131 lines
5.5 KiB
Bash
Executable File
131 lines
5.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
tpe=${ACCEPTANCE_TEST_SECRET_TYPE}
|
|
|
|
VALUES_FILE=${VALUES_FILE:-$(dirname $0)/values.yaml}
|
|
|
|
kubectl delete secret -n actions-runner-system controller-manager || :
|
|
|
|
if [ "${tpe}" == "token" ]; then
|
|
if ! kubectl get secret controller-manager -n actions-runner-system >/dev/null; then
|
|
kubectl create secret generic controller-manager \
|
|
-n actions-runner-system \
|
|
--from-literal=github_token=${GITHUB_TOKEN:?GITHUB_TOKEN must not be empty}
|
|
fi
|
|
elif [ "${tpe}" == "app" ]; then
|
|
kubectl create secret generic controller-manager \
|
|
-n actions-runner-system \
|
|
--from-literal=github_app_id=${APP_ID:?must not be empty} \
|
|
--from-literal=github_app_installation_id=${APP_INSTALLATION_ID:?must not be empty} \
|
|
--from-file=github_app_private_key=${APP_PRIVATE_KEY_FILE:?must not be empty}
|
|
else
|
|
echo "ACCEPTANCE_TEST_SECRET_TYPE must be set to either \"token\" or \"app\"" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ -n "${WEBHOOK_GITHUB_TOKEN}" ]; then
|
|
kubectl -n actions-runner-system delete secret \
|
|
github-webhook-server || :
|
|
kubectl -n actions-runner-system create secret generic \
|
|
github-webhook-server \
|
|
--from-literal=github_token=${WEBHOOK_GITHUB_TOKEN:?WEBHOOK_GITHUB_TOKEN must not be empty}
|
|
else
|
|
echo 'Skipped deploying secret "github-webhook-server". Set WEBHOOK_GITHUB_TOKEN to deploy.' 1>&2
|
|
fi
|
|
|
|
if [ -n "${WEBHOOK_GITHUB_TOKEN}" ] && [ -z "${CREATE_SECRETS_USING_HELM}" ]; then
|
|
kubectl -n actions-runner-system delete secret \
|
|
actions-metrics-server || :
|
|
kubectl -n actions-runner-system create secret generic \
|
|
actions-metrics-server \
|
|
--from-literal=github_token=${WEBHOOK_GITHUB_TOKEN:?WEBHOOK_GITHUB_TOKEN must not be empty}
|
|
else
|
|
echo 'Skipped deploying secret "actions-metrics-server". Set WEBHOOK_GITHUB_TOKEN to deploy.' 1>&2
|
|
fi
|
|
|
|
tool=${ACCEPTANCE_TEST_DEPLOYMENT_TOOL}
|
|
|
|
TEST_ID=${TEST_ID:-default}
|
|
|
|
if [ "${tool}" == "helm" ]; then
|
|
set -v
|
|
|
|
CHART=${CHART:-charts/actions-runner-controller}
|
|
|
|
flags=()
|
|
if [ "${IMAGE_PULL_SECRET}" != "" ]; then
|
|
flags+=( --set imagePullSecrets[0].name=${IMAGE_PULL_SECRET})
|
|
flags+=( --set image.actionsRunnerImagePullSecrets[0].name=${IMAGE_PULL_SECRET})
|
|
flags+=( --set githubWebhookServer.imagePullSecrets[0].name=${IMAGE_PULL_SECRET})
|
|
flags+=( --set actionsMetricsServer.imagePullSecrets[0].name=${IMAGE_PULL_SECRET})
|
|
fi
|
|
if [ "${WATCH_NAMESPACE}" != "" ]; then
|
|
flags+=( --set watchNamespace=${WATCH_NAMESPACE} --set singleNamespace=true)
|
|
fi
|
|
if [ "${CHART_VERSION}" != "" ]; then
|
|
flags+=( --version ${CHART_VERSION})
|
|
fi
|
|
if [ "${LOG_FORMAT}" != "" ]; then
|
|
flags+=( --set logFormat=${LOG_FORMAT})
|
|
flags+=( --set githubWebhookServer.logFormat=${LOG_FORMAT})
|
|
