Aztec Metrics Stack Deployment #7

Workflow file for this run

.github/workflows/metrics-deploy.yml at 730da9a

	name: Aztec Metrics Stack Deployment

	on:
	workflow_call:
	inputs:
	cluster:
	description: The cluster to deploy to, e.g. aztec-gke-private
	required: true
	type: string
	namespace:
	description: The namespace to deploy to, e.g. metrics
	required: true
	type: string
	default: metrics
	values_file:
	description: The values file to use, e.g. prod.yaml
	required: true
	type: string
	default: "prod.yaml"
	respect_tf_lock:
	description: Whether to respect the Terraform lock
	required: false
	type: string
	default: "true"
	run_terraform_destroy:
	description: Whether to run terraform destroy before deploying
	required: false
	type: string
	default: "false"
	ref:
	description: The branch name to deploy from
	required: false
	type: string
	default: "master"
	grafana_dashboard_password_secret_name:
	description: The name of the secret which holds the Grafana dashboard password
	required: true
	type: string
	default: "grafana-dashboard-password"
	secrets:
	GCP_SA_KEY:
	required: true
	workflow_dispatch:
	inputs:
	cluster:
	description: The cluster to deploy to, e.g. aztec-gke-private
	required: true
	type: string
	namespace:
	description: The namespace to deploy to, e.g. metrics
	required: true
	default: metrics
	values_file:
	description: The values file to use, e.g. prod.yaml
	required: true
	default: "prod.yaml"
	respect_tf_lock:
	description: Whether to respect the Terraform lock
	required: false
	default: "true"
	run_terraform_destroy:
	description: Whether to run terraform destroy before deploying
	required: false
	default: "false"
	ref:
	description: The branch name to deploy from
	required: false
	default: "master"
	grafana_dashboard_password_secret_name:
	description: The name of the secret which holds the Grafana dashboard password
	required: true
	default: "grafana-dashboard-password"

	jobs:
	metrics_deployment:
	# This job will run on Ubuntu
	runs-on: ubuntu-latest
	concurrency:
	group: deploy-${{ github.ref }} # Only one job per branch
	cancel-in-progress: false # Allow previous deployment to complete to avoid corruption

	# Set up a variable based on the branch name
	env:
	NAMESPACE: ${{ inputs.namespace }}
	VALUES_FILE: ${{ inputs.values_file }}
	CHART_PATH: ./spartan/metrics
	CLUSTER_NAME: ${{ inputs.cluster }}
	REGION: us-west1-a
	TF_STATE_BUCKET: aztec-terraform
	GKE_CLUSTER_CONTEXT: "gke_testnet-440309_us-west1-a_${{ inputs.cluster }}"
	GRAFANA_DASHBOARD_PASSWORD_SECRET_NAME: ${{ inputs.grafana_dashboard_password_secret_name }}

	steps:
	- name: Checkout code
	uses: actions/checkout@v3
	with:
	ref: ${{ inputs.ref }}

	- name: Authenticate to Google Cloud
	uses: google-github-actions/auth@v2
	with:
	credentials_json: ${{ secrets.GCP_SA_KEY }}

	- name: Set up Cloud SDK
	uses: google-github-actions/setup-gcloud@v2

	- name: Install GKE Auth Plugin
	run: \|
	gcloud components install gke-gcloud-auth-plugin --quiet

	- name: Configure kubectl with GKE cluster
	run: \|
	gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }}

	- name: Grab the Grafana dashboard password
	id: get-grafana-dashboard-password
	run: \|
	echo "::add-mask::$(gcloud secrets versions access latest --secret=${{ env.GRAFANA_DASHBOARD_PASSWORD_SECRET_NAME }})"
	echo "grafana_dashboard_password=$(gcloud secrets versions access latest --secret=${{ env.GRAFANA_DASHBOARD_PASSWORD_SECRET_NAME }})" >> "$GITHUB_OUTPUT"

	- name: Ensure Terraform state bucket exists
	run: \|
	if ! gsutil ls gs://${{ env.TF_STATE_BUCKET }} >/dev/null 2>&1; then
	echo "Creating GCS bucket for Terraform state..."
	gsutil mb -l us-east4 gs://${{ env.TF_STATE_BUCKET }}
	gsutil versioning set on gs://${{ env.TF_STATE_BUCKET }}
	else
	echo "Terraform state bucket already exists"
	fi

	- name: Import Dashboard
	working-directory: ./spartan/metrics
	run: ./copy-dashboard.json

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: "1.5.0" # Specify your desired version

	- name: Terraform Init
	working-directory: ./spartan/terraform/deploy-metrics
	run: \|
	terraform init \
	-backend-config="bucket=${{ env.TF_STATE_BUCKET }}" \
	-backend-config="prefix=metrics-deploy/${{ env.REGION }}/${{ env.CLUSTER_NAME }}/${{ env.NAMESPACE }}/terraform.tfstate"

	- name: Terraform Destroy
	working-directory: ./spartan/terraform/deploy-metrics
	if: ${{ inputs.run_terraform_destroy == 'true' }}
	# Destroy fails if the resources are already destroyed, so we continue on error
	continue-on-error: true
	run: \|
	terraform destroy -target helm_release.aztec-gke-cluster -auto-approve \
	-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
	-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
	-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
	-var="GRAFANA_DASHBOARD_PASSWORD=${{ steps.get-grafana-dashboard-password.outputs.grafana_dashboard_password }}" \
	-lock=${{ inputs.respect_tf_lock }}

	- name: Terraform Plan
	working-directory: ./spartan/terraform/deploy-metrics
	run: \|
	terraform plan \
	-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
	-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
	-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
	-var="GRAFANA_DASHBOARD_PASSWORD=${{ steps.get-grafana-dashboard-password.outputs.grafana_dashboard_password }}" \
	-out=tfplan \
	-lock=${{ inputs.respect_tf_lock }}

	- name: Terraform Apply
	working-directory: ./spartan/terraform/deploy-metrics
	run: terraform apply -lock=${{ inputs.respect_tf_lock }} -auto-approve tfplan

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Aztec Metrics Stack Deployment #7

Workflow file

Aztec Metrics Stack Deployment #7

Jobs

Run details

Workflow file for this run