mirror of https://github.com/coder/coder.git
chore: add continuous deployment for workspace proxies (#7364)
This commit is contained in:
parent
4b9621f9ae
commit
3b15234660
|
@ -487,14 +487,27 @@ jobs:
|
||||||
|
|
||||||
- name: Install Release
|
- name: Install Release
|
||||||
run: |
|
run: |
|
||||||
gcloud config set project coder-dogfood
|
set -euo pipefail
|
||||||
gcloud config set compute/zone us-central1-a
|
|
||||||
gcloud compute scp ./build/coder_*_linux_amd64.deb coder:/tmp/coder.deb
|
|
||||||
gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
|
|
||||||
gcloud compute ssh coder -- sudo systemctl daemon-reload
|
|
||||||
|
|
||||||
- name: Start
|
regions=(
|
||||||
run: gcloud compute ssh coder -- sudo service coder restart
|
# gcp-region-id instance-name systemd-service-name
|
||||||
|
"us-central1-a coder coder"
|
||||||
|
"australia-southeast1-b coder-sydney coder-proxy"
|
||||||
|
"europe-west3-c coder-europe coder-proxy"
|
||||||
|
"southamerica-east1-b coder-brazil coder-proxy"
|
||||||
|
)
|
||||||
|
|
||||||
|
gcloud config set project coder-dogfood
|
||||||
|
for region in "${regions[@]}"; do
|
||||||
|
echo "::group::$region"
|
||||||
|
set -- $region
|
||||||
|
|
||||||
|
gcloud config set compute/zone "$1"
|
||||||
|
gcloud compute scp ./build/coder_*_linux_amd64.deb "$2":/tmp/coder.deb
|
||||||
|
gcloud compute ssh "$2" -- /bin/sh -c "set -eux; sudo dpkg -i --force-confdef /tmp/coder.deb; sudo systemctl daemon-reload; sudo service '$3' restart"
|
||||||
|
|
||||||
|
echo "::endgroup::"
|
||||||
|
done
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
- uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
|
|
|
@ -39,10 +39,10 @@ type WorkspaceProxyStatus struct {
|
||||||
// A healthy report will have no errors. Warnings are not fatal.
|
// A healthy report will have no errors. Warnings are not fatal.
|
||||||
type ProxyHealthReport struct {
|
type ProxyHealthReport struct {
|
||||||
// Errors are problems that prevent the workspace proxy from being healthy
|
// Errors are problems that prevent the workspace proxy from being healthy
|
||||||
Errors []string
|
Errors []string `json:"errors"`
|
||||||
// Warnings do not prevent the workspace proxy from being healthy, but
|
// Warnings do not prevent the workspace proxy from being healthy, but
|
||||||
// should be addressed.
|
// should be addressed.
|
||||||
Warnings []string
|
Warnings []string `json:"warnings"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type WorkspaceProxy struct {
|
type WorkspaceProxy struct {
|
||||||
|
|
|
@ -229,7 +229,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
|
||||||
s.AppServer.Attach(r)
|
s.AppServer.Attach(r)
|
||||||
})
|
})
|
||||||
|
|
||||||
r.Get("/buildinfo", s.buildInfo)
|
r.Get("/api/v2/buildinfo", s.buildInfo)
|
||||||
r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("OK")) })
|
r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("OK")) })
|
||||||
// TODO: @emyrk should this be authenticated or debounced?
|
// TODO: @emyrk should this be authenticated or debounced?
|
||||||
r.Get("/healthz-report", s.healthReport)
|
r.Get("/healthz-report", s.healthReport)
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
[Unit]
|
||||||
|
Description="Coder - external workspace proxy server"
|
||||||
|
Documentation=https://coder.com/docs/coder-oss
|
||||||
|
Requires=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
ConditionFileNotEmpty=/etc/coder.d/coder-proxy.env
|
||||||
|
StartLimitIntervalSec=60
|
||||||
|
StartLimitBurst=3
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
EnvironmentFile=/etc/coder.d/coder-proxy.env
|
||||||
|
User=coder
|
||||||
|
Group=coder
|
||||||
|
ProtectSystem=full
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
SecureBits=keep-caps
|
||||||
|
AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
|
||||||
|
CacheDirectory=coder
|
||||||
|
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
|
||||||
|
KillSignal=SIGINT
|
||||||
|
KillMode=mixed
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
ExecStart=/usr/bin/coder proxy server
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5
|
||||||
|
TimeoutStopSec=90
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -25,3 +25,5 @@ contents:
|
||||||
type: "config|noreplace"
|
type: "config|noreplace"
|
||||||
- src: coder.service
|
- src: coder.service
|
||||||
dst: /usr/lib/systemd/system/coder.service
|
dst: /usr/lib/systemd/system/coder.service
|
||||||
|
- src: coder-proxy.service
|
||||||
|
dst: /usr/lib/systemd/system/coder-proxy.service
|
|
@ -84,9 +84,10 @@ cdroot
|
||||||
temp_dir="$(TMPDIR="$(dirname "$input_file")" mktemp -d)"
|
temp_dir="$(TMPDIR="$(dirname "$input_file")" mktemp -d)"
|
||||||
ln "$input_file" "$temp_dir/coder"
|
ln "$input_file" "$temp_dir/coder"
|
||||||
ln "$(realpath coder.env)" "$temp_dir/"
|
ln "$(realpath coder.env)" "$temp_dir/"
|
||||||
ln "$(realpath coder.service)" "$temp_dir/"
|
ln "$(realpath scripts/linux-pkg/coder-workspace-proxy.service)" "$temp_dir/"
|
||||||
ln "$(realpath preinstall.sh)" "$temp_dir/"
|
ln "$(realpath scripts/linux-pkg/coder.service)" "$temp_dir/"
|
||||||
ln "$(realpath scripts/nfpm.yaml)" "$temp_dir/"
|
ln "$(realpath scripts/linux-pkg/nfpm.yaml)" "$temp_dir/"
|
||||||
|
ln "$(realpath scripts/linux-pkg/preinstall.sh)" "$temp_dir/"
|
||||||
|
|
||||||
pushd "$temp_dir"
|
pushd "$temp_dir"
|
||||||
GOARCH="$arch" CODER_VERSION="$version" nfpm package \
|
GOARCH="$arch" CODER_VERSION="$version" nfpm package \
|
||||||
|
|
|
@ -692,8 +692,8 @@ export interface ProvisionerJobLog {
|
||||||
|
|
||||||
// From codersdk/workspaceproxy.go
|
// From codersdk/workspaceproxy.go
|
||||||
export interface ProxyHealthReport {
|
export interface ProxyHealthReport {
|
||||||
readonly Errors: string[]
|
readonly errors: string[]
|
||||||
readonly Warnings: string[]
|
readonly warnings: string[]
|
||||||
}
|
}
|
||||||
|
|
||||||
// From codersdk/workspaces.go
|
// From codersdk/workspaces.go
|
||||||
|
|
Loading…
Reference in New Issue