Skip to content

Commit

Permalink
👷 ci: setup for staging env (#103)
Browse files Browse the repository at this point in the history
Co-authored-by: Sanjay Soundarajan <sanjay.16@live.com>
Co-authored-by: slugb0t <wheresdorian@gmail.com>
fix: 🐛 template renderer will stop using old links (#99)
  • Loading branch information
megasanjay and slugb0t authored Nov 15, 2024
1 parent 11bf278 commit d3c8527
Show file tree
Hide file tree
Showing 30 changed files with 657 additions and 46 deletions.
78 changes: 73 additions & 5 deletions .github/workflows/deploy-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
workflow_dispatch:

jobs:
deploy:
deploy-bot:
runs-on: ubuntu-latest
environment: prd
defaults:
Expand All @@ -24,19 +24,87 @@ jobs:
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_BOT_DOMAIN: ${{ secrets.KAMAL_BOT_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
APP_ID: ${{ secrets.APP_ID }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_NAME: ${{ secrets.GH_APP_NAME }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
GH_APP_CLIENT_ID: ${{ secrets.GH_APP_CLIENT_ID }}
GH_APP_CLIENT_SECRET: ${{ secrets.GH_APP_CLIENT_SECRET }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
CODEFAIR_APP_DOMAIN: ${{ secrets.CODEFAIR_APP_DOMAIN }}
CODEFAIR_BOT_DOMAIN: ${{ secrets.CODEFAIR_BOT_DOMAIN }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}

steps:
- uses: actions/checkout@v4

- uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.1
bundler-cache: true

- run: gem install kamal

- uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

- name: Login to Azure Container Registry
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}

- name: Set up Docker Buildx for cache
uses: docker/setup-buildx-action@v3

- run: kamal version

# Setup kamal for the first time
# Might need to run `sudo usermod -aG docker $USER | newgrp docker | docker ps` to add the user to the docker group if the user is not already in the docker group
# - run: kamal setup

# Login to the registry on the server
- run: kamal registry login
# - run: kamal registry login --verbose

# Suggestion to use lock release and redeploy after reading comments from others. Deploying two builds could cause locking issues when the first is cancelled.
- run: kamal lock release
# - run: kamal lock release --verbose

# Deploy the app for all other times
- run: kamal redeploy
# - run: kamal redeploy --verbose

deploy-ui:
runs-on: ubuntu-latest
environment: stg
defaults:
run:
working-directory: ui

env:
DOCKER_BUILDKIT: 1
KAMAL_REGISTRY_LOGIN_SERVER: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_APP_DOMAIN: ${{ secrets.KAMAL_APP_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
GH_OAUTH_APP_ID: ${{ secrets.GH_OAUTH_APP_ID }}
GH_OAUTH_CLIENT_ID: ${{ secrets.GH_OAUTH_CLIENT_ID }}
GH_OAUTH_CLIENT_SECRET: ${{ secrets.GH_OAUTH_CLIENT_SECRET }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}
ZENODO_CLIENT_ID: ${{ secrets.ZENODO_CLIENT_ID }}
ZENODO_CLIENT_SECRET: ${{ secrets.ZENODO_CLIENT_SECRET }}
ZENODO_REDIRECT_URI: ${{ secrets.ZENODO_REDIRECT_URI }}

steps:
- uses: actions/checkout@v4

Expand Down
78 changes: 73 additions & 5 deletions .github/workflows/deploy-staging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
workflow_dispatch:

jobs:
deploy:
deploy-bot:
runs-on: ubuntu-latest
environment: stg
defaults:
Expand All @@ -24,19 +24,87 @@ jobs:
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_BOT_DOMAIN: ${{ secrets.KAMAL_BOT_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
APP_ID: ${{ secrets.APP_ID }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_NAME: ${{ secrets.GH_APP_NAME }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
GH_APP_CLIENT_ID: ${{ secrets.GH_APP_CLIENT_ID }}
GH_APP_CLIENT_SECRET: ${{ secrets.GH_APP_CLIENT_SECRET }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
CODEFAIR_APP_DOMAIN: ${{ secrets.CODEFAIR_APP_DOMAIN }}
CODEFAIR_BOT_DOMAIN: ${{ secrets.CODEFAIR_BOT_DOMAIN }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}

steps:
- uses: actions/checkout@v4

- uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.1
bundler-cache: true

- run: gem install kamal

- uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

- name: Login to Azure Container Registry
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}

