Update CI workflows (#146)

Co-authored-by: Ilya Egorov <ilya.e@ton.org>
tact-lang · Nov 2, 2024 · fcad599 · fcad599
1 parent 0ef841f
commit fcad599
Show file tree

Hide file tree

Showing 27 changed files with 795 additions and 150 deletions.
diff --git a/.eslintrc.cjs b/.eslintrc.cjs
@@ -12,7 +12,7 @@ module.exports = {
     ecmaVersion: 2020,
     project: "./tsconfig.json",
   },
-  ignorePatterns: ["*.cjs", "!.lintstagedrc.js", ".lintstagedrc.js"],
+  ignorePatterns: ["*.cjs", "!.lintstagedrc.js", ".lintstagedrc.js", "next.config.js"],
   plugins: ["@typescript-eslint"],
   root: true,
   env: {

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+/helm/ @Mobyman
+/.github/ @Mobyman
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,126 @@
+name: Deploy to Kubernetes
+
+on:
+  push:
+    branches:
+      - main
+      - canary
+      - staging
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      APP_ENV: ${{ github.ref == 'refs/heads/main' && 'production' || github.ref == 'refs/heads/canary' && 'canary' || github.ref == 'refs/heads/staging' && 'staging' || 'unknown' }}
+      APP_DOMAIN: ${{ github.ref == 'refs/heads/staging' && vars.APP_DOMAIN_STAGING || vars.APP_DOMAIN }}
+
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set sha-short
+        run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV
+
+      - id: lower-repo
+        name: Repository to lowercase
+        run: |
+          echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ steps.lower-repo.outputs.repository }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          tags: |
+            type=sha
+            type=sha,format=long
+            type=ref,event=branch
+
+      - name: Build and push Docker image ${{ steps.lower-repo.outputs.repository }}:${{ env.APP_ENV }}
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.GITHUB_SHA_SHORT }},ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.APP_ENV }}
+          build-args: |
+            sha=${{ github.sha }}
+            sha_short=${{ env.GITHUB_SHA_SHORT }}
+            app_env=${{ vars.APP_ENV }}
+
+      - name: Apply AWS k8s config
+        run: aws eks update-kubeconfig --name ${{ vars.AWS_CLUSTER }} --region ${{ vars.AWS_REGION }}
+
+      - name: Create namespace
+        run: |
+          kubectl create ns ${{ vars.APP_NAME }}-${{ env.APP_ENV }} || echo "Namespace $EKS_NAMESPACE already exists"
+
+      - name: Deploy ${{ vars.APP_NAME }} to Kubernetes
+        run: |
+          helm upgrade --install ${{ vars.APP_NAME }} ./helm/app \
+          --namespace ${{ vars.APP_NAME }}-${{ env.APP_ENV }} \
+          --values ./helm/app/values.yaml \
+          --values ./helm/app/values-${{ env.APP_ENV }}.yaml \
+          --set imageRepo="ghcr.io/${{ steps.lower-repo.outputs.repository }}" \
+          --set imageTag="${{ env.GITHUB_SHA_SHORT }}" \
+          --set host=${{ env.APP_DOMAIN }} \
+          --set appName=${{ vars.APP_NAME }} \
+          --set ghcrSecret=${{ secrets.GHCR_SECRET  }} \
+          --set secrets.publicProxyKey=${{ secrets.NEXT_PUBLIC_MIXPANEL_TOKEN }} \
+          --set secrets.publicMixPanelToken=${{ secrets.NEXT_PUBLIC_ANALYTICS_ENABLED }} \
+          --set secrets.publicProxyKey=${{ secrets.NEXT_PUBLIC_ANALYTICS_ENABLED }}
+
+      - name: Verify deployment
+        run: |
+          kubectl -n ${{ vars.APP_NAME }}-${{ env.APP_ENV }} rollout status deployment/${{ vars.APP_NAME }}-${{ env.APP_ENV }}
+
+      - name: Telegram Notify
+        uses: appleboy/telegram-action@v1.0.0
+        if: success() && contains('${{ vars.ENABLE_DEPLOY_BOT }}', 1)
+        with:
+          to: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
+          token: ${{ secrets.TELEGRAM_DEPLOY_TOKEN }}
+          format: markdown
+          message: |
+            🚂 The application from repository [${{ steps.lower-repo.outputs.repository }}](https://github.com/${{ steps.lower-repo.outputs.repository }}) has been successfully deployed by [${{ github.actor }}](https://github.com/users/${{ github.actor }}) on ${{ env.APP_ENV }}.
