IntersectMBO · placek · Mar 5, 2024 · Mar 4, 2024 · Mar 5, 2024 · Mar 5, 2024
@@ -19,10 +19,6 @@ on:
           - "test"
           - "staging"
           - "beta"
-      skip_build:
-        required: true
-        type: boolean
-        default: false
       resync_cardano_node_and_db:
         required: true
         type: boolean
@@ -33,82 +29,8 @@ env:
   CARDANO_NETWORK: ${{ inputs.cardano_network || 'sanchonet' }}
 
 jobs:
-  check_environment_exists:
-    name: Check if target environment exists before proceeding
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./scripts/govtool
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Check environment exists
-        run: |
-          make check-env-defined
-  build_backend:
-    name: Build and push backend Docker image
-    if: ${{ ! inputs.skip_build }}
-    needs:
-      - check_environment_exists
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./scripts/govtool
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          aws-access-key-id: ${{ secrets.GHA_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.GHA_AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
-      - name: Login to AWS ECR
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          aws-region: eu-west-1
-      - name: Build and push images
-        run: |
-          make docker-login
-          make build-backend
-          make push-backend
-  build_frontend:
-    name: Build and push frontend Docker image
-    if: ${{ ! inputs.skip_build }}
-    needs:
-      - check_environment_exists
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./scripts/govtool
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          aws-access-key-id: ${{ secrets.GHA_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.GHA_AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
-      - name: Login to AWS ECR
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          aws-region: eu-west-1
-      - name: Build and push images
-        env:
-          GTM_ID: ${{ secrets.GTM_ID }}
-          SENTRY_DSN: ${{ secrets.SENTRY_DSN_FRONTEND }}
-        run: |
-          make docker-login
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make build-frontend
-          make push-frontend
   deploy:
     name: Deploy app
-    needs:
-      - build_backend
-      - build_frontend
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -117,126 +39,43 @@ jobs:
       DBSYNC_POSTGRES_DB: "cexplorer"
       DBSYNC_POSTGRES_USER: "postgres"
       DBSYNC_POSTGRES_PASSWORD: "pSa8JCpQOACMUdGb"
-      FAKEDBSYNC_POSTGRES_DB: "govtool"
-      FAKEDBSYNC_POSTGRES_USER: "test"
-      FAKEDBSYNC_POSTGRES_PASSWORD: "test"
       GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
       GRAFANA_SLACK_RECIPIENT: ${{ secrets.GRAFANA_SLACK_RECIPIENT }}
       GRAFANA_SLACK_OAUTH_TOKEN: ${{ secrets.GRAFANA_SLACK_OAUTH_TOKEN }}
       NGINX_BASIC_AUTH: ${{ secrets.NGINX_BASIC_AUTH }}
       SENTRY_DSN_BACKEND: ${{ secrets.SENTRY_DSN_BACKEND }}
       TRAEFIK_LE_EMAIL: "admin+govtool@binarapps.com"
+      GTM_ID: ${{ secrets.GTM_ID }}
+      SENTRY_DSN: ${{ secrets.SENTRY_DSN_FRONTEND }}
+      PIPELINE_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
+
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-access-key-id: ${{ secrets.GHA_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.GHA_AWS_SECRET_ACCESS_KEY }}
           aws-region: eu-west-1
+
       - name: Login to AWS ECR
         uses: aws-actions/configure-aws-credentials@v2
         with:
           aws-region: eu-west-1
+
       - name: Setup SSH agent
         uses: webfactory/ssh-agent@v0.8.0
         with:
           ssh-private-key: ${{ secrets.GHA_SSH_PRIVATE_KEY }}
-      - name: Prepare and upload app config
-        run: |
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          export DOMAIN=${DOMAIN:-$ENVIRONMENT-$CARDANO_NETWORK.govtool.byron.network}
-          make prepare-config
-          make upload-config
-      - name: Destroy Cardano Node, DB sync and Postgres if required
