Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

👷 ci: setup for staging env #103

Merged
merged 23 commits into from
Nov 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
604e4db
merge: :twisted_rightwards_arrows: merge main to staging
slugb0t Oct 17, 2024
45d8f15
refactor: ♻️ 🐛 Codefair 3.1.0 (#89)
slugb0t Nov 1, 2024
26d715b
refactor: :recycle: safety checks for protected middleware
slugb0t Nov 1, 2024
07c61bc
refacotr: :recycle: update protectRoute to redirect to login when no …
slugb0t Nov 1, 2024
f22515e
feat: :fix: redirect to login if not signed in
slugb0t Nov 1, 2024
5a3d124
refactor: :recycle: remove import
slugb0t Nov 1, 2024
73075f0
chore: :loud_sound: :hammer: remove logs
slugb0t Nov 5, 2024
0633f39
docs: :memo: update changelog
slugb0t Nov 5, 2024
2a86142
Merge branch 'main' into staging
slugb0t Nov 5, 2024
1bd8d1c
fix: :bug: check license content all times
slugb0t Nov 5, 2024
d967fd2
fix: :bug: update on zenodo ui page
slugb0t Nov 5, 2024
a8e6e93
merge: :twisted_rightwards_arrows: merge main to current branch
slugb0t Nov 12, 2024
2941374
fix: 🐛 template renderer will stop using old links (#99)
slugb0t Nov 12, 2024
33d7998
Merge branch 'staging' of https://github.com/fairdataihub/codefair-ap…
megasanjay Nov 15, 2024
340ec72
👷 ci: setup for staging env
megasanjay Nov 15, 2024
1ce417f
🔐 ci: update bot env vars to be more clear
megasanjay Nov 15, 2024
82c0bf2
🔐 ci: update bot env vars to be more clear
megasanjay Nov 15, 2024
bc8116c
👷 ci: setup for staging env
megasanjay Nov 15, 2024
9f2c511
👷 ci: kamal init for ui
megasanjay Nov 15, 2024
41d1b1e
👷 ci: add github workflow
megasanjay Nov 15, 2024
02051c4
👷 ci: update github workflow
megasanjay Nov 15, 2024
1f68c42
👷 ci: update secrets config
megasanjay Nov 15, 2024
3ba6adb
👷 ci: add healthcheck route
megasanjay Nov 15, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 73 additions & 5 deletions .github/workflows/deploy-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
workflow_dispatch:

jobs:
deploy:
deploy-bot:
runs-on: ubuntu-latest
environment: prd
defaults:
Expand All @@ -24,19 +24,87 @@ jobs:
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_BOT_DOMAIN: ${{ secrets.KAMAL_BOT_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
APP_ID: ${{ secrets.APP_ID }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_NAME: ${{ secrets.GH_APP_NAME }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
GH_APP_CLIENT_ID: ${{ secrets.GH_APP_CLIENT_ID }}
GH_APP_CLIENT_SECRET: ${{ secrets.GH_APP_CLIENT_SECRET }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
CODEFAIR_APP_DOMAIN: ${{ secrets.CODEFAIR_APP_DOMAIN }}
CODEFAIR_BOT_DOMAIN: ${{ secrets.CODEFAIR_BOT_DOMAIN }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}

steps:
- uses: actions/checkout@v4

- uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.1
bundler-cache: true

- run: gem install kamal

- uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

- name: Login to Azure Container Registry
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}

- name: Set up Docker Buildx for cache
uses: docker/setup-buildx-action@v3

- run: kamal version

# Setup kamal for the first time
# Might need to run `sudo usermod -aG docker $USER | newgrp docker | docker ps` to add the user to the docker group if the user is not already in the docker group
# - run: kamal setup

# Login to the registry on the server
- run: kamal registry login
# - run: kamal registry login --verbose

# Suggestion to use lock release and redeploy after reading comments from others. Deploying two builds could cause locking issues when the first is cancelled.
- run: kamal lock release
# - run: kamal lock release --verbose

# Deploy the app for all other times
- run: kamal redeploy
# - run: kamal redeploy --verbose

deploy-ui:
runs-on: ubuntu-latest
environment: stg
defaults:
run:
working-directory: ui

env:
DOCKER_BUILDKIT: 1
KAMAL_REGISTRY_LOGIN_SERVER: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_APP_DOMAIN: ${{ secrets.KAMAL_APP_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
GH_OAUTH_APP_ID: ${{ secrets.GH_OAUTH_APP_ID }}
GH_OAUTH_CLIENT_ID: ${{ secrets.GH_OAUTH_CLIENT_ID }}
GH_OAUTH_CLIENT_SECRET: ${{ secrets.GH_OAUTH_CLIENT_SECRET }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}
ZENODO_CLIENT_ID: ${{ secrets.ZENODO_CLIENT_ID }}
ZENODO_CLIENT_SECRET: ${{ secrets.ZENODO_CLIENT_SECRET }}
ZENODO_REDIRECT_URI: ${{ secrets.ZENODO_REDIRECT_URI }}

