separate build and deploy

coder · matifali · Aug 11, 2023 · Aug 6, 2023 · Aug 6, 2023 · Aug 6, 2023
commit 0ec9c8ae6a61bee59df6720d1e3a2db5f723808d
diff --git a/.github/pr-deployments/kubeconfig.yaml b/.github/pr-deployments/kubeconfig.yaml
@@ -2,8 +2,8 @@ apiVersion: v1
 kind: Config
 clusters:
   - cluster:
-      certificate-authority-data: $CLUSTER_CA
-      server: $CLUSTER_ENDPOINT
+      certificate-authority-data: ${CLUSTER_CA}
+      server: ${CLUSTER_ENDPOINT}
     name: pr${PR_NUMBER}
 contexts:
   - context:
@@ -15,4 +15,4 @@ current-context: pr${PR_NUMBER}
 users:
   - name: coder-workspace
     user:
-      token: $TOKEN
+      token: ${TOKEN}
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
@@ -17,8 +17,13 @@ on:
         required: false
         type: string
         default: "*"
-      force:
-        description: "Force new build and deploy"
+      build:
+        description: "Force new build"
+        required: false
+        type: boolean
+        default: false
+      deploy:
+        description: "Force new deployment"
         required: false
         type: boolean
         default: false
@@ -46,7 +51,7 @@ jobs:
       CODER_BASE_IMAGE_TAG: ${{ steps.set_tags.outputs.CODER_BASE_IMAGE_TAG }}
       CODER_IMAGE_TAG: ${{ steps.set_tags.outputs.CODER_IMAGE_TAG }}
       NEW: ${{ steps.check_deployment.outputs.new }}
-      BUILD: ${{ steps.filter.outputs.all_count > steps.filter.outputs.ignored_count || steps.check_deployment.outputs.new || github.event.inputs.force == 'true' }}
+      BUILD: ${{ steps.filter.outputs.all_count > steps.filter.outputs.ignored_count || steps.check_deployment.outputs.new || github.event.inputs.build == 'true' }}
 
     runs-on: "ubuntu-latest"
     steps:
@@ -209,7 +214,7 @@ jobs:
     # Run deploy job only if build job was successful or skipped
     if: |
       always() && (needs.build.result == 'success' || needs.build.result == 'skipped') &&
-      (github.event_name == 'workflow_dispatch' || needs.get_info.outputs.NEW == 'false')
+      (github.event_name == 'workflow_dispatch' || needs.get_info.outputs.NEW == 'false' || github.event.inputs.deploy == 'true')
     runs-on: "ubuntu-latest"
     env:
       CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
@@ -227,7 +232,7 @@ jobs:
           export KUBECONFIG=~/.kube/config
 
       - name: Check if image exists
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           set -euo pipefail
           foundTag=$(curl -fsSL https://github.com/coder/coder/pkgs/container/coder-preview | grep -o ${{ env.CODER_IMAGE_TAG }} | head -n 1)
@@ -238,7 +243,7 @@ jobs:
           fi
 
       - name: Add DNS record to Cloudflare
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
             -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
@@ -251,15 +256,15 @@ jobs:
           ref: ${{ env.PR_BRANCH }}
 
       - name: Create PR namespace
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           set -euo pipefail
           # try to delete the namespace, but don't fail if it doesn't exist
           kubectl delete namespace "pr${{ env.PR_NUMBER }}" || true
           kubectl create namespace "pr${{ env.PR_NUMBER }}"
 
       - name: Check and Create Certificate
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           # Using kubectl to check if a Certificate resource already exists
           # we are doing this to avoid letsenrypt rate limits
@@ -282,7 +287,7 @@ jobs:
           )
 
       - name: Set up PostgreSQL database
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
           helm install coder-db bitnami/postgresql \
@@ -295,18 +300,18 @@ jobs:
             --from-literal=url="postgres://coder:coder@coder-db-postgresql.pr${{ env.PR_NUMBER }}.svc.cluster.local:5432/coder?sslmode=disable"
 
