-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add initial content * Readjust Actions for centralized platform deployment * Fix typos etc. --------- Co-authored-by: Benno Evers <benno@bourbaki>
- Loading branch information
Showing
14 changed files
with
632 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
name: Deploy submodule updates to the staging environment | ||
|
||
on: | ||
push: | ||
branches: [main] | ||
|
||
jobs: | ||
cloud_deployment: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: true | ||
|
||
- name: Get tenant-manager submodule commit hash | ||
id: tenant-manager-commit | ||
run: | | ||
cd ./components/tenant-manager | ||
echo "::set-output name=commit::$(git rev-parse HEAD)" | ||
- name: Deploy tenant manager | ||
uses: benc-uk/workflow-dispatch@v1 | ||
with: | ||
workflow: tzcp-deploy-staging.yaml | ||
repo: tenzir/event-horizon | ||
token: "${{ secrets.REPO_SCOPE_ACCESS_TOKEN }}" | ||
ref: ${{ steps.tenant-manager-commit.outputs.commit }}" | ||
# inputs: '{ "message": "blah blah", "something": false }' | ||
|
||
# App deployments to staging are done automatically by Vercel atm. | ||
# - name: Deploy app | ||
# uses: benc-uk/workflow-dispatch@v1 | ||
# with: | ||
# workflow: deploy-staging.yaml | ||
# repo: tenzir/app | ||
# ref: ${{ steps.app-commit.outputs.commit }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
name: Create Sovereign Edition containers and also push a new production Cloud Deployment | ||
|
||
on: | ||
release: | ||
types: [created] | ||
|
||
jobs: | ||
cloud_deployment: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: true | ||
|
||
- name: Get app submodule commit hash | ||
id: app-commit | ||
run: | | ||
cd ./components/app | ||
echo "::set-output name=commit::$(git rev-parse HEAD)" | ||
- name: Get tenant-manager submodule commit hash | ||
id: tenant-manager-commit | ||
run: | | ||
cd ./components/tenant-manager | ||
echo "::set-output name=commit::$(git rev-parse HEAD)" | ||
- name: Deploy tenant manager | ||
uses: benc-uk/workflow-dispatch@v1 | ||
with: | ||
workflow: tzcp-deploy-production.yaml | ||
repo: tenzir/event-horizon | ||
token: "${{ secrets.REPO_SCOPE_ACCESS_TOKEN }}" | ||
ref: ${{ steps.tenant-manager-commit.outputs.commit }}" | ||
|
||
- name: Deploy app | ||
uses: benc-uk/workflow-dispatch@v1 | ||
with: | ||
workflow: push-to-production.yaml | ||
repo: tenzir/app | ||
token: "${{ secrets.REPO_SCOPE_ACCESS_TOKEN }}" | ||
ref: ${{ steps.app-commit.outputs.commit }}" | ||
|
||
attach_release_artifacts: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Create tarball | ||
run: | | ||
tar cf platform.tar README.md LICENSE examples/ | ||
- name: Publish tarball to the GitHub Release | ||
if: ${{ github.event_name == 'release' }} | ||
uses: actions/upload-release-asset@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
upload_url: ${{ github.event.release.upload_url }} | ||
asset_path: "platform.tar" | ||
asset_name: "platform.tar" | ||
asset_content_type: application/x-tar | ||
|
||
build_and_push_containers: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
name: Check out code | ||
|
||
- uses: mr-smithers-excellent/docker-build-push@v6 | ||
name: Build & push Docker image | ||
with: | ||
image: tenzir-dex | ||
tags: platform-${{ github.event.release.tag_name }} | ||
registry: ghcr.io | ||
directory: components/dex | ||
dockerfile: components/dex/Dockerfile | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- uses: mr-smithers-excellent/docker-build-push@v6 | ||
name: Build & push Docker image | ||
with: | ||
image: tenzir-seaweed | ||
tags: platform-${{ github.event.release.tag_name }} | ||
registry: ghcr.io | ||
directory: components/seaweed | ||
dockerfile: components/seaweed/Dockerfile | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- uses: mr-smithers-excellent/docker-build-push@v6 | ||
name: Build & push Docker image | ||
with: | ||
image: platform | ||
tags: platform-${{ github.event.release.tag_name }} | ||
registry: ghcr.io | ||
directory: components/tenant-manager/platform/tenant_manager | ||
dockerfile: components/tenant-manager/platform/tenant_manager/Dockerfile | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- uses: mr-smithers-excellent/docker-build-push@v6 | ||
name: Build & push Docker image | ||
with: | ||
