Launch feature deploy

.travis.yml

@@ -13,68 +13,42 @@ cache:
     - admin/node_modules
     - client/node_modules
 
-# If you want to use multi branch deployment or branch naming, set MULTI_BRANCH value to 1 and set your DEPLOYMENT_BRANCH.
-# Don't forget to change the repo name to fit your needs.
-# If you need explanation about Parameter expansion, just see https://www.gnu.org/software/bash/manual/html_node/Shell-Parameter-Expansion.html
-# TODO change the name of the service account to CI_SERVICE_ACCOUNT here, in GCP and in CI repositories env var in order to improve reusability and be able to use before_install.sh script in before_install stage.
+# The RELEASE is the name of the branch in lowercase, with slashes converted to dashes (i.e: feature/deploy => feature-deploy).
 env:
   global:
-    - BRANCH=${TRAVIS_BRANCH}
-    - BRANCH=`echo $BRANCH | sed -E "s/\//-/g"`
-    - BRANCH=${BRANCH,,}
-
-# Check that all needed travis environment variables are set.
-# When working in dev branchs we don't want to override the master builds so we need to define à DEV_ADMIN_BUCKET and a DEV_CLIENT_BUCKET.
-# If you really want branch naming, you can instead create buckets on the fly using subdomains e.g  gs://${BRANCH}.you-domain.com
-before_install:
-  - source ./ci/.env
-  - nvm install node
-  - ./ci/before_install.sh
+    - BRANCH=$TRAVIS_BRANCH
+    - RELEASE=`echo $BRANCH | sed -E "s/\//-/g" | sed -e 's/\(.*\)/\L\1/'`
+    - NAMESPACE=$RELEASE
 
 before_script:
   - phpenv config-rm xdebug.ini
   - sudo service mysql stop
   - sudo service postgresql stop
   - curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash -s -- --version v2.11.0;
+  - nvm install node
   - npm install -g react-scripts
   - while sudo lsof -Pi :5432 -sTCP:LISTEN -t; do sleep 1; done
 
 script:
   #- ./ci/test.sh
   - echo 'skipped'
 
-# Get kubectl and make it executable
+before_install:
+  - source ./ci/.env
+  - source ./ci/before_deploy.sh
+
 # Create the travis service account access file from travis environment variables
 # Connect to the project as travis service account by gcloud using the travis service account access file we just created above and configure project.
 # Create the needed bucket in which to push builds.
-before_deploy:
-  - ./ci/before_deploy.sh
-  - |
-    if [[ "${MULTI_BRANCH}" == "0" && "${CURRENT_CI}" == "travis" ]]; then
-      gsutil mb -p ${PROJECT_ID} -l eu gs://${ADMIN_BUCKET} || echo "Admin bucket exists";
-      gsutil mb -p ${PROJECT_ID} -l eu gs://${CLIENT_BUCKET} || echo "Client bucket exists";
-    elif [[ "${CURRENT_CI}" == "travis" ]]
-    then
-      gsutil mb -p ${PROJECT_ID} -l eu gs://${DEV_ADMIN_BUCKET} || echo "Dev admin bucket exists"
-      gsutil mb -p ${PROJECT_ID} -l eu gs://${DEV_CLIENT_BUCKET} || echo "Dev client bucket exists"
-    fi;
-    npm install --global "@clarketm/jwt-cli"
-
 # Deploy images and buckets according to the current context, create or update Kubenetes release with updated informations.
 deploy:
   - provider: script
     script: bash ci/deploy.sh
     skip_cleanup: true
     on:
-      branch: ${DEPLOYMENT_BRANCH}
-      repo: ${REPOSITORY}
-      condition: "$MULTI_BRANCH == 0 && $TRAVIS_PULL_REQUEST == 'false' && $CURRENT_CI == 'travis'"
-  - provider: script
-    script: bash ci/deploy.sh
-    skip_cleanup: true
-    on:
-      repo: ${REPOSITORY}
-      condition: "$MULTI_BRANCH == 1 && $CURRENT_CI == 'travis'"
+      all_branches: true
+      repo: $REPOSITORY
+      condition: "$CURRENT_CI == 'travis' && ($MULTI_BRANCH == 1 || $TRAVIS_BRANCH == $DEPLOYMENT_BRANCH)"
 #  - provider: gcs
 #    access_key_id:
 #      secure: eSJfigRfZp7bwMBT61tes4NZZR5UnPSACWuD3seeLyMMflvfEiQBT30kMyQkcIA19cYUWuzCmdaUDGuphj8KrkPOfIqoPaG5ZM/zFbjgtJs3nNmpMt2GW/y5YFSqJR7ha0TYCUpPq9UonxEB/sdcifS7JRS0PmeEotZbcKMGmiCzDnFR8fNbDC1w1XZEfFoV+xtBYJCCDsZpPVjt+GXI+3OX31qnRCMv89aPU2lgmbUaF3oM+Bxc+9jQPEUmMKzOXt1AlIscJgkjyOIPTU9R1TsYtSNGzCxhEj2EtBdbtr2SKLdvJCaxABDtg6c0DOZSRSB5FP2kjLXm2TmtnFyn04R2RS7Cp3F5tueSpiK/51rI6oPc66OYMtWSINMhQzzWTiAdkBx2sekO9InbBgJMJgbcWt5nRvtzS/4mbCiDJxM+H4LuJHaqeCdDqZ51M1mf1HBh0diKIEn0o86fzUlPBtLZBLo/PCqGsJnLF+7VkG0AHExuJCSx8QHXfvP40+D3LtameHopx0lK+L8CMWwRzGJ5SDzzpfqoWZxwyzZjEvLzOdChWRb9jqPQDC1H48SFhsQt/eiwz0ZQq4v8I8DqQ3NkECYBoVgO7ozGN/pnqYK3i8xRnA47dGvSZrxQB32Eq0mkF6s8Rk7Xt6dI5ppNqdzjrCK2ZWijcGjBIQ769gQ=

