Publish container to GHCR & auto-deploy to k8s

Author: pimterry

.github/workflows/ci.yml

@@ -75,10 +75,13 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # To pull server without rate limit issues in CI
 
   publish-docker:
-    name: Build & publish container to Docker Hub
+    name: Build & publish container
     if: github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/dependabot/')
     runs-on: ubuntu-latest
     needs: [build, test-windows-build]
+    permissions:
+      contents: read
+      packages: write
     steps:
       - uses: actions/checkout@v4
 
@@ -87,6 +90,13 @@ jobs:
           name: dist
           path: dist
 
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
@@ -100,13 +110,15 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
-          images: httptoolkit/ui
+          images: |
+            httptoolkit/ui
+            ghcr.io/httptoolkit/ui
           tags: |
             type=raw,value=prod,enable={{is_default_branch}}
             type=raw,value=latest,enable={{is_default_branch}}
             type=sha
 
-      - name: Build and publish to Docker Hub
+      - name: Build and publish
         uses: docker/build-push-action@v5
         with:
           context: .
@@ -117,9 +129,33 @@ jobs:
   publish-scaleway:
     name: Deploy to Scaleway
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment: production
     runs-on: ubuntu-latest
     needs: publish-docker
     steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure Kubectl
+        run: |
+          kubectl config set-cluster scw-cluster \
+            --server="${{ vars.K8S_SERVER_ADDRESS }}" \
+            --certificate-authority=<(echo "${{ vars.K8S_CA_CERT }}" | base64 -d) \
+            --embed-certs=true
+
+          kubectl config set-credentials deployer --token="${{ secrets.K8S_DEPLOY_TOKEN }}"
+
+          kubectl config set-context default --cluster=scw-cluster --user=deployer
+          kubectl config use-context default
+
+      - name: Deploy to Kubernetes
+        run: |
+          sed "s|/ui:latest|/ui:sha-${GITHUB_SHA::7}|g" deploy/deployment.yaml | \
+            kubectl apply -f - \
+              -f deploy/service.yaml \
+              -f deploy/routes.yaml
+
+          kubectl rollout status deployment/httptoolkit-ui -n httptoolkit-ui
+
       - name: Redeploy container
         uses: httptoolkit/scaleway-serverless-container-deploy-action@v1
         with:

deploy/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: httptoolkit-ui
+  namespace: httptoolkit-ui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: httptoolkit-ui
+  template:
+    metadata:
+      labels:
+        app: httptoolkit-ui
+    spec:
+      containers:
+        - name: server
+          image: ghcr.io/httptoolkit/ui:latest # GHA replaces :latest on build
+          ports:
+            - containerPort: 4000
+          env:
+            - name: DOMAIN
+              value: "http://:4000"

deploy/routes.yaml

@@ -0,0 +1,23 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: httptoolkit-ui-route
+  namespace: httptoolkit-ui
+spec:
+  parentRefs:
+    - name: primary-gateway
+      namespace: gateway
+      sectionName: https-httptoolkit-tech
+    - name: secondary-gateway
+      namespace: gateway
+      sectionName: https-httptoolkit-tech
+  hostnames:
+    - "ui-backend.httptoolkit.tech"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: httptoolkit-ui
+          port: 4000

deploy/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: httptoolkit-ui
+  namespace: httptoolkit-ui
+spec:
+  selector:
+    app: httptoolkit-ui
+  ports:
+    - name: http-port
+      protocol: TCP
+      port: 4000
+      targetPort: 4000