steps:
- uses: actions/checkout@v4

Expand Down
78 changes: 73 additions & 5 deletions .github/workflows/deploy-staging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ on:
workflow_dispatch:

jobs:
deploy:
deploy-bot:
runs-on: ubuntu-latest
environment: stg
defaults:
Expand All @@ -24,19 +24,87 @@ jobs:
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_BOT_DOMAIN: ${{ secrets.KAMAL_BOT_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
APP_ID: ${{ secrets.APP_ID }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_NAME: ${{ secrets.GH_APP_NAME }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
GH_APP_CLIENT_ID: ${{ secrets.GH_APP_CLIENT_ID }}
GH_APP_CLIENT_SECRET: ${{ secrets.GH_APP_CLIENT_SECRET }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
CODEFAIR_APP_DOMAIN: ${{ secrets.CODEFAIR_APP_DOMAIN }}
CODEFAIR_BOT_DOMAIN: ${{ secrets.CODEFAIR_BOT_DOMAIN }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}

steps:
- uses: actions/checkout@v4

- uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.1
bundler-cache: true

- run: gem install kamal

- uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

- name: Login to Azure Container Registry
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}

- name: Set up Docker Buildx for cache
uses: docker/setup-buildx-action@v3

- run: kamal version

# Setup kamal for the first time
# Might need to run `sudo usermod -aG docker $USER | newgrp docker | docker ps` to add the user to the docker group if the user is not already in the docker group
# - run: kamal setup

# Login to the registry on the server
- run: kamal registry login
# - run: kamal registry login --verbose

# Suggestion to use lock release and redeploy after reading comments from others. Deploying two builds could cause locking issues when the first is cancelled.
- run: kamal lock release
# - run: kamal lock release --verbose

# Deploy the app for all other times
- run: kamal redeploy
# - run: kamal redeploy --verbose

deploy-ui:
runs-on: ubuntu-latest
environment: stg
defaults:
run:
working-directory: ui

env:
DOCKER_BUILDKIT: 1
KAMAL_REGISTRY_LOGIN_SERVER: ${{ secrets.KAMAL_REGISTRY_LOGIN_SERVER }}
KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
KAMAL_SERVER_IP: ${{ secrets.KAMAL_SERVER_IP }}
KAMAL_APP_DOMAIN: ${{ secrets.KAMAL_APP_DOMAIN }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
GH_APP_ID: ${{ secrets.GH_APP_ID }}
GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}
GH_OAUTH_APP_ID: ${{ secrets.GH_OAUTH_APP_ID }}
GH_OAUTH_CLIENT_ID: ${{ secrets.GH_OAUTH_CLIENT_ID }}
GH_OAUTH_CLIENT_SECRET: ${{ secrets.GH_OAUTH_CLIENT_SECRET }}
ZENODO_API_ENDPOINT: ${{ secrets.ZENODO_API_ENDPOINT }}
ZENODO_ENDPOINT: ${{ secrets.ZENODO_ENDPOINT }}
ZENODO_CLIENT_ID: ${{ secrets.ZENODO_CLIENT_ID }}
ZENODO_CLIENT_SECRET: ${{ secrets.ZENODO_CLIENT_SECRET }}
ZENODO_REDIRECT_URI: ${{ secrets.ZENODO_REDIRECT_URI }}

steps:
- uses: actions/checkout@v4

Expand Down
7 changes: 2 additions & 5 deletions bot/.env.example
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
# The ID of your GitHub App
GH_APP_ID=
WEBHOOK_SECRET=development
PRIVATE_KEY=
GH_APP_PRIVATE_KEY=

# Use `trace` to get verbose logging or `info` to show less
LOG_LEVEL=debug

# Go to https://smee.io/new set this to the URL that you are redirected to.
WEBHOOK_PROXY_URL=https://smee.io/3y38SHIG6mO8nRNA

MONGODB_URI=
MONGODB_DB_NAME=
WEBHOOK_PROXY_URL=https://smee.io/3y38SHIG6mO8nRNA
11 changes: 7 additions & 4 deletions bot/.kamal/secrets
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,20 @@ KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
KAMAL_REGISTRY_USERNAME=$KAMAL_REGISTRY_USERNAME
KAMAL_REGISTRY_LOGIN_SERVER=$KAMAL_REGISTRY_LOGIN_SERVER

