Deploy AKS LTS Prow #218

Workflow file for this run

.github/workflows/deploy-lts-prow.yaml at 0c33d3f

	name: Deploy AKS LTS Prow
	on:
	workflow_dispatch:
	inputs:
	deployEnv:
	description: 'Environment to run against'
	type: environment
	required: true
	permissions:
	id-token: write
	contents: read
	jobs:
	Deploy_AKS_LTS_Prow:
	runs-on: ubuntu-latest
	environment: ${{ inputs.deployEnv }}
	env:
	GITHUB_APP_ID: ${{ vars.APP_ID }}
	GITHUB_ORG: ${{ vars.ORG }}
	GITHUB_REPO: ${{ vars.REPO }}
	HMAC_TOKEN: ${{ secrets.HMAC_TOKEN }}
	MINIO_CONSOLE_PORT: 8003
	K8S_PROW_IMAGE_TAG: v20240802-66b115076
	steps:
	- name: Generate fake mount secret
	run: \|
	FAKE_MOUNT_SECRET=$(echo '{"account":"fake","password":"fake"}' \| base64)
	echo "::add-mask::$FAKE_MOUNT_SECRET"
	echo "FAKE_MOUNT_SECRET=$FAKE_MOUNT_SECRET" >> "$GITHUB_ENV"

	- name: Check out repo
	uses: actions/checkout@v4

	- name: Azure login
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: create resourceGroups
	run: \|
	if [ $(az group exists --name ${{ secrets.AZURE_RG }}) = false ]; then
	az group create --name ${{ secrets.AZURE_RG }} --location ${{ secrets.AZURE_LOCATION }}
	fi
	if [ $(az group exists --name ${{ secrets.CAPZ_RG }}) = false ]; then
	az group create --name ${{ secrets.CAPZ_RG }} --location ${{ secrets.AZURE_LOCATION }}
	fi

	- name: Deploy Prow cluster Bicep
	id: bicep
	uses: azure/arm-deploy@v2
	with:
	subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
	resourceGroupName: ${{ secrets.AZURE_RG }}
	template: ./config/prow/cluster/prow-cluster.bicep
	parameters: aks_cluster_region=${{ secrets.AZURE_LOCATION }} aks_cluster_admin_groups="${{ secrets.PROW_ADMIN_GROUPS }}" aks_cluster_admin_users="${{ secrets.PROW_ADMIN_USERS }}"
	failOnStdErr: false

	- name: Deploy CAPZ Bicep
	id: capzbicep
	uses: azure/arm-deploy@v2
	with:
	subscriptionId: ${{ vars.AZURE_SUBSCRIPTION_ID }}
	resourceGroupName: ${{ secrets.CAPZ_RG }}
	template: ./config/capz/capz.bicep
	parameters: location=${{ secrets.AZURE_LOCATION }}
	failOnStdErr: false

	- name: Fetch config
	run: \|
	echo "PROW_HOST=${{ steps.bicep.outputs.prowHostName }}" >> "$GITHUB_ENV"
	echo "AZURE_STORAGE_ACCOUNT_USER=${{ steps.bicep.outputs.storageAccountName }}" >> "$GITHUB_ENV"
	echo "PUBLIC_IP_NAME=${{ steps.bicep.outputs.publicIpName }}" >> "$GITHUB_ENV"
	echo "CLUSTER_RG=${{ steps.bicep.outputs.resourceGroupName }}" >> "$GITHUB_ENV"
	echo "CAPZ_SA=${{ steps.capzbicep.outputs.capzsastorage_name }}" >> "$GITHUB_ENV"

	- name: Install Kubectl
	uses: azure/setup-kubectl@v4

	- name: Set up kubelogin for non-interactive login
	uses: azure/use-kubelogin@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Set AKS cluster context
	uses: azure/aks-set-context@v4
	with:
	resource-group: ${{ secrets.AZURE_RG }}
	cluster-name: ${{ steps.bicep.outputs.aksClusterName }}
	admin: 'false'
	use-kubelogin: 'true'

