feat: deploy to gcp

Author: incubator4

.github/workflows/docker-build-push.yml

@@ -1,94 +1,48 @@
-name: Docker Build
-
+name: Build and Deploy
 on:
   push:
     branches:
-      - "dev"
-      - "main"
-
-env:
-  IMAGE_NAME: rss3/xchar
-  REGION_ID: us-east-1
-  DEV_ACK_CLUSTER_ID: cd1d0ffc40b5242b39ddda1864e71e30d
-  PROD_ACK_CLUSTER_ID: cfc647c22fd6848b5a602ad4d7470632b
-
+      - dev
+      - main
+    tags:
+      - v*
 jobs:
   build:
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.meta.outputs.version }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.IMAGE_NAME }}
-          tags: |
-            type=sha
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          file: Dockerfile
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-
+    uses: NaturalSelectionLabs/Daedalus/.github/workflows/docker-tpl.yaml@main
+    with:
+      images: flosspicks/xchar
+      context: .
+      dockerfile: ./Dockerfile
+    secrets:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
   deploy-dev:
-    runs-on: ubuntu-latest
-    needs: [build]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Set K8s context
-        uses: aliyun/ack-set-context@v1
-        with:
-          access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
-          access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
-          cluster-id: "${{ env.DEV_ACK_CLUSTER_ID }}"
-      - name: Install Tools
-        run: |
-          wget https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
-          curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
-      - uses: sljeff/secrets2env@main
-        with:
-          secrets-json: ${{ toJson(secrets) }}
-      - env:
-          IMAGE_TAG_RELEASE: ${{ env.IMAGE_NAME }}:${{ needs.build.outputs.version }}
-        run: |
-          sh apply.sh deploy/dev/*
-
+    if: github.ref == 'refs/heads/dev'
+    uses: NaturalSelectionLabs/Daedalus/.github/workflows/deploy-v3-tpl.yaml@main
+    needs:
+      - build
+    with:
+      images: flosspicks/xchar
+      tag: sha-${{ github.sha }}
+      cluster: dev
+      namespace: crossbell
+      releaseName: xchar
+      revision: develop
+      dir: deploy/dev
+    secrets:
+      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
   deploy-prod:
     if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    needs: [build, deploy-dev]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Set K8s context
-        uses: aliyun/ack-set-context@v1
-        with:
-          access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
-          access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
-          cluster-id: "${{ env.PROD_ACK_CLUSTER_ID }}"
-      - name: Install Tools
-        run: |
-          wget https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
-          curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.10/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
-      - uses: sljeff/secrets2env@main
-        with:
-          secrets-json: ${{ toJson(secrets) }}
-      - env:
-          IMAGE_TAG_RELEASE: ${{ env.IMAGE_NAME }}:${{ needs.build.outputs.version }}
-        run: |
-          sh apply.sh deploy/prod/*
+    uses: NaturalSelectionLabs/Daedalus/.github/workflows/deploy-v3-tpl.yaml@main
+    needs:
+      - build
+    with:
+      images: flosspicks/xchar
+      tag: sha-${{ github.sha }}
+      cluster: prod
+      namespace: crossbell
+      releaseName: xchar
+      revision: main
+      dir: deploy/prod
+    secrets:
+      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

deploy/dev/deploy.yaml

@@ -23,7 +23,7 @@ spec:
         tier: api
     spec:
       containers:
-        - image: $IMAGE_TAG_RELEASE
+        - image: flosspicks/xchar
           imagePullPolicy: Always
           name: xchar
           envFrom:

deploy/dev/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deploy.yaml
+  - svc.yaml
+  - route.yaml
+  - secret.yaml

deploy/dev/route.yaml

@@ -3,12 +3,14 @@ kind: IngressRoute
 metadata:
   name: xchar
   namespace: crossbell
+  annotations:
+    avp.kubernetes.io/path: "kv/data/crossbell/xchar"
 spec:
   entryPoints:
-    - web
+    - websecure
   routes:
     - kind: Rule
-      match: "Host(`$XCHAR_DOMAIN_DEV`)"
+      match: Host(`<DOMAIN>`)
       services:
         - name: xchar
           port: 3000

deploy/dev/secrets.yaml deploy/dev/secret.yamldeploy/dev/secrets.yaml renamed to deploy/dev/secret.yaml

@@ -1,8 +1,10 @@
 apiVersion: v1
-stringData:
-  REDIS_URL: $REDIS_URL_DEV
 kind: Secret
 metadata:
   name: xchar
   namespace: crossbell
+  annotations:
+    avp.kubernetes.io/path: "kv/data/crossbell/xchar"
 type: Opaque
+stringData:
+  REDIS_URL: "<REDIS_URL>"

deploy/prod/deploy.yaml

@@ -23,7 +23,7 @@ spec:
         tier: api
     spec:
       containers:
-        - image: $IMAGE_TAG_RELEASE
+        - image: flosspicks/xchar
           imagePullPolicy: Always
           name: xchar
           envFrom:

deploy/prod/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deploy.yaml
+  - svc.yaml
+  - route.yaml
+  - secret.yaml
+  - pvc.yaml

deploy/prod/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: xchar-image
+  namespace: crossbell
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 80Gi
+  storageClassName: standard-rwm

deploy/prod/route.yaml

@@ -3,12 +3,14 @@ kind: IngressRoute
 metadata:
   name: xchar
   namespace: crossbell
+  annotations:
+    avp.kubernetes.io/path: "kv/data/crossbell/xchar"
 spec:
   entryPoints:
-    - web
+    - websecure
   routes:
     - kind: Rule
-      match: "Host(`$XCHAR_DOMAIN`)"
+      match: Host(`<DOMAIN>`)
       services:
         - name: xchar
           port: 3000

deploy/prod/secrets.yaml deploy/prod/secret.yamldeploy/prod/secrets.yaml renamed to deploy/prod/secret.yaml

@@ -1,8 +1,10 @@
 apiVersion: v1
-stringData:
-  REDIS_URL: $REDIS_URL
 kind: Secret
 metadata:
   name: xchar
   namespace: crossbell
+  annotations:
+    avp.kubernetes.io/path: "kv/data/crossbell/xchar"
 type: Opaque
+stringData:
+  REDIS_URL: "<REDIS_URL>"