[core eng] modern CICD

.github/workflows/cd-dev.yaml

@@ -0,0 +1,64 @@
+name: Deploy to Development
+
+concurrency:
+  group: dev-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+    inputs:
+      ttl:
+        description: "Deployment time to live in hours"
+        required: true
+        type: number
+        default: 24
+
+jobs:
+  compute-sha:
+    name: Compute sha_short
+    runs-on: ubuntu-latest
+    outputs:
+      sha_short: ${{ steps.vars.outputs.sha_short }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set vars
+        id: vars
+        run: |
+          echo "sha_short=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT
+
+  build-push:
+    name: Build and Push Images
+    needs: [compute-sha]
+    uses: ./.github/workflows/cd.yaml
+    with:
+      tag: ${{ needs.compute-sha.outputs.sha_short }}
+    secrets: inherit
+
+  deploy:
+    name: Deploy with SSH
+    needs: [compute-sha, build-push]
+    runs-on: ubuntu-latest
+    environment: development
+
+    steps:
+      - name: SSH and Helm Install
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: root
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            cd ./infra
+            helm uninstall bt-dev-app-${{ needs.compute-sha.outputs.sha_short }} || true
+            helm install bt-dev-app-${{ needs.compute-sha.outputs.sha_short }} ./app --namespace=bt \
+              --set env=dev \
+              --set ttl=${{ inputs.ttl }} \
+              --set-string frontend.image.tag=${{ needs.compute-sha.outputs.sha_short }} \
+              --set-string backend.image.tag=${{ needs.compute-sha.outputs.sha_short }} \
+              --set host=${{ needs.compute-sha.outputs.sha_short }}.stanfurdtime.com \
+              --set mongoUri=mongodb://bt-dev-mongo-mongodb.bt.svc.cluster.local:27017/bt \
+              --set redisUri=redis://bt-dev-redis-master.bt.svc.cluster.local:6379 \
+              --set nodeEnv=development

.github/workflows/cd-prod.yaml

@@ -0,0 +1,46 @@
+name: Deploy to Production
+
+concurrency: prod
+
+on:
+  workflow_dispatch:
+
+jobs:
+  branch-check:
+    name: Environment Check
+    runs-on: ubuntu-latest
+    environment: production
+
+    steps:
+      - name: Pass
+        run: echo "Passed check"
+
+  build-push:
+    name: Build and Push Images
+    needs: [branch-check]
+    uses: ./.github/workflows/cd.yaml
+    with:
+      tag: prod
+    secrets: inherit
+
+  deploy:
+    name: Deploy with SSH
+    needs: [build-push]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: SSH and Helm Install
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: root
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            cd ./infra
+            if helm status bt-prod-app ; then
+              kubectl rollout restart bt-prod-app-backend
+              kubectl rollout restart bt-prod-app-frontend
+            else
+              helm install bt-prod-app ./app --namespace=bt \
+                --set host=stanfurdtime.com
+            fi

.github/workflows/cd-stage.yaml

@@ -0,0 +1,43 @@
+name: Deploy to Staging
+
+concurrency: stage
+
+on:
+  push:
+    branches: [master, gql]
+
+jobs:
+  build-push:
+    name: Build and Push Images
+    uses: ./.github/workflows/cd.yaml
+    with:
+      tag: latest
+    secrets: inherit
+
+  deploy:
+    name: Deploy with SSH
+    needs: [build-push]
+    runs-on: ubuntu-latest
+    environment: staging
+
+    steps:
+      - name: SSH and Helm Install
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: root
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            cd ./infra
+            if helm status bt-stage-app ; then
+              kubectl rollout restart bt-stage-app-backend
+              kubectl rollout restart bt-stage-app-frontend
+            else
+              helm install bt-stage-app ./app --namespace=bt \
+                --set env=stage \
+                --set frontend.image.tag=latest \
+                --set backend.image.tag=latest \
+                --set host=staging.stanfurdtime.com \
+                --set mongoUri=mongodb://bt-stage-mongo-mongodb.bt.svc.cluster.local:27017/bt \
+                --set redisUri=redis://bt-stage-redis-master.bt.svc.cluster.local:6379 \
+            fi

.github/workflows/cd.yaml

@@ -0,0 +1,48 @@
+name: Deploy to Development
+
+on:
+  workflow_call:
+    inputs:
+      tag:
+        description: "Image build tag"
+        required: true
+        type: string
+
+jobs:
+  build-push-backend:
+    name: Build and Push Backend Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and Push Image with Tag
+        run: |
+          docker build --no-cache --platform=linux/amd64 --target backend-prod --tag "${{ secrets.DOCKER_USERNAME }}/bt-backend:${{ inputs.tag }}" .
+          docker push "${{ secrets.DOCKER_USERNAME }}/bt-backend:${{ inputs.tag }}"
+
+  build-push-frontend:
+    name: Build and Push Frontend Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and Push Image with Tag
+        run: |
+          docker build --no-cache --platform=linux/amd64 --target frontend-prod --tag "${{ secrets.DOCKER_USERNAME }}/bt-frontend:${{ inputs.tag }}" .
+          docker push "${{ secrets.DOCKER_USERNAME }}/bt-frontend:${{ inputs.tag }}"

