Skip to content

Commit

Permalink
BRE-292: Add workflow for ephemeral environment management (#357)
Browse files Browse the repository at this point in the history
* BRE-292: Add Ephemeral Environment PR manager

* Switch check-run to local path

* Update .github/workflows/_ephemeral_environment_manager.yml

Co-authored-by: Opeyemi <[email protected]>

* Update .github/workflows/_ephemeral_environment_manager.yml

Co-authored-by: Andy Pixley <[email protected]>

---------

Co-authored-by: Opeyemi <[email protected]>
Co-authored-by: Andy Pixley <[email protected]>
  • Loading branch information
3 people authored Dec 19, 2024
1 parent ced3228 commit 9432784
Showing 1 changed file with 121 additions and 0 deletions.
121 changes: 121 additions & 0 deletions .github/workflows/_ephemeral_environment_manager.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
name: Ephemeral Environment Manager
run-name: Ephemeral Environment - ${{ inputs.ephemeral_env_branch }}

on:
workflow_call:
inputs:
ephemeral_env_branch:
required: true
type: string
project:
type: string
default: server
cleanup_config:
type: boolean
sync_environment:
type: boolean
pull_request_number:
type: number
workflow_dispatch:
inputs:
ephemeral_env_branch:
type: string
required: true
project:
type: string
default: server
cleanup_config:
type: boolean
sync_environment:
type: boolean
pull_request_number:
type: number

env:
_KEY_VAULT: bitwarden-ci
_BOT_NAME: bitwarden-devops-bot

jobs:
check-run:
name: Check PR run
uses: ./.github/workflows/check-run.yml

cleanup:
name: Cleanup config
if: ${{ inputs.cleanup_config }}
runs-on: ubuntu-24.04
needs: check-run
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: "github-pat-bitwarden-devops-bot-repo-scope,github-bitwarden-devops-bot-email"

- name: Checkout ${{ inputs.project }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: bitwarden/${{ inputs.project }}
ref: ${{ inputs.ephemeral_env_branch }}
token: '${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}'

- name: Remove config
working-directory: ephemeral-environments
run: rm -f ${{ inputs.ephemeral_env_branch }}.yaml

- name: Commit changes to ${{ inputs.ephemeral_env_branch }}
working-directory: ephemeral-environments
run: |
git config --local user.email "${{ steps.retrieve-secrets.outputs.github-bitwarden-devops-bot-email }}"
git config --local user.name "${{ env._BOT_NAME }}"
git add ${{ inputs.ephemeral_env_branch }}.yaml
git commit -m "Removed ${{ inputs.ephemeral_env_branch }}.yaml config."
git push
sync-env:
name: Sync Ephemeral Environment
if: ${{ inputs.sync_environment }}
runs-on: ubuntu-24.04
needs: check-run
steps:
- name: Login to Azure - Prod Subscription
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: ${{ env._KEY_VAULT }}
secrets: |
ephemeral-environment-argocd-cluster-url,
ephemeral-environment-argocd-cluster-api-secret,
ephemeral-environment-argocd-cluster-api-user
- name: Install ArgoCD CLI
run: |
curl -sSL -o argocd-linux-amd64 \
"https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64"
install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
argocd version --client
rm argocd-linux-amd64
- name: Log into Argo CD cluster
run: |
argocd login ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-url }} \
--username ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-user }} \
--password ${{ steps.retrieve-secrets.outputs.ephemeral-environment-argocd-cluster-api-secret }}
- name: Sync ${{ inputs.ephemeral_env_branch }} application
run: |
APP_NAME=$(argocd app list -o name | grep ${{ inputs.pull_request_number }})
argocd app sync "$APP_NAME"

0 comments on commit 9432784

Please sign in to comment.