Skip to content

(#592) Containers API #968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
excelsior wants to merge 47 commits into
base: master
Choose a base branch
from
Open

(#592) Containers API #968

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
9b02980
(#897) Add filter by publication status to envelope events API
excelsior Sep 21, 2025
9a9b321
(#896) Add filter by @type to CTID lookup API
excelsior Sep 21, 2025
2a12f5f
(#860) Optimize envelope downloads
excelsior Aug 31, 2025
c3718a8
(#860) Track time of envelope download job enqueuing
excelsior Sep 25, 2025
8735ef5
(#896) Include subclasses into @type filter in CTID existence check
excelsior Sep 30, 2025
efad3f3
(#860) Add logging into envelope download service
excelsior Oct 4, 2025
8bbbf33
(#917) Upload envelope graphs to S3 during publishing
excelsior Oct 6, 2025
5281aad
(#918) Sync envelope graphs with ES index
excelsior Oct 22, 2025
2b66150
(#918) Integrate sync with ES into envelope lifecycle
excelsior Oct 24, 2025
6f4d4fc
(#918) Track time of envelope graph indexing with ES
excelsior Oct 27, 2025
aeb2243
(#918) Add Elasticsearch query API for envelope graphs
excelsior Oct 27, 2025
f5ae80f
(#918) Increase ES max field limit dynamically
excelsior Nov 10, 2025
8d4c1aa
(#918) Send ES indexing errors to Airbrake
excelsior Nov 10, 2025
4adc4eb
Add GitHub Actions workflow for Docker build and push
arielr-lt Nov 10, 2025
1e8da2d
Add grape-middleware-logger submodule
arielr-lt Nov 10, 2025
4268bb9
Create .gitkeep
arielr-lt Nov 10, 2025
e61dcda
Remove submodule verification from build.yaml
arielr-lt Nov 10, 2025
ad7e0ab
(#920) Make envelope graphs archive downloadable
excelsior Nov 24, 2025
49c9a7b
(#918) Fix ES search
excelsior Nov 24, 2025
668299c
Enhance build workflow with submodule verification
arielr-lt Nov 24, 2025
cf7b0ab
Fix curl command formatting in build.yaml
arielr-lt Nov 24, 2025
c2144ee
add submodule
Nov 24, 2025
ba4b505
Add OpenSSL configuration file
arielr-lt Nov 24, 2025
11630b0
add local gems
Nov 24, 2025
6c4a9fb
add gem
Nov 24, 2025
d7e7d43
fix vers
Nov 24, 2025
547c668
fix vers
Nov 24, 2025
7623fa1
update rpms
Nov 24, 2025
c177379
interpolation fix
Nov 24, 2025
dd804b8
fix syntax
Nov 24, 2025
cf9d0db
fix syntax
Nov 24, 2025
8d4245f
add jobs
Nov 24, 2025
f2371f4
adding zip utility
Nov 26, 2025
775fef2
add zip libs
Nov 26, 2025
1f177fe
add unzip and find commands to the final image
Nov 27, 2025
b2b5472
Update build.yaml to ignore specific paths
arielr-lt Nov 27, 2025
50feb80
Refactor deploy workflow with image labels and migrations
arielr-lt Nov 27, 2025
5324816
Enhance deployment workflow for production support
arielr-lt Nov 27, 2025
6444235
Enhance workflow with Git ref input and environment options
arielr-lt Nov 27, 2025
95e6cc9
Add workflow to restart deployments in EKS
arielr-lt Nov 27, 2025
212b665
Enhance deployment workflow with DB migrations and Slack notification
arielr-lt Nov 27, 2025
9ec64c3
Include production status in cluster status report
arielr-lt Nov 27, 2025
f7d8594
(#951) updating eks infrastructure definitions
Nov 27, 2025
e29b733
bump
Dec 1, 2025
46f1950
(#920) Download envelope and graph dumps using S3 client
excelsior Dec 9, 2025
41def59
Update ConfigMap for sandbox environment
arielr-lt Dec 9, 2025
0b82b72
(#592) Containers API
excelsior Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .cloud66/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
production: &production
elasticsearch:
configuration:
version: 9.0.4
rack:
configuration:
custom_deploy_command: bin/rake db:migrate
Expand Down
4 changes: 4 additions & 0 deletions .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
AWS_REGION=us-east-2

ELASTICSEARCH_ADDRESS=

ENVELOPE_DOWNLOADS_BUCKET=envelope-downloads

ENVELOPE_GRAPHS_BUCKET=

POSTGRESQL_ADDRESS=localhost
POSTGRESQL_USERNAME=metadataregistry
POSTGRESQL_PASSWORD=metadataregistry
Expand Down
80 changes: 80 additions & 0 deletions .github/workflows/.github/workflows/restart-deployments.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# syntax=docker/dockerfile:1.4
name: Restart application

on:
workflow_dispatch:
inputs:
environment:
description: "Target environment (production, staging, sandbox)"
type: choice
required: true
default: staging
options:
- staging
- sandbox
- production

permissions:
id-token: write
contents: read

env:
AWS_REGION: us-east-1
EKS_CLUSTER: ce-registry-eks

jobs:
restart:
if: ${{ github.repository_owner == 'CredentialEngine' }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/github-oidc-widget
aws-region: ${{ env.AWS_REGION }}

