Add Kamal deployment configuration (#310)

Author: dcollie2

.github/workflows/deploy-production.yml

@@ -0,0 +1,41 @@
+name: Deploy to Production
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy-production:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4.1'
+        bundler-cache: true
+
+    - name: Install Kamal
+      run: gem install kamal
+
+    - name: Set up SSH key
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ secrets.PRODUCTION_SSH_PRIVATE_KEY }}" > ~/.ssh/skillrx_web_production.pem
+        chmod 600 ~/.ssh/skillrx_web_production.pem
+
+    - name: Deploy to production with Kamal
+      env:
+        KAMAL_REGISTRY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+        KAMAL_REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+        PRODUCTION_DATABASE_URL: ${{ secrets.PRODUCTION_DATABASE_URL }}
+        PRODUCTION_SECRET_KEY_BASE: ${{ secrets.PRODUCTION_SECRET_KEY_BASE }}
+        RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
+        PRODUCTION_AWS_ACCESS_KEY_ID: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}
+        PRODUCTION_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}
+        PRODUCTION_AZURE_STORAGE_ACCOUNT_NAME: ${{ secrets.PRODUCTION_AZURE_STORAGE_ACCOUNT_NAME }}
+        PRODUCTION_AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.PRODUCTION_AZURE_STORAGE_ACCOUNT_KEY }}
+      run: |
+        KAMAL_DESTINATION=production bin/kamal deploy --skip-push

.github/workflows/deploy-staging.yml

@@ -0,0 +1,61 @@
+name: Deploy to Staging
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  deploy-staging:
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: |
+          skillrx/skillrx:${{ github.sha }}
+          skillrx/skillrx:latest
+
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.4.1'
+        bundler-cache: true
+
+    - name: Install Kamal
+      run: gem install kamal
+
+    - name: Set up SSH key
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ secrets.STAGING_SSH_PRIVATE_KEY }}" > ~/.ssh/skillrx_web_staging.pem
+        chmod 600 ~/.ssh/skillrx_web_staging.pem
+
+    - name: Deploy to staging with Kamal
+      env:
+        KAMAL_REGISTRY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+        KAMAL_REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+        STAGING_DATABASE_URL: ${{ secrets.STAGING_DATABASE_URL }}
+        STAGING_SECRET_KEY_BASE: ${{ secrets.STAGING_SECRET_KEY_BASE }}
+        RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
+        STAGING_AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
+        STAGING_AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
+        STAGING_AZURE_STORAGE_ACCOUNT_NAME: ${{ secrets.STAGING_AZURE_STORAGE_ACCOUNT_NAME }}
+        STAGING_AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.STAGING_AZURE_STORAGE_ACCOUNT_KEY }}
+      run: |
+        KAMAL_DESTINATION=staging bin/kamal deploy --skip-push

.kamal/secrets

@@ -10,8 +10,3 @@
 # Use a GITHUB_TOKEN if private repositories are needed for the image
 # GITHUB_TOKEN=$(gh config get -h github.com oauth_token)
 
-# Grab the registry password from ENV
-KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
-
-# Improve security by using a password manager. Never check config/master.key into git!
-RAILS_MASTER_KEY=$(cat config/master.key)

.kamal/secrets.production

@@ -0,0 +1,10 @@
+# Production secrets - these will be set as GitHub secrets
+KAMAL_REGISTRY_USERNAME=$KAMAL_REGISTRY_USERNAME
+KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+DATABASE_URL=$PRODUCTION_DATABASE_URL
+SECRET_KEY_BASE=$PRODUCTION_SECRET_KEY_BASE
+RAILS_MASTER_KEY=$RAILS_MASTER_KEY
+AWS_ACCESS_KEY_ID=$PRODUCTION_AWS_ACCESS_KEY_ID
+AWS_SECRET_ACCESS_KEY=$PRODUCTION_AWS_SECRET_ACCESS_KEY
+AZURE_STORAGE_ACCOUNT_NAME=$PRODUCTION_AZURE_STORAGE_ACCOUNT_NAME
+AZURE_STORAGE_ACCOUNT_KEY=$PRODUCTION_AZURE_STORAGE_ACCOUNT_KEY

.kamal/secrets.staging

@@ -0,0 +1,10 @@
+# Staging secrets - these will be set as GitHub secrets
+KAMAL_REGISTRY_USERNAME=$KAMAL_REGISTRY_USERNAME
+KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+DATABASE_URL=$STAGING_DATABASE_URL
+SECRET_KEY_BASE=$STAGING_SECRET_KEY_BASE
+RAILS_MASTER_KEY=$RAILS_MASTER_KEY
+AWS_ACCESS_KEY_ID=$STAGING_AWS_ACCESS_KEY_ID
+AWS_SECRET_ACCESS_KEY=$STAGING_AWS_SECRET_ACCESS_KEY
+AZURE_STORAGE_ACCOUNT_NAME=$STAGING_AZURE_STORAGE_ACCOUNT_NAME
+AZURE_STORAGE_ACCOUNT_KEY=$STAGING_AZURE_STORAGE_ACCOUNT_KEY

