From e5ac59ee8e28b5206f877d7b951932367db760f7 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 10:44:07 -0500 Subject: [PATCH 01/22] First pass at k8s and skaffold files --- deploy/k8s/base/configmap.yaml | 6 +++ deploy/k8s/base/deployment.yaml | 28 +++++++++++++ deploy/k8s/base/ingress.yaml | 13 ++++++ deploy/k8s/base/kustomization.yaml | 9 +++++ deploy/k8s/base/service.yaml | 15 +++++++ .../kustomization.yaml | 11 +++++ .../kustomization.yaml | 11 +++++ .../jax-cluster-prod-10--prod/configmap.yaml | 6 +++ .../kustomization.yaml | 11 +++++ .../jax-cluster-prod-10--stage/configmap.yaml | 6 +++ .../kustomization.yaml | 11 +++++ skaffold.yaml | 40 +++++++++++++++++++ 12 files changed, 167 insertions(+) create mode 100644 deploy/k8s/base/configmap.yaml create mode 100644 deploy/k8s/base/deployment.yaml create mode 100644 deploy/k8s/base/ingress.yaml create mode 100644 deploy/k8s/base/kustomization.yaml create mode 100644 deploy/k8s/base/service.yaml create mode 100644 deploy/k8s/overlays/jax-cluster-dev-10--dev/kustomization.yaml create mode 100644 deploy/k8s/overlays/jax-cluster-dev-10--sqa/kustomization.yaml create mode 100644 deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml create mode 100644 deploy/k8s/overlays/jax-cluster-prod-10--prod/kustomization.yaml create mode 100644 deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml create mode 100644 deploy/k8s/overlays/jax-cluster-prod-10--stage/kustomization.yaml create mode 100644 skaffold.yaml diff --git a/deploy/k8s/base/configmap.yaml b/deploy/k8s/base/configmap.yaml new file mode 100644 index 0000000..bef4100 --- /dev/null +++ b/deploy/k8s/base/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: geneweaver-config +data: + AUTH_CLIENT_ID: "T7bj6wlmtVcAN2O6kzDRwPVFyIj4UQNs" \ No newline at end of file diff --git a/deploy/k8s/base/deployment.yaml b/deploy/k8s/base/deployment.yaml new file mode 100644 index 0000000..2a343aa --- /dev/null +++ b/deploy/k8s/base/deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: geneweaver-api + labels: + app: geneweaver-api +spec: + replicas: 1 + selector: + matchLabels: + app: geneweaver-api + template: + metadata: + labels: + app: geneweaver-api + spec: + serviceAccountName: workload-identity-geneweaver + containers: + - name: geneweaver-api + image: geneweaver-api + imagePullPolicy: Always + envFrom: + - configMapRef: + name: geneweaver-config + - secretRef: + name: geneweaver-db + ports: + - containerPort: 8000 \ No newline at end of file diff --git a/deploy/k8s/base/ingress.yaml b/deploy/k8s/base/ingress.yaml new file mode 100644 index 0000000..14a2b28 --- /dev/null +++ b/deploy/k8s/base/ingress.yaml @@ -0,0 +1,13 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: divdb-api-ingress + annotations: + # NOTE: When deploying a new instance, make sure to use the staging issuer first + # so that you don't hit the rate limit for the production issuer. + cert-manager.io/cluster-issuer: "letsencrypt-staging" + # cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/auth-url: "https://auth.jax-cluster-dev-10.jax.org/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://auth.jax-cluster-dev-10.jax.org/oauth2/start?rd=https://$http_host$escaped_request_uri" +spec: + ingressClassName: nginx diff --git a/deploy/k8s/base/kustomization.yaml b/deploy/k8s/base/kustomization.yaml new file mode 100644 index 0000000..4a836d7 --- /dev/null +++ b/deploy/k8s/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - configmap.yaml + - deployment.yaml + - service.yaml + # TODO: Uncomment the following line to enable ingress + # - ingress.yaml \ No newline at end of file diff --git a/deploy/k8s/base/service.yaml b/deploy/k8s/base/service.yaml new file mode 100644 index 0000000..23c7a0d --- /dev/null +++ b/deploy/k8s/base/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: geneweaver-api + labels: + app: geneweaver-api +spec: + type: ClusterIP + selector: + app: geneweaver-api + ports: + - protocol: TCP + name: direct + port: 80 + targetPort: 8000 diff --git