Skip to content

Commit

Permalink
Merge branch 'release-v1.4.0' of github.com:opencrvs/opencrvs-farajal…
Browse files Browse the repository at this point in the history 
…and into release-v1.4.0
  • Loading branch information
@rikukissa
rikukissa committed Jan 26, 2024
2 parents c19f7ae + 342a74a commit 97ecad3
Show file tree
Hide file tree
Showing 19 changed files with 1,279 additions and 629 deletions.
73 changes: 42 additions & 31 deletions .github/workflows/deploy-prod.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,44 +95,55 @@ jobs:
sleep 10
done
- name: Export all secrets and environment variables
run: |
cd ./${{ github.event.repository.name }}
SECRETS_JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(secrets) }}
EOF)
#
# Secrets & variables with newlines are filtered out automatically
# This includes SSH_KEY and KNOWN_HOSTS
#
while IFS= read -r secret; do
echo "$secret" >> .env.${{ github.event.inputs.environment }}
done < <(
jq -r '
to_entries |
map(
select(.value | test("\n") | not) |
"\(.key)=\"\(.value)\""
) |
.[]' <<< "$SECRETS_JSON_WITH_NEWLINES"
)
VARS_JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(vars) }}
EOF)
while IFS= read -r var; do
echo "$var" >> .env.${{ github.event.inputs.environment }}
done < <(
jq -r '
to_entries |
map(
select(.value | test("\n") | not) |
"\(.key)=\"\(.value)\""
) |
.[]' <<< "$VARS_JSON_WITH_NEWLINES"
)
- name: Deploy to ${{ github.event.inputs.environment }}
env:
DOMAIN: ${{ vars.DOMAIN }}
REPLICAS: ${{ vars.REPLICAS }}
NOTIFICATION_TRANSPORT: ${{ vars.NOTIFICATION_TRANSPORT }}
SMTP_PORT: ${{ secrets.SMTP_PORT }}
SMTP_HOST: ${{ secrets.SMTP_HOST }}
SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
SMTP_SECURE: ${{ secrets.SMTP_SECURE }}
ALERT_EMAIL: ${{ secrets.ALERT_EMAIL }}
DOCKERHUB_ACCOUNT: ${{ secrets.DOCKERHUB_ACCOUNT }}
DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_REPO }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
KIBANA_USERNAME: ${{ secrets.KIBANA_USERNAME }}
KIBANA_PASSWORD: ${{ secrets.KIBANA_PASSWORD }}
MONGODB_ADMIN_USER: ${{ secrets.MONGODB_ADMIN_USER }}
MONGODB_ADMIN_PASSWORD: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
ELASTICSEARCH_SUPERUSER_PASSWORD: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
MINIO_ROOT_USER: ${{ secrets.MINIO_ROOT_USER }}
MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }}
INFOBIP_SENDER_ID: ${{ secrets.INFOBIP_SENDER_ID }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
INFOBIP_GATEWAY_ENDPOINT: ${{ secrets.INFOBIP_GATEWAY_ENDPOINT }}
INFOBIP_API_KEY: ${{ secrets.INFOBIP_API_KEY }}
SENDER_EMAIL_ADDRESS: ${{ secrets.SENDER_EMAIL_ADDRESS }}
SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}
SSH_ARGS: ${{ vars.SSH_ARGS }}
run: |
cd ./${{ github.event.repository.name }}
yarn deploy \
--clear_data=no \
--environment=${{ github.event.inputs.environment }} \
--host=${{ env.DOMAIN }} \
--host=${{ vars.DOMAIN }} \
--ssh_host=${{ secrets.SSH_HOST }} \
--ssh_user=${{ secrets.SSH_USER }} \
--version=${{ github.event.inputs.core-image-tag }} \
--country_config_version=${{ github.event.inputs.countryconfig-image-tag }} \
--replicas=${{ env.REPLICAS }}
--replicas=${{ vars.REPLICAS }}
106 changes: 43 additions & 63 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,85 +97,65 @@ jobs:
sleep 10
done
- name: Export all secrets and environment variables
run: |
cd ./${{ github.event.repository.name }}
SECRETS_JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(secrets) }}
EOF)
#
# Secrets & variables with newlines are filtered out automatically
# This includes SSH_KEY and KNOWN_HOSTS
#
while IFS= read -r secret; do
echo "$secret" >> .env.${{ github.event.inputs.environment }}
done < <(
jq -r '
to_entries |
map(
select(.value | test("\n") | not) |
"\(.key)=\"\(.value)\""
) |
.[]' <<< "$SECRETS_JSON_WITH_NEWLINES"
)
VARS_JSON_WITH_NEWLINES=$(cat<<EOF
${{ toJSON(vars) }}
EOF)
while IFS= read -r var; do
echo "$var" >> .env.${{ github.event.inputs.environment }}
done < <(
jq -r '
to_entries |
map(
select(.value | test("\n") | not) |
"\(.key)=\"\(.value)\""
) |
.[]' <<< "$VARS_JSON_WITH_NEWLINES"
)
- name: Deploy to ${{ github.event.inputs.environment }}
id: deploy
continue-on-error: ${{ github.event.inputs.debug == true }}
env:
DOMAIN: ${{ vars.DOMAIN }}
REPLICAS: ${{ vars.REPLICAS }}
NOTIFICATION_TRANSPORT: ${{ vars.NOTIFICATION_TRANSPORT }}
SMTP_PORT: ${{ secrets.SMTP_PORT }}
SMTP_HOST: ${{ secrets.SMTP_HOST }}
SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
SMTP_SECURE: ${{ secrets.SMTP_SECURE }}
ALERT_EMAIL: ${{ secrets.ALERT_EMAIL }}
DOCKERHUB_ACCOUNT: ${{ secrets.DOCKERHUB_ACCOUNT }}
DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_REPO }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
KIBANA_USERNAME: ${{ secrets.KIBANA_USERNAME }}
KIBANA_PASSWORD: ${{ secrets.KIBANA_PASSWORD }}
MONGODB_ADMIN_USER: ${{ secrets.MONGODB_ADMIN_USER }}
MONGODB_ADMIN_PASSWORD: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
ELASTICSEARCH_SUPERUSER_PASSWORD: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
MINIO_ROOT_USER: ${{ secrets.MINIO_ROOT_USER }}
MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }}
INFOBIP_SENDER_ID: ${{ secrets.INFOBIP_SENDER_ID }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
INFOBIP_GATEWAY_ENDPOINT: ${{ secrets.INFOBIP_GATEWAY_ENDPOINT }}
INFOBIP_API_KEY: ${{ secrets.INFOBIP_API_KEY }}
WIREGUARD_ADMIN_PASSWORD: ${{ secrets.WIREGUARD_ADMIN_PASSWORD }}
SENDER_EMAIL_ADDRESS: ${{ secrets.SENDER_EMAIL_ADDRESS }}
SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
SSH_ARGS: ${{ vars.SSH_ARGS }}
CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}
run: |
cd ./${{ github.event.repository.name }}
yarn deploy \
--clear_data=no \
--environment=${{ github.event.inputs.environment }} \
--host=${{ env.DOMAIN }} \
--host=${{ vars.DOMAIN }} \
--ssh_host=${{ secrets.SSH_HOST }} \
--ssh_user=${{ secrets.SSH_USER }} \
--version=${{ github.event.inputs.core-image-tag }} \
--country_config_version=${{ github.event.inputs.countryconfig-image-tag }} \
--replicas=${{ env.REPLICAS }}
--replicas=${{ vars.REPLICAS }}
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event.inputs.debug == true }}
env:
DOMAIN: ${{ vars.DOMAIN }}
REPLICAS: ${{ vars.REPLICAS }}
NOTIFICATION_TRANSPORT: ${{ vars.NOTIFICATION_TRANSPORT }}
SMTP_PORT: ${{ secrets.SMTP_PORT }}
SMTP_HOST: ${{ secrets.SMTP_HOST }}
SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
SMTP_SECURE: ${{ secrets.SMTP_SECURE }}
ALERT_EMAIL: ${{ secrets.ALERT_EMAIL }}
DOCKERHUB_ACCOUNT: ${{ secrets.DOCKERHUB_ACCOUNT }}
DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_REPO }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
KIBANA_USERNAME: ${{ secrets.KIBANA_USERNAME }}
KIBANA_PASSWORD: ${{ secrets.KIBANA_PASSWORD }}
MONGODB_ADMIN_USER: ${{ secrets.MONGODB_ADMIN_USER }}
MONGODB_ADMIN_PASSWORD: ${{ secrets.MONGODB_ADMIN_PASSWORD }}
ELASTICSEARCH_SUPERUSER_PASSWORD: ${{ secrets.ELASTICSEARCH_SUPERUSER_PASSWORD }}
MINIO_ROOT_USER: ${{ secrets.MINIO_ROOT_USER }}
MINIO_ROOT_PASSWORD: ${{ secrets.MINIO_ROOT_PASSWORD }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
WIREGUARD_ADMIN_PASSWORD: ${{ secrets.WIREGUARD_ADMIN_PASSWORD }}
INFOBIP_SENDER_ID: ${{ secrets.INFOBIP_SENDER_ID }}
INFOBIP_GATEWAY_ENDPOINT: ${{ secrets.INFOBIP_GATEWAY_ENDPOINT }}
INFOBIP_API_KEY: ${{ secrets.INFOBIP_API_KEY }}
SENDER_EMAIL_ADDRESS: ${{ secrets.SENDER_EMAIL_ADDRESS }}
SUPER_USER_PASSWORD: ${{ secrets.SUPER_USER_PASSWORD }}
SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_ARGS: ${{ vars.SSH_ARGS }}
CONTENT_SECURITY_POLICY_WILDCARD: ${{ vars.CONTENT_SECURITY_POLICY_WILDCARD }}