# Kamal config
KAMAL_BOT_DOMAIN=$KAMAL_BOT_DOMAIN
KAMAL_SERVER_IP=$KAMAL_SERVER_IP

# bot secrets
APP_ID=$APP_ID
DATABASE_URL=$DATABASE_URL
GH_APP_ID=$GH_APP_ID
GH_APP_NAME=$GH_APP_NAME
GH_CLIENT_ID=$GH_CLIENT_ID
GH_CLIENT_SECRET=$GH_CLIENT_SECRET
PRIVATE_KEY=$PRIVATE_KEY
GH_APP_CLIENT_ID=$GH_APP_CLIENT_ID
GH_APP_CLIENT_SECRET=$GH_APP_CLIENT_SECRET
GH_APP_PRIVATE_KEY=$GH_APP_PRIVATE_KEY
WEBHOOK_SECRET=$WEBHOOK_SECRET
CODEFAIR_APP_DOMAIN=$CODEFAIR_APP_DOMAIN
CODEFAIR_BOT_DOMAIN=$CODEFAIR_BOT_DOMAIN
ZENODO_API_ENDPOINT=$ZENODO_API_ENDPOINT
ZENODO_ENDPOINT=$ZENODO_ENDPOINT

Expand Down
2 changes: 1 addition & 1 deletion bot/api/github/webhooks.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const app = require("../../index.js");
const probot = createProbot({
overrides: {
appId: process.env.APP_ID,
privateKey: process.env.PRIVATE_KEY.replace(/\\n/g, "\n"),
privateKey: process.env.GH_APP_PRIVATE_KEY.replace(/\\n/g, "\n"),
secret: process.env.WEBHOOK_SECRET,
},
});
Expand Down
8 changes: 4 additions & 4 deletions bot/config/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ servers:
# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
proxy:
ssl: true
host: <%= ENV["CODEFAIR_BOT_DOMAIN"] %>
host: <%= ENV["KAMAL_BOT_DOMAIN"] %>
# Proxy connects to your container on port 80 by default.
app_port: 3000

Expand All @@ -47,9 +47,9 @@ env:
- GH_APP_ID
- GH_APP_NAME
- APP_ID
- GH_CLIENT_ID
- GH_CLIENT_SECRET
- PRIVATE_KEY
- GH_APP_CLIENT_ID
- GH_APP_CLIENT_SECRET
- GH_APP_PRIVATE_KEY
- WEBHOOK_SECRET
- CODEFAIR_APP_DOMAIN
- ZENODO_API_ENDPOINT
Expand Down
2 changes: 1 addition & 1 deletion bot/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ async function startServer() {
port: process.env.PORT || 3000,
Probot: Probot.defaults({
appId: process.env.GH_APP_ID,
privateKey: process.env.PRIVATE_KEY.replace(/\\n/g, "\n"),
privateKey: process.env.GH_APP_PRIVATE_KEY.replace(/\\n/g, "\n"),
secret: process.env.WEBHOOK_SECRET,
}),
});
Expand Down
3 changes: 3 additions & 0 deletions ui/.kamal/hooks/docker-setup.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh

echo "Docker set up on $KAMAL_HOSTS..."
14 changes: 14 additions & 0 deletions ui/.kamal/hooks/post-deploy.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/sh

# A sample post-deploy hook
#
# These environment variables are available:
# KAMAL_RECORDED_AT
# KAMAL_PERFORMER
# KAMAL_VERSION
# KAMAL_HOSTS
# KAMAL_ROLE (if set)
# KAMAL_DESTINATION (if set)
# KAMAL_RUNTIME

echo "$KAMAL_PERFORMER deployed $KAMAL_VERSION to $KAMAL_DESTINATION in $KAMAL_RUNTIME seconds"
3 changes: 3 additions & 0 deletions ui/.kamal/hooks/post-proxy-reboot.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh

echo "Rebooted kamal-proxy on $KAMAL_HOSTS"
51 changes: 51 additions & 0 deletions ui/.kamal/hooks/pre-build.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/bin/sh

# A sample pre-build hook
#
# Checks:
# 1. We have a clean checkout
# 2. A remote is configured
# 3. The branch has been pushed to the remote
# 4. The version we are deploying matches the remote
#
# These environment variables are available:
# KAMAL_RECORDED_AT
# KAMAL_PERFORMER
# KAMAL_VERSION
# KAMAL_HOSTS
# KAMAL_ROLE (if set)
# KAMAL_DESTINATION (if set)

if [ -n "$(git status --porcelain)" ]; then
echo "Git checkout is not clean, aborting..." >&2
git status --porcelain >&2
exit 1
fi

first_remote=$(git remote)

if [ -z "$first_remote" ]; then
echo "No git remote set, aborting..." >&2
exit 1
fi

current_branch=$(git branch --show-current)

if [ -z "$current_branch" ]; then
echo "Not on a git branch, aborting..." >&2
exit 1
fi

remote_head=$(git ls-remote $first_remote --tags $current_branch | cut -f1)

if [ -z "$remote_head" ]; then
echo "Branch not pushed to remote, aborting..." >&2
exit 1
fi

if [ "$KAMAL_VERSION" != "$remote_head" ]; then
echo "Version ($KAMAL_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
exit 1
fi

exit 0
Loading