Change QA deploy SP & Re-enable feature branch deploy (#1358)

2021-12-23 06:14:10 -08:00 · 2021-12-23 06:14:10 -08:00 · a71ce448f4
parent bc82ae961e
commit a71ce448f4
3 changed files with 47 additions and 48 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -55,7 +55,7 @@ jobs:

      - name: Cache npm
        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
        with:
          path: "~/.npm"
          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
@ -82,7 +82,7 @@ jobs:
          zip -r web-$_VERSION-selfhosted-open-source.zip build

      - name: Upload build artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.3
        with:
          name: web-${{ env._VERSION }}-selfhosted-open-source.zip
          path: ./web-${{ env._VERSION }}-selfhosted-open-source.zip
@ -102,7 +102,7 @@ jobs:

      - name: Cache npm
        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
        with:
          path: "~/.npm"
          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
@ -129,7 +129,7 @@ jobs:
          zip -r web-$_VERSION-cloud-COMMERCIAL.zip build

      - name: Upload build artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.3
        with:
          name: web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
          path: ./web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
@ -149,7 +149,7 @@ jobs:

      - name: Cache npm
        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
        with:
          path: "~/.npm"
          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
@ -191,7 +191,7 @@ jobs:
          zip -r web-$_VERSION-selfhosted-COMMERCIAL.zip build

      - name: Upload build artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.3
        with:
          name: web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip
          path: ./web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip
@ -255,7 +255,7 @@ jobs:

      - name: Cache npm
        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
        with:
          path: "~/.npm"
          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
@ -304,21 +304,21 @@ jobs:
          docker --version
          docker build -t bitwardenqa.azurecr.io/web .

-      # - name: Get image tag
-      #   id: image-tag
-      #   run: |
-      #     IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
-      #     TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }}
+      - name: Get image tag
+        id: image-tag
+        run: |
+          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")
+          TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }}

-      #     if [[ $TAG_EXTENSION ]]; then
-      #       IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
-      #     fi
-      #     echo "::set-output name=value::$IMAGE_TAG"
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi
+          echo "::set-output name=value::$IMAGE_TAG"

-      # - name: Tag image
-      #   env:
-      #     IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
-      #   run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+      - name: Tag image
+        env:
+          IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
+        run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG"

      - name: Tag dev
        if: github.ref == 'refs/heads/master'
@ -327,10 +327,10 @@ jobs:
      - name: List Docker images
        run: docker images

-      # - name: Push image
-      #   env:
-      #     IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
-      #   run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+      - name: Push image
+        env:
+          IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
+        run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG"

      - name: Push dev images
        if: github.ref == 'refs/heads/master'
@ -353,7 +353,7 @@ jobs:

      - name: Cache npm
        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
        with:
          path: "~/.npm"
          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
@ -401,7 +401,7 @@ jobs:
      _CROWDIN_PROJECT_ID: "308189"
    steps:
      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4

      - name: Login to Azure
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
@ -416,7 +416,7 @@ jobs:
          secrets: "crowdin-api-token"

      - name: Upload Sources
-        uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2
+        uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea  # v1.3.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
@ -485,7 +485,7 @@ jobs:
          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure
-        uses: act10ns/slack@e4e71685b9b239384b0f676a63c32367f59c2522 # v1.2.2
+        uses: act10ns/slack@e4e71685b9b239384b0f676a63c32367f59c2522  # v1.2.2
        if: failure()
        env:
          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@ -15,7 +15,7 @@ jobs:
      _CROWDIN_PROJECT_ID: "308189"
    steps:
      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4

      - name: Login to Azure
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
@ -30,7 +30,7 @@ jobs:
          secrets: "crowdin-api-token"

      - name: Download translations
-        uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea # v1.3.2
+        uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea  # v1.3.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
--- a/.github/workflows/qa-deploy.yml
+++ b/.github/workflows/qa-deploy.yml
@ -9,8 +9,8 @@ on:
        required: false

 env:
-  _QA_CLUSTER_RESOURCE_GROUP: "bitwarden-devops"
-  _QA_CLUSTER_NAME: "dev-aks"
+  _QA_CLUSTER_RESOURCE_GROUP: "bw-env-qa"
+  _QA_CLUSTER_NAME: "bw-aks-qa"
  _QA_K8S_NAMESPACE: "bw-qa"
  _QA_K8S_APP_NAME: "bw-web"

@ -35,37 +35,36 @@ jobs:
        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
        with:
          keyvault: "bitwarden-qa-kv"
-          secrets: "dev-aks-kubectl-credentials"
+          secrets: "qa-aks-kubectl-credentials"

-      - name: Login to dev-aks-kubectl SP
+      - name: Login with qa-aks-kubectl-credentials SP
        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
        with:
-          creds: ${{ env.dev-aks-kubectl-credentials }}
+          creds: ${{ env.qa-aks-kubectl-credentials }}

      - name: Setup AKS access
-        env:
-          USER_ID: ${{ env.qa-kubectl-managed-identity-clientId }}
+        #env:
+        #  USER_ID: ${{ env.qa-kubectl-managed-identity-clientId }}
        run: |
          echo "---az install---"
          az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin
          echo "---az get-creds---"
          az aks get-credentials -n $_QA_CLUSTER_NAME -g $_QA_CLUSTER_RESOURCE_GROUP

-      # - name: Get image tag
-      #   id: image_tag
-      #   run: |
-      #     IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
-      #     TAG_EXTENSION=${{ github.event.inputs.image_extension }}
+      - name: Get image tag
+        id: image_tag
+        run: |
+          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")
+          TAG_EXTENSION=${{ github.event.inputs.image_extension }}

-      #     if [[ $TAG_EXTENSION ]]; then
-      #       IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
-      #     fi
-      #     echo "::set-output name=value::$IMAGE_TAG"
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi
+          echo "::set-output name=value::$IMAGE_TAG"

      - name: Deploy Web image
        env:
-          # IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
-          IMAGE_TAG: dev
+          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
        run: |
          kubectl set image -n $_QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record
          kubectl rollout restart -n $_QA_K8S_NAMESPACE deployment/web