api/helm/api/templates/configmap.yaml

@@ -8,12 +8,12 @@ metadata:
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
 data:
-  env: {{ .Values.env | quote }}
-  debug: {{ .Values.debug | quote }}
-  cors-allow-origin: {{ .Values.corsAllowOrigin | quote }}
+  env: {{ .Values.php.env | quote }}
+  debug: {{ .Values.php.debug | quote }}
+  cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }}
   varnish-url: {{ if .Values.varnish.enabled }}http://varnish{{ else }}{{ .Values.varnish.url | quote }}{{ end }}
-  trusted-hosts: {{ .Values.trustedHosts | quote }}
-  trusted-proxies: {{ join "," .Values.trustedProxies }}
+  trusted-hosts: {{ .Values.php.trustedHosts | quote }}
+  trusted-proxies: {{ join "," .Values.php.trustedProxies }}
   mercure-acmeHosts: {{ .Values.mercure.acmeHosts | quote }}
   mercure-allowAnonymous: {{ .Values.mercure.allowAnonymous | quote }}
   mercure-corsAllowedOrigins: {{ .Values.mercure.corsAllowedOrigins | quote }}

api/helm/api/templates/ingress.yaml

@@ -7,27 +7,28 @@ metadata:
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+  {{- with .Values.ingress.annotations }}
   annotations:
-    {{- range $key, $value := .Values.ingress.annotations }}
-      {{ $key }}: {{ $value | quote }}
-    {{- end }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
-  rules:
-  - host: {{ .Values.hostname }}
-    http:
-      paths:
-      - path: /*
-        backend:
-          serviceName: {{ if .Values.varnish.enabled }}varnish{{ else }}api{{ end }}
-          servicePort: 80
-  - host: {{ .Values.mercure.hostname }}
-    http:
-      paths:
-      - path: /*
-        backend:
-          serviceName: mercure
-          servicePort: 80
-  {{- if .Values.ingress.tls }}
+{{- if .Values.ingress.tls }}
   tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
-  {{- end -}}
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ .host | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          - path: /*
+            backend:
+              serviceName: {{ .serviceName }}
+              servicePort: {{ .servicePort | default 80 }}
+  {{- end }}

api/helm/api/templates/secrets.yaml

@@ -11,14 +11,12 @@ metadata:
 type: Opaque
 data:
   {{ if .Values.postgresql.enabled }}
-  database-url: {{ printf "pgsql://%s:%s@%s/%s?serverVersion=9.6" .Values.postgresql.postgresUser .Values.postgresql.postgresPassword $postgresqlServiceName .Values.postgresql.postgresDatabase | b64enc | quote }}
+  database-url: {{ printf "pgsql://%s:%s@%s/%s?serverVersion=9.6" .Values.postgresql.postgresqlUsername .Values.postgresql.postgresqlPassword $postgresqlServiceName .Values.postgresql.postgresqlDatabase | b64enc | quote }}
   {{ else }}
   database-url: {{ .Values.postgresql.url | b64enc | quote }}
   {{ end }}
-  secret: {{ .Values.secret | default (randAlphaNum 40) | b64enc | quote }}
+  secret: {{ .Values.php.secret | default (randAlphaNum 40) | b64enc | quote }}
   mercure-jwt: {{ .Values.php.mercure.jwt | b64enc | quote }}
   mercure-jwtKey: {{ .Values.mercure.jwtKey | b64enc | quote }}
   mercure-publisherJwtKey: {{ .Values.mercure.jwtKey | b64enc | quote }}
   mercure-subscriberJwtKey: {{ .Values.mercure.jwtKey | b64enc | quote }}
-  cloudflare-api-key: {{ .Values.externaldns.cloudflare.apiKey | b64enc | quote }}
-  cloudflare-api-email: {{ .Values.externaldns.cloudflare.apiEmail | b64enc | quote }}

