From 66e71f5227365611957e4f23a99b207399f22f2f Mon Sep 17 00:00:00 2001
From: = <=>
Date: Sat, 16 Nov 2024 14:29:17 -0800
Subject: [PATCH] Refactoring deployment workflows

---
 .github/workflows/build-image.yml             |  3 +
 .github/workflows/deploy-home.yml             | 17 +++---
 .github/workflows/run-tests.yml               | 22 +++----
 .../{coverage.yml => tests-with-coverage.yml} |  2 +-
 .github/workflows/update-home-deployment.yml  | 60 +++++++++++++++++++
 readme.md                                     |  3 +-
 6 files changed, 86 insertions(+), 21 deletions(-)
 rename .github/workflows/{coverage.yml => tests-with-coverage.yml} (98%)
 create mode 100644 .github/workflows/update-home-deployment.yml

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index 49651a9..725fe92 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -12,6 +12,9 @@ on:
       - '!.github/workflows/build-image.yml'
       - '.gitignore'
 
+concurrency:
+  group: deployment
+
 env:
   PROJECT_ID: crank-404520
   SERVICE: crank
diff --git a/.github/workflows/deploy-home.yml b/.github/workflows/deploy-home.yml
index 94aeab9..30ce5e4 100644
--- a/.github/workflows/deploy-home.yml
+++ b/.github/workflows/deploy-home.yml
@@ -1,17 +1,15 @@
 # Copyright (c) 2024 Isaac Adams
 # Licensed under the MIT License. See LICENSE file in the project root for full license information.
 name: Deploy to Kubernetes (prod)
+
 on:
+  workflow_run:
+    workflows: [ "Build Image" ]
+    types:
+      - completed
   push:
     branches:
       - main
-    paths-ignore:
-      - '.github/**'
-      - 'seeds/**'
-      - 'dump/**'
-      - '!.github/workflows/build-image.yml'
-      - '!.github/workflows/deploy-home.yml'
-      - '.gitignore'
 
 jobs:
   deploy-home-k3s:
@@ -47,6 +45,11 @@ jobs:
           # install cloudflared
           sudo apt-get update && sudo apt-get install cloudflared
 
+      - name: Tag and Push Image as Latest
+        run: |
+          docker tag ghcr.io/${{ github.repository }}/crank:${{ github.sha }} ghcr.io/${{ github.repository }}/crank:latest
+          docker push ghcr.io/${{ github.repository }}/crank:latest
+
       - name: Deploy to Kubernetes
         run: |
           # Copy deployment.yml to the remote system
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 36727c9..24dd42d 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -2,17 +2,17 @@
 # Licensed under the MIT License. See LICENSE file in the project root for full license information.
 name: Run Tests
 
-on:
-  push:
-    paths-ignore:
-      - '/*'
-      - '.github/**'
-      - 'crank/content/**'
-      - 'crank/migrations/**'
-      - 'seeds/**'
-      - 'dump/**'
-      - 'k8s/**'
-      - '.gitignore'
+#on:
+#  push:
+#    paths-ignore:
+#      - '/*'
+#      - '.github/**'
+#      - 'crank/content/**'
+#      - 'crank/migrations/**'
+#      - 'seeds/**'
+#      - 'dump/**'
+#      - 'k8s/**'
+#      - '.gitignore'
 
 jobs:
   run-tests:
diff --git a/.github/workflows/coverage.yml b/.github/workflows/tests-with-coverage.yml
similarity index 98%
rename from .github/workflows/coverage.yml
rename to .github/workflows/tests-with-coverage.yml
index 3828336..b5a1345 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/tests-with-coverage.yml
@@ -1,6 +1,6 @@
 # Copyright (c) 2024 Isaac Adams
 # Licensed under the MIT License. See LICENSE file in the project root for full license information.
-name: Test Coverage
+name: Tests With Coverage
 
 on:
   push:
diff --git a/.github/workflows/update-home-deployment.yml b/.github/workflows/update-home-deployment.yml
new file mode 100644
index 0000000..afb53db
--- /dev/null
+++ b/.github/workflows/update-home-deployment.yml
@@ -0,0 +1,60 @@
+# Copyright (c) 2024 Isaac Adams
+# Licensed under the MIT License. See LICENSE file in the project root for full license information.
+name: Update Deployment (prod)
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '**'
+      - '!.github/workflows/update-home-deployment.yml'
+      - '!k8s/deployment.yml'
+
+concurrency:
+  group: deployment
+  cancel-in-progress: true
+
+jobs:
+  deploy-home-k3s:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Get latest commit SHA from main branch
+        id: get-sha
+        run: echo "GITHUB_SHA=$(git rev-parse HEAD)" >> $GITHUB_ENV
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Set up SSH
+        uses: webfactory/ssh-agent@v0.5.3
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Install Cloudflared
+        run: |
+          sudo mkdir -p --mode=0755 /usr/share/keyrings
+          curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
+
+          # Add this repo to your apt repositories
+          echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared jammy main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
+
+          # install cloudflared
+          sudo apt-get update && sudo apt-get install cloudflared
+
+      - name: Deploy to Kubernetes
+        run: |
+          # Copy deployment.yml to the remote system
+          scp -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ./k8s/deployment.yml ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:/tmp/deployment.yml
+
+          # Apply the copied deployment.yml
+          ssh -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} <<EOF
+          export GITHUB_SHA=${{ env.GITHUB_SHA }}
+          envsubst < /tmp/deployment.yml | k3s kubectl apply -f -
+          EOF
\ No newline at end of file
diff --git a/readme.md b/readme.md
index 93a56d0..566453a 100644
--- a/readme.md
+++ b/readme.md
@@ -2,10 +2,9 @@
 <!-- Licensed under the MIT License. See LICENSE file in the project root for full license information. -->
 # Crank.fyi
 
-[![codecov](https://codecov.io/gh/norcalipa/crank/graph/badge.svg?token=5CR414ORFK)](https://codecov.io/gh/norcalipa/crank)
+[![Tests with codecov](https://codecov.io/gh/norcalipa/crank/graph/badge.svg?token=5CR414ORFK)](https://codecov.io/gh/norcalipa/crank)
 [![Known Vulnerabilities](https://snyk.io/test/github/norcalipa/crank/badge.svg)](https://snyk.io/test/github/norcalipa/crank)
 [![Build Image](https://github.com/norcalipa/crank/actions/workflows/build-image.yml/badge.svg)](https://github.com/norcalipa/crank/actions/workflows/build-image.yml)
-[![Run Tests](https://github.com/norcalipa/crank/actions/workflows/run-tests.yml/badge.svg)](https://github.com/norcalipa/crank/actions/workflows/run-tests.yml)
 [![Deploy to Kubernetes (prod)](https://github.com/norcalipa/crank/actions/workflows/deploy-home.yml/badge.svg)](https://github.com/norcalipa/crank/actions/workflows/deploy-home.yml)
 [![Change Tracking Marker](https://github.com/norcalipa/crank/actions/workflows/new-relic-change-tracking.yml/badge.svg)](https://github.com/norcalipa/crank/actions/workflows/new-relic-change-tracking.yml)