reset:
needs: deploy
if: ${{ github.event.inputs.reset == 'true' && needs.deploy.outputs.outcome == 'success' }}
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/provision.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
name: Provision environment
run-name: Provision ${{ github.event.inputs.environment }}
on:
push:
branches:
- release-v1.4.0
workflow_dispatch:
inputs:
environment:
Expand Down
12 changes: 11 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
# Changelog

## [1.4.0](https://github.com/opencrvs/opencrvs-countryconfig/compare/v1.3.2...v1.4.0) (TBD)
## [1.4.0](https://github.com/opencrvs/opencrvs-countryconfig/compare/v1.3.3...v1.4.0) (TBD)

- Adds examples of configuring HTTP-01, DNS-01 and manual HTTPS certificates By default development & QA uses HTTP-01 and others DNS-01.
- All secrets & variables defined in Github Secrets are now passed automatically to the deployment script
- Make VPN_HOST_ADDRESS variable required for staging and production installations. This is to verify deployments are not publicly accessible on public internet.

### Bug fixes

See [Releases](https://github.com/opencrvs/opencrvs-countryconfig/releases) for release notes of older releases.

## [1.3.3](https://github.com/opencrvs/opencrvs-countryconfig/compare/v1.3.2...v1.3.3) (TBD)

### Breaking changes

Expand Down
Loading

0 comments on commit 97ecad3

Please sign in to comment.