api/helm/api/values.yaml

@@ -2,13 +2,19 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-env: prod
-debug: '0'
-secret: ""
-corsAllowOrigin: "^https?://.*?\\.api-platform\\.com$"
-trustedHosts: "^.*\\.api\\-platform\\.com$"
-hostname: demo.api-platform.com
-trustedProxies:
+php:
+  repository: eu.gcr.io/api-platform-demo-210115/php
+  tag: latest
+  pullPolicy: Always
+  replicaCount: 1
+  mercure:
+    jwt: ""
+  env: prod
+  debug: '0'
+  secret: ""
+  corsAllowOrigin: "^https?://.*?\\.api-platform\\.com$"
+  trustedHosts: "^.*\\.api\\-platform\\.com$"
+  trustedProxies:
     - 103.21.244.0/22
     - 103.22.200.0/22
     - 103.31.4.0/22
@@ -27,14 +33,6 @@ trustedProxies:
     - 172.16.0.0/12
     - 192.168.0.0/16
 
-php:
-  repository: eu.gcr.io/api-platform-demo-210115/php
-  tag: latest
-  pullPolicy: Always
-  replicaCount: 1
-  mercure:
-    jwt: ""
-
 nginx:
   repository: eu.gcr.io/api-platform-demo-210115/nginx
   tag: latest
@@ -51,7 +49,6 @@ varnish:
 
 mercure:
   enabled: true
-  hostname: demo-mercure.api-platform.com
   acmeHosts: ""
   allowAnonymous: "1"
   corsAllowedOrigins: "^https?://.*?\\.api-platform\\.com$"
@@ -101,11 +98,13 @@ mercure:
   tolerations: []
   affinity: {}
 
-externaldns:
-  hostname: api-platform.com
+external-dns:
+  domainFilters:
+    - api-platform.com
+  provider: cloudflare
   cloudflare:
     apiKey: ""
-    apiEmail: ""
+    email: ""
 
 ingress:
   annotations:
@@ -115,16 +114,23 @@ ingress:
   tls:
     # Secrets must be manually created in the namespace.
     # - hosts:
-        # - demo.api-platform.com
-        # - demo-mercure.api-platform.com
+      # - demo.api-platform.com
+      # - demo-mercure.api-platform.com
+  hosts:
+    api:
+      host: demo.api-platform.com
+      serviceName: varnish
+    mercure:
+      host: demo-mercure.api-platform.com
+      serviceName: mercure
 
 postgresql:
   enabled: true
   # If bringing your own PostgreSQL, the full uri to use
   #url: pgsql://api-platform:[email protected]/api?serverVersion=10.1
-  postgresUser: "api-platform"
-  postgresPassword: ""
-  postgresDatabase: "api"
+  postgresqlUsername: "api-platform"
+  postgresqlPassword: ""
+  postgresqlDatabase: "api"
   # Persistent Volume Storage configuration.
   # ref: https://kubernetes.io/docs/user-guide/persistent-volumes
   persistence:

ci/.env

@@ -4,12 +4,21 @@
 # Both CI will make tests but only the one specified will deploy.
 # Current available choices are travis and circleci.
 export CURRENT_CI='travis'
-export MULTI_BRANCH=1
+
+# If you want to use multi branch deployment or branch naming, set MULTI_BRANCH value to 1.
+export MULTI_BRANCH='1'
+
+# Don't forget to change the repo name to fit your needs.
 export REPOSITORY='api-platform/demo'
+
+# Choose the branch for production deploy
 export DEPLOYMENT_BRANCH='master'
-export API_ENTRYPOINT="${BRANCH}.api-platform.com";
-export MERCURE_ENTRYPOINT="${BRANCH}-mercure.api-platform.com";
-if [[ ${BRANCH} == ${DEPLOYMENT_BRANCH} ]]
-then
-    export MERCURE_ENTRYPOINT="demo-mercure.api-platform.com";
-fi
+
+# Configure your domain
+export DOMAIN='api-platform.com'
+
+# Configure your sub-domains for: api, mercure, admin, client
+export API_SUBDOMAIN='demo'
+export MERCURE_SUBDOMAIN='demo-mercure'
+export ADMIN_SUBDOMAIN='demo-admin'
+export CLIENT_SUBDOMAIN='demo-client'

