Skip to content

Commit

Permalink
Commit initial staging deployment assets
Browse files Browse the repository at this point in the history
  • Loading branch information
@FreedomBen
FreedomBen committed Aug 28, 2024
1 parent 0e6ba5d commit 9888e59
Show file tree
Hide file tree
Showing 9 changed files with 1,131 additions and 0 deletions.
114 changes: 114 additions & 0 deletions .github/workflows/build-test-deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
name: Build -> Test -> Deploy
on:
push:
branches:
- main
tags:
- 'prod-*'
# Triggers a Build -> Test -> Deploy at 2:00am EST (0600 UTC)
schedule:
- cron: '0 6 * * *'

env:
RELEASE_VERSION: ${{ github.sha }}

jobs:
build:
name: Build and Push (Prod)
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Build Image
run: ./scripts/build-release.sh

- name: Authenticate to Container Registry
env:
DOCKER_CONFIG: ${{ secrets.DOCKER_CONFIG }}
run: |
mkdir -p $HOME/.docker
echo "${DOCKER_CONFIG}" > $HOME/.docker/config.json
- name: Push Image
run: ./scripts/push-release.sh

test:
name: Run Tests
needs: [build]
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Test
run: ./scripts/run-ci.sh

deploy-staging:
name: Deploy (Staging)
needs: [build, test]
runs-on: ubuntu-latest
concurrency: deploy_staging_mutex
env:
ENV: staging
K8S_SERVER: ${{ secrets.K8S_ENDPOINT_STAGING }}
K8S_TOKEN: ${{ secrets.K8S_TOKEN_STAGING }}
K8S_CA_CERT: ${{ secrets.K8S_CA_CERT_STAGING }}
SLACK_CHANNEL: '#infra-info'
SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Render Manifests
run: ./scripts/deploy-release.sh --save-deploy --manifest-dir "manifests-${RELEASE_VERSION}-${ENV}" --debug

- name: Archive Rendered Kubernetes Manifests
uses: actions/upload-artifact@v4
with:
name: "manifests-${{ env.RELEASE_VERSION }}-${{ env.ENV }}"
path: "manifests-${{ env.RELEASE_VERSION }}-${{ env.ENV }}"

# - name: Run migrations
# run: ./scripts/deploy-release.sh --apply-migration --manifest-dir "manifests-${RELEASE_VERSION}-${ENV}" --debug

- name: Deploy new version
run: ./scripts/deploy-release.sh --apply-deploy --manifest-dir "manifests-${RELEASE_VERSION}-${ENV}" --debug

deploy-prod:
if: ${{ startsWith(github.ref, 'refs/tags/prod-') }}
name: Deploy (Prod)
needs: [build, test, deploy-staging]
runs-on: ubuntu-latest
concurrency: deploy_prod_mutex
env:
ENV: prod
K8S_SERVER: ${{ secrets.K8S_ENDPOINT_PROD }}
K8S_TOKEN: ${{ secrets.K8S_TOKEN_PROD }}
K8S_CA_CERT: ${{ secrets.K8S_CA_CERT_PROD }}
SLACK_CHANNEL: '#infra-info'
SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Render Manifests
run: ./scripts/deploy-release.sh --save-deploy --manifest-dir "manifests-${RELEASE_VERSION}-${ENV}" --debug

- name: Archive Rendered Kubernetes Manifests
uses: actions/upload-artifact@v4
with:
name: "manifests-${{ env.RELEASE_VERSION }}-${{ env.ENV }}"
path: "manifests-${{ env.RELEASE_VERSION }}-${{ env.ENV }}"

#- name: Run migrations
# run: ./scripts/deploy-release.sh --apply-migration --manifest-dir "manifests-${RELEASE_VERSION}-${ENV}" --debug

- name: Deploy new version
run: ./scripts/deploy-release.sh --apply-deploy --manifest-dir "manifests-${RELEASE_VERSION}-${ENV}" --debug


