fix: Use autodevops actions. (#50)

SocialGouv · Sep 1, 2021 · 0b15a52 · 0b15a52
1 parent dfb87f6
commit 0b15a52
Show file tree

Hide file tree

Showing 10 changed files with 238 additions and 8 deletions.
diff --git a/.github/dev.env b/.github/dev.env
@@ -0,0 +1,2 @@
+SOCIALGOUV_BASE_DOMAIN=dev.fabrique.social.gouv.fr
+RANCHER_PROJECT_ID=c-gjtkk:p-v79sd
diff --git a/.github/preprod.env b/.github/preprod.env
@@ -0,0 +1,2 @@
+SOCIALGOUV_BASE_DOMAIN=dev.fabrique.social.gouv.fr
+RANCHER_PROJECT_ID=c-gjtkk:p-v79sd
diff --git a/.github/prod.env b/.github/prod.env
@@ -0,0 +1,2 @@
+SOCIALGOUV_BASE_DOMAIN=fabrique.social.gouv.fr
+RANCHER_PROJECT_ID=c-5rj5b:p-7f92z
diff --git a/.github/workflows/deactivate.yml b/.github/workflows/deactivate.yml
@@ -0,0 +1,41 @@
+name: Deactivate
+
+on:
+  pull_request:
+    types: [ closed ]
+
+jobs:
+  prune:
+    name: Deactivate environment
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Get branch, project and namespace names
+      run: |
+        echo "branch=${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV
+        echo "project=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
+        echo "namespace=${GITHUB_REPOSITORY#*/}-${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV
+
+    - name: Install Kapp
+      uses: vmware-tanzu/carvel-setup-action@v1
+      with:
+        only: kapp
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Create kubernetes config
+      run: |
+        mkdir ~/.kube
+        touch ~/.kube/config
+        echo ${{ secrets.SOCIALGOUV_KUBE_CONFIG_DEV }} | base64 -d > ~/.kube/config
+
+    - name: Delete k8s environment
+      run: kapp -y delete --namespace ${{ env.namespace }}
+      # run: kapp -y delete -a ${{ env.project }} --namespace ${{ env.namespace }}
+
+    - name: Mark environment as deactivated
+      uses: bobheadxi/deployments@v0.4.3
+      with:
+        step: deactivate-env
+        env: ${{ env.branch }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        desc: "Environment ${{ env.namespace }} has been deactivated"
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -0,0 +1,95 @@
+name: Production
+
+on:
+  push:
+    tags:
+      - v*
+
+concurrency:
+  group: preproduction
+  cancel-in-progress: true
+
+jobs:
+
+  ##############################################################################
+  ## BUILD AND REGISTER APPLICATION IMAGE
+  ##############################################################################
+  register:
+    name: Build & Register application
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Get project name
+      run: |
+        echo "project=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
+
+    - name: Use autodevops build and register
+      uses: SocialGouv/actions/autodevops-build-register@master
+      with:
+        project: ${{ env.project }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        imageName: monsuivipsy/monsuivipsy-site
+
+  ##############################################################################
+  ## GENERATE PREPRODUCTION MANIFESTS
+  ##############################################################################
+  manifests:
+    name: Preproduction manifests
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Use autodevops manifests generation
+      uses: SocialGouv/actions/autodevops-manifests@master
+      with:
+        environment: "preprod"
+
+  ##############################################################################
+  ## DEPLOY PREPRODUCTION APPLICATION
+  ##############################################################################
+  deploy-preprod:
+    name: Deploy preproduction
+    runs-on: ubuntu-latest
+    needs: [register, manifests]
+    environment:
+      name: preproduction
+      url: https://${{ env.namespace }}.${{ env.SOCIALGOUV_BASE_DOMAIN }}
+    steps:
+
+    - name: Use autodevops deployment
+      uses: SocialGouv/actions/autodevops-deploy@master
+      with:
+        environment: "preprod"
+        token: ${{ secrets.GITHUB_TOKEN }}
+        kubeconfig: ${{ secrets.SOCIALGOUV_KUBE_CONFIG_DEV }}
+
+  ##############################################################################
+  ## GENERATE PRODUCTION MANIFESTS
+  ##############################################################################
+  manifests-prod:
+    name: Production manifests
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Use autodevops manifests generation
+      uses: SocialGouv/actions/autodevops-manifests@master
+      with:
+        environment: "prod"
+
+  ##############################################################################
+  ## DEPLOY PRODUCTION APPLICATION