- name: Set up Docker Buildx for cache
uses: docker/setup-buildx-action@v3

- run: kamal version

# Setup kamal for the first time
# Might need to run `sudo usermod -aG docker $USER | newgrp docker | docker ps` to add the user to the docker group if the user is not already in the docker group
# - run: kamal setup

# Login to the registry on the server
- run: kamal registry login
# - run: kamal registry login --verbose

# Suggestion to use lock release and redeploy after reading comments from others. Deploying two builds could cause locking issues when the first is cancelled.
- run: kamal lock release
# - run: kamal lock release --verbose

# Deploy the app for all other times
- run: kamal redeploy
# - run: kamal redeploy --verbose

deploy-ui:
runs-on: ubuntu-latest
environment: stg
defaults:
run:
working-directory: ui

env:
DOCKER_BUILDKIT: 1
KAMAL_REGISTRY_LOGIN_SERVER: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_APP_DOMAIN: ${{ secrets.KAMAL_APP_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
GH_OAUTH_APP_ID: ${{ secrets.GH_OAUTH_APP_ID }}
GH_OAUTH_CLIENT_ID: ${{ secrets.GH_OAUTH_CLIENT_ID }}
GH_OAUTH_CLIENT_SECRET: ${{ secrets.GH_OAUTH_CLIENT_SECRET }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}
ZENODO_CLIENT_ID: ${{ secrets.ZENODO_CLIENT_ID }}
ZENODO_CLIENT_SECRET: ${{ secrets.ZENODO_CLIENT_SECRET }}
ZENODO_REDIRECT_URI: ${{ secrets.ZENODO_REDIRECT_URI }}

steps:
- uses: actions/checkout@v4

Expand Down
7 changes: 2 additions & 5 deletions bot/.env.example
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
# The ID of your GitHub App
GH_APP_ID=
WEBHOOK_SECRET=development
PRIVATE_KEY=
GH_APP_PRIVATE_KEY=

# Use `trace` to get verbose logging or `info` to show less
LOG_LEVEL=debug

# Go to https://smee.io/new set this to the URL that you are redirected to.
WEBHOOK_PROXY_URL=https://smee.io/3y38SHIG6mO8nRNA

MONGODB_URI=
MONGODB_DB_NAME=
WEBHOOK_PROXY_URL=https://smee.io/3y38SHIG6mO8nRNA
11 changes: 7 additions & 4 deletions bot/.kamal/secrets
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,20 @@ KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
KAMAL_REGISTRY_USERNAME=$KAMAL_REGISTRY_USERNAME
KAMAL_REGISTRY_LOGIN_SERVER=$KAMAL_REGISTRY_LOGIN_SERVER

# Kamal config
KAMAL_BOT_DOMAIN=$KAMAL_BOT_DOMAIN
KAMAL_SERVER_IP=$KAMAL_SERVER_IP

# bot secrets
APP_ID=$APP_ID
DATABASE_URL=$DATABASE_URL
GH_APP_ID=$GH_APP_ID
GH_APP_NAME=$GH_APP_NAME
GH_CLIENT_ID=$GH_CLIENT_ID
GH_CLIENT_SECRET=$GH_CLIENT_SECRET
PRIVATE_KEY=$PRIVATE_KEY
GH_APP_CLIENT_ID=$GH_APP_CLIENT_ID
GH_APP_CLIENT_SECRET=$GH_APP_CLIENT_SECRET
GH_APP_PRIVATE_KEY=$GH_APP_PRIVATE_KEY
WEBHOOK_SECRET=$WEBHOOK_SECRET
CODEFAIR_APP_DOMAIN=$CODEFAIR_APP_DOMAIN
CODEFAIR_BOT_DOMAIN=$CODEFAIR_BOT_DOMAIN
ZENODO_API_ENDPOINT=$ZENODO_API_ENDPOINT
ZENODO_ENDPOINT=$ZENODO_ENDPOINT

