[.github] - infra: new connectors deploy workflow (#8661)

* [.github] - feature: add manual workflow dispatch for deploying infrastructure - Introduce workflow_dispatch trigger with a configurable input for deploying to the 'us-central1' region - Implement concurrency control to manage deployment processes and prevent collisions - Authenticate with Google Cloud and set up the Cloud SDK for deployment tasks - Build a Docker image using Cloud Build and a custom script, with parameters for image name and Dockerfile path - Generate a GitHub App token dynamically for use in the workflow - Enable triggering of a downstream repository's workflow using a repository dispatch event with a custom payload including the region and image tag * [.github] - fix: update secrets and app ID for connector infra deployment - Switch to using specific app ID and private key for infra deployment - Correct the environment variable used for the GitHub token in the dispatch event trigger * [.github] - fix: correct working directory path in GitHub Actions config - Ensure the `cloud-build.sh` script uses the correct relative working directory by adding a leading `./` to the path configuration * [.github] - fix: use secret for INFRA_DISPATCH_APP_ID in GitHub Actions - Changed the GitHub App ID reference to use secrets for enhanced security and better management of sensitive data - This update ensures that the App ID is not exposed in the workflow file, aligning with best practices for credential storage
dust-tt · Nov 15, 2024 · b21593c · b21593c
1 parent d842eff
commit b21593c
Showing 1 changed file with 72 additions and 0 deletions.
diff --git a/.github/workflows/deploy-connectors-infra.yml b/.github/workflows/deploy-connectors-infra.yml
@@ -0,0 +1,72 @@
+name: Deploy Infra
+
+on:
+  workflow_dispatch:
+    inputs:
+      us-central1:
+        description: "Deploy to us-central1"
+        type: boolean
+        default: true
+
+concurrency:
+  group: deploy_infra
+  cancel-in-progress: false
+
+env:
+  GCLOUD_PROJECT_ID: ${{ secrets.GCLOUD_PROJECT_ID }}
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    if: github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Get short sha
+        id: short_sha
+        run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: "Authenticate with Google Cloud"
+        uses: "google-github-actions/auth@v1"
+        with:
+          credentials_json: "${{ secrets.GCLOUD_SA_KEY }}"
+
+      - name: "Set up Cloud SDK"
+        uses: "google-github-actions/setup-gcloud@v1"
+
+      - name: Build the image on Cloud Build
+        run: |
+          chmod +x ./k8s/cloud-build.sh
+          ./k8s/cloud-build.sh \
+            --image-name=connectors \
+            --dockerfile-path=./connectors/Dockerfile \
+            --working-dir=./ \
+            --dust-client-facing-url=https://dust.tt
+
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.INFRA_DISPATCH_APP_ID }}
+          private-key: ${{ secrets.INFRA_DISPATCH_APP_PRIVATE_KEY }}
+
+      - name: Trigger dust-infra workflow
+        uses: actions/github-script@v6
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+        with:
+          github-token: ${{ env.GH_TOKEN }}
+          script: |
+            await github.rest.repos.createDispatchEvent({
+              owner: 'dust-tt',
+              repo: 'dust-infra',
+              event_type: 'trigger-component-deploy',
+              client_payload: {
+                us_central1: ${{ inputs.us-central1 }},
+                component: 'connectors',
+                image_tag: '${{ steps.short_sha.outputs.short_sha }}'
+              }
+            });