basedosdados
diff --git a/‎.github/workflows/deploy-prod.yaml‎
Lines changed: 108 additions & 0 deletions b/‎.github/workflows/deploy-prod.yaml‎
Lines changed: 108 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-staging.yaml‎
Lines changed: 108 additions & 0 deletions b/‎.github/workflows/deploy-staging.yaml‎
Lines changed: 108 additions & 0 deletions
diff --git a/‎.github/workflows/release-prod.yaml‎
Lines changed: 32 additions & 0 deletions b/‎.github/workflows/release-prod.yaml‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎.github/workflows/release-staging.yaml‎
Lines changed: 32 additions & 0 deletions b/‎.github/workflows/release-staging.yaml‎
Lines changed: 32 additions & 0 deletions
@@ -0,0 +1,108 @@
+name: Deploy Production Docker Container
+
+on:
+  workflow_run:
+    workflows:
+      - "Release Production Docker Image"
+    branches:
+      - main
+    types:
+      - completed
+  workflow_dispatch:
+
+jobs:
+  deploy-prod:
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+      url: https://basedosdados.org
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Import Secrets
+        id: import_secrets
+        uses: hashicorp/vault-action@v3
+        with:
+          url: https://vault.basedosdados.org
+          token: ${{ secrets.VAULT_TOKEN }}
+          secrets: |
+            secret/data/gcp_credentials/basedosdados-dev GCP_SA_KEY_BASE64 | GCP_SA_KEY_BASE64;
+            secret/data/gcp_credentials/basedosdados-dev GCP_PROJECT_ID    | GCP_PROJECT_ID;
+            secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME  | GKE_CLUSTER_NAME;
+            secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE  | GKE_CLUSTER_ZONE;
+
+      - name: Setup Google Cloud CLI
+        uses: google-github-actions/[email protected]
+        with:
+          service_account_key: ${{ steps.import_secrets.outputs.GCP_SA_KEY_BASE64 }}
+          project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }}
+          export_default_credentials: true
+
+      - name: Get GKE credentials
+        uses: google-github-actions/[email protected]
+        with:
+          cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }}
+          location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }}
+          credentials: ${{ steps.import_secrets.outputs.GCP_SA_KEY_BASE64 }}
+
+      - name: Write values.yaml file
+        run: |
+          cat << 'EOF' > values.yaml
+          chatbotFrontend:
+            name: basedosdados-chatbot-frontend-prod
+            image:
+              name: ghcr.io/${{ github.repository }}
+              tag: prod
+              pullPolicy: Always
+            env:
+              API_HOST: api-prod-service
+              API_PORT: 80
+              LOG_LEVEL: INFO
+              LOG_BACKTRACE: true
+              LOG_DIAGNOSE: false
+              LOG_ENQUEUE: true
+            replicas: 1
+            resources:
+              requests:
+                cpu: 250m
+                memory: 500Mi
+              limits:
+                cpu: 500m
+                memory: 1Gi
+            ingress:
+              enabled: true
+              host: basedosdados.org
+              annotations:
+                nginx.ingress.kubernetes.io/use-regex: "true"
+                nginx.ingress.kubernetes.io/rewrite-target: /$2
+                nginx.ingress.kubernetes.io/ssl-redirect: "true"
+                cert-manager.io/issuer: letsencrypt-production
+                nginx.ingress.kubernetes.io/configuration-snippet: |
+                  # Redirect exact /chatbot-streamlit → /chatbot-streamlit/ with a 301
+                  rewrite ^/chatbot-streamlit$ /chatbot-streamlit/ permanent;
+              tls:
+                - hosts:
+                    - basedosdados.org
+                  secretName: basedosdados-org-tls
+          EOF
+
+      - name: Validate values.yaml file
+        run: |
+          echo "Generated values.yaml content:"
+          cat values.yaml
+          echo "Validating YAML syntax:"
+          python3 -c "import yaml; yaml.safe_load(open('values.yaml'))"
+
+      - name: Deploy using Helm
+        run: |
+          helm upgrade \
+          --install basedosdados-chatbot-frontend-prod charts/basedosdados-chatbot-frontend/. \
+          --namespace website \
+          --values values.yaml \
+          --debug \
+          --wait