a/deploy/k8s/overlays/jax-cluster-dev-10--dev/kustomization.yaml b/deploy/k8s/overlays/jax-cluster-dev-10--dev/kustomization.yaml new file mode 100644 index 0000000..1ef6ac7 --- /dev/null +++ b/deploy/k8s/overlays/jax-cluster-dev-10--dev/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: dev + +bases: +- ../../base + +#patchesStrategicMerge: +# - configmap.yaml +# - ingress.yaml diff --git a/deploy/k8s/overlays/jax-cluster-dev-10--sqa/kustomization.yaml b/deploy/k8s/overlays/jax-cluster-dev-10--sqa/kustomization.yaml new file mode 100644 index 0000000..dd9db0f --- /dev/null +++ b/deploy/k8s/overlays/jax-cluster-dev-10--sqa/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: sqa + +bases: +- ../../base + +#patchesStrategicMerge: +# - configmap.yaml +# - ingress.yaml diff --git a/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml b/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml new file mode 100644 index 0000000..0b9539a --- /dev/null +++ b/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: geneweaver-config +data: + AUTH_CLIENT_ID: "oVm9omUtLBpVyL7YfJA8gp3hHaHwyVt8" \ No newline at end of file diff --git a/deploy/k8s/overlays/jax-cluster-prod-10--prod/kustomization.yaml b/deploy/k8s/overlays/jax-cluster-prod-10--prod/kustomization.yaml new file mode 100644 index 0000000..623871b --- /dev/null +++ b/deploy/k8s/overlays/jax-cluster-prod-10--prod/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: prod + +bases: +- ../../base + +#patchesStrategicMerge: +# - configmap.yaml +# - ingress.yaml diff --git a/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml b/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml new file mode 100644 index 0000000..0b9539a --- /dev/null +++ b/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: geneweaver-config +data: + AUTH_CLIENT_ID: "oVm9omUtLBpVyL7YfJA8gp3hHaHwyVt8" \ No newline at end of file diff --git a/deploy/k8s/overlays/jax-cluster-prod-10--stage/kustomization.yaml b/deploy/k8s/overlays/jax-cluster-prod-10--stage/kustomization.yaml new file mode 100644 index 0000000..783b14d --- /dev/null +++ b/deploy/k8s/overlays/jax-cluster-prod-10--stage/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: stage + +bases: +- ../../base + +#patchesStrategicMerge: +# - configmap.yaml +# - ingress.yaml diff --git a/skaffold.yaml b/skaffold.yaml new file mode 100644 index 0000000..4d8b65d --- /dev/null +++ b/skaffold.yaml @@ -0,0 +1,40 @@ +apiVersion: skaffold/v2beta29 +kind: Config +metadata: + name: geneweaver-api +build: + tagPolicy: + gitCommit: + variant: AbbrevCommitSha + artifacts: + - image: geneweaver-api + context: . + docker: + dockerfile: Dockerfile + local: + useBuildkit: true +test: + - image: geneweaver-api + structureTests: + - deploy/tests/* +profiles: + - name: jax-cluster-dev-10--dev + deploy: + kustomize: + paths: + - deploy/k8s/overlays/jax-cluster-dev-10--dev + - name: jax-cluster-dev-10--sqa + deploy: + kustomize: + paths: + - deploy/k8s/overlays/jax-cluster-dev-10--sqa + - name: jax-cluster-prod-10--stage + deploy: + kustomize: + paths: + - deploy/k8s/overlays/jax-cluster-prod-10--stage + - name: jax-cluster-prod-10--prod + deploy: + kustomize: + paths: + - deploy/k8s/overlays/jax-cluster-prod-10--prod From 900b36f86f79c4facc03016f6572f8122d0a0d34 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 10:45:52 -0500 Subject: [PATCH 02/22] Consolidating settings and db settings instances --- src/geneweaver/api/core/config.py | 3 -- src/geneweaver/api/core/config_class.py | 42 ++++++++++++++----------- src/geneweaver/api/dependencies.py | 4 +-- 3 files changed, 25 insertions(+), 24 deletions(-) diff --git a/src/geneweaver/api/core/config.py b/src/geneweaver/api/core/config.py index 1968b69..9bfbeff 100644 --- a/src/geneweaver/api/core/config.py +++ b/src/geneweaver/api/core/config.py @@ -1,7 +1,4 @@ """A namespace for the initialized Geneweaver API configuration.""" from geneweaver.api.core.config_class import GeneweaverAPIConfig -from geneweaver.db.core.settings_class import Settings as