fix(chalice): fixed autocomplete top 10 meta-filters #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This action will push the assist changes to aws | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| skip_security_checks: | |
| description: "Skip Security checks if there is a unfixable vuln or error. Value: true/false" | |
| required: false | |
| default: "false" | |
| push: | |
| branches: | |
| - dev | |
| - api-* | |
| paths: | |
| - "assist/**" | |
| - "!assist/.gitignore" | |
| - "!assist/*-dev.sh" | |
| name: Build and Deploy Assist | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| # We need to diff with old commit | |
| # to see which workers got changed. | |
| fetch-depth: 2 | |
| - uses: ./.github/composite-actions/update-keys | |
| with: | |
| domain_name: ${{ secrets.OSS_DOMAIN_NAME }} | |
| license_key: ${{ secrets.OSS_LICENSE_KEY }} | |
| jwt_secret: ${{ secrets.OSS_JWT_SECRET }} | |
| minio_access_key: ${{ secrets.OSS_MINIO_ACCESS_KEY }} | |
| minio_secret_key: ${{ secrets.OSS_MINIO_SECRET_KEY }} | |
| pg_password: ${{ secrets.OSS_PG_PASSWORD }} | |
| registry_url: ${{ secrets.OSS_REGISTRY_URL }} | |
| name: Update Keys | |
| - name: Docker login | |
| run: | | |
| docker login ${{ secrets.OSS_REGISTRY_URL }} -u ${{ secrets.OSS_DOCKER_USERNAME }} -p "${{ secrets.OSS_REGISTRY_TOKEN }}" | |
| - uses: azure/k8s-set-context@v1 | |
| with: | |
| method: kubeconfig | |
| kubeconfig: ${{ secrets.OSS_KUBECONFIG }} # Use content of kubeconfig in secret. | |
| id: setcontext | |
| - name: Building and Pushing Assist image | |
| id: build-image | |
| env: | |
| DOCKER_REPO: ${{ secrets.OSS_REGISTRY_URL }} | |
| IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }} | |
| ENVIRONMENT: staging | |
| run: | | |
| skip_security_checks=${{ github.event.inputs.skip_security_checks }} | |
| cd assist | |
| PUSH_IMAGE=0 bash -x ./build.sh | |
| [[ "x$skip_security_checks" == "xtrue" ]] || { | |
| curl -L https://github.com/aquasecurity/trivy/releases/download/v0.34.0/trivy_0.34.0_Linux-64bit.tar.gz | tar -xzf - -C ./ | |
| images=("assist") | |
| for image in ${images[*]};do | |
| ./trivy image --exit-code 1 --security-checks vuln --vuln-type os,library --severity "HIGH,CRITICAL" --ignore-unfixed $DOCKER_REPO/$image:$IMAGE_TAG | |
| done | |
| err_code=$? | |
| [[ $err_code -ne 0 ]] && { | |
| exit $err_code | |
| } | |
| } && { | |
| echo "Skipping Security Checks" | |
| } | |
| images=("assist") | |
| for image in ${images[*]};do | |
| docker push $DOCKER_REPO/$image:$IMAGE_TAG | |
| done | |
| - name: Creating old image input | |
| run: | | |
| # | |
| # Create yaml with existing image tags | |
| # | |
| kubectl get pods -n app -o jsonpath="{.items[*].spec.containers[*].image}" |\ | |
| tr -s '[[:space:]]' '\n' | sort | uniq -c | grep '/foss/' | cut -d '/' -f3 > /tmp/image_tag.txt | |
| echo > /tmp/image_override.yaml | |
| for line in `cat /tmp/image_tag.txt`; | |
| do | |
| image_array=($(echo "$line" | tr ':' '\n')) | |
| cat <<EOF >> /tmp/image_override.yaml | |
| ${image_array[0]}: | |
| image: | |
| # We've to strip off the -ee, as helm will append it. | |
| tag: `echo ${image_array[1]} | cut -d '-' -f 1` | |
| EOF | |
| done | |
| - name: Deploy to kubernetes | |
| run: | | |
| cd scripts/helmcharts/ | |
| # Update changed image tag | |
| sed -i "/assist/{n;n;n;s/.*/ tag: ${IMAGE_TAG}/}" /tmp/image_override.yaml | |
| cat /tmp/image_override.yaml | |
| # Deploy command | |
| mkdir -p /tmp/charts | |
| mv openreplay/charts/{ingress-nginx,assist,quickwit,connector} /tmp/charts/ | |
| rm -rf openreplay/charts/* | |
| mv /tmp/charts/* openreplay/charts/ | |
| helm template openreplay -n app openreplay -f vars.yaml -f /tmp/image_override.yaml --set ingress-nginx.enabled=false --set skipMigration=true --no-hooks --kube-version=$k_version | kubectl apply -f - | |
| env: | |
| DOCKER_REPO: ${{ secrets.OSS_REGISTRY_URL }} | |
| # We're not passing -ee flag, because helm will add that. | |
| IMAGE_TAG: ${{ github.ref_name }}_${{ github.sha }} | |
| ENVIRONMENT: staging | |
| # - name: Debug Job | |
| # # if: ${{ failure() }} | |
| # uses: mxschmitt/action-tmate@v3 | |
| # env: | |
| # DOCKER_REPO: ${{ secrets.EE_REGISTRY_URL }} | |
| # IMAGE_TAG: ${{ github.sha }}-ee | |
| # ENVIRONMENT: staging | |
| # with: | |
| # iimit-access-to-actor: true |