From 146d62c6c1823dcce40c118d12b838e0b32e6040 Mon Sep 17 00:00:00 2001 From: Yvette Nartey Date: Mon, 27 Jan 2025 18:26:49 +0100 Subject: [PATCH 1/4] DEL: delete file --- .github/workflows/delete-old-branches.yml | 47 ----------------------- 1 file changed, 47 deletions(-) delete mode 100644 .github/workflows/delete-old-branches.yml diff --git a/.github/workflows/delete-old-branches.yml b/.github/workflows/delete-old-branches.yml deleted file mode 100644 index 96a3298..0000000 --- a/.github/workflows/delete-old-branches.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Delete old merged and unmerged branches - -on: - schedule: - - cron: '0 0 * * *' #Run every day at midnight - workflow_dispatch: - -jobs: - delete-old-branches: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Delete old branches (Except main) - run: | - git fetch --prune - - # Get the list of merged branches (remote) - MERGED_BRANCHES=$(git branch -r --merged origin/main | grep -v "main" | grep -v "HEAD") - - # Delete merged branches older than 30 days, except main - for branch in $(git branch -r --merged | grep -v "main" | grep -v "HEAD"); do - BRANCH_NAME=$(echo $branch | sed 's/origin\///') - LAST_COMMIT_DATE=$(git log -1 --format=%ci $BRANCH_NAME) - DAYS_OLD=$(echo $(( ( $(date +%s) - $(date -d "$LAST_COMMIT_DATE" +%s) ) / 86400 ))) - - if [[ $DAYS_OLD -gt 30 ]]; then - echo "Deleting merged branch: $BRANCH_NAME" - git push origin --delete $BRANCH_NAME - fi - done - - # Delete unmerged branches older than 90 days, except main - for branch in $(git branch -r --no-merged | grep -v "main" | grep -v "HEAD"); do - BRANCH_NAME=$(echo $branch | sed 's/origin\///') - LAST_COMMIT_DATE=$(git log -1 --format=%ci $BRANCH_NAME) - DAYS_OLD=$(echo $(( ( $(date +%s) - $(date -d "$LAST_COMMIT_DATE" +%s) ) / 86400 ))) - - if [[ $DAYS_OLD -gt 90 ]]; then - echo "Deleting stale unmerged branch: $BRANCH_NAME" - git push origin --delete $BRANCH_NAME - fi - done - env: - GITHUB_TOKEN: ${{ secrets.CODE_IDP_TOKEN }} From 36b8950f32ddb54f980e2f47cdbabb1199bd480c Mon Sep 17 00:00:00 2001 From: Yvette Nartey Date: Mon, 27 Jan 2025 19:41:54 +0100 Subject: [PATCH 2/4] ADD: prod configurations --- app-config.production.yaml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/app-config.production.yaml b/app-config.production.yaml index 8b515dc..e4e8953 100644 --- a/app-config.production.yaml +++ b/app-config.production.yaml @@ -1,9 +1,17 @@ app: - baseUrl: prodlink + baseUrl: https://backstage.code-idp.com backend: - baseUrl: prodlink + baseUrl: https://backstage.code-idp.com cors: - origin: prodlink + origin: https://backstage.code-idp.com methods: [GET, HEAD, PATCH, POST, PUT, DELETE] - credentials: true \ No newline at end of file + credentials: true + +auth: + environment: production + providers: + github: + production: + clientId: ${PROD_GITHUB_CLIENT_ID} + clientSecret: ${PROD_GITHUB_CLIENT_SECRET} From 6873964080c0caf309f1712fb68c84bec421c400 Mon Sep 17 00:00:00 2001 From: Yvette Nartey Date: Mon, 27 Jan 2025 21:54:56 +0100 Subject: [PATCH 3/4] UPD:cd workflow with variable names --- .github/workflows/cd-workflow.yaml | 42 +++++++++++++++++++----------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/.github/workflows/cd-workflow.yaml b/.github/workflows/cd-workflow.yaml index 7f4e3bf..38fc66e 100644 --- a/.github/workflows/cd-workflow.yaml +++ b/.github/workflows/cd-workflow.yaml @@ -1,11 +1,12 @@ - name: Deploy backstage + on: - workflow_run: - workflows: - - CI Workflow - types: - - completed + push: + branches: + - main + pull_request: + branches: + - main jobs: create-and-push-image: @@ -21,12 +22,15 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - id: 'setup-qemu' name: Set up QEMU uses: docker/setup-qemu-action@v3 + - id: 'docker-buildx-setup' name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: 'Authenticate to Google Cloud' id: 'auth' uses: 'google-github-actions/auth@v2' @@ -34,14 +38,16 @@ jobs: create_credentials_file: true token_format: "access_token" workload_identity_provider: 'projects/1006240973223/locations/global/workloadIdentityPools/deploy-backstage/providers/github-actions' - service_account: 'deploy-backstage@code-idp.iam.gserviceaccount.com' + service_account: ${{ secrets.GCP_DEPLOY_SA }} + - name: "Login to GAR" id: 'login-gar' uses: docker/login-action@v3 with: - registry: europe-west10-docker.pkg.dev/code-idp/backstage-deploy + registry: ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_GAR_REPO }} username: oauth2accesstoken password: ${{ steps.auth.outputs.access_token }} + - id: 'build-and-push' name: 'Build and Push docker Image' uses: docker/build-push-action@v5 @@ -50,35 +56,41 @@ jobs: context: . file: ./Dockerfile platforms: linux/amd64 - tags: europe-west10-docker.pkg.dev/code-idp/backstage-deploy/backstage-image:${{ github.sha }} + tags: ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_GAR_REPO }}/backstage-image:${{ github.sha }} build-args: | APP_ENV=docker + + deploy-image: permissions: id-token: write contents: read + name: "Deploy image on cloud run" runs-on: ubuntu-latest defaults: run: shell: bash needs: create-and-push-image + steps: - name: Checkout uses: actions/checkout@v4 + - id: 'auth' name: 'Authenticate to Google Cloud' uses: 'google-github-actions/auth@v2' with: create_credentials_file: true workload_identity_provider: 'projects/1006240973223/locations/global/workloadIdentityPools/deploy-backstage/providers/github-actions' - service_account: 'deploy-backstage@code-idp.iam.gserviceaccount.com' + service_account: ${{ secrets.GCP_DEPLOY_SA }} + - id: 'deploy' uses: 'google-github-actions/deploy-cloudrun@v2' with: - service: 'backstage-deployment' - image: 'europe-west10-docker.pkg.dev/code-idp/backstage-deploy/backstage-image:${{ github.sha }}' - region: europe-west1 + service: ${{ secrets.GCP_CLOUD_RUN_SERVICE }} + image: ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_GAR_REPO }}/backstage-image:${{ github.sha }} + region: ${{ secrets.GCP_REGION }} flags: '--port=7007 --add-cloudsql-instances=code-idp:europe-west10:backstage-pg' env_vars: | POSTGRES_HOST=/cloudsql/code-idp:europe-west10:backstage-pg @@ -90,6 +102,6 @@ jobs: GITHUB_TOKEN=github_token:latest GOOGLE_CLIENT_ID=google_client_id:latest GOOGLE_CLIENT_SECRET=google_client_secret:latest - GITHUB_CLIENT_SECRET=github_client_secret:latest - GITHUB_CLIENT_ID=github_client_id:latest + PROD_GITHUB_CLIENT_SECRET=github_client_secret:latest + PROD_GITHUB_CLIENT_ID=github_client_id:latest From 3b8edd92dc5d6f03d76d5933bb94048b05ae9985 Mon Sep 17 00:00:00 2001 From: Yvette Nartey Date: Fri, 31 Jan 2025 13:48:02 +0100 Subject: [PATCH 4/4] UPD:remove workflow dependency on database connection --- .github/workflows/cd-workflow.yaml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cd-workflow.yaml b/.github/workflows/cd-workflow.yaml index 38fc66e..4359762 100644 --- a/.github/workflows/cd-workflow.yaml +++ b/.github/workflows/cd-workflow.yaml @@ -37,7 +37,7 @@ jobs: with: create_credentials_file: true token_format: "access_token" - workload_identity_provider: 'projects/1006240973223/locations/global/workloadIdentityPools/deploy-backstage/providers/github-actions' + workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GCP_DEPLOY_SA }} - name: "Login to GAR" @@ -82,24 +82,20 @@ jobs: uses: 'google-github-actions/auth@v2' with: create_credentials_file: true - workload_identity_provider: 'projects/1006240973223/locations/global/workloadIdentityPools/deploy-backstage/providers/github-actions' + workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GCP_DEPLOY_SA }} - - id: 'deploy' + - name: Deploy to Cloud Run + id: 'deploy' uses: 'google-github-actions/deploy-cloudrun@v2' with: service: ${{ secrets.GCP_CLOUD_RUN_SERVICE }} image: ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_GAR_REPO }}/backstage-image:${{ github.sha }} region: ${{ secrets.GCP_REGION }} - flags: '--port=7007 --add-cloudsql-instances=code-idp:europe-west10:backstage-pg' - env_vars: | - POSTGRES_HOST=/cloudsql/code-idp:europe-west10:backstage-pg - POSTGRES_PORT=5432 - POSTGRES_USER=postgres - BASE_URL=https://backstage.foundations-software-engineering.com + flags: '--platform managed --allow-unauthenticated --port=7007' secrets: |- - POSTGRES_PASSWORD=postgres-password:latest GITHUB_TOKEN=github_token:latest + GITLAB_TOKEN=gitlab_token:latest GOOGLE_CLIENT_ID=google_client_id:latest GOOGLE_CLIENT_SECRET=google_client_secret:latest PROD_GITHUB_CLIENT_SECRET=github_client_secret:latest