.environment }}-custom-values.yaml" >> "$GITHUB_OUTPUT"
echo ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
else
echo "file_name=dev-custom-values.yaml" >> "$GITHUB_OUTPUT"
echo ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}
fi
- name: Update workflow-service image version in the HelmChart
uses: fjogeleit/yaml-update-action@main
with:
repository: ballerine-io/cloud-infra-config
branch: main
commitChange: true
message: "Performed HotFix to ${{ inputs.environment }} wf-service image Version to ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} - (Commit hash: ${{ github.sha }}, commit message: ${{ github.event.head_commit.message }})"
token: ${{ secrets.GIT_TOKEN }}
changes: |
{
"kubernetes/helm/wf-service/${{steps.update_helm_check.outputs.file_name}}": {
"image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
"prismaMigrate.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
"dbMigrate.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}",
"dataSync.image.tag": "${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }}"
}
}
send-to-slack:
runs-on: ubuntu-latest
needs: [update-helm-chart,build-and-push-ee-image,build-and-push-image]
if: ${{ needs.update-helm-chart.result == 'success' }}
permissions:
contents: read
packages: write

steps:
- name: Send alert to Slack channel
id: slack
uses: slackapi/slack-github-action@v1.26.0
with:
channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}'
slack-message: "Hotfix on Wf-service Deployment in ${{ inputs.environment }} with tag ${{ needs.build-and-push-image.outputs.sha_short }}-${{ needs.build-and-push-ee-image.outputs.SUBMODULE_SHORT_HASH }}-${{ inputs.environment }} build result: ${{ job.status }}. successfully updated the hotfix on wf-service helm values for ${{ inputs.environment }}."
env:
SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}

release:
runs-on: ubuntu-latest
needs: [build-and-push-image,update-helm-chart]
if: ${{ needs.update-helm-chart.result=='success' }} && (startsWith(github.ref, 'refs/heads/prod') || startsWith(github.ref, 'refs/heads/dev') || startsWith(github.ref, 'refs/heads/sb') || github.event.inputs.environment == 'dev')
env:
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Release
run: |
if [ "${{ inputs.environment }}" == "dev" ]; then
suffix="-dev-${{ needs.build-and-push-image.outputs.sha_short }}"
else
suffix=""
fi
prefix="hotfix-"
gh release create ${prefix}${{ needs.build-and-push-image.outputs.version }}${suffix} --notes-start-tag ${{ needs.build-and-push-image.outputs.bumped_tag }}
sentry:
runs-on: ubuntu-latest
needs: [release,build-and-push-image]
env:
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout
uses: actions/checkout@v4

# TODO: add caching for docker_full_image which build previously

- name: Run Container and Copy File
run: |
id=$(docker run --rm --name tmp -d ${{ needs.build-and-push-image.outputs.docker_full_image }} tail -f /dev/null)
mkdir -p ./dist
docker cp $id:/app/dist/ ./dist
curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION="2.31.0" bash
sentry-cli releases new "${{needs.build-and-push-image.outputs.version}}"
echo "sentry-cli releases new ${{needs.build-and-push-image.outputs.version}}"
sentry-cli releases set-commits "${{needs.build-and-push-image.outputs.version}}" --auto --ignore-missing
echo "sentry-cli releases set-commits ${{needs.build-and-push-image.outputs.version}} --auto --ignore-missing"
sentry-cli sourcemaps upload --dist="${{needs.build-and-push-image.outputs.sha_short}}" --release="${{needs.build-and-push-image.outputs.version}}" ./dist
echo "sentry-cli sourcemaps upload --dist=${{needs.build-and-push-image.outputs.sha_short}} --release=${{needs.build-and-push-image.outputs.version}} ./dist"
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.WF_SENTRY_PROJECT }}
11 changes: 11 additions & 0 deletions .vscode/launch.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,17 @@
"internalConsoleOptions": "neverOpen",
"disableOptimisticBPs": true,
"program": "${workspaceFolder}/node_modules/.bin/npx"
},
{
"type": "node",
"request": "launch",
"name": "Debug Workflow Service",
"runtimeExecutable": "npm",
"runtimeArgs": ["run", "start:debug"],
"cwd": "${workspaceFolder}/services/workflows-service",
"skipFiles": ["<node_internals>/**"],
"console": "integratedTerminal",
"sourceMaps": true
}
]
}
Loading

0 comments on commit a120d80

Please sign in to comment.