Skip to content

Commit

Permalink
[github-actions] use token from projected volume
Browse files Browse the repository at this point in the history 
Signed-off-by: Denis Baryshev <[email protected]>
  • Loading branch information
@dennybaa
dennybaa committed Jan 26, 2022
1 parent 5d02d65 commit 381e434
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 29 deletions.
26 changes: 17 additions & 9 deletions .github/workflows/deploy-zksync.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ jobs:
config_ref: ${{ github.event.inputs.config_ref }}
deployment_id: ${{ github.event.inputs.deployment_id || steps.deployment.outputs.deployment_id }}
environment: ${{ github.event.inputs.environment }}
kubeConf: ${{ steps.envMap.outputs.kubeConf }}
hfEnv: ${{ steps.envMap.outputs.hfEnv }}
namespace: ${{ steps.envMap.outputs.namespace }}
runner: ${{ steps.envMap.outputs.runner }}
Expand All @@ -68,13 +67,12 @@ jobs:
{
".*": {
"hfEnv": "${{ github.event.inputs.environment }}",
"kubeConf": "KUBECONF_STAGE",
"runner": "stage",
"namespace": "${{ github.event.inputs.environment }}"
},
"^rinkeby$": { "kubeConf": "KUBECONF_TESTNET", "runner": "testnet" },
"^ropsten$": { "kubeConf": "KUBECONF_TESTNET", "runner": "testnet" },
"^mainnet$": { "kubeConf": "KUBECONF_MAINNET", "runner": "mainnet", "hfEnv": "prod", "namespace": "zksync" }
"^rinkeby$": { "runner": "testnet" },
"^ropsten$": { "runner": "testnet" },
"^mainnet$": { "runner": "mainnet", "hfEnv": "prod", "namespace": "zksync" }
}
-
## For manually invoked workflow_dispatch we create a deployment event
Expand Down Expand Up @@ -111,19 +109,29 @@ jobs:
runs-on: [k8s, deployer, "${{ needs.setup.outputs.runner }}"]
container:
image: dysnix/kubectl:v1.20-gcloud

volumes:
- /var/run/secrets/tokens:/var/run/secrets/tokens
env:
DEPLOY_APPS: -l name=${{ github.event.inputs.server_release }} -l name=${{ github.event.inputs.prover_release }}
KUBECONF: ${{ secrets[needs.setup.outputs.kubeConf] }}
# Helmfile environment name
HFENV: ${{ needs.setup.outputs.hfEnv }}
IMAGE_TAG: ${{ needs.setup.outputs.image_tag }}
OUTCOMES: ${{ needs.setup.outputs.jobOutcomes }}

steps:
-
name: Create ~/.kube/config
run: mkdir -p ~/.kube && echo "$KUBECONF" | base64 -d > ~/.kube/config
id: kubeConf
run: |
kube_token=$(cat /var/run/secrets/tokens/github-actions-deployer)
echo "::add-mask::$kube_token"
echo "::set-output name=token::$kube_token"
-
name: Generate ~/.kube/config
run: |
kubectl config set-credentials user --token=${{ steps.kubeConf.outputs.token }}
kubectl config set-cluster default --server=https://kubernetes.default --insecure-skip-tls-verify=true
kubectl config set-context default --user=user --cluster=default
kubectl config use-context default
-
name: Clone helm-infra
uses: actions/checkout@v2
Expand Down
52 changes: 40 additions & 12 deletions .github/workflows/loadtest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ jobs:
image: dysnix/kubectl:v1.20-gcloud