- name: Install kubectl
uses: azure/setup-kubectl@v4
with:
version: v1.29.6

- name: Update kubeconfig
run: |
aws eks update-kubeconfig --name "${{ env.EKS_CLUSTER }}" --region "${{ env.AWS_REGION }}"

- name: Restart deployments
env:
TARGET_ENV: ${{ inputs.environment }}
run: |
set -euo pipefail
case "$TARGET_ENV" in
staging) NS="credreg-staging" ;;
sandbox) NS="credreg-sandbox" ;;
production) NS="credreg-prod" ;;
*) echo "Unknown environment: $TARGET_ENV" >&2; exit 1 ;;
esac
echo "Restarting deployments in namespace $NS"
kubectl -n "$NS" rollout restart deploy/worker-app
kubectl -n "$NS" rollout restart deploy/main-app
kubectl -n "$NS" rollout status deploy/worker-app --timeout=15m
kubectl -n "$NS" rollout status deploy/main-app --timeout=15m

- name: Notify Slack (restart)
if: always()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
REPO: ${{ github.repository }}
RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
ENVIRONMENT: ${{ inputs.environment }}
run: |
if [ -z "${SLACK_WEBHOOK_URL}" ]; then
echo "SLACK_WEBHOOK_URL not set; skipping notification";
exit 0;
fi
STATUS="${{ job.status }}"; EMOJI=✅; [ "$STATUS" = "failure" ] && EMOJI=❌
MSG="$EMOJI Restart ${STATUS} for ${REPO} (env: ${ENVIRONMENT}). ${RUN_URL}"
payload=$(jq -nc --arg text "$MSG" '{text:$text}')
curl -sS -X POST -H 'Content-type: application/json' --data "$payload" "$SLACK_WEBHOOK_URL" || true
97 changes: 97 additions & 0 deletions .github/workflows/apply-configmap-and-restart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
# syntax=docker/dockerfile:1.4
name: Apply configmap and restart

on:
workflow_dispatch:
inputs:
ref:
description: "Git ref (branch or tag) to check out"
type: string
required: false
default: "master"
environment:
description: "Target environment (production, staging or sandbox)"
type: choice
required: true
default: staging
options:
- staging
- sandbox
- production

permissions:
id-token: write
contents: read

env:
AWS_REGION: us-east-1
EKS_CLUSTER: ce-registry-eks

jobs:
apply-and-restart:
if: ${{ github.repository_owner == 'CredentialEngine' }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/github-oidc-widget
aws-region: ${{ env.AWS_REGION }}

- name: Install kubectl
uses: azure/setup-kubectl@v4
with:
version: v1.29.6

- name: Update kubeconfig
run: |
aws eks update-kubeconfig --name "${{ env.EKS_CLUSTER }}" --region "${{ env.AWS_REGION }}"

- name: Apply ConfigMap
working-directory: terraform/environments/eks
run: |
ENV="${{ inputs.environment }}"
case "$ENV" in
production) NS="credreg-prod" && ENV_DIR="k8s-manifests-prod";;
staging) NS="credreg-staging" && ENV_DIR="k8s-manifests-staging" ;;
sandbox) NS="credreg-sandbox" && ENV_DIR="k8s-manifests-sandbox";;
*) echo "Unknown environment: $ENV" >&2; exit 1 ;;
esac
echo "Applying ConfigMap from $ENV_DIR to namespace $NS"
kubectl -n "$NS" apply -f "$ENV_DIR/app-configmap.yaml"

- name: Restart Deployments
run: |
ENV="${{ inputs.environment }}"
case "$ENV" in
staging) NS="credreg-staging" ;;
sandbox) NS="credreg-sandbox" ;;
production) NS="credreg-prod" ;;
*) echo "Unknown environment: $ENV" >&2; exit 1 ;;
esac
kubectl -n "$NS" rollout restart deploy/worker-app
kubectl -n "$NS" rollout restart deploy/main-app
kubectl -n "$NS" rollout status deploy/worker-app --timeout=10m
kubectl -n "$NS" rollout status deploy/main-app --timeout=10m

