Have prod/dev stacks

.github/workflows/deploy-demo.yaml → .github/workflows/deploy-dev.yaml

@@ -1,11 +1,11 @@
 
-name: Deploy to demo
+name: Deploy to dev
 
 on:
   workflow_dispatch:
   push:
-    tags:
-      - v*
+    branch:
+      - dev
 
 permissions:
   contents: read
@@ -16,7 +16,7 @@ jobs:
 
   deploy:
 
-    name: Deploy to demo
+    name: Deploy to dev
     runs-on: ubuntu-latest
 
     steps:
@@ -58,9 +58,9 @@ jobs:
         uses: pulumi/actions@v3
         with:
           command: up
-          stack-name: demo
+          stack-name: dev
           work-dir: pulumi
-          cloud-url: gs://trustgraph-deploy/config-ui/demo
+          cloud-url: gs://trustgraph-deploy/config-ui
         env:
           PULUMI_CONFIG_PASSPHRASE: ""
           IMAGE_VERSION: ${{ steps.version.outputs.VERSION }}

.github/workflows/deploy-prod.yaml

@@ -0,0 +1,67 @@
+
+name: Deploy to prod
+
+on:
+  workflow_dispatch:
+  push:
+    branch:
+      - prod
+
+permissions:
+  contents: read
+  id-token: 'write'
+  packages: read
+
+jobs:
+
+  deploy:
+
+    name: Deploy to prod
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Get version
+        id: version
+        run: echo VERSION=$(git describe --exact-match --tags | sed 's/^v//') >> $GITHUB_OUTPUT
+
+      - name: Install deps
+        run: npm install
+
+      - name: Build container
+        run: make VERSION=${{ steps.version.outputs.VERSION }}
+
+      - id: auth
+        name: Authenticate with Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          workload_identity_provider: projects/583813057664/locations/global/workloadIdentityPools/deploy/providers/github
+          service_account: deploy@trustgraph-demo.iam.gserviceaccount.com
+          access_token_lifetime: 900s
+          create_credentials_file: true
+
+      - name: Login to Artifact Registry
+        uses: redhat-actions/podman-login@v1
+        with:
+          registry: us-central1-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+
+      - name: Install Pulumi
+        run: cd pulumi && npm install
+
+      - name: Applying infrastructure 🚀🙏
+        uses: pulumi/actions@v3
+        with:
+          command: up
+          stack-name: prod
+          work-dir: pulumi
+          cloud-url: gs://trustgraph-deploy/config-ui
+        env:
+          PULUMI_CONFIG_PASSPHRASE: ""
+          IMAGE_VERSION: ${{ steps.version.outputs.VERSION }}
+

.github/workflows/undeploy-demo.yaml → .github/workflows/undeploy-dev.yaml

@@ -1,5 +1,5 @@
 
-name: Undeploy to demo
+name: Undeploy to dev
 
 on:
   workflow_dispatch:
@@ -12,7 +12,7 @@ jobs:
 
   deploy:
 
-    name: Undeploy to demo
+    name: Undeploy to dev
     runs-on: ubuntu-latest
 
     steps:
@@ -37,9 +37,9 @@ jobs:
         uses: pulumi/actions@v3
         with:
           command: destroy
-          stack-name: demo
+          stack-name: dev
           work-dir: pulumi
-          cloud-url: gs://kalntera-deploy/cybersec-ai/demo
+          cloud-url: gs://trustgraph-deploy/config-ui
         env:
           PULUMI_CONFIG_PASSPHRASE: ""
 

.github/workflows/undeploy-prod.yaml

@@ -0,0 +1,45 @@
+
+name: Undeploy to prod
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: 'write'
+
+jobs:
+
+  deploy:
+
+    name: Undeploy to prod
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - id: auth
+        name: Authenticate with Google Cloud
+        uses: google-github-actions/auth@v0
+        with:
+          token_format: access_token
+          workload_identity_provider: projects/514167726704/locations/global/workloadIdentityPools/deploy/providers/deploy
+          service_account: deploy@kalntera-demo.iam.gserviceaccount.com
+          access_token_lifetime: 900s
+          create_credentials_file: true
+
+      - name: Install Pulumi
+        run: cd pulumi && npm install
+
+      - name: Destroy infrastructure ☠🔥
+        uses: pulumi/actions@v3
+        with:
+          command: destroy
+          stack-name: prod
+          work-dir: pulumi
+          cloud-url: gs://trustgraph-deploy/config-ui
+        env:
+          PULUMI_CONFIG_PASSPHRASE: ""
+

pulumi/Pulumi.dev.yaml

@@ -0,0 +1,14 @@
+encryptionsalt: v1:vQGk98eEeYI=:v1:tHg+f1b66tEydgA9:J1RGVNI0FssyjSXVhcKU7bfBofNFTg==
+config:
+  config-ui:artifact-name: config-ui-dev
+  config-ui:artifact-repo: us-central1-docker.pkg.dev/trustgraph-demo/config-ui-dev
+  config-ui:artifact-repo-region: us-central1
+  config-ui:cloud-run-region: us-central1
+  config-ui:domain: demo.trustgraph.ai
+  config-ui:environment: dev
+  config-ui:gcp-project: trustgraph-demo
+  config-ui:gcp-region: us-central1
+  config-ui:hostname: dev.config-ui.demo.trustgraph.ai
+  config-ui:managed-zone: demo
+  config-ui:max-scale: "2"
+  config-ui:min-scale: "0"

pulumi/Pulumi.demo.yaml → pulumi/Pulumi.prod.yaml

@@ -1,11 +1,11 @@
 encryptionsalt: v1:vQGk98eEeYI=:v1:tHg+f1b66tEydgA9:J1RGVNI0FssyjSXVhcKU7bfBofNFTg==
 config:
-  config-ui:artifact-name: config-ui
-  config-ui:artifact-repo: us-central1-docker.pkg.dev/trustgraph-demo/config-ui
+  config-ui:artifact-name: config-ui-prod
+  config-ui:artifact-repo: us-central1-docker.pkg.dev/trustgraph-demo/config-ui-prod
   config-ui:artifact-repo-region: us-central1
   config-ui:cloud-run-region: us-central1
   config-ui:domain: demo.trustgraph.ai
-  config-ui:environment: demo
+  config-ui:environment: prod
   config-ui:gcp-project: trustgraph-demo
   config-ui:gcp-region: us-central1
   config-ui:hostname: config-ui.demo.trustgraph.ai