GitHub-Proxy/signoz
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/SigNoz/signoz synced 2025-08-14 21:25:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(workflow): integrate with workflow identity pool (#4945)

Browse Source 
* feat(workflows): add wif workflow
* feat(workflows): add name of compute instance
* feat(workflows): fix permissions
* feat(workflows):  add an OR true since github runs with -e
* ci(testing-deployment): include GITHUB envs
* ci(testing-deployment): move GCP information to secrets
* ci(staging-deployment): wif workflow

---------

Co-authored-by: Prashant Shahi <prashant@signoz.io>
This commit is contained in:
Vibhu Pandey 2024-05-10 23:23:31 +05:30 committed by GitHub
parent 211fe4fdd5
commit 7460e650af
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 81 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
.github/workflows/staging-deployment.yaml vendored
View File

@ -9,34 +9,46 @@ jobs:
name: Deploy latest develop branch to staging name: Deploy latest develop branch to staging
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: staging environment: staging
permissions:
contents: 'read'
id-token: 'write'
steps: steps:
- name: Executing remote ssh commands using ssh key - id: 'auth'
uses: appleboy/ssh-action@v1.0.3 uses: 'google-github-actions/auth@v2'
env:
GITHUB_BRANCH: develop
GITHUB_SHA: ${{ github.sha }}
with: with:
host: ${{ secrets.HOST_DNS }} workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
username: ${{ secrets.USERNAME }} service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
key: ${{ secrets.SSH_KEY }}
envs: GITHUB_BRANCH,GITHUB_SHA - name: 'sdk'
command_timeout: 60m uses: 'google-github-actions/setup-gcloud@v2'
script: |
echo "GITHUB_BRANCH: ${GITHUB_BRANCH}" - name: 'ssh'
echo "GITHUB_SHA: ${GITHUB_SHA}" shell: bash
export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it env:
export OTELCOL_TAG="main" GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }}
export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work GITHUB_SHA: ${{ github.sha }}
docker system prune --force GCP_PROJECT: ${{ secrets.GCP_PROJECT }}
docker pull signoz/signoz-otel-collector:main GCP_ZONE: ${{ secrets.GCP_ZONE }}
docker pull signoz/signoz-schema-migrator:main GCP_INSTANCE: ${{ secrets.GCP_INSTANCE }}
cd ~/signoz run: |
git status read -r -d '' COMMAND <<EOF || true
git add . echo "GITHUB_BRANCH: ${GITHUB_BRANCH}"
git stash push -m "stashed on $(date --iso-8601=seconds)" echo "GITHUB_SHA: ${GITHUB_SHA}"
git fetch origin export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it
git checkout ${GITHUB_BRANCH} export OTELCOL_TAG="main"
git pull export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work
make build-ee-query-service-amd64 docker system prune --force
make build-frontend-amd64 docker pull signoz/signoz-otel-collector:main
make run-signoz docker pull signoz/signoz-schema-migrator:main
cd ~/signoz
git status
git add .
git stash push -m "stashed on $(date --iso-8601=seconds)"
git fetch origin
git checkout ${GITHUB_BRANCH}
git pull
make build-ee-query-service-amd64
make build-frontend-amd64
make run-signoz
EOF
gcloud compute ssh ${GCP_INSTANCE} --zone ${GCP_ZONE} --tunnel-through-iap --project ${GCP_PROJECT} --command "${COMMAND}"

68
.github/workflows/testing-deployment.yaml vendored
View File

@ -9,35 +9,47 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: testing environment: testing
if: ${{ github.event.label.name == 'testing-deploy' }} if: ${{ github.event.label.name == 'testing-deploy' }}
permissions:
contents: 'read'
id-token: 'write'
steps: steps:
- name: Executing remote ssh commands using ssh key - id: 'auth'
uses: appleboy/ssh-action@v1.0.3 uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: 'sdk'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'ssh'
shell: bash
env: env:
GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }} GITHUB_BRANCH: ${{ github.head_ref || github.ref_name }}
GITHUB_SHA: ${{ github.sha }} GITHUB_SHA: ${{ github.sha }}
with: GCP_PROJECT: ${{ secrets.GCP_PROJECT }}
host: ${{ secrets.HOST_DNS }} GCP_ZONE: ${{ secrets.GCP_ZONE }}
username: ${{ secrets.USERNAME }} GCP_INSTANCE: ${{ secrets.GCP_INSTANCE }}
key: ${{ secrets.SSH_KEY }} run: |
envs: GITHUB_BRANCH,GITHUB_SHA read -r -d '' COMMAND <<EOF || true
command_timeout: 60m echo "GITHUB_BRANCH: ${GITHUB_BRANCH}"
script: | echo "GITHUB_SHA: ${GITHUB_SHA}"
echo "GITHUB_BRANCH: ${GITHUB_BRANCH}" export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it
echo "GITHUB_SHA: ${GITHUB_SHA}" export DEV_BUILD="1"
export DOCKER_TAG="${GITHUB_SHA:0:7}" # needed for child process to access it export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work
export DEV_BUILD="1" docker system prune --force
export PATH="/usr/local/go/bin/:$PATH" # needed for Golang to work cd ~/signoz
docker system prune --force git status
cd ~/signoz git add .
git status git stash push -m "stashed on $(date --iso-8601=seconds)"
git add . git fetch origin
git stash push -m "stashed on $(date --iso-8601=seconds)" git checkout develop
git fetch origin git pull
git checkout develop # This is added to include the scenerio when new commit in PR is force-pushed
git pull git branch -D ${GITHUB_BRANCH}
# This is added to include the scenerio when new commit in PR is force-pushed git checkout --track origin/${GITHUB_BRANCH}
git branch -D ${GITHUB_BRANCH} make build-ee-query-service-amd64
git checkout --track origin/${GITHUB_BRANCH} make build-frontend-amd64
make build-ee-query-service-amd64 make run-signoz
make build-frontend-amd64 EOF
make run-signoz gcloud compute ssh ${GCP_INSTANCE} --zone ${GCP_ZONE} --tunnel-through-iap --project ${GCP_PROJECT} --command "${COMMAND}"