canonical · samhotep · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025
diff --git a/.env b/.env
@@ -1,7 +1,7 @@
 PORT=8104
 SECRET_KEY=secret_key
-VALKEY_HOST=localhost
-VALKEY_PORT=6379
+REDIS_HOST=localhost
+REDIS_PORT=6379
 GH_TOKEN=token
 REPO_ORG=https://github.com/canonical
 DATABASE_URL=postgresql://postgres:postgres@localhost:5432/content
@@ -18,3 +18,4 @@ GOOGLE_DRIVE_FOLDER_ID=googlecreds
 COPYDOC_TEMPLATE_ID=googlecreds
 GOOGLE_PRIVATE_KEY=base64encodedprivatekey
 GOOGLE_PRIVATE_KEY_ID=privatekeyid
+RABBITMQ_URI=amqp://guest:guest@localhost:5672/
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -94,17 +94,19 @@ jobs:
     name: Run Python
     runs-on: ubuntu-latest
     services:
-      valkey:
-        image: valkey/valkey
+      redis:
+        image: redis
         options: >-
-          --health-cmd "valkey-cli ping"
+          --health-cmd "redis-cli ping"
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
       postgres:
         image: postgres:latest
         env:
           POSTGRES_PASSWORD: postgres
+        ports:
+          - 5432:5432
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python 3.12
@@ -121,9 +123,9 @@ jobs:
           GOOGLE_PRIVATE_KEY_ID: ${{ secrets.PRIVATE_KEY_ID }}
           DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres
           SECRET_KEY: secret_key
-          VALKEY_HOST: localhost
-          VALKEY_PORT: 6379
-          GH_TOKEN: token
+          REDIS_HOST: localhost
+          REDIS_PORT: 6379
+          GH_TOKEN: ${{ github.token }}
           REPO_ORG: https://github.com/canonical
           JIRA_EMAIL: example@canonical.com
           JIRA_TOKEN: jiratoken
@@ -141,10 +143,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     services:
-      valkey:
-        image: valkey/valkey
+      redis:
+        image: redis
         options: >-
-          --health-cmd "valkey-cli ping"
+          --health-cmd "redis-cli ping"
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
@@ -170,9 +172,9 @@ jobs:
           docker run \
           -p 8104:8104 \
           -e SECRET_KEY=secret_key \
-          -e VALKEY_HOST=localhost \
-          -e VALKEY_PORT=6379 \
-          -e GH_TOKEN=token \
+          -e REDIS_HOST=localhost \
+          -e REDIS_PORT=6379 \
+          -e GH_TOKEN=${{ github.token }} \
           -e REPO_ORG=https://github.com/canonical \
           -e DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres \
           -e JIRA_EMAIL=example@canonical.com \
@@ -184,6 +186,7 @@ jobs:
           -e COPYDOC_TEMPLATE_ID=templateid \
           -e GOOGLE_PRIVATE_KEY="$GOOGLE_PRIVATE_KEY" \
           -e GOOGLE_PRIVATE_KEY_ID="$GOOGLE_PRIVATE_KEY_ID" \
+          -e FLASK_DEBUG=1 \
           --network host \
-          websites-content-system & sleep 1
+          websites-content-system & sleep 3
           curl --head --fail --retry-delay 1 --retry 30 --retry-connrefused http://localhost
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -0,0 +1,144 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - test-deploy
+      - main
+
+env:
+  CHARMCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true
+  ROCKCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true
+
+jobs:
+
+  pack-rock:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+
+      - name: Build Assets
+        run: |
+          yarn install
+          yarn run build
+
+      - name: Setup LXD
+        uses: canonical/setup-lxd@main
+
+      - name: Create repositories directory
+        run: |
+            mkdir -m 777 repositories
+            mkdir -m 777 tree-cache
+
+      - name: Setup Rockcraft
+        run: sudo snap install rockcraft --classic --channel=latest/edge
+
+      - name: Pack Rock
+        run: rockcraft pack
+
+      - name: Upload Rock
+        uses: actions/upload-artifact@v4
+        with:
+          name: cs-canonical-com-rock
+          path: ./*.rock
+
+  publish-image:
+    runs-on: ubuntu-latest
+    needs: 
+      - pack-rock
+    outputs:
+      image_url: ${{ steps.set_image_url.outputs.image_url }}
+    steps:
+      - name: Get Rock
+        uses: actions/download-artifact@v4
+        with:
+          name: cs-canonical-com-rock
+
+      - name: Set image URL
+        id: set_image_url
+        run: echo "image_url=ghcr.io/canonical/cs.canonical.com:$(date +%s)-${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
+
+      - name: Push to GHCR
+        run: skopeo --insecure-policy copy oci-archive:$(ls *.rock) docker://${{ steps.set_image_url.outputs.image_url }} --dest-creds "canonical:${{ secrets.GITHUB_TOKEN }}"
+
+  deploy-staging:
+    runs-on: [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium]
+    needs: [publish-image]
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Install Dependencies
+        run: |
+          sudo snap install juju --channel=3.4/stable --classic
+          sudo snap install vault --classic
+
+      - name: Download Charm Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: cs-canonical-com-charm
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Vault and Juju
+        run: |