+
+            🏗️ [GitHub Actions Build](https://github.com/${{ steps.lower-repo.outputs.repository }}/actions/runs/${{ github.run_id }})
+            🐳 [Image](https://ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.GITHUB_SHA_SHORT }}
+            🔗 [Link](https://${{ env.APP_DOMAIN }})
+
+      - name: Telegram Notify
+        uses: appleboy/telegram-action@v1.0.0
+        if: failure()
+        with:
+          to: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
+          token: ${{ secrets.TELEGRAM_DEPLOY_TOKEN }}
+          format: markdown
+          message: |
+            🚨Deploy of the application from repository [${{ steps.lower-repo.outputs.repository }}](https://github.com/${{ steps.lower-repo.outputs.repository }}) on ${{ env.APP_ENV }} has been failed.
+
+            🏗️ [GitHub Actions Build](https://github.com/${{ steps.lower-repo.outputs.repository }}/actions/runs/${{ github.run_id }})
+            🐳 [Image](https://ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.GITHUB_SHA_SHORT }}
+            🔗 [Link](https://${{ env.APP_DOMAIN }})
+
+
+
+
+
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
diff --git a/.github/workflows/rollback.yml b/.github/workflows/rollback.yml
@@ -0,0 +1,63 @@
+name: Rollback Kubernetes Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      app_env:
+        description: "Select the environment"
+        required: true
+        default: production
+        type: choice
+        options:
+          - production
+          - staging
+      revision:
+        description: "Choose the Helm revision to rollback to"
+        required: false
+
+jobs:
+  rollback:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Apply AWS k8s config
+        run: aws eks update-kubeconfig --name ${{ vars.AWS_CLUSTER }} --region ${{ vars.AWS_REGION }}
+
+      - name: Fetch Helm history
+        run: |
+          helm history ${{ vars.APP_NAME }} --namespace ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }}
+
+      - name: Get revision number
+        if: github.event.inputs.revision == ''
+        run: |
+          echo "No revision provided. Exiting."
+          exit 1
+
+      - name: Perform Helm rollback
+        run: |
+          helm rollback ${{ vars.APP_NAME }} ${{ github.event.inputs.revision }} --namespace ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }} ${{ github.event.inputs.revision }}
+
+      - name: Verify rollback
+        run: |
+          kubectl -n ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }} rollout status deployment/${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }}
+
+      - name: Show Helm history
+        run: |
+          helm history ${{ vars.APP_NAME }} --namespace ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }}
+
+      - name: Telegram Notify
+        uses: appleboy/telegram-action@v1.0.0
+        with:
+          to: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
+          token: ${{ secrets.TELEGRAM_DEPLOY_TOKEN }}
+          format: markdown
+          message: |
+            🔄 The deployment {{ app_env }} has been rolled back by [${{ github.actor }}](https://github.com/${{ github.actor }}) to revision ${{ github.event.inputs.revision }}.
+            🏗️ [GitHub Actions Run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
diff --git a/.idea/material_theme_project_new.xml b/.idea/material_theme_project_new.xml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/.idea/web-ide.iml b/.idea/web-ide.iml
diff --git a/.prettierignore b/.prettierignore
@@ -0,0 +1 @@
+/helm
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,10 @@
+FROM node:21-alpine AS base
+
+WORKDIR /app
+COPY package*.json ./
+RUN npm install
+COPY . .
+RUN npm run build
+
+EXPOSE 3000
+CMD ["npm", "start"]
diff --git a/helm/app/Chart.yaml b/helm/app/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+name: Node.js Chart
+description: A Helm chart for deploying my Node.js application
+version: 0.1.2