DBSettings settings = GeneweaverAPIConfig() - -db_settings = DBSettings() diff --git a/src/geneweaver/api/core/config_class.py b/src/geneweaver/api/core/config_class.py index e45de7c..d2f59e2 100644 --- a/src/geneweaver/api/core/config_class.py +++ b/src/geneweaver/api/core/config_class.py @@ -2,32 +2,36 @@ from typing import Any, Dict, List, Optional, Union from pydantic import BaseSettings, PostgresDsn, validator +from geneweaver.db.core.settings_class import Settings as DBSettings class GeneweaverAPIConfig(BaseSettings): """Config class for the Geneweaver API.""" - API_PREFIX: str = "" + LOG_LEVEL: str = "INFO" - POSTGRES_SERVER: str - POSTGRES_USER: str - POSTGRES_PASSWORD: str - POSTGRES_DB: str - SQLALCHEMY_DATABASE_URI: Optional[PostgresDsn] = None + API_PREFIX: str = "/api" - @validator("SQLALCHEMY_DATABASE_URI", pre=True) - def assemble_db_connection( - cls, v: Optional[str], values: Dict[str, Any] # noqa: N805 - ) -> Union[str, PostgresDsn]: - """Build the database connection string.""" - if isinstance(v, str): + DB_HOST: str + DB_USERNAME: str + DB_PASSWORD: str + DB_NAME: str + DB_PORT: int = 5432 + DB: Optional[DBSettings] = None + + @validator("DB", pre=True) + def assemble_db_settings( + cls, v: Optional[DBSettings], values: Dict[str, Any] # noqa: N805 + ) -> DBSettings: + """Build the database settings.""" + if isinstance(v, DBSettings): return v - return PostgresDsn.build( - scheme="postgresql", - user=values.get("POSTGRES_USER"), - password=values.get("POSTGRES_PASSWORD"), - host=values.get("POSTGRES_SERVER"), - path=f"/{values.get('POSTGRES_DB') or ''}", + return DBSettings( + SERVER=values.get("DB_HOST"), + NAME=values.get("DB_NAME"), + USERNAME=values.get("DB_USERNAME"), + PASSWORD=values.get("DB_PASSWORD"), + PORT=values.get("DB_PORT"), ) AUTH_DOMAIN: str = "geneweaver.auth0.com" @@ -38,7 +42,7 @@ def assemble_db_connection( "openid profile email": "read", } JWT_PERMISSION_PREFIX: str = "approle" - AUTH_CLIENT_ID: str = "oVm9omUtLBpVyL7YfJA8gp3hHaHwyVt8" + AUTH_CLIENT_ID: str = "T7bj6wlmtVcAN2O6kzDRwPVFyIj4UQNs" class Config: """Configuration for the BaseSettings class.""" diff --git a/src/geneweaver/api/dependencies.py b/src/geneweaver/api/dependencies.py index 6ddf8ed..774f4cd 100644 --- a/src/geneweaver/api/dependencies.py +++ b/src/geneweaver/api/dependencies.py @@ -4,7 +4,7 @@ import psycopg from fastapi import Depends -from geneweaver.api.core.config import db_settings, settings +from geneweaver.api.core.config import settings from geneweaver.api.core.security import Auth0, UserInternal from geneweaver.db.user import by_sso_id from psycopg.rows import dict_row @@ -21,7 +21,7 @@ def cursor() -> Generator: """Get a cursor from the connection pool.""" - with psycopg.connect(db_settings.URI, row_factory=dict_row) as conn: + with psycopg.connect(settings.DB.URI, row_factory=dict_row) as conn: with conn.cursor() as cur: yield cur From afa5e5cfce306c80b6b1a45bf16492f50f8fa351 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 10:46:23 -0500 Subject: [PATCH 03/22] Adding first pass at dockerfile --- Dockerfile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..30375f7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM python:3.9 + +ENV PYTHONUNBUFFERED 1 +ENV POETRY_HOME=/opt/poetry, POETRY_VIRTUALENVS_CREATE=false, POETRY_VERSION=1.3.0 + +# Install poetry +RUN python3 -m pip install --upgrade pip && \ + curl -sSL https://install.python-poetry.org | python3 - + +ENV PATH="${POETRY_HOME}/bin:${PATH}" + +WORKDIR /app + +COPY pyproject.toml poetry.lock /app/ + +RUN poetry install --no-dev --no-root + +COPY /src /app/src + +RUN poetry install --no-dev --only-root + +CMD ["poetry", "run", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--proxy-headers"] From 8904b006a5e30e57908a60795319c73d0acc5d6d Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 10:59:23 -0500 Subject: [PATCH 04/22] Updating poetry options usage --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 30375f7..c91971d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,10 +13,10 @@ WORKDIR /app COPY pyproject.toml poetry.lock /app/ -RUN poetry install --no-dev --no-root +RUN poetry install --without dev --sync --no-root COPY /src /app/src -RUN poetry install --no-dev --only-root +RUN poetry install --only-root CMD ["poetry", "run", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--proxy-headers"] From c7298b52e960f55d01811f2600d9cd2f5ddef86f Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 11:05:14 -0500 Subject: [PATCH 05/22] Fixing ruff error --- src/geneweaver/api/core/config_class.