-
Notifications
You must be signed in to change notification settings - Fork 32
84 lines (75 loc) · 3.11 KB
/
deploy-aws-hub.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: Deploy AWS Hub
on:
push:
branches:
- staging
- prod
paths:
- 'deployments/icesat2/config/**'
- 'deployments/icesat2/image/**'
- 'deployments/icesat2/secrets/**'
- 'deployments/icesat2/hubploy.yaml'
- 'pangeo-deploy/**'
- '.github/workflows/deploy-aws-hub.yaml'
env:
HELM_EXECUTABLE: /usr/local/bin/helm3
jobs:
deploy_aws:
name: Deploy AWS Hub
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Unlock git-crypt Secrets
uses: docker://yuvipanda/hubploy:20200826083951674280
env:
GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }}
with:
entrypoint: /bin/bash
args: -c "echo ${GIT_CRYPT_KEY} | base64 -d | git crypt unlock - && git crypt status"
- name: Push AWS Image with matching git commit tag
uses: docker://yuvipanda/hubploy:20200826083951674280
with:
args: build icesat2 --check-registry --push
- name: Setup Helm
run: |
curl https://get.helm.sh/helm-v3.4.1-linux-amd64.tar.gz | tar -xzf -
sudo mv linux-amd64/helm $HELM_EXECUTABLE
helm3 version
helm3 repo add jupyterhub https://jupyterhub.github.io/helm-chart/
helm3 repo add dask https://helm.dask.org/
helm3 repo add dask-gateway https://dask.org/dask-gateway-helm-repo/
helm3 repo add stable https://charts.helm.sh/stable
#for prometheus & grafana
#helm3 repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm3 repo update
- name: Add Runner IP to EKS Kubernetes API Whitelist
uses: docker://yuvipanda/hubploy:20200826083951674280
with:
entrypoint: /bin/bash
args: >
-c "export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt &&
RUNNERIP=`curl --silent https://checkip.amazonaws.com` &&
aws --version &&
aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${RUNNERIP}/32 > /dev/null &&
sleep 120"
- name: Deploy AWS Staging Hub
uses: docker://yuvipanda/hubploy:20200826083951674280
if: github.ref == 'refs/heads/staging'
with:
args: deploy icesat2 pangeo-deploy staging --timeout 1200s --cleanup-on-fail
- name: Deploy AWS Prod Hub
uses: docker://yuvipanda/hubploy:20200826083951674280
if: github.ref == 'refs/heads/prod'
with:
args: deploy icesat2 pangeo-deploy prod --timeout 1200s --cleanup-on-fail
- name: Revert to Original EKS IP Whitelist
uses: docker://yuvipanda/hubploy:20200826083951674280
if: always()
env:
AWS_IP_WHITELIST: ${{ secrets.AWS_IP_WHITELIST }}
with:
entrypoint: /bin/bash
args: >
-c "export AWS_SHARED_CREDENTIALS_FILE=./deployments/icesat2/secrets/aws-config.txt &&
aws eks update-cluster-config --region us-west-2 --name pangeo --resources-vpc-config publicAccessCidrs=${AWS_IP_WHITELIST} > /dev/null"