166 changes: 166 additions & 0 deletions k8s/staging/deploy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: qrcode-generator
tier: web
env: staging
kind: deployment
name: qrcode-generator
namespace: qrcode-generator-staging
spec:
replicas: 2
selector:
matchLabels:
app: qrcode-generator
# tier: web
# env: staging
template:
metadata:
labels:
app: qrcode-generator
tier: web
env: staging
kind: pod
namespace: qrcode-generator-staging
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
containers:
- image: docker.io/freedomben/malan:${RELEASE_VERSION}
name: qrcode-generator
imagePullPolicy: Always
ports:
- containerPort: 4000
protocol: TCP
readinessProbe:
httpGet:
path: /health_check/readiness
port: 4000
initialDelaySeconds: 5
periodSeconds: 2
envFrom:
- configMapRef:
name: qrcode-generator-web-config
- secretRef:
name: qrcode-generator-deploy-secrets
securityContext:
allowPrivilegeEscalation: false
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- qrcode-generator
- key: tier
operator: In
values:
- web
topologyKey: doks.digitalocean.com/node-id

---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: qrcode-generator-pdb
spec:
minAvailable: 1
selector:
matchLabels:
app: qrcode-generator
# tier: web
# env: staging

---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: qrcode-generator
env: staging
kind: configmap
name: qrcode-generator-web-config
namespace: qrcode-generator-staging
data:
LOG_LEVEL: 'info'
BIND_ADDR: '0.0.0.0'
POOL_SIZE: '3'
MAILGUN_DOMAIN: 'mg.accounts.ameelio.org'
HOST: 'accounts.ameelio.xyz'
PORT: '4000'
EXTERNAL_HOST: 'accounts.ameelio.xyz'
EXTERNAL_PORT: '443'
EXTERNAL_SCHEME: 'https'
DATABASE_TLS_ENABLED: 'true'
# Vars from secrets
# DATABASE_URL
# MAILGUN_API_KEY
# SERET_KEY_BASE
# SENTRY_DNS

# Service annotations for Digital Ocean
# https://docs.digitalocean.com/products/kubernetes/how-to/configure-load-balancers/

---
apiVersion: v1
kind: Service
metadata:
labels:
app: qrcode-generator
tier: web
env: staging
kind: service
name: qrcode-generator
namespace: qrcode-generator-staging
annotations:
service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
service.beta.kubernetes.io/do-loadbalancer-size-slug: "lb-small" # or lb-medium|lb-large
spec:
type: LoadBalancer
selector:
app: qrcode-generator
ports:
- name: http
protocol: TCP
port: 80
targetPort: 4000
nodePort: 30000

---
apiVersion: domain-name-operator.tamx.org/v1
kind: CloudflareDnsRecord
metadata:
name: qrcode-generator-staging
labels:
app: qrcode-generator
tier: web
env: staging
kind: cloudflarednsrecord
namespace: qrcode-generator-staging
spec:
hostName: qrcode-generator-staging.ameelio.xyz
serviceName: qrcode-generator
proxied: true

---
apiVersion: domain-name-operator.tamx.org/v1
kind: CloudflareDnsRecord
metadata:
name: accounts
labels:
app: qrcode-generator
tier: web
env: staging
kind: cloudflarednsrecord
namespace: qrcode-generator-staging
spec:
hostName: qrcode.ameelio.xyz
serviceName: qrcode-generator
proxied: true
6 changes: 6 additions & 0 deletions k8s/staging/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: qrcode-generator
spec:
14 changes: 14 additions & 0 deletions scripts/build-dev.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env bash

if [ -z "${RELEASE_VERSION}" ]; then
RELEASE_VERSION="$(git rev-parse HEAD)"
echo "RELEASE_VERSION is not set. Setting to HEAD (${RELEASE_VERSION})"
else
echo "RELEASE_VERSION already set to '${RELEASE_VERSION}'"
fi

docker build \
-f Dockerfile \
-t "registry.digitalocean.com/ameelio-registry/qrcode-generator:${RELEASE_VERSION}" \
-t "registry.digitalocean.com/ameelio-registry/qrcode-generator:latest" \
.
15 changes: 15 additions & 0 deletions scripts/build-release.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/usr/bin/env bash

if [ -z "${RELEASE_VERSION}" ]; then
RELEASE_VERSION="$(git rev-parse HEAD)"
echo "RELEASE_VERSION is not set. Setting to HEAD (${RELEASE_VERSION})"
else
echo "RELEASE_VERSION already set to '${RELEASE_VERSION}'"
fi

docker build \
--file Dockerfile.prod \
--tag "registry.digitalocean.com/ameelio-registry/qrcode-generator:${RELEASE_VERSION}" \
--tag "registry.digitalocean.com/ameelio-registry/qrcode-generator:latest" \
.

Loading

0 comments on commit 9888e59

Please sign in to comment.