       - name: Create a kubeconfig for the workspace
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           set -euo pipefail
           # Create service account, role, rolebinding and secret
           envsubst < ./.github/pr-deployments/rbac.yaml | kubectl apply -f -
 
           # Get the token for the service account
-          TOKEN=$(kubectl -n pr${{ env.PR_NUMBER }} get secret coder-workspace-token -o jsonpath='{.data.token}' | base64 --decode)
+          export TOKEN=$(kubectl -n pr${{ env.PR_NUMBER }} get secret coder-workspace-token -o jsonpath='{.data.token}' | base64 --decode)
 
           # get CLUSTER_CA and CLUSTER_ENDPOINT
-          CLUSTER_CA=$(kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}')
-          CLUSTER_ENDPOINT=$(kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.server}')
+          export CLUSTER_CA=$(kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}')
+          export CLUSTER_ENDPOINT=$(kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.server}')
 
           # Create a kubeconfig for the namespace to be used in the workspace
           envsubst < ./.github/pr-deployments/kubeconfig.yaml > ./namespace-kubeconfig.yaml
@@ -344,15 +349,15 @@ jobs:
           fi
 
       - name: Install coder-logstream-kube
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           helm repo add coder-logstream-kube https://helm.coder.com/logstream-kube
           helm upgrade --install coder-logstream-kube coder-logstream-kube/coder-logstream-kube \
             --namespace "pr${{ env.PR_NUMBER }}" \
             --set url="https://pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
 
       - name: Get Coder binary
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           set -euo pipefail
 
@@ -378,7 +383,7 @@ jobs:
           mv "${DEST}" /usr/local/bin/coder
 
       - name: Create first user, template and workspace
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         id: setup_deployment
         run: |
           set -euo pipefail
@@ -415,7 +420,7 @@ jobs:
           coder stop kube -y
 
       - name: Send Slack notification
-        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.force == 'true'
+        if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
         run: |
           curl -s -o /dev/null -X POST -H 'Content-type: application/json' \
             -d \

diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Usage: ./deploy-pr.sh [--dry-run -n] [--yes -y] [--experiments -e <experiments>] [--force -f]
+# Usage: ./deploy-pr.sh [--dry-run -n] [--yes -y] [--experiments -e <experiments>] [--build -b] [--deploy -d]
 # deploys the current branch to a PR environment and posts login credentials to
 # [#pr-deployments](https://codercom.slack.com/archives/C05DNE982E8) Slack channel
 
@@ -8,14 +8,19 @@ set -euo pipefail
 # default settings
 dryRun=false
 confirm=true
-force=false
+build=false
+deploy=false
 experiments=""
 
 # parse arguments
 while (("$#")); do
 	case "$1" in
-	-f | --force)
-		force=true
+	-b | --build)
+		build=true
+		shift
+		;;
+	-d | --deploy)
+		deploy=true
 		shift
 		;;
 	-n | --dry-run)
@@ -68,13 +73,15 @@ if $dryRun; then
 	echo "branchName: ${branchName}"
 	echo "prNumber: ${prNumber}"
 	echo "experiments: ${experiments}"
-	echo "force: ${force}"
+	echo "build: ${build}"
+	echo "deploy: ${deploy}"
 	exit 0
 fi
 
 echo "branchName: ${branchName}"
 echo "prNumber: ${prNumber}"
 echo "experiments: ${experiments}"
-echo "force: ${force}"
+echo "build: ${build}"
+echo "deploy: ${deploy}"
 
-gh workflow run pr-deploy.yaml --ref "${branchName}" -f "pr_number=${prNumber}" -f "experiments=${experiments}" -f "force=${force}"
+gh workflow run pr-deploy.yaml --ref "${branchName}" -f "pr_number=${prNumber}" -f "experiments=${experiments}" -f "build=${build}" -f "deploy=${deploy}"