CI/CD Integration
This describes how to integrate a CI/CD pipeline deploy job to trigger Avassa to deploy and upgrade applications at the edge. The assumption being that you keep the application and deployments specs in the repository. It also assumes the images are available in an image registry.
Control Tower Preparation
The application we will deploy is called theater-room-manager and the
deployment will be called theater-room-manager-deployment.
Therefore we will need a policy that is allowed to create and update these deployments.
name: cd
rest-api:
rules:
- path: /v1/config/applications/theater-room-manager
operations:
create: allow
update: allow
- path: /v1/config/application-deployments/theater-room-manager-deployment
operations:
create: allow
update: allow
For this documentation we assume a user named ci@avassa.io has this policy.
GitLab
In GitLab, go to CI/CD Settings for the project, and create three variables.
CONTROL_TOWERis the API URL to Control Tower, e.g.api.production.acme.avassa.net.CT_USERisci@avassa.io.CT_PASSWORDuser password.
In .gitlab-ci.yml add a deployment job:
deploy:
stage: deploy
image: python:3-alpine
only:
changes:
- demo-specs/*
script:
# Install curl and download supctl
- apk add curl
- curl -OL https://$CONTROL_TOWER/supctl
- chmod +x supctl
# Login to the control tower, use Gitlab CI/CD variables
- echo "$CT_PASSWORD" | ./supctl --host=$CONTROL_TOWER do login $CT_USER > /dev/null
# Push changes
- ./supctl replace applications theater-room-manager < demo-specs/theater-room-manager.app.yml
- ./supctl replace application-deployments theater-room-manager-deployment < demo-specs/theater-room-manager.dep.yml
The job is based on python:3-alpine and it is only triggered if files in the demo-specs directory is changed.
supctl is download using curl, the credentials are used to login and finally the application och deployment specifications are pushed.
GitHub
Go to the project settings and create three variables.
CONTROL_TOWERis the API URL to Control Tower, e.g.api.production.acme.avassa.net.CT_USERisci@avassa.io.CT_PASSWORDuser password.
Finally add a GitHub action:
name: Deploy
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ main ]
pull_request:
branches: [ main ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Get supctl
run: curl -sOf https://${{secrets.CONTROL_TOWER}}/supctl && chmod +x supctl
- name: Login
run: echo "${{secrets.CT_PASSWORD}}" | ./supctl --host=${{secrets.CONTROL_TOWER}} do login ${{secrets.CT_USER}} > /dev/null
- name: Update application spec
run: ./supctl replace applications theater-room-manager < theater-room-manager.app.yml
- name: Update deployment spec
run: ./supctl replace application-deployments theater-room-manager-deployment < theater-room-manager.dep.yml
This job downloads supctl, does the login using credentials stored in secret variables and finally pushes the application and deployment specifications.
Azure DevOps
In your repository, create (or edit an existing) azure-pipelines.yml.
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- script: curl -sOf https://$(CONTROL_TOWER)/supctl && chmod +x supctl
displayName: 'Get supctl'
- script: echo "$(CT_PASSWORD)" | ./supctl --host=$(CONTROL_TOWER) do login $(CT_USER) > /dev/null
displayName: 'Login'
- script: ./supctl replace strongbox vaults operations < operations.yml
displayName: 'Update vault'
- script: |
./supctl replace strongbox vaults operations secrets credentials < credentials.yml
displayName: 'Update credentials'
- script: ./supctl replace applications theater-room-manager < theater-room-manager.app.yml
displayName: 'Update application spec'
- script: ./supctl replace application-deployments theater-room-manager-deployment < theater-room-manager.dep.yml
displayName: 'Update deployment spec'
Note the CONTROL_TOWER, CT_USER and CT_PASSWORD variables. Those are
defined in the pipeline variables (See variables when editing your pipeline).