ci/before_deploy.sh

@@ -2,12 +2,59 @@
 
 set -e
 
+# Check that all needed environment variables are set.
+if [[ $TRAVIS_PULL_REQUEST != 'false' ]]; then echo 'Skipping deployment for pull requests';
+else
+    if [[ -z $PROJECT_ID ]]; then echo 'PROJECT_ID is not defined in your travis environment variables.'; fi
+    if [[ -z $CI_SERVICE_ACCOUNT ]]; then echo 'CI_SERVICE_ACCOUNT is not defined in your ci repository environment variables.'; fi
+    if [[ -z $CI_SERVICE_ACCOUNT_KEY ]]; then echo 'CI_SERVICE_ACCOUNT_KEY is not defined in your ci repository environment variables.'; fi
+fi
+
+# To enable blackfire, set the BLACKFIRE_SERVER_ID and BLACKFIRE_SERVER_TOKEN variables.
+if [[ ! -z $BLACKFIRE_SERVER_ID && ! -z $BLACKFIRE_SERVER_TOKEN ]]; then
+    export BLACKFIRE_ENABLED=true
+fi
+
+# Generate random key & jwt for Mercure if not set
+if [[ -z $MERCURE_JWT_KEY ]]; then
+    npm install --global "@clarketm/jwt-cli"
+    export MERCURE_JWT_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+    export MERCURE_JWT=$(jwt sign --noCopy '{"mercure": {"publish": ["*"]}}' $MERCURE_JWT_KEY)
+fi
+
+# Generate random database password if not set
+if [[ -z $DATABASE_PASSWORD ]]; then
+    export DATABASE_PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+fi
+
+# You can customize it to fit your needs, for example for branch naming e.g. PHP_REPOSITORY="eu.gcr.io/${PROJECT_ID}/php:${NAMESPACE}"
+if [[ $BRANCH == $DEPLOYMENT_BRANCH ]]
+then
+    export PHP_REPOSITORY="eu.gcr.io/${PROJECT_ID}/php:latest"
+    export NGINX_REPOSITORY="eu.gcr.io/${PROJECT_ID}/nginx:latest"
+    export VARNISH_REPOSITORY="eu.gcr.io/${PROJECT_ID}/varnish:latest"
+    export API_ENTRYPOINT="${API_SUBDOMAIN}.${DOMAIN}"
+    export MERCURE_ENTRYPOINT="${MERCURE_SUBDOMAIN}.${DOMAIN}"
+    export ADMIN_BUCKET="${ADMIN_SUBDOMAIN}.${DOMAIN}"
+    export CLIENT_BUCKET="${CLIENT_SUBDOMAIN}.${DOMAIN}"
+else
+    export PHP_REPOSITORY="eu.gcr.io/${PROJECT_ID}/php:${RELEASE}"
+    export NGINX_REPOSITORY="eu.gcr.io/${PROJECT_ID}/nginx:${RELEASE}"
+    export VARNISH_REPOSITORY="eu.gcr.io/${PROJECT_ID}/varnish:${RELEASE}"
+    export API_ENTRYPOINT="${API_SUBDOMAIN}-${RELEASE}.${DOMAIN}"
+    export MERCURE_ENTRYPOINT="${MERCURE_SUBDOMAIN}-${RELEASE}.${DOMAIN}"
+    export ADMIN_BUCKET="${ADMIN_SUBDOMAIN}-${RELEASE}.${DOMAIN}"
+    export CLIENT_BUCKET="${CLIENT_SUBDOMAIN}-${RELEASE}.${DOMAIN}"
+fi
+
+# Get kubectl and make it executable
 curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 sudo mv ./kubectl /usr/local/bin/kubectl
-echo -n ${CI_SERVICE_ACCOUNT_KEY} | base64 -d > travis-service-account.json
-gcloud auth activate-service-account ${CI_SERVICE_ACCOUNT} --key-file travis-service-account.json --project=${PROJECT_ID}
+
+# Authenticate on GCP
+echo -n $CI_SERVICE_ACCOUNT_KEY | base64 -d > travis-service-account.json
+gcloud auth activate-service-account $CI_SERVICE_ACCOUNT --key-file travis-service-account.json --project=$PROJECT_ID
 gcloud config set compute/zone europe-west1-c
-gcloud config set core/project ${PROJECT_ID}
-gcloud container clusters get-credentials api-platform-demo --zone europe-west1-c --project ${PROJECT_ID}
-helm init --upgrade
+gcloud config set core/project $PROJECT_ID
+gcloud container clusters get-credentials api-platform-demo --zone europe-west1-c --project $PROJECT_ID