From 6dd4742df80ba4acaac677d3d2f77410b4e86848 Mon Sep 17 00:00:00 2001
From: hasura-bot <divyansh@hasura.io>
Date: Thu, 19 Oct 2023 19:46:22 +0530
Subject: [PATCH] ci: update release pipeline to use argocd

---
 .buildkite/release-config-server.yaml         | 53 +++++++++++++
 .../release-config-server.yaml.disabled       | 75 -------------------
 ...cker.yaml => build-images-and-deploy.yaml} | 26 +++++++
 ci/deploy.sh                                  |  3 +-
 4 files changed, 81 insertions(+), 76 deletions(-)
 create mode 100644 .buildkite/release-config-server.yaml
 delete mode 100644 .buildkite/release-config-server.yaml.disabled
 rename .github/workflows/{nix-docker.yaml => build-images-and-deploy.yaml} (70%)

diff --git a/.buildkite/release-config-server.yaml b/.buildkite/release-config-server.yaml
new file mode 100644
index 000000000..1b8defed4
--- /dev/null
+++ b/.buildkite/release-config-server.yaml
@@ -0,0 +1,53 @@
+agents:
+  queue: "aws-v3-build-node-common"
+steps:
+  - label: ":git: update tag in ddn-cloud"
+    key: update-tag
+    depends_on:
+      - step: build-and-push-docker-image
+    command: .buildkite/scripts/release-component.sh "ndc-postgres-config-server"
+    plugins:
+      - hasura/smooth-secrets#v1.3.2:
+          secrets:
+            - strategy: aws-secrets-manager
+              key: github-deploy-keys/ddn-cloud-read-write
+              type: ssh
+              region: us-east-2
+            - strategy: aws-secrets-manager
+              key: opslevel/ci-token
+              type: env
+              region: us-east-2
+              name: OPSLEVEL_TOKEN
+      - hasura/smooth-checkout#v4.3.2:
+          repos:
+            - config:
+                - url: git@github.com:hasura/ddn-cloud.git
+                  ref: main
+          delete_checkout: true
+          interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID"
+    notify:
+      - slack:
+          channels:
+            - "#cloud-deployment-v3"
+          message: $BUILDKITE_MESSAGE ($BUILDKITE_COMMIT)
+  - label: "run argocd sync"
+    key: argocd-sync
+    depends_on:
+      - step: update-tag
+    command: |
+      echo y | argocd login --username admin --password $ARGOCD_ADMIN_SECRET argocd.hasura-app.io --insecure
+      argocd app list --selector 'application=postgres-ndc-config-server'
+    plugins:
+      - hasura/smooth-secrets#v1.3.2:
+          secrets:
+            - strategy: aws-secrets-manager
+              key: ci-secrets/argocd/admin-secret
+              type: env
+              region: us-east-2
+              name: ARGOCD_ADMIN_SECRET
+      - hasura/smooth-checkout#v4.3.2:
+          skip_checkout: true
+     - docker#v5.9.0:
+         image: "argoproj/argocd:v2.6.15"
+         environment:
+           - "ARGOCD_ADMIN_SECRET"
diff --git a/.buildkite/release-config-server.yaml.disabled b/.buildkite/release-config-server.yaml.disabled
deleted file mode 100644
index 33fac9716..000000000
--- a/.buildkite/release-config-server.yaml.disabled
+++ /dev/null
@@ -1,75 +0,0 @@
-agents:
-  queue: "aws-v3-build-node-common"
-steps:
-  - label: ":docker: Build and push docker image"
-    key: build-and-push-docker-image
-    command: |
-      set -eu -o pipefail
-
-      TAG=$(git log -1 '--format=format:%h' --abbrev=9)
-      DOCKER_TAG=$$DOCKER_REGISTRY/$$DOCKER_REPO:$$TAG
-
-      echo "~~~ :buildkite: Storing release version in metadata"
-      buildkite-agent meta-data set "release-version" "$$TAG"
-
-      echo "~~~ :docker: Configuring docker gcr helper"
-      docker-credential-gcr configure-docker --registries=$$DOCKER_REGISTRY
-
-      echo "~~~ :docker: Building ndc-postgres-config-server image"
-      docker build --ssh default -t $$DOCKER_TAG -f ConfigServer.Dockerfile .
-
-      echo "~~~ :docker: Pushing ndc-postgres-config-server image"
-      docker push $$DOCKER_TAG
-
-      echo "~~~ :docker: Removing ndc-postgres-config-server image"
-      docker rmi $$DOCKER_TAG
-    env:
-      DOCKER_REGISTRY: us-docker.pkg.dev
-      DOCKER_REPO: hasura-ddn/ddn/ndc-postgres-config-server
-    plugins:
-      - hasura/smooth-secrets#v1.3.2:
-          secrets:
-            - strategy: aws-secrets-manager
-              key: github-user-keys/hasura-ci
-              type: ssh
-              region: us-east-2
-      - gcp-workload-identity-federation#v1.0.0:
-          # We can change the aud
-          audience: "//iam.googleapis.com/projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/buildkite"
-          service-account: "hasura-ci-docker-writer@hasura-ddn.iam.gserviceaccount.com"
-      - hasura/smooth-checkout#v4.3.2:
-          repos:
-            - config:
-                - url: git@github.com:hasura/ndc-postgres.git
-          delete_checkout: true
-          interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID"
-
-  - label: ":kubernetes: Release to staging"
-    key: release-to-staging
-    depends_on:
-      - step: build-and-push-docker-image
-    command: .buildkite/scripts/release-component.sh "ndc-postgres-config-server"
-    plugins:
-      - hasura/smooth-secrets#v1.3.2:
-          secrets:
-            - strategy: aws-secrets-manager
-              key: github-deploy-keys/ddn-cloud-read-write
-              type: ssh
-              region: us-east-2
-            - strategy: aws-secrets-manager
-              key: opslevel/ci-token
-              type: env
-              region: us-east-2
-              name: OPSLEVEL_TOKEN
-      - hasura/smooth-checkout#v4.3.2:
-          repos:
-            - config:
-                - url: git@github.com:hasura/ddn-cloud.git
-                  ref: main
-          delete_checkout: true
-          interpolate_checkout_path: "$BUILDKITE_BUILD_CHECKOUT_PATH/$BUILDKITE_BUILD_ID/$BUILDKITE_JOB_ID"
-    notify:
-      - slack:
-          channels:
-            - "#cloud-deployment-v3"
-          message: $BUILDKITE_MESSAGE ($BUILDKITE_COMMIT)
diff --git a/.github/workflows/nix-docker.yaml b/.github/workflows/build-images-and-deploy.yaml
similarity index 70%
rename from .github/workflows/nix-docker.yaml
rename to .github/workflows/build-images-and-deploy.yaml
index bebde3dde..937bc5d7d 100644
--- a/.github/workflows/nix-docker.yaml
+++ b/.github/workflows/build-images-and-deploy.yaml
@@ -61,6 +61,32 @@ jobs:
       - name: Build and deploy Docker images to GitHub Packages 🚀
         run: nix run .#publish-docker-image '${{ github.ref }}' '${{ matrix.connector }}' 'ghcr.io/hasura/${{ matrix.connector }}'
 