	- name: 'Apply Prow base manifests'
	run: \|
	kubectl apply -f config/prow/k8s/base/ns.yaml
	envsubst < config/prow/k8s/base/contour.yaml > contour.yaml
	kubectl apply -f contour.yaml
	envsubst < config/prow/k8s/base/prowdata.storageclass.yaml > prowdata.storageclass.yaml
	kubectl apply -f prowdata.storageclass.yaml
	env:
	AZURE_RG: ${{ secrets.AZURE_RG }}

	- name: 'Create GitHub Token secrets'
	run: \|
	echo "${{ secrets.APP_PRIVATE_KEY }}" > cert.pem
	kubectl create secret generic github-token -n prow --from-file=cert=cert.pem --from-literal=appid=$GITHUB_APP_ID -o yaml --dry-run=client \| kubectl apply -f -
	kubectl create secret generic github-token -n test-pods --from-file=cert=cert.pem --from-literal=appid=$GITHUB_APP_ID -o yaml --dry-run=client \| kubectl apply -f -
	rm cert.pem

	- name: Fetch storage key
	id: fetch-storage-key
	run: \|
	AZURE_STORAGE_ACCOUNT_PASSWORD=$(az storage account keys list -g ${{ secrets.AZURE_RG }} -n ${{ steps.bicep.outputs.storageAccountName }} \| jq -r '.[0].value')
	echo "::add-mask::$AZURE_STORAGE_ACCOUNT_PASSWORD"
	echo "AZURE_STORAGE_ACCOUNT_PASSWORD=$AZURE_STORAGE_ACCOUNT_PASSWORD" >> "$GITHUB_ENV"
	PUBLIC_IP_ADDRESS=$(az network public-ip show -g ${{ secrets.AZURE_RG }} -n ${{ steps.bicep.outputs.publicIpName }} \| jq -r '.ipAddress')
	echo "::add-mask::$PUBLIC_IP_ADDRESS"
	echo "PUBLIC_IP_ADDRESS=$PUBLIC_IP_ADDRESS" >> "$GITHUB_ENV"
	CAPZ_CI_REGISTRY=$(az acr show -g ${{ secrets.CAPZ_RG }} -n ${{ steps.capzbicep.outputs.capzci_registry_name }} \| jq .loginServer)
	echo "::add-mask::$CAPZ_CI_REGISTRY"
	echo "CAPZ_CI_REGISTRY=$CAPZ_CI_REGISTRY" >> "$GITHUB_ENV"
	echo "AZURE_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> "$GITHUB_ENV"
	ehco "::add-mask::${{ steps.capzbicep.outputs.capz_gmsa_kv_name }}"
	echo "CAPZ_GMSA_KV=${{ steps.capzbicep.outputs.capz_gmsa_kv_name }}" >> "$GITHUB_ENV"

	- name: 'Create job configs'
	run: \|
	envsubst < config/prow/release-branch-jobs/base.yaml > cm.yaml
	envsubst < config/prow/release-branch-jobs/1.27.yaml >> cm.yaml
	kubectl create configmap config -n prow --from-file=config.yaml=cm.yaml -o yaml --dry-run=client \| kubectl apply -f -
	rm cm.yaml
	env:
	AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	CAPZ_RG: ${{ secrets.CAPZ_RG }}
	CAPZ_GMSA_KV: ${{ steps.capzbicep.outputs.capz_gmsa_kv_name }}

	- name: 'Apply Prowjob CRD'
	run: for f in config/prow/k8s/prowjob/*.yaml; do kubectl apply --server-side=true -f $f; done

	- name: 'Apply Prow app manifests'
	run: for f in config/prow/k8s/app/*.yaml; do envsubst < $f \| kubectl apply -f -; done
	env:
	AZURE_RG: ${{ secrets.AZURE_RG }}

	- name: 'Apply test pod manifests'
	run: for f in config/prow/k8s/test-pods/*.yaml; do envsubst < $f \| kubectl apply -f -; done
	env:
	AZURE_RG: ${{ secrets.AZURE_RG }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy AKS LTS Prow #218

Workflow file

Deploy AKS LTS Prow #218

Jobs

Run details

Workflow file for this run