Dockerfile

@@ -41,5 +41,4 @@ WORKDIR /frontend
 
 RUN ["turbo", "run", "build", "--filter=frontend", "--env-mode=loose"]
 
-COPY /apps/frontend/dist ./apps/frontend/dist
 ENTRYPOINT ["turbo", "run", "start", "--filter=frontend"]

infra/app/templates/_helpers.tpl

@@ -12,6 +12,7 @@ Labels applied to all resources.
 helm.sh/chart: {{ include "bt-app.chart" . }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/instance: {{ .Release.Name }}
+env: {{ .Values.env }}
 {{- end -}}
 
 {{- define "bt-app.backendLabels" -}}
@@ -24,6 +25,11 @@ app.kubernetes.io/name: frontend
 {{ include "bt-app.labels" . }}
 {{- end -}}
 
+{{- define "bt-app.updaterLabels" -}}
+app.kubernetes.io/name: updater
+{{ include "bt-app.labels" . }}
+{{- end -}}
+
 {{- define "bt-app.backendName" -}}
 {{ .Release.Name }}-backend
 {{- end -}}
@@ -32,6 +38,10 @@ app.kubernetes.io/name: frontend
 {{ .Release.Name }}-frontend
 {{- end -}}
 
-{{- define "bt-app.cronJobName" -}}
-{{ .Release.Name }}-cronjob
-{{- end -}}
+{{- define "bt-app.updaterName" -}}
+{{ .Release.Name }}-updater
+{{- end -}}
+
+{{- define "bt-app.cleanupName" -}}
+{{ .Release.Name }}-cleanup
+{{- end -}}

infra/app/templates/backend.yaml

@@ -17,7 +17,7 @@ spec:
       containers:
         - name: backend
           image: {{ printf "%s/%s:%s" .Values.backend.image.registry .Values.backend.image.repository .Values.backend.image.tag }}
-          command: {{ .Values.backend.command | toJson}}
+          imagePullPolicy: Always
           ports:
             - containerPort: {{ .Values.backend.port }}
           env:

infra/app/templates/cleanup.yaml

@@ -0,0 +1,16 @@
+{{ if eq .Values.env "dev" }}
+# only run cleanup job in dev environment
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "bt-app.cleanupName" . }}
+spec:
+  template:
+    spec:
+      serviceAccountName: bt-app-cleanup
+      containers:
+        - name: cleanup
+          image: alpine/helm
+          command: ['sh', '-c', 'sleep $(( {{ .Values.ttl }} * 60 * 60 )); helm uninstall {{ .Release.Name }}']
+      restartPolicy: Never
+{{ end }}

infra/app/templates/frontend.yaml

@@ -17,7 +17,7 @@ spec:
       containers:
         - name: frontend
           image: {{ printf "%s/%s:%s" .Values.frontend.image.registry .Values.frontend.image.repository .Values.frontend.image.tag }}
-          command: {{ .Values.frontend.command | toJson }}
+          imagePullPolicy: Always
           ports:
             - containerPort: {{ .Values.frontend.port }}
 

infra/app/templates/updater.yaml

@@ -1,9 +1,11 @@
+{{ if not (eq .Values.env "dev") }}
+# do not run CronJob in dev environment
 apiVersion: batch/v1
 kind: CronJob
 metadata:
-  name: {{ include "bt-app.cronJobName" . }}
+  name: {{ include "bt-app.updaterName" . }}
   labels:
-    {{- include "bt-app.backendLabels" . | nindent 4 }}
+    {{- include "bt-app.updaterLabels" . | nindent 4 }}
 spec:
   schedule: {{ .Values.updater.schedule }}
   suspend: {{ .Values.updater.suspend }}
@@ -14,6 +16,7 @@ spec:
           containers:
             - name: backend-cron-job
               image: {{ printf "%s/%s:%s" .Values.backend.image.registry .Values.backend.image.repository .Values.backend.image.tag }}
+              imagePullPolicy: Always
               command: {{ .Values.updater.command | toJson }}
               ports:
                 - containerPort: {{ .Values.backend.port }}
@@ -47,3 +50,4 @@ spec:
                 - name: SESSION_SECRET
                   value: "_"
           restartPolicy: OnFailure
+{{ end }}