ci: update release pipeline to use argocd

.buildkite/release-config-server.yaml

@@ -0,0 +1,53 @@
+agents:
+  queue: "aws-v3-build-node-common"
+steps:
+  - label: ":git: update tag in ddn-cloud"
+    key: update-tag
+    depends_on:
+      - step: build-and-push-docker-image
+    command: .buildkite/scripts/release-component.sh "ndc-postgres-config-server"
+    plugins:
+      - hasura/smooth-secrets#v1.3.2:
+          secrets:
+            - strategy: aws-secrets-manager
+              key: github-deploy-keys/ddn-cloud-read-write
+              type: ssh
+              region: us-east-2
+            - strategy: aws-secrets-manager
+              key: opslevel/ci-token
+              type: env
+              region: us-east-2
+              name: OPSLEVEL_TOKEN
+      - hasura/smooth-checkout#v4.3.2:
+          repos:
+            - config:
+                - url: [email protected]:hasura/ddn-cloud.git
+                  ref: main
+          delete_checkout: true
+          interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID"
+    notify:
+      - slack:
+          channels:
+            - "#cloud-deployment-v3"
+          message: $BUILDKITE_MESSAGE ($BUILDKITE_COMMIT)
+  - label: "run argocd sync"
+    key: argocd-sync
+    depends_on:
+      - step: update-tag
+    command: |
+      echo y | argocd login --username admin --password $ARGOCD_ADMIN_SECRET argocd.hasura-app.io --insecure
+      argocd app list --selector 'application=postgres-ndc-config-server'
+    plugins:
+      - hasura/smooth-secrets#v1.3.2:
+          secrets:
+            - strategy: aws-secrets-manager
+              key: ci-secrets/argocd/admin-secret
+              type: env
+              region: us-east-2
+              name: ARGOCD_ADMIN_SECRET
+      - hasura/smooth-checkout#v4.3.2:
+          skip_checkout: true
+     - docker#v5.9.0:
+         image: "argoproj/argocd:v2.6.15"
+         environment:
+           - "ARGOCD_ADMIN_SECRET"

.github/workflows/nix-docker.yaml → .github/workflows/build-images-and-deploy.yaml

@@ -61,6 +61,32 @@ jobs:
       - name: Build and deploy Docker images to GitHub Packages 🚀
         run: nix run .#publish-docker-image '${{ github.ref }}' '${{ matrix.connector }}' 'ghcr.io/hasura/${{ matrix.connector }}'
 
+      - name: Deploy to staging
+        if: ${{ matric.connector == 'ndc-postgres' && github.ref == 'refs/heads/main' }}
+        env:
+          BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }}
+        run: |
+          req_data=$(cat <<EOF
+          long_sha=$(git rev-parse HEAD)
+          short_sha=$(git rev-parse --short=9 HEAD)
+          {
+            "commit": "${long_sha}",
+            "branch": "main",
+            "message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:",
+            "author": {
+              "name": "Hasura Bot",
+              "email": "[email protected]"
+            },
+            "env": {
+              "IMAGE_TAG": "dev-main-${short_sha}"
+            },
+          }
+          EOF)
+					curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \
+						-H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \
+						-d "$req_data"
+
       # scream into Slack if something goes wrong
       - name: Report Status
         if: always()

ci/deploy.sh

@@ -59,7 +59,8 @@ function set_dev_tags {
     tidy_branch="$(tr './' '-' <<< "$branch")"
     local branch_prefix="dev-${tidy_branch}"
     local version
-    version=$(git show --quiet --format="${branch_prefix}-%h")
+    local short_hash=$(git rev-parse --short=9 HEAD)
+    version=$(git show --quiet --format="${branch_prefix}-${short_hash}")
     export docker_tags=("$version" "$branch_prefix")
 }