feat(deployment): sha images (#611)

loculus-project · Dec 1, 2023 · f6e689a · f6e689a
1 parent 85de79d
commit f6e689a
Show file tree

Hide file tree

Showing 9 changed files with 93 additions and 20 deletions.
diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml
@@ -65,17 +65,27 @@ jobs:
           tags: |
             type=ref,event=branch,enable=${{ github.ref != 'refs/heads/main' }}
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=sha,prefix=commit-
+      - name: Extract Docker Tags
+        id: extractTag
+        run: |
+          FIRST_TAG=$(echo "${{ steps.dockerMetadata.outputs.tags }}" | head -n 1)
+          echo "::set-output name=firstTag::$FIRST_TAG"
 
+          SECOND_TAG=$(echo "${{ steps.dockerMetadata.outputs.tags }}" | head -n 2 | tail -n 1)
+          echo "::set-output name=secondTag::$SECOND_TAG"
       - name: Build Docker Image For Branch
         uses: gradle/gradle-build-action@v2
         env:
           USER: ${{ github.actor }}
           TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:
-          arguments: bootBuildImage --imageName=${{ steps.dockerMetadata.outputs.tags }}
+          arguments: bootBuildImage --imageName=${{steps.extractTag.outputs.firstTag }}
           build-root-directory: ./backend
 
-      - name: Push Docker Image For Branch
-        run: docker push ${{ steps.dockerMetadata.outputs.tags }}
-
-
+      - name: Tag With SHA tag
+        run: docker tag ${{ steps.extractTag.outputs.firstTag  }} ${{ steps.extractTag.outputs.secondTag  }}
+      - name: Push 1st Docker Image
+        run: docker push ${{ steps.extractTag.outputs.firstTag  }}
+      - name: Push 2nd Docker Image
+        run: docker push ${{ steps.extractTag.outputs.secondTag  }}
diff --git a/.github/workflows/dummyPreprocessing.yml b/.github/workflows/dummyPreprocessing.yml
@@ -39,6 +39,7 @@ jobs:
           tags: |
             type=ref,event=branch
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=sha,prefix=commit-
       - name: Build and push image
         uses: docker/build-push-action@v5
         with:

diff --git a/.github/workflows/preprocessing-nextclade.yaml b/.github/workflows/preprocessing-nextclade.yaml
@@ -40,6 +40,7 @@ jobs:
           tags: |
             type=ref,event=branch
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=sha,prefix=commit-
       - name: Build and push image
         uses: docker/build-push-action@v5
         with:

diff --git a/.github/workflows/update-argocd-metadata.yml b/.github/workflows/update-argocd-metadata.yml
@@ -0,0 +1,60 @@
+name: Update argocd_metadata
+
+on:
+  push:
+    branches:
+     - main
+
+jobs:
+  update:
+    permissions:
+      packages: read
+      contents: read
+      checks: read
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout Main Repository
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.ref }}
+    - name: Get SHA - length 7
+      id: get_sha
+      run: |
+        echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)"
+
+    - name: Wait for Backend Docker Image
+      uses: lewagon/wait-on-check-action@v1.3.1
+      with:
+        ref: ${{ github.ref }}
+        check-name: Build Backend Docker Image
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Wait for Website Docker Image
+      uses: lewagon/wait-on-check-action@v1.3.1
+      with:
+        ref: ${{ github.ref }}
+        check-name: Build Website Docker Image
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Checkout External Repository
+      uses: actions/checkout@v3
+      with:
+        repository: 'pathoplexus/argocd_metadata' # Replace with the correct repository path
+        token: ${{ secrets.ARGOCD_METADATA_PAT }} # Personal Access Token with appropriate permissions
+
+    - name: Modify config.json
+      run: |
+        echo '{
+          "branch" : "main",
+          "number" : 999,
+          "head_short_sha_7": "${{ steps.get_sha.outputs.sha }}"
+        }' > config.json
+
+    - name: Commit and Push Changes
+      run: |
+        git config --global user.name 'Pathoplexus bot'
+        git config --global user.email 'bot@pathoplexus.org'
+        git add config.json
+        git commit -m "Update config.json"
+        git push
diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml
@@ -75,6 +75,7 @@ jobs:
           images: ${{ env.DOCKER_IMAGE_NAME }}
           tags: |
             type=ref,event=branch
+            type=sha,prefix=commit-
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
       - name: Build and push image
         uses: docker/build-push-action@v5

diff --git a/kubernetes/appset.yaml b/kubernetes/appset.yaml
@@ -17,20 +17,14 @@ spec:
             key: token
             secretName: github-access-token
         requeueAfterSeconds: 60
-    - list:
-        elements:
-          - branch: main
-            number: 1
+    - git:
+        repoURL: https://github.com/pathoplexus/argocd_metadata.git
+        revision: HEAD
+        files:
+        - path: "config.json"
   template:
     metadata:
       name: 'pp-{{ (printf "%.25s" .branch) | replace "_" "-" | trimSuffix "-" }}-{{.number}}'
-      annotations:
-        argocd-image-updater.argoproj.io/image-list: 'backend=ghcr.io/pathoplexus/backend:{{.branch}} website=ghcr.io/pathoplexus/website:{{.branch}}'
-        argocd-image-updater.argoproj.io/website.update-strategy: "digest"
-        argocd-image-updater.argoproj.io/backend.update-strategy: "digest"
-        argocd-image-updater.argoproj.io/website.pull-secret: "pullsecret:argocd/ghcr-secret"
-        argocd-image-updater.argoproj.io/backend.pull-secret: "pullsecret:argocd/ghcr-secret"
-
 
     spec:
       destination:
@@ -47,6 +41,8 @@ spec:
               value: 'preview-{{ (printf "%.25s" .branch) | replace "_" "-" | trimSuffix "-" }}'
             - name: shortbranch
               value: '{{ (printf "%.25s" .branch) | replace "_" "-" | trimSuffix "-" }}'
+            - name: sha
+              value: '{{.head_short_sha_7}}'
             - name: branch
               value: '{{.branch}}'
             - name: host

diff --git a/kubernetes/preview/templates/_pathoplexus-docker-tag.tpl b/kubernetes/preview/templates/_pathoplexus-docker-tag.tpl
@@ -1,4 +1,8 @@
 {{- define "pathoplexus.dockerTag" }}
-{{- $dockerTag := (eq (. | default "main") "main") | ternary "latest" . -}}
+{{- if .sha }}
+{{- printf "commit-%s" .sha }}
+{{- else }}
+{{- $dockerTag := (eq (.branch | default "main") "main") | ternary "latest" .branch -}}
 {{- regexReplaceAll "/" $dockerTag "-" }}
-{{- end }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/preview/templates/pathoplexus-deployment.yaml b/kubernetes/preview/templates/pathoplexus-deployment.yaml
@@ -1,4 +1,4 @@
-{{- $dockerTag := include "pathoplexus.dockerTag" .Values.branch }}
+{{- $dockerTag := include "pathoplexus.dockerTag" .Values }}
 ---
 apiVersion: apps/v1
 kind: Deployment

diff --git a/kubernetes/preview/templates/pathoplexus-preprocessing-deployment.yaml b/kubernetes/preview/templates/pathoplexus-preprocessing-deployment.yaml
@@ -1,4 +1,4 @@
-{{ $dockerTag := include "pathoplexus.dockerTag" .Values.branch }}
+{{- $dockerTag := include "pathoplexus.dockerTag" .Values }}
 {{ $configFile := .Files.Get "config.yaml" | fromYaml }}
 {{ $namespace := .Values.namespace }}
 {{ $backendHost := .Values.disableBackend | ternary