OP-38252: Remove Rancher and switch to EKS deployment via OIDC (#285)

Author: sabah-khanam11

.github/workflows/deploy-docker.yml

@@ -2,133 +2,45 @@ name: Deploy Docker
 
 on:
   workflow_dispatch:
-    branches: ["master"]
     inputs:
       tag:
         description: tag/version to deploy
         required: true
+
 jobs:
   deploy:
-
     runs-on: ubuntu-latest
 
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
-    - name: deploy docker
-      run: |
-        SC_RELEASE_TAG="v${{ env.TAG }}"
-        echo "$SC_RELEASE_TAG"
-        
-        TOKEN="${{ secrets.RANCHER2_BEARER_TOKEN }}"
-        RANCHER_HOST="rancher.tools.swagger.io"
-        CLUSTER_ID="c-n8zp2"
-        NAMESPACE_NAME="swagger-oss"
-        K8S_OBJECT_TYPE="daemonsets"
-        K8S_OBJECT_NAME="swagger-validator-v2"
-        DEPLOY_IMAGE="swaggerapi/swagger-validator-v2:$SC_RELEASE_TAG"
-        
-        workloadStatus=""
-        getStatus() {
-            echo "Getting update status..."
-            if ! workloadStatus="$(curl -s -X GET \
-              -H "Authorization: Bearer ${TOKEN}" \
-              -H 'Content-Type: application/json' \
-              "https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}/status")"
-            then
-                echo 'ERROR - get status k8s API call failed!'
-                echo "Exiting build"...
-                exit 1
-            fi
-        }
-        
-        # $1 = image to deploy
-        updateObject() {
-            local image="${1}"
-            echo "Updating image value..."
-        
-            if ! curl -s -X PATCH \
-              -H "Authorization: Bearer ${TOKEN}" \
-              -H 'Content-Type: application/json-patch+json' \
-              "https://${RANCHER_HOST}/k8s/clusters/${CLUSTER_ID}/apis/apps/v1/namespaces/${NAMESPACE_NAME}/${K8S_OBJECT_TYPE}/${K8S_OBJECT_NAME}" \
-              -d "[{\"op\": \"replace\", \"path\": \"/spec/template/spec/containers/0/image\", \"value\": \"${image}\"}]"
-            then
-                echo 'ERROR - image update k8s API call failed!'
-                echo "Exiting build..."
-                exit 1
-            fi
-        }
-        
-        
-        # Check that the TAG is valid
-        if [[ $SC_RELEASE_TAG =~ ^[vV]?[0-9]*\.[0-9]*\.[0-9]*$ ]]; then
-            echo ""
-            echo "This is a Valid TAG..."
-        
-            # Get current image/tag in case we need to rollback
-            getStatus
-            ROLLBACK_IMAGE="$(echo "${workloadStatus}" | jq -r '.spec.template.spec.containers[0].image')"
-            echo ""
-            echo "Current image: ${ROLLBACK_IMAGE}"
-        
-            # Update image and validate response
-            echo ""
-            updateObject "${DEPLOY_IMAGE}"
-            echo ""
-        
-            echo ""
-            echo "Waiting for pods to start..."
-            echo ""
-            sleep 60s
-        
-            # Get state of the k8s object. If numberReady == desiredNumberScheduled, consider the upgrade successful. Else raise error
-            getStatus
-                status="$(echo "${workloadStatus}" | jq '.status')"
-            echo ""
-            echo "${status}"
-            echo ""
-        
-            numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
-            numberReady="$(echo "${status}" | jq -r '.numberReady')"
-        
-            if (( numberReady == numberDesired )); then
-                echo "${K8S_OBJECT_NAME} has been upgraded to ${DEPLOY_IMAGE}"
-        
-            # If pods are not starting, rollback the upgrade and exit the build with error
-            else
-                echo "state = error...rolling back upgrade"
-                updateObject "${ROLLBACK_IMAGE}"
-                echo ""
-        
-                echo ""
-                echo "Waiting for rollback pods to start..."
-                echo ""
-                sleep 60s
-        
-                getStatus
-                status="$(echo "${workloadStatus}" | jq '.status')"
-                echo ""
-                echo "${status}"
-                echo ""
-        
-                numberDesired="$(echo "${status}" | jq -r '.desiredNumberScheduled')"
-                numberReady="$(echo "${status}" | jq -r '.numberReady')"
-        
-                if (( numberReady == numberDesired )); then
-                    echo "Rollback to ${ROLLBACK_IMAGE} completed."
-                else
-                    echo "FATAL - rollback failed"
-                fi
-                echo "Exiting Build..."
-                exit 1
-            fi
-        
-        else
-            echo "This TAG is not in a valid format..."
-            echo "Exiting Build..."
-            exit 0
-        fi
-        echo "Exiting Build..."
-        exit 0
-    env:
-      ACTIONS_ALLOW_UNSECURE_COMMANDS:  true
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      TAG: ${{ github.event.inputs.tag }}
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          audience: sts.amazonaws.com
+          aws-region: us-east-1
+          role-to-assume: arn:aws:iam::886148526908:role/CloudformationBuild
+
+      - name: Update kubeconfig
+        run: |
+          aws eks update-kubeconfig \
+            --name eks-prod-swagger-oss-cluster-tf \
+            --region us-east-1 \
+            --role-arn arn:aws:iam::886148526908:role/CloudformationBuild
+
+      - name: Deploy to Kubernetes
+        run: |
+          IMAGE="swaggerapi/swagger-validator-v2:v${{ github.event.inputs.tag }}"
+          
+          echo "Deploying image: $IMAGE"
+
+          kubectl set image daemonset/swagger-validator-v2 \
+            swagger-validator-v2=$IMAGE \
+            -n swagger-oss
+
+          kubectl rollout status daemonset/swagger-validator-v2 -n swagger-oss