Expand Down
2 changes: 1 addition & 1 deletion bot/api/github/webhooks.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const app = require("../../index.js");
const probot = createProbot({
overrides: {
appId: process.env.APP_ID,
privateKey: process.env.PRIVATE_KEY.replace(/\\n/g, "\n"),
privateKey: process.env.GH_APP_PRIVATE_KEY.replace(/\\n/g, "\n"),
secret: process.env.WEBHOOK_SECRET,
},
});
Expand Down
8 changes: 4 additions & 4 deletions bot/config/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ servers:
# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
proxy:
ssl: true
host: <%= ENV["CODEFAIR_BOT_DOMAIN"] %>
host: <%= ENV["KAMAL_BOT_DOMAIN"] %>
# Proxy connects to your container on port 80 by default.
app_port: 3000

Expand All @@ -47,9 +47,9 @@ env:
- GH_APP_ID
- GH_APP_NAME
- APP_ID
- GH_CLIENT_ID
- GH_CLIENT_SECRET
- PRIVATE_KEY
- GH_APP_CLIENT_ID
- GH_APP_CLIENT_SECRET
- GH_APP_PRIVATE_KEY
- WEBHOOK_SECRET
- CODEFAIR_APP_DOMAIN
- ZENODO_API_ENDPOINT
Expand Down
2 changes: 1 addition & 1 deletion bot/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ async function startServer() {
port: process.env.PORT || 3000,
Probot: Probot.defaults({
appId: process.env.GH_APP_ID,
privateKey: process.env.PRIVATE_KEY.replace(/\\n/g, "\n"),
privateKey: process.env.GH_APP_PRIVATE_KEY.replace(/\\n/g, "\n"),
secret: process.env.WEBHOOK_SECRET,
}),
});
Expand Down
3 changes: 3 additions & 0 deletions ui/.kamal/hooks/docker-setup.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh

echo "Docker set up on $KAMAL_HOSTS..."
14 changes: 14 additions & 0 deletions ui/.kamal/hooks/post-deploy.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/sh

# A sample post-deploy hook
#
# These environment variables are available:
# KAMAL_RECORDED_AT
# KAMAL_PERFORMER
# KAMAL_VERSION
# KAMAL_HOSTS
# KAMAL_ROLE (if set)
# KAMAL_DESTINATION (if set)
# KAMAL_RUNTIME

echo "$KAMAL_PERFORMER deployed $KAMAL_VERSION to $KAMAL_DESTINATION in $KAMAL_RUNTIME seconds"
3 changes: 3 additions & 0 deletions ui/.kamal/hooks/post-proxy-reboot.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh

echo "Rebooted kamal-proxy on $KAMAL_HOSTS"
51 changes: 51 additions & 0 deletions ui/.kamal/hooks/pre-build.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/bin/sh

# A sample pre-build hook
#
# Checks:
# 1. We have a clean checkout
# 2. A remote is configured
# 3. The branch has been pushed to the remote
# 4. The version we are deploying matches the remote
#
# These environment variables are available:
# KAMAL_RECORDED_AT
# KAMAL_PERFORMER
# KAMAL_VERSION
# KAMAL_HOSTS
# KAMAL_ROLE (if set)
# KAMAL_DESTINATION (if set)

if [ -n "$(git status --porcelain)" ]; then
echo "Git checkout is not clean, aborting..." >&2
git status --porcelain >&2
exit 1
fi

first_remote=$(git remote)

if [ -z "$first_remote" ]; then
echo "No git remote set, aborting..." >&2
exit 1
fi

current_branch=$(git branch --show-current)

if [ -z "$current_branch" ]; then
echo "Not on a git branch, aborting..." >&2
exit 1
fi

remote_head=$(git ls-remote $first_remote --tags $current_branch | cut -f1)

if [ -z "$remote_head" ]; then
echo "Branch not pushed to remote, aborting..." >&2
exit 1
fi

if [ "$KAMAL_VERSION" != "$remote_head" ]; then
echo "Version ($KAMAL_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
exit 1
fi

exit 0
Loading

0 comments on commit d3c8527

Please sign in to comment.