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/geneweaver/api/core/config_class.py b/src/geneweaver/api/core/config_class.py index d2f59e2..5791d4a 100644 --- a/src/geneweaver/api/core/config_class.py +++ b/src/geneweaver/api/core/config_class.py @@ -1,8 +1,8 @@ """Namespace for the config class for the Geneweaver API.""" -from typing import Any, Dict, List, Optional, Union +from typing import Any, Dict, List, Optional -from pydantic import BaseSettings, PostgresDsn, validator from geneweaver.db.core.settings_class import Settings as DBSettings +from pydantic import BaseSettings, validator class GeneweaverAPIConfig(BaseSettings): From 13fdf278db94151a882681af2bd9227399bf903c Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 11:43:17 -0500 Subject: [PATCH 06/22] First pass at new deployment actions --- .github/workflows/_check-coverage-action.yml | 2 + .github/workflows/_skaffold-deploy-k8s.yml | 68 ++++++++++++++++++++ .github/workflows/pull_requests.yml | 25 +++++++ .github/workflows/tests.yml | 3 - 4 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/_skaffold-deploy-k8s.yml create mode 100644 .github/workflows/pull_requests.yml diff --git a/.github/workflows/_check-coverage-action.yml b/.github/workflows/_check-coverage-action.yml index 910936f..db0155b 100644 --- a/.github/workflows/_check-coverage-action.yml +++ b/.github/workflows/_check-coverage-action.yml @@ -54,11 +54,13 @@ jobs: --cov-report=html \ --cov-fail-under=${{ inputs.required-coverage }} > coverage_report.txt - name: Upload coverage report + if: '!cancelled()' uses: actions/upload-artifact@v3 with: name: coverage-report path: coverage_report.txt - name: Upload coverage report + if: '!cancelled()' uses: actions/upload-artifact@v3 with: name: coverage-report-html diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml new file mode 100644 index 0000000..bd48af2 --- /dev/null +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -0,0 +1,68 @@ +name: 'Python Tests Definition' +on: + workflow_call: + inputs: + cluster_project: + description: 'Cluster project' + required: true + type: string + cluster_region: + description: 'Cluster region' + required: true + type: string + cluster_name: + description: 'Cluster name' + required: true + type: string + deployment_profile: + description: 'Deployment profile' + required: true + type: string + default_image_repo: + description: 'Default repo' + required: false + type: string + default: "us-docker.pkg.dev/jax-cs-registry/docker/geneweaver" +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Python 3.9 + uses: actions/setup-python@v2 + with: + python-version: 3.9 + - name: Install Skaffold + run: | + curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \ + sudo install skaffold /usr/local/bin/ + - name: Authenticate to Google Cloud + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '${{ secrets.GCLOUD_REGISTRY_SA_KEY }}' + - name: Docker Login + run: gcloud auth configure-docker us-docker.pkg.dev, us-east1-docker.pkg.dev + - name: Build + run: | + skaffold build \ + --default-repo=${{ inputs.default_image_repo }} \ + --file-output=build.json + - name: Authenticate to Google Cloud + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' + - name: Get Cluster Credentials + run: | + gcloud container clusters get-credentials ${{ inputs.cluster_name }} \ + --region ${{ inputs.cluster_region }} \ + --project ${{ inputs.cluster_project }} + - name: Deploy + run: | + skaffold deploy \ + --profile ${{ inputs.deployment_profile }} \ + --build-artifacts=build.json + - name: Upload build artifact JSON + uses: actions/upload-artifact@v3 + with: + name: Build Artifacts + path: build.json \ No newline at end of file diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml new file mode 100644 index 0000000..958e2cc --- /dev/null +++ b/.github/workflows/pull_requests.yml @@ -0,0 +1,25 @@ +name: Pull Request Test, Build and Deploy +on: + pull_request: + branches: + - 'main' +jobs: + test: + strategy: + matrix: + os: [ubuntu-latest, macos-latest] + python-version: ['3.9', '3.10', '3.11'] + uses: ./.github/workflows/_run-tests-action.yml + with: + runner-os: ${{ matrix.os }} + python-version: ${{ matrix.python-version }} + required-coverage: ${{ vars.REQUIRED_COVERAGE }} + build_and_deploy: + needs: test + uses: ./.github/workflows/_skaffold-deploy-k8s.yaml + with: + cluster_project: ${{ vars.DEV_CLUSTER_PROJECT }} + cluster_region: ${{ vars.CLUSTER_REGION }} + cluster_name: ${{ vars.DEV_CLUSTER_NAME }} + deployment_profile: ""${{ vars.DEV_CLUSTER_PROJECT }}--dev" + default_image_repo: "us-east1-docker.pkg.dev/jax-cs-registry/docker-test/geneweaver" \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e702bf3..e4265b5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,8 +1,5 @@ name: Tests on: - pull_request: - branches: - - 'main' push: branches: - 'main' From c7dec1925ccc71c6d686d4e4364d34286d2f705c Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 11:46:18 -0500 Subject: [PATCH 07/22] Fixing two typos in actions yaml --- .github/workflows/pull_requests.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 958e2cc..3f70f31 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -21,5 +21,5 @@ jobs: cluster_project: ${{ vars.DEV_CLUSTER_PROJECT }} cluster_region: ${{ vars.CLUSTER_REGION }} cluster_name: ${{ vars.DEV_CLUSTER_NAME }} - deployment_profile: ""${{ vars.DEV_CLUSTER_PROJECT }}--dev" + deployment_profile: "${{ vars.DEV_CLUSTER_PROJECT }}--dev" default_image_repo: "us-east1-docker.pkg.dev/jax-cs-registry/docker-test/geneweaver" \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d77e35a..6a47aa4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: '3.9'z + python-version: '3.9' - name: Install dependencies run: | From 287621653a7899ac95baafd71287b0ea94ffeb1f Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 11:48:08 -0500 Subject: [PATCH 08/22] Another actions yaml typo --- .github/workflows/pull_requests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 3f70f31..7845967 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -16,7 +16,7 @@ jobs: required-coverage: ${{ vars.REQUIRED_COVERAGE }} build_and_deploy: needs: test - uses: ./.github/workflows/_skaffold-deploy-k8s.yaml + uses: ./.github/workflows/_skaffold-deploy-k8s.yml with: cluster_project: ${{ vars.DEV_CLUSTER_PROJECT }} cluster_region: ${{ vars.CLUSTER_REGION }} From 80ed37629aee2ea7ce6854516837807bd4ec0820 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 12:22:27 -0500 Subject: [PATCH 09/22] Reorganizing actions to use environments --- .github/workflows/_skaffold-deploy-k8s.yml | 25 ++++++---------------- .github/workflows/pull_requests.yml | 5 +++-- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index bd48af2..7697f61 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -2,20 +2,8 @@ name: 'Python Tests Definition' on: workflow_call: inputs: - cluster_project: - description: 'Cluster project' - required: true - type: string - cluster_region: - description: 'Cluster region' - required: true - type: string - cluster_name: - description: 'Cluster name' - required: true - type: string - deployment_profile: - description: 'Deployment profile' + environment: + description: 'Deployment Environment' required: true type: string default_image_repo: @@ -26,6 +14,7 @@ on: jobs: build: runs-on: ubuntu-latest + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v3 - name: Set up Python 3.9 @@ -53,13 +42,13 @@ jobs: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' - name: Get