Merge pull request #235 from scientist-softserv/update-deploy-soft-serv-infra

update-deploy-soft-serv-infra

Author: aprilrieger

.github/workflows/build.yml

@@ -0,0 +1,74 @@
+name: "Build Docker Images"
+run-name: Build of ${{ github.ref_name }} by @${{ github.actor }}
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        type: boolean
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
+        required: false
+        default: false
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - id: setup
+        name: Setup
+        uses: scientist-softserv/actions/[email protected]
+        with:
+          tag: ${{ inputs.tag }}
+          image_name: ${{ inputs.image_name }}
+          token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
+      - uses: actions/setup-node@v3
+        with:
+          registry-url: 'https://npm.pkg.github.com'
+          # Defaults to the user or organization that owns the workflow file
+          scope: '@scientist-softserv'
+          node-version-file: package.json
+      - name: GPR authToken
+        run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > $NPM_CONFIG_USERCONFIG
+      - name: GPR alias
+        run: echo "@scientist-softserv:registry=https://npm.pkg.github.com" >> $NPM_CONFIG_USERCONFIG
+      - run: yarn install
+      - run: yarn test
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Retag action for Docker image
+        id: meta-docker-image
+        uses: docker/[email protected]
+        with:
+          images: |
+            name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - run: cp $NPM_CONFIG_USERCONFIG .npmrc; cat .npmrc
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}:${{ env.TAG }}
+          context: .
+          push: true
+          tags: |
+            ${{ steps.meta-docker-image.outputs.tags }}
+            ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}:${{ env.TAG }}

bin/helm_deploy

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# This script wraps up helm deployment. It is meant as a clear starting point for
+# commandline deployment or CI based deployment. It requires the following ENV vars be set
+#
+# CHART_VERSION: this is the version of the hyrax chart you want to deploy. default - 0.22.0
+# DEPLOY_IMAGE: this is the build image that runs the rails application. Typically this would run puma or passenger. eg: samvera/hyrax or ghcr.io/samvera/hyku. Defaults to gcrh.io/samvera/hyku
+# DEPLOY_TAG: name of of the tag you want to deploy for deploy image. eg: "latest" or "v3.0.1" or "f123asdf1". Defaults to latest
+# HELM_EXTRA_ARGS: any additional arguments you'd like passed to helm upgrade directly. can be blank.
+
+if [ -z "$1" ] || [ -z "$2" ]
+then
+    echo './bin/helm_deploy RELEASE_NAME NAMESPACE'
+    exit 1
+fi
+release_name="${1}"
+namespace="${2}"
+
+DEPLOY_IMAGE="${DEPLOY_IMAGE:-ghcr.io/scientist-softserv/webstore}"
+DEPLOY_TAG="${DEPLOY_TAG:-latest}"
+
+helm upgrade \
+    --install \
+    --atomic \
+    --timeout 15m0s \
+    --set image.repository="$DEPLOY_IMAGE" \
+    --set image.tag="$DEPLOY_TAG" \
+    $HELM_EXTRA_ARGS \
+    --namespace="$namespace" \
+    --create-namespace \
+    "$release_name" \
+    ./charts/webstore

charts/webstore/templates/deployment.yaml

@@ -33,9 +33,6 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          envFrom:
-            - secretRef:
-                name: {{ .Values.apiTokenConfigSecret }}
           env:
             - name: NEXTAUTH_URL
               value: "{{ .Values.nextAuthUrl }}"
@@ -45,6 +42,14 @@ spec:
               value: "{{ .Values.providerId }}"
             - name: NEXT_PUBLIC_SCIENTIST_API_VERSION
               value: "{{ .Values.scientistApiVersion }}"
+            - name: NEXT_PUBLIC_TOKEN
+              value: "{{ .Values.nextPublicToken }}"
+            - name: NEXTAUTH_SECRET
+              value: "{{ .Values.nextAuthSecret }}"
+            - name: CLIENT_SECRET
+              value: "{{ .Values.clientSecret }}"
+            - name: CLIENT_ID
+              value: "{{ .Values.clientId }}"
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}

ops/staging-deploy.tmpl.yaml

@@ -0,0 +1,36 @@
+apiTokenConfigSecret: "webstore-staging-api-tokens"
+nextAuthUrl: "https://webstore-staging.notch8.cloud/api/auth"
+providerName: "acme"
+providerId: "572"
+scientistApiVersion: "v2"
+nextPublicToken: $NEXT_PUBLIC_TOKEN
+nextAuthSecret: $NEXTAUTH_SECRET
+clientSecret: $CLIENT_SECRET
+clientId: $CLIENT_ID
+
+replicaCount: 1
+
+image:
+  repository: ghcr.io/scientist-softserv/webstore
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  # tag: "0.0.2"
+
+imagePullSecrets:
+  - name: github
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations: {
+    nginx.ingress.kubernetes.io/proxy-body-size: "0",
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  }
+  hosts:
+    - host: webstore-staging.notch8.cloud
+      paths:
+        - path: /
+  tls:
+    - hosts:
+        - webstore-staging.notch8.cloud
+      secretName: notch8cloud