+          export VAULT_ADDR=https://vault.admin.canonical.com:8200
+          export TF_VAR_login_approle_role_id=${{ secrets.VAULT_APPROLE_ROLE_ID }}
+          export TF_VAR_login_approle_secret_id=${{ secrets.VAULT_APPROLE_SECRET_ID }}
+          export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/stg-cs-canonical-com
+          export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common
+          VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id=${TF_VAR_login_approle_role_id} secret_id=${TF_VAR_login_approle_secret_id}) 
+          export VAULT_TOKEN
+          mkdir -p ~/.local/share/juju
+          vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/juju-controller-36-staging-ps6" | base64 -d > ~/.local/share/juju/controllers.yaml
+          USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju")
+          PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju")
+          printf "controllers:\n  juju-controller-36-staging-ps6:\n    user: %s\n    password: %s\n" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml
+
+      - name: Deploy Application to staging
+        run: |
+          export JUJU_MODEL=admin/stg-cs-canonical-com
+          juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
+          juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")'
+
+  deploy-production:
+    runs-on: [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium]
+    needs: [publish-image]
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Install Dependencies
+        run: |
+          sudo snap install juju --channel=3.6/stable --classic
+          sudo snap install vault --classic
+
+      - name: Download Charm Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: cs-canonical-com-charm
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Vault and Juju
+        run: |
+          export VAULT_ADDR=https://vault.admin.canonical.com:8200
+          export TF_VAR_login_approle_role_id=${{ secrets.PROD_VAULT_APPROLE_ROLE_ID }}
+          export TF_VAR_login_approle_secret_id=${{ secrets.PROD_VAULT_APPROLE_SECRET_ID }}
+          export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/prod-cs-canonical-com
+          export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common
+          VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id=${TF_VAR_login_approle_role_id} secret_id=${TF_VAR_login_approle_secret_id}) 
+          export VAULT_TOKEN
+          mkdir -p ~/.local/share/juju
+          vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/juju-controller-36-production-ps6" | base64 -d > ~/.local/share/juju/controllers.yaml
+          USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju")
+          PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju")
+          printf "controllers:\n  juju-controller-36-production-ps6:\n    user: %s\n    password: %s\n" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml
+
+      - name: Deploy Application to production
+        run: |
+          export JUJU_MODEL=admin/prod-cs-canonical-com
+          juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
+          juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")'
diff --git a/.github/workflows/pack-charm.yaml b/.github/workflows/pack-charm.yaml
@@ -0,0 +1,35 @@
+name: Pack Charm
+
+on:
+  push:
+    branches:
+      - test-deploy
+      - main
+    paths:
+      - charm/*
+
+env:
+  CHARMCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true
+  ROCKCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true
+
+jobs:
+  pack-charm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Setup LXD
+        uses: canonical/setup-lxd@main
+
+      - name: Setup Charmcraft
+        run: sudo snap install charmcraft --classic --channel=latest/edge
+
+      - name: Pack charm
+        run: charmcraft pack -v --project-dir ./charm
+
+      - name: Upload charm
+        uses: actions/upload-artifact@v4
+        with:
+          name: cs-canonical-com-charm
+          path: ./*.charm
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     services:
       valkey:
-        image: valkey/valkey
+        image: redis
         options: >-
-          --health-cmd "valkey-cli ping"
+          --health-cmd "redis-cli ping"
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
@@ -27,8 +27,8 @@ jobs:
     env: 
       DISABLE_SSO: True
       SECRET_KEY: secret_key 
-      VALKEY_HOST: localhost 
-      VALKEY_PORT: 6379 
+      REDIS_HOST: localhost 
+      REDIS_PORT: 6379 
       GH_TOKEN: token 
       REPO_ORG: https://github.com/canonical 
       DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres 

diff --git a/Dockerfile b/Dockerfile
@@ -18,7 +18,7 @@ COPY . .
 
 # Install python and import python dependencies
 RUN apt-get update \
-    && apt-get install --no-install-recommends --yes ca-certificates git python3-venv python3-pip python3-psycopg2
+    && apt-get install --no-install-recommends --yes ca-certificates python3-venv python3-pip python3-psycopg2
 RUN python3 -m venv .venv \
     && . .venv/bin/activate \
     && pip install --no-cache-dir -r requirements.txt