image: tenzir-platform | ||
tags: platform-${{ github.event.release.tag_name }} | ||
registry: ghcr.io | ||
directory: components/tenant-manager/platform/public_cli | ||
dockerfile: components/tenant-manager/platform/public_cli/Dockerfile | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- uses: mr-smithers-excellent/docker-build-push@v6 | ||
name: Build & push Docker image | ||
with: | ||
image: tenzir-app | ||
tags: platform-${{ github.event.release.tag_name }} | ||
registry: ghcr.io | ||
directory: components/app | ||
dockerfile: components/app/Dockerfile | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
[submodule "components/app"] | ||
path = components/app | ||
url = git@github.com:tenzir/app.git | ||
[submodule "components/tenant-manager"] | ||
path = components/tenant-manager | ||
url = git@github.com:tenzir/event-horizon.git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,24 @@ | ||
# platform | ||
On-premise version of the Tenzir Platform | ||
# Tenzir Platform | ||
|
||
On-premise version of the Tenzir Platform. | ||
|
||
**NOTE**: The examples and files in this repository are only | ||
usable in combination with Sovereign Edition access token. | ||
Please [contact sales](https://tenzir.com/pricing) for more | ||
information. | ||
|
||
## Quick Start | ||
|
||
For detailed instructions, visit our [documentation](https://docs.tenzir.com/setup-guides/deploy-the-platform). | ||
|
||
``` | ||
echo <SOVEREIGN_EDITION_TOKEN> | docker login ghcr.io -u tenzir-distribution --password-stdin | ||
cd examples/localdev | ||
mv env.example .env | ||
vim .env | ||
docker compose up -d | ||
docker compose logs -f | ||
``` | ||
|
||
|
||
For Tenzir employees, it's instead recommended to start with [this version](https://github.com/tenzir/event-horizon/tree/main/platform/compose) that ties into our deployed infrastructure. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# A fork of the upstream dex container that | ||
# allows configuring the initial user and | ||
# password via environment variables, by writing a | ||
# config file to `/etc/dex/tenzir-config.yaml` | ||
|
||
FROM dexidp/dex:v2.38.0 | ||
|
||
COPY dex.tenzir-entrypoint.sh /tenzir-entrypoint.sh | ||
|
||
ENTRYPOINT /tenzir-entrypoint.sh | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/sh | ||
|
||
# Custom entrypoint to work around some options of dex being | ||
# only configurable via config file and not via environment | ||
# variable. | ||
|
||
cat <<EOF > /etc/dex/tenzir-config.yaml | ||
issuer: ${TENZIR_PLATFORM_OIDC_PROVIDER_ISSUER_URL} | ||
storage: | ||
type: sqlite3 | ||
web: | ||
http: 0.0.0.0:5556 | ||
staticClients: | ||
- id: tenzir-app | ||
redirectURIs: | ||
- '${TENZIR_PLATFORM_DOMAIN}/auth/callback/dex' | ||
name: 'Tenzir App' | ||
secret: ${TENZIR_PLATFORM_OIDC_PROVIDER_CLIENT_SECRET} | ||
enablePasswordDB: true | ||
staticPasswords: | ||
- email: "${DEX_EMAIL}" | ||
hash: "${DEX_PASSWORD_HASH}" | ||
username: "${DEX_USER}" | ||
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" | ||
EOF | ||
|
||
# Chain into the entrypoint of the upstream dexidp/dex image | ||
exec /usr/local/bin/docker-entrypoint "$@" | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# A fork of the official seaweed container that | ||
# allows configuring the bucket name and access | ||
# keys via environment variables, by writing a | ||
# config file to `/config.json` | ||
|
||
FROM chrislusf/seaweedfs | ||
|
||
COPY seaweed.tenzir-entrypoint.sh /tenzir-entrypoint.sh | ||
|
||
ENTRYPOINT /tenzir-entrypoint.sh | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
#!/bin/sh | ||
|
||
cat <<EOF > /config.json | ||
{ | ||
"identities": [ | ||
{ | ||
"name": "tenzir-platform", | ||
"credentials": [ | ||
{ | ||
"accessKey": "${TENZIR_PLATFORM_INTERNAL_ACCESS_KEY_ID}", | ||
"secretKey": "${TENZIR_PLATFORM_INTERNAL_SECRET_ACCESS_KEY}" | ||
} | ||
], | ||
"actions": [ | ||
"Read:${TENZIR_PLATFORM_INTERNAL_BUCKET_NAME}", | ||
"Write:${TENZIR_PLATFORM_INTERNAL_BUCKET_NAME}", | ||
"List:${TENZIR_PLATFORM_INTERNAL_BUCKET_NAME}", | ||
"Tagging:${TENZIR_PLATFORM_INTERNAL_BUCKET_NAME}", | ||
"Admin:${TENZIR_PLATFORM_INTERNAL_BUCKET_NAME}" | ||
] | ||
} | ||
] | ||
} | ||
EOF | ||
|
||
exec /entrypoint.sh "$@" |
Submodule tenant-manager
added at
725edd
Oops, something went wrong.