-        if: ${{ inputs.resync_cardano_node_and_db }}
-        run: |
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make destroy-cardano-node-and-dbsync;
+
       - name: Deploy app
-        run: |
-          make docker-login
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make deploy-stack
-      - name: Reprovision Grafana
-        run: |
-          sleep 30 # give grafana time to start up
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          DOMAIN=${DOMAIN:-$ENVIRONMENT-$CARDANO_NETWORK.govtool.byron.network}
-          curl -X POST -u "admin:$GRAFANA_ADMIN_PASSWORD" https://$DOMAIN/grafana/api/admin/provisioning/alerting/reload
-          curl -X POST -u "admin:$GRAFANA_ADMIN_PASSWORD" https://$DOMAIN/grafana/api/admin/provisioning/dashboards/reload
-          curl -X POST -u "admin:$GRAFANA_ADMIN_PASSWORD" https://$DOMAIN/grafana/api/admin/provisioning/notifications/reload
-      - name: Notify on Slack
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.DEPLOY_NOTIFY_SLACK_WEBHOOK_URL }}
-          PIPELINE_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
-        run: |
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make notify
-  deploy_without_build:
-    name: Deploy app without building
-    if: ${{ inputs.skip_build }}
-    needs:
-      - check_environment_exists
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./scripts/govtool
-    env:
-      DBSYNC_POSTGRES_DB: "cexplorer"
-      DBSYNC_POSTGRES_USER: "postgres"
-      DBSYNC_POSTGRES_PASSWORD: "pSa8JCpQOACMUdGb"
-      FAKEDBSYNC_POSTGRES_DB: "govtool"
-      FAKEDBSYNC_POSTGRES_USER: "test"
-      FAKEDBSYNC_POSTGRES_PASSWORD: "test"
-      GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
-      GRAFANA_SLACK_RECIPIENT: ${{ secrets.GRAFANA_SLACK_RECIPIENT }}
-      GRAFANA_SLACK_OAUTH_TOKEN: ${{ secrets.GRAFANA_SLACK_OAUTH_TOKEN }}
-      NGINX_BASIC_AUTH: ${{ secrets.NGINX_BASIC_AUTH }}
-      SENTRY_DSN_BACKEND: ${{ secrets.SENTRY_DSN_BACKEND }}
-      TRAEFIK_LE_EMAIL: "admin+govtool@binarapps.com"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          aws-access-key-id: ${{ secrets.GHA_AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.GHA_AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
-      - name: Login to AWS ECR
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          aws-region: eu-west-1
-      - name: Setup SSH agent
-        uses: webfactory/ssh-agent@v0.8.0
-        with:
-          ssh-private-key: ${{ secrets.GHA_SSH_PRIVATE_KEY }}
-      - name: Prepare and upload app config
         run: |
           if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
           if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
           export DOMAIN=${DOMAIN:-$ENVIRONMENT-$CARDANO_NETWORK.govtool.byron.network}
-          make prepare-config
-          make upload-config
-      - name: Destroy Cardano Node, DB sync and Postgres if required
-        if: ${{ inputs.resync_cardano_node_and_db }}
-        run: |
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make destroy-cardano-node-and-dbsync;
-      - name: Deploy app
-        run: |
-          make docker-login
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make deploy-stack
+          make all
+
       - name: Reprovision Grafana
         run: |
           sleep 30 # give grafana time to start up
@@ -246,8 +85,3 @@ jobs:
           curl -X POST -u "admin:$GRAFANA_ADMIN_PASSWORD" https://$DOMAIN/grafana/api/admin/provisioning/alerting/reload
           curl -X POST -u "admin:$GRAFANA_ADMIN_PASSWORD" https://$DOMAIN/grafana/api/admin/provisioning/dashboards/reload
           curl -X POST -u "admin:$GRAFANA_ADMIN_PASSWORD" https://$DOMAIN/grafana/api/admin/provisioning/notifications/reload
-      - name: Notify on Slack
-        run: |
-          if [[ "${{ inputs.environment }}" == "staging" ]]; then export DOMAIN=staging.govtool.byron.network; fi;
-          if [[ "${{ inputs.environment }}" == "beta" ]]; then export DOMAIN=sanchogov.tools; fi;
-          make notify
@@ -46,6 +46,8 @@ changes.
