-
-
Notifications
You must be signed in to change notification settings - Fork 153
146 lines (127 loc) · 7.24 KB
/
docker-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Automate build and deploy
on:
push:
branches: ["main"]
env:
AWS_REGION: us-west-2
EKS_CLUSTER_NAME: courtlistener
EKS_NAMESPACE: court-listener
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and Push
run: |
make push-image --file docker/django/Makefile -e VERSION=$(git rev-parse --short HEAD)
deploy:
needs: build
runs-on: ubuntu-latest
concurrency: production
steps:
- uses: actions/checkout@v4
- name: Set shortcode
id: vars
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Create Kubeconfig with AWS CLI
run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER_NAME }}
- name: Update Environment Variables
env:
CL_ENV: cl-env
run: kubectl annotate es $CL_ENV force-sync=$(date +%s) --overwrite -n ${{ env.EKS_NAMESPACE }} && kubectl wait es -n ${{ env.EKS_NAMESPACE }} --for=jsonpath="{.status.conditions[?(@.reason=='SecretSynced')].status}"=True --timeout=30s $CL_ENV
- name: Launch Temporary Pod
id: tempPod
run: |
kubectl run temp-pod-${{ steps.vars.outputs.sha_short }} -n ${{ env.EKS_NAMESPACE }} --image=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod --restart Never --pod-running-timeout=120s --overrides='
{
"spec": {
"containers": [{
"name": "temp-pod",
"image": "freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod",
"command": ["/bin/sh", "-c", "trap : TERM INT; sleep 259200 & wait"],
"envFrom": [{
"secretRef": {
"name": "cl-env"
}
}]
}]
}
}'
- name: Wait for Temporary Pod to Start
run: kubectl wait pods -n ${{ env.EKS_NAMESPACE }} --for condition=Ready --timeout=90s temp-pod-${{ steps.vars.outputs.sha_short }}
- name: Collect Static Assets
id: collectStatic
run: |
kubectl exec -n ${{ env.EKS_NAMESPACE }} temp-pod-${{ steps.vars.outputs.sha_short }} -- python manage.py collectstatic --noinput
- name: Handle Collectstatic Error
if: failure()
run: | # Error-handling logic for collectstatic
echo "collectstatic failed--aborting build"
exit 1
- name: Check Migrations
id: checkMigration
run: |
kubectl exec -n ${{ env.EKS_NAMESPACE }} temp-pod-${{ steps.vars.outputs.sha_short }} -- python manage.py migrate --check
- name: Handle Check Migrations Error
if: failure()
run: |
echo "Found unapplied migrations. Open shell into pod temp-pod-${{ steps.vars.outputs.sha_short }}"
echo "Manually run migrations. That pod will delete itself after an hour."
exit 1
- name: Delete Temporary Pod
run: kubectl delete pod -n ${{ env.EKS_NAMESPACE }} temp-pod-${{ steps.vars.outputs.sha_short }}
# Rollout new versions one by one (watch "deployments" in k9s)
- name: Rollout cl-python
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-python web=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-python rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-python
- name: Rollout cl-celery-prefork
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork cl-celery-prefork=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-celery-prefork rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork
- name: Rollout cl-celery-prefork-bulk
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-bulk cl-celery-prefork-bulk=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-celery-prefork-bulk rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-bulk
- name: Rollout cl-celery-prefork-es-sweep
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-es-sweep cl-celery-prefork-es-sweep=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-celery-prefork-es-sweep rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-celery-prefork-es-sweep
- name: Rollout cl-scrape-rss
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-scrape-rss scrape-rss=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-scrape-rss rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-scrape-rss
- name: Rollout cl-retry-webhooks
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-retry-webhooks retry-webhooks=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-retry-webhooks rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-retry-webhooks
- name: Rollout cl-send-rt-percolator-alerts
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-send-rt-percolator-alerts cl-send-rt-percolator-alerts=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-send-rt-percolator-alerts rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-send-rt-percolator-alerts
- name: Rollout cl-es-sweep-indexer
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-es-sweep-indexer sweep-indexer=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-es-sweep-indexer rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-es-sweep-indexer
- name: Rollout cl-iquery-probe
run: kubectl set image -n ${{ env.EKS_NAMESPACE }} deployment/cl-iquery-probe cl-iquery-probe=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod
- name: Watch cl-iquery-probe rollout status
run: kubectl rollout status -n ${{ env.EKS_NAMESPACE }} deployment/cl-iquery-probe
# Watch "cronjobs" in k9s
- name: Update cronjobs
run: |
CRONJOB_NAMES=$(kubectl get cronjobs -n court-listener -o jsonpath='{.items.*.metadata.name}' -l image_type=web-prod);
for name in $CRONJOB_NAMES; do
kubectl set image -n ${{ env.EKS_NAMESPACE }} CronJob/$name job=freelawproject/courtlistener:${{ steps.vars.outputs.sha_short }}-prod;
done;