Merge pull request #605 from basedosdados/development

Development

Author: guialvesp1

.github/workflows/cd-dev.yaml

@@ -0,0 +1,91 @@
+name: Deploy (Development)
+
+on:
+  workflow_run:
+    workflows: ["Release Docker Image (Development)"]
+    types:
+      - completed
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: ghcr.io/basedosdados/website:development
+
+jobs:
+  deploy-development:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}  || ${{ github.event_name == 'workflow_dispatch' }}
+    name: Deploy (Development)
+    runs-on: ubuntu-latest
+    environment:
+      name: development
+      url: https://development.basedosdados.org
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3.3.0
+        with:
+          ref: development
+
+      - name: Import Secrets
+        id: import_secrets
+        uses: hashicorp/vault-action@v2.4.1
+        with:
+          url: https://vault.basedosdados.org
+          token: ${{ secrets.VAULT_TOKEN }}
+          secrets: |
+            secret/data/gcp_credentials/basedosdados-dev    GCP_SA_KEY_BASE64 | GCP_SA_KEY_BASE64 ;
+            secret/data/gcp_credentials/basedosdados-dev    GCP_PROJECT_ID    | GCP_PROJECT_ID ;
+            secret/data/gcp_credentials/basedosdados-dev    GKE_CLUSTER_NAME  | GKE_CLUSTER_NAME ;
+            secret/data/gcp_credentials/basedosdados-dev    GKE_CLUSTER_ZONE  | GKE_CLUSTER_ZONE ;
+
+      - name: Setup Google Cloud CLI
+        uses: google-github-actions/setup-gcloud@v0.2.1
+        with:
+          service_account_key: ${{ steps.import_secrets.outputs.GCP_SA_KEY_BASE64 }}
+          project_id: ${{ steps.import_secrets.outputs.GCP_PROJECT_ID }}
+          export_default_credentials: true
+
+      - name: Get GKE credentials
+        uses: google-github-actions/get-gke-credentials@v0.2.1
+        with:
+          cluster_name: ${{ steps.import_secrets.outputs.GKE_CLUSTER_NAME }}
+          location: ${{ steps.import_secrets.outputs.GKE_CLUSTER_ZONE }}
+          credentials: ${{ steps.import_secrets.outputs.GCP_SA_KEY_BASE64 }}
+
+      - name: Write values.yaml file
+        run: |
+          cat << EOF > values.yaml
+          website:
+            name: "basedosdados-website-development"
+            image:
+              name: "ghcr.io/basedosdados/website"
+              tag: "development"
+              pullPolicy: "Always"
+            replicas: 1
+            resources:
+              requests:
+                cpu: 100m
+                memory: 500Mi
+              limits:
+                cpu: 500m
+                memory: 1Gi
+            env: []
+            envFrom:
+              - secretRef:
+                  name: basedosdados-website-development
+            ingress:
+              enabled: true
+              host: "development.basedosdados.org"
+              annotations:
+                cert-manager.io/issuer: "letsencrypt-production"
+                kubernetes.io/ingress.class: nginx
+                nginx.ingress.kubernetes.io/rewrite-target: /
+                nginx.ingress.kubernetes.io/ssl-redirect: "true"
+              tls:
+                - hosts:
+                    - "development.basedosdados.org"
+                  secretName: "development-basedosdados-org-tls"
+          EOF
+
+      - name: Deploy using Helm
+        run: |
+          helm upgrade --install basedosdados-website-development charts/basedosdados-website/. -n website -f values.yaml --wait

.github/workflows/cd-v2.yaml

@@ -0,0 +1,26 @@
+name: Release Helm Chart
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/release-chart.yaml"
+      - "charts/**/*"
+
+jobs:
+  release-helm-chart:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.0.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/release-chart.yaml

@@ -1,15 +1,16 @@
-name: CI
+name: Release Docker Image (Development)
 
 on:
   push:
     branches:
-      - nextjs
-  workflow_dispatch:
+      - development
+    paths:
+      - ".github/workflows/release.yaml"
+      - "next/**/*"
 
 jobs:
-  build-container:
-    if: github.ref_name == 'nextjs'
-    name: Build and publish container image
+  release-docker-image-development:
+    name: Release Docker Image (Development)
     runs-on: ubuntu-latest
     environment:
       name: development
@@ -24,7 +25,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
         with:
-          ref: nextjs
+          ref: development
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
@@ -42,4 +43,3 @@ jobs:
           tags: ${{ env.IMAGE_NAME }}
           build-args: |
             NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }}
-

.github/workflows/ci-v2.yaml renamed to .github/workflows/release-dev.yaml

@@ -0,0 +1,45 @@
+name: Release Docker Image (Production)
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/release.yaml"
+      - "next/**/*"
+
+jobs:
+  release-docker-image-production:
+    name: Release Docker Image (Production)
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    env:
+      NEXT_PORT: ${{ vars.NEXT_PORT }}
+      NEXT_PUBLIC_API_URL: ${{ vars.NEXT_PUBLIC_API_URL }}
+      NEXT_PUBLIC_SITE_NAME: ${{ vars.NEXT_PUBLIC_SITE_NAME }}
+      NODE_ENV: ${{ vars.NODE_ENV }}
+      IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:production
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: main
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: next
+          file: next/Dockerfile
+          push: true
+          tags: ${{ env.IMAGE_NAME }}
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }}

.github/workflows/release.yaml

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/.gitkeep

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: basedosdados-website
+description: Deploys the basedosdados website
+
+type: application
+
+version: 0.0.1
+
+appVersion: "0.0.1"

charts/basedosdados-website/.helmignore

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.website.name }}
+  labels:
+    app.kubernetes.io/component: basedosdados-website
+    app.kubernetes.io/name: {{ .Values.website.name }}
+  annotations:
+    rollme: {{ randAlphaNum 5 | quote }}
+spec:
+  replicas: {{ .Values.website.replicas }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 50%
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: basedosdados-website
+      app.kubernetes.io/name: {{ .Values.website.name }}
+  minReadySeconds: 5
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: basedosdados-website
+        app.kubernetes.io/name: {{ .Values.website.name }}
+      annotations:
+        rollme: {{ randAlphaNum 5 | quote }}
+    spec:
+      containers:
+        - name: basedosdados-website
+          image: "{{ .Values.website.image.name }}:{{ .Values.website.image.tag }}"
+          imagePullPolicy: {{ .Values.website.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 3000
+          env:
+            {{- with .Values.website.env }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- with .Values.website.envFrom }}
+          envFrom:
+              {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.website.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      restartPolicy: Always

charts/basedosdados-website/Chart.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.website.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.website.name }}-ingress
+  labels:
+    app.kubernetes.io/component: basedosdados-website
+    app.kubernetes.io/name: {{ .Values.website.name }}
+  annotations:
+    {{- toYaml .Values.website.ingress.annotations | nindent 4 }}
+spec:
+  rules:
+    - host: {{ .Values.website.ingress.host | quote }}
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: "{{ .Values.website.name }}-service"
+              port:
+                number: 80
+  {{- with .Values.website.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}