Cluster Credentials run: | - gcloud container clusters get-credentials ${{ inputs.cluster_name }} \ - --region ${{ inputs.cluster_region }} \ - --project ${{ inputs.cluster_project }} + gcloud container clusters get-credentials ${{ vars.CLUSTER_NAME }} \ + --region ${{ vars.CLUSTER_REGION }} \ + --project ${{ vars.CLUSTER_PROJECT }} - name: Deploy run: | skaffold deploy \ - --profile ${{ inputs.deployment_profile }} \ + --profile ${{ inputs.environment }} \ --build-artifacts=build.json - name: Upload build artifact JSON uses: actions/upload-artifact@v3 diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 7845967..159c745 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -5,6 +5,7 @@ on: - 'main' jobs: test: + name: Test strategy: matrix: os: [ubuntu-latest, macos-latest] @@ -15,11 +16,11 @@ jobs: python-version: ${{ matrix.python-version }} required-coverage: ${{ vars.REQUIRED_COVERAGE }} build_and_deploy: + name: Build and Deploy needs: test uses: ./.github/workflows/_skaffold-deploy-k8s.yml with: + environment: jax-cluster-dev-10--dev cluster_project: ${{ vars.DEV_CLUSTER_PROJECT }} - cluster_region: ${{ vars.CLUSTER_REGION }} cluster_name: ${{ vars.DEV_CLUSTER_NAME }} - deployment_profile: "${{ vars.DEV_CLUSTER_PROJECT }}--dev" default_image_repo: "us-east1-docker.pkg.dev/jax-cs-registry/docker-test/geneweaver" \ No newline at end of file From e7262161b3215de957f0f8d42e0d0859a952c5d6 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 12:23:29 -0500 Subject: [PATCH 10/22] Removing old workflow inputs --- .github/workflows/pull_requests.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 159c745..659429d 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -21,6 +21,4 @@ jobs: uses: ./.github/workflows/_skaffold-deploy-k8s.yml with: environment: jax-cluster-dev-10--dev - cluster_project: ${{ vars.DEV_CLUSTER_PROJECT }} - cluster_name: ${{ vars.DEV_CLUSTER_NAME }} default_image_repo: "us-east1-docker.pkg.dev/jax-cs-registry/docker-test/geneweaver" \ No newline at end of file From 5d6f0e8299a72e741f14f8136d89f2a9d913f702 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 13:10:42 -0500 Subject: [PATCH 11/22] Switching to auth v2 --- .github/workflows/_skaffold-deploy-k8s.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 7697f61..b54bf40 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -26,7 +26,7 @@ jobs: curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \ sudo install skaffold /usr/local/bin/ - name: Authenticate to Google Cloud - uses: 'google-github-actions/auth@v1' + uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.GCLOUD_REGISTRY_SA_KEY }}' - name: Docker Login @@ -37,7 +37,7 @@ jobs: --default-repo=${{ inputs.default_image_repo }} \ --file-output=build.json - name: Authenticate to Google Cloud - uses: 'google-github-actions/auth@v1' + uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' - name: Get Cluster Credentials From 1608a1b9669adbb3ade68cb1b83d5a1be030541b Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 13:19:15 -0500 Subject: [PATCH 12/22] Updating action to pass secrets to reusable workflow --- .github/workflows/pull_requests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 659429d..f78b45e 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -21,4 +21,5 @@ jobs: uses: ./.github/workflows/_skaffold-deploy-k8s.yml with: environment: jax-cluster-dev-10--dev - default_image_repo: "us-east1-docker.pkg.dev/jax-cs-registry/docker-test/geneweaver" \ No newline at end of file + default_image_repo: "us-east1-docker.pkg.dev/jax-cs-registry/docker-test/geneweaver" + secrets: inherit From a659c4d58f014be1e443408519b5ddb2a2493fd9 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 13:23:44 -0500 Subject: [PATCH 13/22] Fixing gcloud configure-docker command --- .github/workflows/_skaffold-deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index b54bf40..f6f3a1c 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -30,7 +30,7 @@ jobs: with: credentials_json: '${{ secrets.GCLOUD_REGISTRY_SA_KEY }}' - name: