-
Notifications
You must be signed in to change notification settings - Fork 1
111 lines (98 loc) · 4.41 KB
/
deploy-lts-prow.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Deploy AKS LTS Prow
on:
push:
branches: [ main ]
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
Deploy_AKS_LTS_Prow:
runs-on: ubuntu-latest
environment: production
env:
GITHUB_APP_ID: ${{ vars.APP_ID }}
GITHUB_ORG: ${{ vars.ORG }}
GITHUB_REPO: ${{ vars.REPO }}
HMAC_TOKEN: ${{ secrets.HMAC_TOKEN }}
MINIO_CONSOLE_PORT: 8003
K8S_PROW_IMAGE_TAG: v20230714-b138fd6e05
KUBEKINS_E2E_TAG: v20230703-e6ae5b372a-master
steps:
- name: Generate fake mount secret
run: |
FAKE_MOUNT_SECRET=$(echo '{"account":"fake","password":"fake"}' | base64)
echo "::add-mask::$FAKE_MOUNT_SECRET"
echo "FAKE_MOUNT_SECRET=$FAKE_MOUNT_SECRET" >> "$GITHUB_ENV"
- name: Check out repo
uses: actions/checkout@v3
- name: Azure login
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Prow cluster Bicep
id: bicep
uses: azure/arm-deploy@v1
with:
subscriptionId: ${{ vars.AZURE_SUBSCRIPTION }}
resourceGroupName: ${{ vars.AZURE_RG }}
template: ./config/prow/cluster/prow-cluster.bicep
failOnStdErr: false
- name: Fetch config
run: |
echo "PROW_HOST=${{ steps.bicep.outputs.prowHostName }}" >> "$GITHUB_ENV"
AZURE_STORAGE_ACCOUNT_USER=${{ steps.bicep.outputs.storageAccountName }}
echo "::add-mask::$AZURE_STORAGE_ACCOUNT_USER"
echo "AZURE_STORAGE_ACCOUNT_USER=$AZURE_STORAGE_ACCOUNT_USER" >> "$GITHUB_ENV"
PUBLIC_IP_NAME=${{ steps.bicep.outputs.publicIpName }}
echo "::add-mask::$PUBLIC_IP_NAME"
echo "PUBLIC_IP_NAME=$PUBLIC_IP_NAME" >> "$GITHUB_ENV"
PUBLIC_IP_ADDRESS=${{ steps.bicep.outputs.publicIpAddress }}
echo "::add-mask::$PUBLIC_IP_ADDRESS"
echo "PUBLIC_IP_ADDRESS=$PUBLIC_IP_ADDRESS" >> "$GITHUB_ENV"
- name: Fetch storage key
id: fetch-storage-key
run: |
AZURE_STORAGE_ACCOUNT_PASSWORD=$(az storage account keys list -g ${{ vars.AZURE_RG }} -n ${{ steps.bicep.outputs.storageAccountName }} | jq -r '.[0].value')
echo "::add-mask::$AZURE_STORAGE_ACCOUNT_PASSWORD"
echo "AZURE_STORAGE_ACCOUNT_PASSWORD=$AZURE_STORAGE_ACCOUNT_PASSWORD" >> "$GITHUB_ENV"
- name: Install Kubectl
uses: azure/setup-kubectl@v3
- name: Set AKS cluster context
uses: azure/aks-set-context@v3
with:
resource-group: ${{ vars.AZURE_RG }}
cluster-name: ${{ steps.bicep.outputs.aksClusterName }}
admin: true
- name: 'Apply Prow base manifests'
run: |
kubectl apply -f config/prow/k8s/base/ns.yaml
envsubst < config/prow/k8s/base/contour.yaml > contour.yaml
kubectl apply -f contour.yaml
env:
AZURE_RG: ${{ vars.AZURE_RG }}
- name: 'Create GitHub Token secrets'
run: |
echo "${{ secrets.APP_PRIVATE_KEY }}" > cert.pem
kubectl create secret generic github-token -n prow --from-file=cert=cert.pem --from-literal=appid=$GITHUB_APP_ID -o yaml --dry-run=client | kubectl apply -f -
kubectl create secret generic github-token -n test-pods --from-file=cert=cert.pem --from-literal=appid=$GITHUB_APP_ID -o yaml --dry-run=client | kubectl apply -f -
rm cert.pem
- name: 'Create job configs'
run: |
envsubst < config/prow/release-branch-jobs/base.yaml > cm.yaml
envsubst < config/prow/release-branch-jobs/1.24.yaml >> cm.yaml
envsubst < config/prow/release-branch-jobs/1.25.yaml >> cm.yaml
kubectl create configmap config -n prow --from-file=config.yaml=cm.yaml -o yaml --dry-run=client | kubectl apply -f -
rm cm.yaml
- name: 'Apply Prowjob CRD'
run: for f in config/prow/k8s/prowjob/*.yaml; do kubectl apply --server-side=true -f $f; done
- name: 'Apply Prow app manifests'
run: for f in config/prow/k8s/app/*.yaml; do envsubst < $f | kubectl apply -f -; done
env:
AZURE_RG: ${{ vars.AZURE_RG }}
- name: 'Apply test pod manifests'
run: for f in config/prow/k8s/test-pods/*.yaml; do envsubst < $f | kubectl apply -f -; done
env:
AZURE_RG: ${{ vars.AZURE_RG }}