+  ##############################################################################
+  deploy-prod:
+    name: Deploy production
+    runs-on: ubuntu-latest
+    needs: [deploy-preprod, manifests-prod]
+    environment:
+      name: production
+      url: https://${{ env.namespace }}.${{ env.SOCIALGOUV_BASE_DOMAIN }}
+    steps:
+
+    - name: Use autodevops deployment
+      uses: SocialGouv/actions/autodevops-deploy@master
+      with:
+        environment: "prod"
+        token: ${{ secrets.GITHUB_TOKEN }}
+        kubeconfig: ${{ secrets.SOCIALGOUV_KUBE_CONFIG_PROD }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,28 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [master, alpha, beta, next]
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+        persist-credentials: false
+
+    - name: Semantic Release
+      uses: cycjimmy/semantic-release-action@v2
+      with:
+        semantic_version: 17
+        extra_plugins: |
+          @semantic-release/changelog@5.0.1
+          @semantic-release/git@9.0.0
+      env:
+        GITHUB_TOKEN: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
@@ -0,0 +1,62 @@
+name: Review
+
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - v*
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  ##############################################################################
+  ## BUILD AND REGISTER APPLICATION IMAGE
+  ##############################################################################
+  register:
+    name: Build & Register application
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Get project name
+      run: |
+        echo "project=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
+
+    - name: Use autodevops build and register
+      uses: SocialGouv/actions/autodevops-build-register@master
+      with:
+        project: ${{ env.project }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        imageName: monsuivipsy/monsuivipsy-site
+
+  ##############################################################################
+  ## GENERATE KUBERNETES MANIFESTS
+  ##############################################################################
+  manifests:
+    name: Generate k8s manifests
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Use autodevops manifests generation
+      uses: SocialGouv/actions/autodevops-manifests@master
+      with:
+        environment: "dev"
+
+  ##############################################################################
+  ## DEPLOY APPLICATION OVER KUBERNETES
+  ##############################################################################
+  deploy:
+    name: Deploy application
+    runs-on: ubuntu-latest
+    needs: [register, manifests]
+    steps:
+
+    - name: Use autodevops deployment
+      uses: SocialGouv/actions/autodevops-deploy@master
+      with:
+        environment: "dev"
+        token: ${{ secrets.GITHUB_TOKEN }}
+        kubeconfig: ${{ secrets.SOCIALGOUV_KUBE_CONFIG_DEV }}
diff --git a/.socialgouv/config.json b/.socialgouv/config.json
@@ -3,6 +3,8 @@
   "name": "monsuivipsy-site",
   "subdomain": "monsuivipsy",
   "probesPath": "/api/healthz",
+  "registry": "ghcr",
+  "project": "monsuivipsy",
   "ingress": {
     "annotations": {
       "nginx.ingress.kubernetes.io/configuration-snippet": "more_set_headers \"Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; media-src 'self' https://*.gouv.fr; img-src 'self' https://*.gouv.fr https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'\";\nmore_set_headers \"X-Frame-Options: deny\";\nmore_set_headers \"X-XSS-Protection: 1; mode=block\";\nmore_set_headers \"X-Content-Type-Options: nosniff\";"

diff --git a/.socialgouv/environments/prod/yaml/redirect.yaml b/.socialgouv/environments/prod/yaml/redirect.yaml
@@ -4,7 +4,7 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/permanent-redirect: https://monsuivipsy.fabrique.social.gouv.fr$request_uri
-    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
+    cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/tls-acme: "true"
   labels:
     app.kubernetes.io/component: redirect

diff --git a/Dockerfile b/Dockerfile
@@ -2,14 +2,10 @@ FROM node:15.9-alpine
 
 WORKDIR /app
 
-COPY package.json /app/
-COPY yarn.lock /app/
+COPY . /app/
 
-RUN yarn --production
-RUN yarn cache clean
-
-COPY .next/ /app/.next/
-COPY public/ /app/public/
+RUN yarn --frozen-lockfile --prefer-offline && yarn cache clean
+RUN yarn build
 
 USER node
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		SOCIALGOUV_BASE_DOMAIN=dev.fabrique.social.gouv.fr
		RANCHER_PROJECT_ID=c-gjtkk:p-v79sd
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		SOCIALGOUV_BASE_DOMAIN=fabrique.social.gouv.fr
		RANCHER_PROJECT_ID=c-5rj5b:p-7f92z