Dockerfile

@@ -14,6 +14,9 @@ FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
 # Rails app lives here
 WORKDIR /rails
 
+# Add service label for Kamal
+LABEL service="skillrx"
+
 # Install base packages
 RUN apt-get update -qq && \
     apt-get install --no-install-recommends -y curl libjemalloc2 libvips postgresql-client && \

README.md

@@ -171,3 +171,4 @@ If you encounter issues:
 - Verify that your .env file contains all necessary variables
 - Try rebuilding the environment with make rebuild
 - Check container logs for specific error messages
+# Test staging deployment

config/credentials.yml.enc

@@ -99,32 +99,40 @@ production:
   primary:
     <<: *default
     database: skillrx_production
-    urL: <%= ENV['DATABASE_URL'] %>
+    url: <%= ENV['DATABASE_URL'] %>
   cache:
     <<: *default
-    database: sklillrx_production_cache
+    database: skillrx_production_cache
+    url: <%= ENV['DATABASE_URL'] %>
     migrations_paths: db/cache_migrate
   queue:
     <<: *default
     database: skillrx_production_queue
+    url: <%= ENV['DATABASE_URL'] %>
     migrations_paths: db/queue_migrate
   cable:
     <<: *default
     database: skillrx_production_cable
+    url: <%= ENV['DATABASE_URL'] %>
     migrations_paths: db/cable_migrate
 
 staging:
   primary:
     <<: *default
+    database: skillrx_staging
     url: <%= ENV['DATABASE_URL'] %>
   cache:
     <<: *default
+    database: skillrx_staging_cache
+    url: <%= ENV['DATABASE_URL'] %>
     migrations_paths: db/cache_migrate
   queue:
     <<: *default
-    url: <%= ENV['HEROKU_POSTGRESQL_QUEUE_URL'] || ENV['QUEUE_DATABASE_URL'] %>
+    database: skillrx_staging_queue
+    url: <%= ENV['DATABASE_URL'] %>
     migrations_paths: db/queue_migrate
   cable:
     <<: *default
-    url: <%= ENV['HEROKU_POSTGRESQL_CABLE_URL'] || ENV['CABLE_DATABASE_URL'] %>
+    database: skillrx_staging_cable
+    url: <%= ENV['DATABASE_URL'] %>
     migrations_paths: db/cable_migrate

config/database.yml

@@ -0,0 +1,61 @@
+# Production deployment configuration
+service: skillrx-production
+
+# Name of the container image.
+image: skillrx/skillrx
+
+# Deploy to production server (update with your production server IP)
+servers:
+  web:
+    - 3.233.202.191
+
+proxy:
+  ssl: true
+  host: 
+    - skillrx.org
+    - www.skillrx.org
+
+registry:
+  username: KAMAL_REGISTRY_USERNAME
+  password:
+    - KAMAL_REGISTRY_PASSWORD
+
+# Production environment variables
+env:
+  secret:
+    - RAILS_MASTER_KEY
+    - DATABASE_URL
+    - SECRET_KEY_BASE
+    - AWS_ACCESS_KEY_ID
+    - AWS_SECRET_ACCESS_KEY
+    - AZURE_STORAGE_ACCOUNT_NAME
+    - AZURE_STORAGE_ACCOUNT_KEY
+  clear:
+    RAILS_ENV: production
+    AWS_DEFAULT_REGION: us-east-1
+    AWS_BUCKET_NAME: skillrx-production
+    AWS_ENDPOINT_URL: ""  # Empty for real AWS
+    AZURE_STORAGE_SHARE_NAME: contentshare
+    LOCALSTACK_DEBUG: "0"
+    S3_SKIP_SIGNATURE_VALIDATION: "0"
+    SOLID_QUEUE_IN_PUMA: true
+
+aliases:
+  console: app exec --interactive --reuse "bin/rails console"
+  shell: app exec --interactive --reuse "bash"
+  logs: app logs -f
+  dbc: app exec --interactive --reuse "bin/rails dbconsole"
+
+volumes:
+  - "skillrx_production_storage:/rails/storage"
+
+asset_path: /rails/public/assets
+
+builder:
+  arch: amd64
+
+ssh:
+  user: ubuntu
+  keys_only: true
+  keys:
+    - ~/.ssh/skillrx_web_production.pem