- name: Notify Slack (configmap apply)
if: always()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
REPO: ${{ github.repository }}
RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
ENVIRONMENT: ${{ inputs.environment }}
run: |
if [ -z "${SLACK_WEBHOOK_URL}" ]; then
echo "SLACK_WEBHOOK_URL not set; skipping notification";
exit 0;
fi
STATUS="${{ job.status }}"; EMOJI=✅; [ "$STATUS" = "failure" ] && EMOJI=❌
MSG="$EMOJI ConfigMap apply ${STATUS} for ${REPO} (env: ${ENVIRONMENT}). ${RUN_URL}"
payload=$(jq -nc --arg text "$MSG" '{text:$text}')
curl -sS -X POST -H 'Content-type: application/json' --data "$payload" "$SLACK_WEBHOOK_URL" || true
156 changes: 156 additions & 0 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
# syntax=docker/dockerfile:1.4
name: Build and push

on:
push:
branches: ["eks-infrastructure","staging","main","master","production","sandbox"]
paths-ignore:
- ".github/**"
- "terraform/**"

workflow_dispatch:

permissions:
id-token: write
contents: read

env:
AWS_REGION: us-east-1
ECR_REPOSITORY: registry
EKS_CLUSTER: ce-registry-eks

concurrency:
group: eks-cluster-image-build
cancel-in-progress: true

jobs:
build-and-push:
if: ${{ github.repository_owner == 'CredentialEngine' }}
runs-on: ubuntu-latest
outputs:
image: ${{ steps.img.outputs.image }}

steps:
- name: Checkout code (with submodules)
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive

- name: Verify submodules present
run: |
git submodule status
if [ ! -d vendor/grape-middleware-logger ]; then
echo "Submodule vendor/grape-middleware-logger is missing" >&2
exit 1
fi
ls -la vendor/grape-middleware-logger | sed -n '1,50p'


- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/github-oidc-widget
aws-region: ${{ env.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Compute image tag (date.build)
id: tag
run: |
DATE_TAG=$(date -u +%Y.%m.%d)
BUILD_NUM=$(printf "%04d" $(( GITHUB_RUN_NUMBER % 10000 )) )
TAG="$DATE_TAG.$BUILD_NUM"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"

- name: Compute ref tag (branch name)
id: ref
run: |
REF_TAG=$(echo "${GITHUB_REF_NAME}" | tr '[:upper:]' '[:lower:]' | sed -E 's#[^a-z0-9._-]+#-#g')
echo "ref_tag=$REF_TAG" >> "$GITHUB_OUTPUT"

- name: Build Docker image (multi-stage)
id: build
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
platforms: linux/amd64
push: true
tags: |
${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ steps.tag.outputs.tag }}
${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ steps.ref.outputs.ref_tag }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Export image URI
id: img
run: |
echo "image=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ steps.tag.outputs.tag }}" >> "$GITHUB_OUTPUT"

- name: Notify Slack (build result)
if: always()
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
REPO: ${{ github.repository }}
RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
BRANCH: ${{ github.ref_name }}
IMAGE_DATE: ${{ steps.tag.outputs.tag }}
IMAGE_BRANCH: ${{ steps.ref.outputs.ref_tag }}
DIGEST: ${{ steps.build.outputs.digest }}
run: |
if [ -z "${SLACK_WEBHOOK_URL}" ]; then
echo "SLACK_WEBHOOK_URL not set; skipping notification";
exit 0;
fi
STATUS="${{ job.status }}"
EMOJI=✅; [ "$STATUS" = "failure" ] && EMOJI=❌
DIGEST_TEXT="${DIGEST:-N/A}"
DEPLOY_URL="https://github.com/${{ github.repository }}/actions/workflows/deploy.yaml"
payload=$(jq -n \
--arg repo "$REPO" \
--arg branch "$BRANCH" \
--arg tag_date "$IMAGE_DATE" \
--arg tag_branch "$IMAGE_BRANCH" \
--arg digest "$DIGEST_TEXT" \
--arg run "$RUN_URL" \
--arg status "$STATUS" \
--arg emoji "$EMOJI" \
--arg deploy "$DEPLOY_URL" \
'{
text: "\($emoji) Build \($status) for \($repo) (\($branch))",
blocks: [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "\($emoji) Build \($status) for \($branch)",
"emoji": true
}
},
{
"type": "section",
"fields": [
{"type":"mrkdwn", "text": "*Repository:*\n\($repo)"},
{"type":"mrkdwn", "text": "*Branch:*\n\($branch)"},
{"type":"mrkdwn", "text": "*Tag (date.build):*\n\($tag_date)"},
{"type":"mrkdwn", "text": "*Tag (branch):*\n\($tag_branch)"},
{"type":"mrkdwn", "text": "*Digest:*\n\($digest)"}
]
},
{
"type":"section",
"text":{"type":"mrkdwn","text":"<\($run)|View run>"}
},
{
"type":"section",
"text":{"type":"mrkdwn","text":"Ready to deploy? Launch the workflow: <\($deploy)|Deploy image>"}
}
]
}')
curl -sS -X POST -H 'Content-type: application/json' --data "$payload" "$SLACK_WEBHOOK_URL" || true
Loading