env:
KUBECONF: ${{ secrets.STAGE_KUBECONF }}
DEPLOY_APPS: -l name=sqlproxy

outputs:
Expand All @@ -64,8 +63,18 @@ jobs:
ref: master
token: ${{ secrets.GH_TOKEN }}
-
name: Create ~/.kube/config
run: ./.github/scripts/write-kubeconf.sh
id: kubeConf
run: |
kube_token=$(cat /var/run/secrets/tokens/github-actions-deployer)
echo "::add-mask::$kube_token"
echo "::set-output name=token::$kube_token"
-
name: Generate ~/.kube/config
run: |
kubectl config set-credentials user --token=${{ steps.kubeConf.outputs.token }}
kubectl config set-cluster default --server=https://kubernetes.default --insecure-skip-tls-verify=true
kubectl config set-context default --user=user --cluster=default
kubectl config use-context default
-
name: Provision SQLProxy
working-directory: helm-infra
Expand Down Expand Up @@ -146,16 +155,26 @@ jobs:
needs: [dbsetup]
container:
image: dysnix/kubectl:v1.20-gcloud
env:
KUBECONF: ${{ secrets.STAGE_KUBECONF }}
volumes:
- /var/run/secrets/tokens:/var/run/secrets/tokens
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: deployed_contracts
-
name: Create ~/.kube/config
run: .github/scripts/write-kubeconf.sh
id: kubeConf
run: |
kube_token=$(cat /var/run/secrets/tokens/github-actions-deployer)
echo "::add-mask::$kube_token"
echo "::set-output name=token::$kube_token"
-
name: Generate ~/.kube/config
run: |
kubectl config set-credentials user --token=${{ steps.kubeConf.outputs.token }}
kubectl config set-cluster default --server=https://kubernetes.default --insecure-skip-tls-verify=true
kubectl config set-context default --user=user --cluster=default
kubectl config use-context default
-
name: Update contracts in the ConfigMap
run: .github/scripts/zksync-env.sh --update-from deployed_contracts.log
Expand Down Expand Up @@ -205,16 +224,25 @@ jobs:
needs: [dbsetup, loadtest]
container:
image: dysnix/kubectl:v1.20-gcloud
env:
KUBECONF: ${{ secrets.STAGE_KUBECONF }}

volumes:
- /var/run/secrets/tokens:/var/run/secrets/tokens
if: always()
steps:
- uses: actions/checkout@v2
- run: rm -f etc/env/${ZKSYNC_ENV}.env
-
name: Create ~/.kube/config
run: .github/scripts/write-kubeconf.sh
id: kubeConf
run: |
kube_token=$(cat /var/run/secrets/tokens/github-actions-deployer)
echo "::add-mask::$kube_token"
echo "::set-output name=token::$kube_token"
-
name: Generate ~/.kube/config
run: |
kubectl config set-credentials user --token=${{ steps.kubeConf.outputs.token }}
kubectl config set-cluster default --server=https://kubernetes.default --insecure-skip-tls-verify=true
kubectl config set-context default --user=user --cluster=default
kubectl config use-context default
-
name: Scale loadtest to 0 replicas
run: |
Expand Down
25 changes: 17 additions & 8 deletions .github/workflows/update-config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,16 @@ jobs:
{
".*": {
"hfEnv": "${{ github.event.inputs.environment }}",
"kubeConf": "KUBECONF_STAGE",
"runner": "stage",
"namespace": "${{ github.event.inputs.environment }}"
},
"^rinkeby$": { "kubeConf": "KUBECONF_TESTNET", "runner": "testnet" },
"^ropsten$": { "kubeConf": "KUBECONF_TESTNET", "runner": "testnet" },
"^mainnet$": { "kubeConf": "KUBECONF_MAINNET", "runner": "mainnet", "hfEnv": "prod", "namespace": "zksync" }
"^rinkeby$": { "runner": "testnet" },
"^ropsten$": { "runner": "testnet" },
"^mainnet$": { "runner": "mainnet", "hfEnv": "prod", "namespace": "zksync" }
}
outputs:
environment: ${{ github.event.inputs.environment }}
kubeConf: ${{ steps.envMap.outputs.kubeConf }}
hfEnv: ${{ steps.envMap.outputs.hfEnv }}
namespace: ${{ steps.envMap.outputs.namespace }}
runner: ${{ steps.envMap.outputs.runner }}
Expand All @@ -56,13 +54,24 @@ jobs:
runs-on: [k8s, deployer, "${{ needs.pre.outputs.runner }}"]
container:
image: dysnix/kubectl:v1.20-gcloud
volumes:
- /var/run/secrets/tokens:/var/run/secrets/tokens
env:
KUBECONF: ${{ secrets[needs.pre.outputs.kubeConf] }}
ENVFILE: ./compiled_envs/${{ needs.pre.outputs.environment }}.env
steps:
-
name: Create ~/.kube/config
run: mkdir -p ~/.kube && echo "$KUBECONF" | base64 -d > ~/.kube/config
id: kubeConf
run: |
kube_token=$(cat /var/run/secrets/tokens/github-actions-deployer)
echo "::add-mask::$kube_token"
echo "::set-output name=token::$kube_token"
-
name: Generate ~/.kube/config
run: |
kubectl config set-credentials user --token=${{ steps.kubeConf.outputs.token }}
kubectl config set-cluster default --server=https://kubernetes.default --insecure-skip-tls-verify=true
kubectl config set-context default --user=user --cluster=default
kubectl config use-context default
-
name: Clone configs
uses: actions/checkout@v2
Expand Down

0 comments on commit 381e434

Please sign in to comment.