+      - name: Deploy to staging
+        if: ${{ matric.connector == 'ndc-postgres' && github.ref == 'refs/heads/main' }}
+        env:
+          BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }}
+        run: |
+          req_data=$(cat <<EOF
+          long_sha=$(git rev-parse HEAD)
+          short_sha=$(git rev-parse --short=9 HEAD)
+          {
+            "commit": "${long_sha}",
+            "branch": "main",
+            "message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:",
+            "author": {
+              "name": "Hasura Bot",
+              "email": "accounts+ci@hasura.io"
+            },
+            "env": {
+              "IMAGE_TAG": "dev-main-${short_sha}"
+            },
+          }
+          EOF)
+					curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \
+						-H "Content-Type: application/json" \
+            -H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \
+						-d "$req_data"
+
       # scream into Slack if something goes wrong
       - name: Report Status
         if: always()
diff --git a/ci/deploy.sh b/ci/deploy.sh
index bc1601d81..0c53fea1e 100755
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -59,7 +59,8 @@ function set_dev_tags {
     tidy_branch="$(tr './' '-' <<< "$branch")"
     local branch_prefix="dev-${tidy_branch}"
     local version
-    version=$(git show --quiet --format="${branch_prefix}-%h")
+    local short_hash=$(git rev-parse --short=9 HEAD)
+    version=$(git show --quiet --format="${branch_prefix}-${short_hash}")
     export docker_tags=("$version" "$branch_prefix")
 }