flags+=( --set actionsMetricsServer.logFormat=${LOG_FORMAT})
|
|
fi
|
|
if [ "${ADMISSION_WEBHOOKS_TIMEOUT}" != "" ]; then
|
|
flags+=( --set admissionWebHooks.timeoutSeconds=${ADMISSION_WEBHOOKS_TIMEOUT})
|
|
fi
|
|
if [ -n "${CREATE_SECRETS_USING_HELM}" ]; then
|
|
if [ -z "${WEBHOOK_GITHUB_TOKEN}" ]; then
|
|
echo 'Failed deploying secret "actions-metrics-server" using helm. Set WEBHOOK_GITHUB_TOKEN to deploy.' 1>&2
|
|
exit 1
|
|
fi
|
|
flags+=( --set actionsMetricsServer.secret.create=true)
|
|
flags+=( --set actionsMetricsServer.secret.github_token=${WEBHOOK_GITHUB_TOKEN})
|
|
fi
|
|
if [ -n "${GITHUB_WEBHOOK_SERVER_ENV_NAME}" ] && [ -n "${GITHUB_WEBHOOK_SERVER_ENV_VALUE}" ]; then
|
|
flags+=( --set githubWebhookServer.env[0].name=${GITHUB_WEBHOOK_SERVER_ENV_NAME})
|
|
flags+=( --set githubWebhookServer.env[0].value=${GITHUB_WEBHOOK_SERVER_ENV_VALUE})
|
|
fi
|
|
|
|
set -vx
|
|
|
|
helm upgrade --install actions-runner-controller \
|
|
${CHART} \
|
|
-n actions-runner-system \
|
|
--create-namespace \
|
|
--set syncPeriod=${SYNC_PERIOD} \
|
|
--set authSecret.create=false \
|
|
--set image.repository=${NAME} \
|
|
--set image.tag=${VERSION} \
|
|
--set podAnnotations.test-id=${TEST_ID} \
|
|
--set githubWebhookServer.podAnnotations.test-id=${TEST_ID} \
|
|
--set actionsMetricsServer.podAnnotations.test-id=${TEST_ID} \
|
|
${flags[@]} --set image.imagePullPolicy=${IMAGE_PULL_POLICY} \
|
|
--set image.dindSidecarRepositoryAndTag=${DIND_SIDECAR_REPOSITORY_AND_TAG} \
|
|
-f ${VALUES_FILE}
|
|
set +v
|
|
# To prevent `CustomResourceDefinition.apiextensions.k8s.io "runners.actions.summerwind.dev" is invalid: metadata.annotations: Too long: must have at most 262144 bytes`
|
|
# errors
|
|
kubectl create -f charts/actions-runner-controller/crds || kubectl replace -f charts/actions-runner-controller/crds
|
|
# This wait fails due to timeout when it's already in crashloopback and this update doesn't change the image tag.
|
|
# That's why we add `|| :`. With that we prevent stopping the script in case of timeout and
|
|
# proceed to delete (possibly in crashloopback and/or running with outdated image) pods so that they are recreated by K8s.
|
|
kubectl -n actions-runner-system wait deploy/actions-runner-controller --for condition=available --timeout 60s || :
|
|
else
|
|
kubectl apply \
|
|
-n actions-runner-system \
|
|
-f release/actions-runner-controller.yaml
|
|
kubectl -n actions-runner-system wait deploy/controller-manager --for condition=available --timeout 120s || :
|
|
fi
|
|
|
|
# Restart all ARC pods
|
|
kubectl -n actions-runner-system delete po -l app.kubernetes.io/name=actions-runner-controller
|
|
|
|
echo Waiting for all ARC pods to be up and running after restart
|
|
|
|
kubectl -n actions-runner-system wait deploy/actions-runner-controller --for condition=available --timeout 120s
|
|
|
|
# Adhocly wait for some time until actions-runner-controller's admission webhook gets ready
|
|
sleep 20
|