 - Adjusted Nix configuration to meet projects needs [Issue 187](https://github.com/IntersectMBO/govtool/issues/187).
 - Integrated OAuth to securely notify about deployment status in Slack [Issue 194](https://github.com/IntersectMBO/govtool/issues/194).
 - Streamlined the application build and deployment process, thereby accelerating continuous delivery (CD) and reducing the resource burden [Issue 246](https://github.com/IntersectMBO/govtool/issues/246).
+- Applied unified policy on Docker images tagging [Issue 320](https://github.com/IntersectMBO/govtool/issues/320).
+- Reorganised deployment Makefiles in order to better document the process and easier management [Issue 385](https://github.com/IntersectMBO/govtool/issues/385).
 
 ### Removed
 -

@@ -0,0 +1,31 @@
+common_mk := ../../scripts/govtool/common.mk
+ifeq ($(origin $(common_mk)), undefined)
+  $(eval $(common_mk) := included)
+  include $(common_mk)
+endif
+
+.DEFAULT_GOAL := push-backend
+
+# image tags
+base_backend_image_tag := $(shell git hash-object $(root_dir)/govtool/backend/vva-be.cabal)
+backend_image_tag := $(shell git log -n 1 --format="%H" -- $(root_dir)/govtool/backend)
+
+.PHONY: build-backend-base
+build-backend-base: docker-login
+	$(call check_image_on_ecr,backend-base,$(base_backend_image_tag)) || \
+	$(docker) build --file $(root_dir)/govtool/backend/Dockerfile.base --tag "$(repo_url)/backend-base:$(base_backend_image_tag)" $(root_dir)/govtool/backend
+
+.PHONY: push-backend-base
+push-backend-base: build-backend-base
+	$(call check_image_on_ecr,backend-base,$(base_backend_image_tag)) || \
+	$(docker) push $(repo_url)/backend-base:$(base_backend_image_tag)
+
+.PHONY: build-backend
+build-backend: build-backend-base
+	$(call check_image_on_ecr,backend,$(backend_image_tag)) || \
+	$(docker) build --build-arg BASE_IMAGE_TAG=$(base_backend_image_tag) --tag "$(repo_url)/backend:$(backend_image_tag)" $(root_dir)/govtool/backend
+
+.PHONY: push-backend
+push-backend: push-backend-base build-backend
+	$(call check_image_on_ecr,backend,$(backend_image_tag)) || \
+	$(docker) push $(repo_url)/backend:$(backend_image_tag)
@@ -0,0 +1,27 @@
+common_mk := ../../scripts/govtool/common.mk
+ifeq ($(origin $(common_mk)), undefined)
+  $(eval $(common_mk) := included)
+  include $(common_mk)
+endif
+
+.DEFAULT_GOAL := push-frontend
+
+# image tags
+frontend_image_tag := $(shell git log -n 1 --format="%H" -- $(root_dir)/govtool/frontend)
+
+.PHONY: build-frontend
+build-frontend: docker-login
+	@:$(call check_defined, cardano_network)
+	if [[ "$(cardano_network)" = "mainnet" ]]; then NETWORK_FLAG=1; else NETWORK_FLAG=0; fi; \
+	$(call check_image_on_ecr,frontend,$(frontend_image_tag)) || \
+	$(docker) build --tag "$(repo_url)/frontend:$(frontend_image_tag)" \
+		--build-arg VITE_BASE_URL="https://$(domain)/api" \
+		--build-arg VITE_GTM_ID="$${GTM_ID}" \
+		--build-arg VITE_NETWORK_FLAG="$$NETWORK_FLAG" \
+		--build-arg VITE_SENTRY_DSN="$${SENTRY_DSN}" \
+		$(root_dir)/govtool/frontend
+
+.PHONY: push-frontend
+push-frontend: build-frontend
+	$(call check_image_on_ecr,frontend,$(frontend_image_tag)) || \
+	$(docker) push $(repo_url)/frontend:$(frontend_image_tag)