@@ -0,0 +1,108 @@
+name: Deploy Staging Docker Container
+
+on:
+  workflow_run:
+    workflows:
+      - "Release Staging Docker Image"
+    branches:
+      - staging
+    types:
+      - completed
+  workflow_dispatch:
+
+jobs:
+  deploy-staging:
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
+    runs-on: ubuntu-latest
+    environment:
+      name: staging
+      url: https://staging.basedosdados.org
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: staging
+
+      - name: Import Secrets
+        id: import_secrets
+        uses: hashicorp/vault-action@v3
+        with:
+          url: https://vault.basedosdados.org
+          token: ${{ secrets.VAULT_TOKEN }}
+          secrets: |
+            secret/data/gcp_credentials/basedosdados-dev GCP_SA_KEY_BASE64 | GCP_SA_KEY_BASE64;
+            secret/data/gcp_credentials/basedosdados-dev GCP_PROJECT_ID    | GCP_PROJECT_ID;
+            secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_NAME  | GKE_CLUSTER_NAME;
+            secret/data/gcp_credentials/basedosdados-dev GKE_CLUSTER_ZONE  | GKE_CLUSTER_ZONE;
+
+      - name: Setup Google Cloud CLI
+        uses: google-github-actions/[email protected]
+        with:
+          service_account_key: ${{ steps.import_secrets.outputs.GCP_SA_KEY_BASE64 }}
+          project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }}
+          export_default_credentials: true
+
+      - name: Get GKE credentials
+        uses: google-github-actions/[email protected]
+        with:
+          cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }}
+          location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }}
+          credentials: ${{ steps.import_secrets.outputs.GCP_SA_KEY_BASE64 }}
+
+      - name: Write values.yaml file
+        run: |
+          cat << 'EOF' > values.yaml
+          chatbotFrontend:
+            name: basedosdados-chatbot-frontend-staging
+            image:
+              name: ghcr.io/${{ github.repository }}
+              tag: staging
+              pullPolicy: Always
+            env:
+              API_HOST: api-staging-service
+              API_PORT: 80
+              LOG_LEVEL: INFO
+              LOG_BACKTRACE: true
+              LOG_DIAGNOSE: false
+              LOG_ENQUEUE: true
+            replicas: 1
+            resources:
+              requests:
+                cpu: 250m
+                memory: 500Mi
+              limits:
+                cpu: 500m
+                memory: 1Gi
+            ingress:
+              enabled: true
+              host: staging.basedosdados.org
+              annotations:
+                nginx.ingress.kubernetes.io/use-regex: "true"
+                nginx.ingress.kubernetes.io/rewrite-target: /$2
+                nginx.ingress.kubernetes.io/ssl-redirect: "true"
+                cert-manager.io/issuer: letsencrypt-production
+                nginx.ingress.kubernetes.io/configuration-snippet: |
+                  # Redirect exact /chatbot-streamlit → /chatbot-streamlit/ with a 301
+                  rewrite ^/chatbot-streamlit$ /chatbot-streamlit/ permanent;
+              tls:
+                - hosts:
+                    - staging.basedosdados.org
+                  secretName: staging-basedosdados-org-tls
+          EOF
+
+      - name: Validate values.yaml file
+        run: |
+          echo "Generated values.yaml content:"
+          cat values.yaml
+          echo "Validating YAML syntax:"
+          python3 -c "import yaml; yaml.safe_load(open('values.yaml'))"
+
+      - name: Deploy using Helm
+        run: |
+          helm upgrade \
+          --install basedosdados-chatbot-frontend-staging charts/basedosdados-chatbot-frontend/. \
+          --namespace website \
+          --values values.yaml \
+          --debug \
+          --wait
@@ -0,0 +1,32 @@
+name: Release Production Docker Image
+
+on:
+  push:
+    branches: main
+  workflow_dispatch:
+
+jobs:
+  release-prod:
+    name: Release prod docker image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository }}:prod
@@ -0,0 +1,32 @@
+name: Release Staging Docker Image
+
+on:
+  push:
+    branches: staging
+  workflow_dispatch:
+
+jobs:
+  release-staging:
+    name: Release staging docker image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: staging
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository }}:staging