Skip to content

Commit

Permalink
cd: add gocd deployment pipeline (#108)
Browse files Browse the repository at this point in the history
  • Loading branch information
@joshuarli
joshuarli authored Dec 19, 2022
1 parent d24b41f commit 203fc98
Show file tree
Hide file tree
Showing 3 changed files with 166 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .github/workflows/lint-pipelines.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash

# gocd-cli does not catch all errors, but does catch some simple issues.
# A better solution may be: https://github.com/GaneshSPatil/gocd-mergeable

echo "GoCD YAML Linting"

find "gocd" -name "*.yaml" -type f \
-exec printf "\n🔎 Linting {}\n\t" \; \
-exec ./gocd-cli configrepo syntax --yaml --raw "{}" \;
36 changes: 36 additions & 0 deletions .github/workflows/lint-pipelines.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: Lint Deployment Pipelines

on:
pull_request:
push:
branches: [main, test-me-*]

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: cache bin
id: cache-bin
uses: actions/cache@v3
with:
path: ${HOME}/.local/bin
# Bump this key if you're changing gocd-cli versions.
key: ${{ runner.os }}-bin

- name: Install gocd-cli
run: |
# this is on github runner's PATH but it isn't created, lol
mkdir -p "${HOME}/.local/bin"
bin="${HOME}/.local/bin/gocd-cli"
curl -L -o "$bin" 'https://sentry-dev-infra-assets.storage.googleapis.com/gocd-085ab00-linux-amd64'
echo "11d517c0c0058d1204294d01bfac987c0eaf9e37ba533ad54107b0949403321e ${bin}" | sha256sum -c -
chmod +x "$bin"
- name: Lint Pipelines with gocd-cli
run: ./.github/workflows/lint-pipelines.sh
120 changes: 120 additions & 0 deletions gocd/pipelines/atlas.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
# More information on gocd-flavor YAML can be found here:
# - https://github.com/tomzo/gocd-yaml-config-plugin#pipeline
# - https://www.notion.so/sentry/GoCD-New-Service-Quickstart-6d8db7a6964049b3b0e78b8a4b52e25d
format_version: 10
pipelines:
atlas:
environment_variables:
GCP_PROJECT: internal-sentry
GKE_CLUSTER: zdpwkxst
GKE_REGION: us-central1
GKE_CLUSTER_ZONE: b
GKE_BASTION_ZONE: b
group: internal-sentry
lock_behavior: unlockWhenFinished
materials:
atlas_repo:
git: [email protected]:getsentry/atlas.git
shallow_clone: true
branch: master
destination: atlas
stages:
- preliminary-checks:
fetch_materials: true
jobs:
preliminary-checks:
elastic_profile_id: atlas
timeout: 1800
tasks:
- script: |
/devinfra/scripts/checks/googlecloud/checkcloudbuild.py \
${GO_REVISION_ATLAS_REPO} \
"${GCP_PROJECT}" \
"us.gcr.io/internal-sentry/atlas-backend"
- script: |
/devinfra/scripts/checks/googlecloud/checkcloudbuild.py \
${GO_REVISION_ATLAS_REPO} \
"${GCP_PROJECT}" \
"us.gcr.io/internal-sentry/atlas-frontend"
- atlas-canary:
fetch_materials: true
approval:
type: manual
jobs:
atlas-canary:
elastic_profile_id: atlas
timeout: 1800 # 30 mins
tasks:
- script: |
USE_GKE_GCLOUD_AUTH_PLUGIN=True \
gcloud --project "$GCP_PROJECT" \
container clusters get-credentials "$GKE_CLUSTER" \
--zone "${GKE_REGION}-${GKE_CLUSTER_ZONE}"
- script: |
tmpdir=$(mktemp -d) \
&& ssh-keygen -q -t ed25519 -N '' -f "${tmpdir}/google_compute_engine" \
&& gcloud compute ssh "dicd-gkehop-${GKE_CLUSTER}" \
--ssh-key-file="${tmpdir}/google_compute_engine" \
--tunnel-through-iap \
"--project=${GCP_PROJECT}" \
"--zone=${GKE_REGION}-${GKE_BASTION_ZONE}" \
-- -4 -L8888:127.0.0.1:8888 -N -q -f
- script: |
/devinfra/scripts/k8s/k8sdeploy.py \
--context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \
--label-selector="service=atlas,env=canary" \
--image="us.gcr.io/internal-sentry/atlas-frontend:${GO_REVISION_ATLAS_REPO}" \
--container-name="frontend"
- script: |
/devinfra/scripts/k8s/k8sdeploy.py \
--context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \
--label-selector="service=atlas,env=canary" \
--image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \
--container-name="backend"
- script: |
/devinfra/scripts/k8s/k8sdeploy.py \
--context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \
--label-selector="service=atlas,env=canary" \
--image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \
--container-name="worker"
- atlas-primary:
fetch_materials: true
approval:
type: manual
jobs:
atlas-primary:
elastic_profile_id: atlas
timeout: 1800 # 30 mins
tasks:
- script: |
USE_GKE_GCLOUD_AUTH_PLUGIN=True \
gcloud --project "$GCP_PROJECT" \
container clusters get-credentials "$GKE_CLUSTER" \
--zone "${GKE_REGION}-${GKE_CLUSTER_ZONE}"
- script: |
tmpdir=$(mktemp -d) \
&& ssh-keygen -q -t ed25519 -N '' -f "${tmpdir}/google_compute_engine" \
&& gcloud compute ssh "dicd-gkehop-${GKE_CLUSTER}" \
--ssh-key-file="${tmpdir}/google_compute_engine" \
--tunnel-through-iap \
"--project=${GCP_PROJECT}" \
"--zone=${GKE_REGION}-${GKE_BASTION_ZONE}" \
-- -4 -L8888:127.0.0.1:8888 -N -q -f
- script: |
/devinfra/scripts/k8s/k8sdeploy.py \
--context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \
--label-selector="service=atlas" \
--image="us.gcr.io/internal-sentry/atlas-frontend:${GO_REVISION_ATLAS_REPO}" \
--container-name="frontend"
- script: |
/devinfra/scripts/k8s/k8sdeploy.py \
--context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \
--label-selector="service=atlas" \
--image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \
--container-name="backend"
- script: |
/devinfra/scripts/k8s/k8sdeploy.py \
--context="gke_${GCP_PROJECT}_${GKE_REGION}-${GKE_CLUSTER_ZONE}_${GKE_CLUSTER}" \
--label-selector="service=atlas" \
--image="us.gcr.io/internal-sentry/atlas-backend:${GO_REVISION_ATLAS_REPO}" \
--container-name="worker"

0 comments on commit 203fc98

Please sign in to comment.