Docker Login - run: gcloud auth configure-docker us-docker.pkg.dev, us-east1-docker.pkg.dev + run: gcloud auth configure-docker us-docker.pkg.dev,us-east1-docker.pkg.dev - name: Build run: | skaffold build \ From 1e298015c165304cdb3b984d591a49b3ea923e03 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 13:46:08 -0500 Subject: [PATCH 14/22] Splitting build and deploy, adding gke auth plugin env var --- .github/workflows/_skaffold-deploy-k8s.yml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index f6f3a1c..f8109d4 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -36,22 +36,32 @@ jobs: skaffold build \ --default-repo=${{ inputs.default_image_repo }} \ --file-output=build.json + - name: Upload build artifact JSON + uses: actions/upload-artifact@v3 + with: + name: Build Artifacts + path: build.json + deploy: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + needs: build + steps: - name: Authenticate to Google Cloud uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' - name: Get Cluster Credentials run: | + export USE_GKE_GCLOUD_AUTH_PLUGIN=True gcloud container clusters get-credentials ${{ vars.CLUSTER_NAME }} \ --region ${{ vars.CLUSTER_REGION }} \ --project ${{ vars.CLUSTER_PROJECT }} + - name: Download coverage report artifact + uses: actions/download-artifact@v3 + with: + name: Build Artifacts - name: Deploy run: | skaffold deploy \ --profile ${{ inputs.environment }} \ --build-artifacts=build.json - - name: Upload build artifact JSON - uses: actions/upload-artifact@v3 - with: - name: Build Artifacts - path: build.json \ No newline at end of file From b545cc7983ffafe6e5310f79e07764ae88ed6a38 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 13:53:12 -0500 Subject: [PATCH 15/22] Download skaffold in deploy step --- .github/workflows/_skaffold-deploy-k8s.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index f8109d4..0eca7fb 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -60,6 +60,10 @@ jobs: uses: actions/download-artifact@v3 with: name: Build Artifacts + - name: Install Skaffold + run: | + curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \ + sudo install skaffold /usr/local/bin/ - name: Deploy run: | skaffold deploy \ From 010cf6023ba7df16028642aff6be21eddd07629c Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 13:59:47 -0500 Subject: [PATCH 16/22] Adding checkout to deploy step, removing python from build step --- .github/workflows/_skaffold-deploy-k8s.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 0eca7fb..9d86f10 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -13,6 +13,7 @@ on: default: "us-docker.pkg.dev/jax-cs-registry/docker/geneweaver" jobs: build: + name: Build runs-on: ubuntu-latest environment: ${{ inputs.environment }} steps: @@ -42,10 +43,12 @@ jobs: name: Build Artifacts path: build.json deploy: + name: Deploy runs-on: ubuntu-latest environment: ${{ inputs.environment }} needs: build steps: + - uses: actions/checkout@v3 - name: Authenticate to Google Cloud uses: 'google-github-actions/auth@v2' with: From 945aeeb611e2125cfffd234fc0bf1c4c3eaad560 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 14:26:51 -0500 Subject: [PATCH 17/22] Manually install gcloud gke-gcloud-auth-plugin --- .github/workflows/_skaffold-deploy-k8s.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 9d86f10..8a44a3e 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -18,10 +18,6 @@ jobs: environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v3 - - name: Set up Python 3.9 - uses: actions/setup-python@v2 - with: - python-version: 3.9 - name: Install Skaffold run: | curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && \ @@ -53,6 +49,8 @@ jobs: uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' + - name: Install Gcloud GKE Plugin + run: gcloud components install gke-gcloud-auth-plugin - name: Get Cluster Credentials run: | export USE_GKE_GCLOUD_AUTH_PLUGIN=True From 9e8fd2be5736ac24a0f1e987471a9f8886d5f671 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 14:32:28 -0500 Subject: [PATCH 18/22] Trying alternate install of gke plugin --- .github/workflows/_skaffold-deploy-k8s.