.github/workflows/provision-cluster.yaml

name: Provision EKS Cluster

on:
  create:
    branches: '**'

env:
  AWS_REGION: "eu-north-1"
  CLUSTERCTL_VERSION: "v1.2.3"
  CLUSTER_AWS_ADM_VERSION: "v1.5.0"
  EKSCTL_VERSION: "v0.144.0"
  FLUX_VERSION: "v2.0.0-rc.5"

jobs:
  provision-cluster:
    if: startsWith(github.event.ref, 'cluster-')
    runs-on: ubuntu-latest
    outputs:
      CLUSTER_NAME: ${{ steps.outputs.outputs.CLUSTER_NAME }}
      STATUS: ${{ job.status }}
      STATUS_EMOJI: ${{ steps.outputs.outputs.STATUS_EMOJI }}
      SLACK_MESSAGE: ${{ steps.outputs.outputs.SLACK_MESSAGE }}
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v3

      - name: Install aws-cli
        run: |
          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
          unzip awscliv2.zip
          sudo ./aws/install --update
          aws --version
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1-node16
        with:
          # role-to-assume: arn:aws:iam::894516026745:role/WeaveEksGithubActions
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Install eksctl
        run: |
          curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/${{ env.EKSCTL_VERSION }}/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
          sudo mv /tmp/eksctl /usr/local/bin
          eksctl version

      - name: Install helm
        uses: azure/setup-helm@v3.5
        with:
          version: v3.8.2

      - name: Install kubectl
        uses: Azure/setup-kubectl@v3.2
        with:
          version: v1.23.7

      - name: Install flux
        run: |
          VER=$(echo ${{ env.FLUX_VERSION }} | sed 's/^[^0-9]*//')
          curl --silent --location https://github.com/fluxcd/flux2/releases/download/${{ env.FLUX_VERSION }}/flux_${VER}_$(uname -s)_amd64.tar.gz | tar xz -C /tmp
          sudo mv /tmp/flux /usr/local/bin
          flux version --client

      - name: Install clusterctl
        run: |
          curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/${{ env.CLUSTERCTL_VERSION }}/clusterctl-linux-amd64 -o clusterctl
          chmod +x ./clusterctl
          sudo mv ./clusterctl /usr/local/bin/clusterctl
          clusterctl version

      - name: install clusterawsadm
        run: |
          curl -L https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/download/${{ env.CLUSTER_AWS_ADM_VERSION }}/clusterawsadm-linux-amd64 -o clusterawsadm
          chmod +x clusterawsadm
          sudo mv clusterawsadm /usr/local/bin
          clusterawsadm version

      - name: install clusterawsadm stack
        run: |
          STACK=$(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE --region ${{ env.AWS_REGION }} | grep wge-capi-cluster-api-provider-aws-sigs-k8s-io || true)
          echo "Stack: $STACK"
          if [ -z "$STACK" ]; then
            echo "Create clusterawsadm stack"
            clusterawsadm bootstrap iam create-cloudformation-stack --config ./eksctl-clusters/aws_bootstrap_config.yaml --region=${{ env.AWS_REGION }}
          fi

      - name: Provision Cluster
        run: |
          export GITHUB_TOKEN=${{ secrets.WEAVE_GITOPS_BOT_TOKEN_CLUSTERS_CONFIG }}
          export BRANCH_NAME=${{ github.event.ref }}
          export CLUSTER_NAME=${BRANCH_NAME#*cluster-}
          echo "cluster_name=${CLUSTER_NAME}" >> $GITHUB_ENV
          echo "Provisioning $CLUSTER_NAME cluster ..."
          $GITHUB_WORKSPACE/eksctl-clusters/scripts/provision-cluster.sh --cluster-name $CLUSTER_NAME

      - name: Check running clusters
        run: |
          eksctl get clusters --region ${{ env.AWS_REGION }}

      - name: Add WW roles to aws-auth config-map
        if: always()
        run: |
          # Check if the cluster was successfully installed in AWS
          export CLUSTER_EXISTS=$(eksctl get clusters --region ${{ env.AWS_REGION }} -n ${{ env.cluster_name }} 2> /dev/null)
          if [ -n "$CLUSTER_EXISTS" ]; then
            # Add Admin role
            eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \
              --arn "arn:aws:iam::894516026745:role/AdministratorAccess" --group system:masters --username admin
            # Add Editor role
            eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \
              --arn "arn:aws:iam::894516026745:role/WeaveEksEditor" --group system:masters --username admin
            # Add GithubActions role
            eksctl create iamidentitymapping --cluster ${{ env.cluster_name }} --region ${{ env.AWS_REGION }} \
              --arn "arn:aws:iam::894516026745:role/WeaveEksGithubActions" --group system:masters --username admin
          fi

      - name: kubeconfig
        run: |
          echo ${{ env.cluster_name }}
          eksctl utils write-kubeconfig --region ${{ env.AWS_REGION }} --cluster ${{ env.cluster_name }} --kubeconfig=$HOME/.kube/config
          kubectl get nodes

      - name: clusterctl init --infrastructure aws
        run: |
          export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile --region ${{ env.AWS_REGION }})
          export EXP_EKS=true
          export EXP_MACHINE_POOL=true
          export CAPA_EKS_IAM=true
          export EXP_CLUSTER_RESOURCE_SET=true

          clusterctl init --infrastructure aws
          kubectl get deploy -A

      - name: outputs
        if: always()
        id: outputs
        run: |
          echo "CLUSTER_NAME=${{ env.cluster_name }}" >> $GITHUB_OUTPUT
          if [ "${{ job.status }}" == "success" ]; then
            echo "STATUS_EMOJI=greentick" >> $GITHUB_OUTPUT
            echo "SLACK_MESSAGE=Cluster has been provisioned successfully! You can access the UI through https://${{ env.cluster_name }}.eng-sandbox.weave.works" >> $GITHUB_OUTPUT
          elif [ "${{ job.status }}" == "failure" ]; then
            echo "STATUS_EMOJI=failed" >> $GITHUB_OUTPUT
            echo "SLACK_MESSAGE=Cluster failed to be provisioned!!" >> $GITHUB_OUTPUT
          fi

  slack-notifications:
    if: always() && startsWith(github.event.ref, 'cluster-')
    needs:
      - provision-cluster
    uses: ./.github/workflows/slack-notification.yaml
    with:
      header-text: "PROVISION CLUSTER: ${{ needs.provision-cluster.outputs.CLUSTER_NAME }} "
      message: " :${{ needs.provision-cluster.outputs.STATUS_EMOJI }}: ${{ needs.provision-cluster.outputs.SLACK_MESSAGE }}"
    secrets:
      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}