ci: tear-down PR dev cluster and children #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Workflow | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| defaults: | |
| run: | |
| working-directory: go/src/github.com/stackrox/infra | |
| concurrency: pr-${{ github.ref }} | |
| env: | |
| CLUSTER_NAME: infra-pr-${{ github.event.pull_request.number }} | |
| GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} | |
| jobs: | |
| destroy: | |
| runs-on: ubuntu-latest | |
| env: | |
| KUBECONFIG: /tmp/kubeconfig | |
| INFRA_TOKEN: ${{ secrets.INFRA_TOKEN }} | |
| INFRACTL: bin/infractl -k -e localhost:8443 | |
| USE_GKE_GCLOUD_AUTH_PLUGIN: "True" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| path: go/src/github.com/stackrox/infra | |
| - name: Authenticate to GCloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.INFRA_CI_AUTOMATION_GCP_SA }} | |
| - name: Set up Cloud SDK | |
| uses: "google-github-actions/setup-gcloud@v2" | |
| with: | |
| install_components: "gke-gcloud-auth-plugin" | |
| - name: Download production infractl | |
| uses: stackrox/actions/infra/install-infractl@v1 | |
| - name: Wait for cluster | |
| run: | | |
| set -xo pipefail | |
| for I in {1..60}; do | |
| ~/.local/bin/infractl get "$CLUSTER_NAME" | tee >( cat >&2 ) | grep READY && break || echo $? | |
| sleep 60 | |
| done | |
| ~/.local/bin/infractl artifacts "$CLUSTER_NAME" -d /tmp/ | |
| kubectl get nodes -o wide || true | |
| for I in {1..5}; do | |
| kubectl -n infra rollout status deploy/infra-server-deployment --timeout=300s && break || echo $? | |
| sleep 60 | |
| done | |
| - name: Download branch infractl | |
| run: | | |
| kubectl -n infra port-forward svc/infra-server-service 8443:8443 > /dev/null 2>&1 & | |
| sleep 10 | |
| kubectl -n infra logs -l app=infra-server --tail=-1 | |
| make pull-infractl-from-dev-server | |
| $INFRACTL version | |
| kill %1 | |
| - name: Destroy created clusters still running | |
| env: | |
| INFRA_TOKEN: ${{ secrets.INFRA_TOKEN_DEV }} | |
| run: | | |
| set -x | |
| kubectl -n infra port-forward svc/infra-server-service 8443:8443 > /dev/null 2>&1 & | |
| sleep 10 | |
| echo 'For 30 minutes, list and delete child clusters that are not failed.' | |
| for I in {1..30}; do | |
| $INFRACTL list --all --quiet | |
| count=0 | |
| # Continue if running or destroying | |
| for cluster in $($INFRACTL list --all --quiet --status='READY,CREATING,DESTROYING'); do | |
| echo "$(( ++count )): ${cluster}" | |
| done | |
| if [[ $count -gt 0 ]]; then | |
| echo 'Active clusters found. Deleting ...' | tee -a "$GITHUB_STEP_SUMMARY" | |
| else | |
| echo 'No active clusters found.' | |
| break | |
| fi | |
| # shellcheck disable=SC2086 | |
| for cluster in $($INFRACTL list --all --quiet --status='READY,CREATING'); do | |
| $INFRACTL get "${cluster}" \ | |
| && $INFRACTL delete "${cluster}" | |
| done \ | |
| | tee -a "$GITHUB_STEP_SUMMARY" | |
| echo "(sleep 1 minute then check again. try $I/30)" | |
| sleep 60 | |
| done | |
| kill %1 | |
| - name: Destroy PR dev cluster | |
| run: | | |
| ~/.local/bin/infractl delete "$CLUSTER_NAME" | |
| echo "Deleted PR dev cluster ${CLUSTER_NAME}" | tee -a "$GITHUB_STEP_SUMMARY" | |
| - name: Comment on PR | |
| run: | | |
| gh pr comment "${{ github.event.number }}" \ | |
| --body "Development cluster deleted." |