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 8a44a3e..2883096 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -15,7 +15,6 @@ jobs: build: name: Build runs-on: ubuntu-latest - environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v3 - name: Install Skaffold @@ -50,7 +49,7 @@ jobs: with: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' - name: Install Gcloud GKE Plugin - run: gcloud components install gke-gcloud-auth-plugin + run: sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - name: Get Cluster Credentials run: | export USE_GKE_GCLOUD_AUTH_PLUGIN=True From e46eebdef24d9d4e9fec1896a80d991ea58f5f22 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 14:40:31 -0500 Subject: [PATCH 19/22] More plugin install debugging --- .github/workflows/_skaffold-deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 2883096..2234acb 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -49,7 +49,7 @@ jobs: with: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' - name: Install Gcloud GKE Plugin - run: sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin + run: sudo apt-get update && sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - name: Get Cluster Credentials run: | export USE_GKE_GCLOUD_AUTH_PLUGIN=True From d7ed2f675ad027e87087abd7155b1795772748a4 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 15:06:03 -0500 Subject: [PATCH 20/22] Moving to google maintained actions --- .github/workflows/_skaffold-deploy-k8s.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 2234acb..5ecbd08 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -48,14 +48,18 @@ jobs: uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.GCLOUD_CLUSTER_SA_KEY }}' - - name: Install Gcloud GKE Plugin - run: sudo apt-get update && sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - - name: Get Cluster Credentials - run: | - export USE_GKE_GCLOUD_AUTH_PLUGIN=True - gcloud container clusters get-credentials ${{ vars.CLUSTER_NAME }} \ - --region ${{ vars.CLUSTER_REGION }} \ - --project ${{ vars.CLUSTER_PROJECT }} + - name: Setup Gcloud + uses: google-github-actions/setup-gcloud@v1 + with: + project_id: ${{ vars.CLUSTER_PROJECT }} + service_account_key: ${{ secrets.GCLOUD_CLUSTER_SA_KEY }} + export_default_credentials: true + - name: Get GKE Credentials + uses: google-github-actions/get-gke-credentials@v1 + with: + cluster_name: ${{ vars.CLUSTER_NAME }} + location: ${{ vars.CLUSTER_REGION } + project_id: ${{ vars.CLUSTER_PROJECT }} - name: Download coverage report artifact uses: actions/download-artifact@v3 with: From 2db4954dc2b71ee797d7d54907b0e930260c221b Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 15:24:57 -0500 Subject: [PATCH 21/22] Forgot a curly brace --- .github/workflows/_skaffold-deploy-k8s.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/_skaffold-deploy-k8s.yml b/.github/workflows/_skaffold-deploy-k8s.yml index 5ecbd08..09d5aae 100644 --- a/.github/workflows/_skaffold-deploy-k8s.yml +++ b/.github/workflows/_skaffold-deploy-k8s.yml @@ -58,7 +58,7 @@ jobs: uses: google-github-actions/get-gke-credentials@v1 with: cluster_name: ${{ vars.CLUSTER_NAME }} - location: ${{ vars.CLUSTER_REGION } + location: ${{ vars.CLUSTER_REGION }} project_id: ${{ vars.CLUSTER_PROJECT }} - name: Download coverage report artifact uses: actions/download-artifact@v3 From 490db4bb1dfe4a493421ed9aae065dc171b52cfa Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Mon, 11 Dec 2023 15:42:43 -0500 Subject: [PATCH 22/22] Fixing deployment spec --- deploy/k8s/base/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/k8s/base/deployment.yaml b/deploy/k8s/base/deployment.yaml index 2a343aa..f263ee8 100644 --- a/deploy/k8s/base/deployment.yaml +++ b/deploy/k8s/base/deployment.yaml @@ -24,5 +24,5 @@ spec: name: geneweaver-config - secretRef: name: geneweaver-db - ports: - - containerPort: 8000 \ No newline at end of file + ports: + - containerPort: 8000 \ No newline at end of file