fleetbase · roncodes · Mar 27, 2024 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024
diff --git a/.github/workflows/eks-cd.yml b/.github/workflows/eks-cd.yml
@@ -0,0 +1,170 @@
+name: Fleetbase EKS CI/CD
+
+on:
+  push:
+    branches: ["eksdeploy/*"]
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  PROJECT: ${{ secrets.PROJECT }}
+  GITHUB_AUTH_KEY: ${{ secrets._GITHUB_AUTH_TOKEN }}
+
+jobs:
+  build_service:
+    name: Build and Deploy the Service
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set Dynamic ENV Vars
+        run: |
+          SHORT_COMMIT=$(echo $GITHUB_SHA | cut -c -8)
+          echo "VERSION=${SHORT_COMMIT}" >> $GITHUB_ENV
+          echo "STACK=$(basename $GITHUB_REF)" >> $GITHUB_ENV
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.EKS_DEPLOYER_ROLE }}
+          role-session-name: github
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build and Release
+        uses: docker/bake-action@v2
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}/${{ env.PROJECT }}-${{ env.STACK }}
+          VERSION: ${{ env.VERSION }}
+          GITHUB_AUTH_KEY: ${{ env.GITHUB_AUTH_KEY }}
+          CACHE: type=gha
+        with:
+          push: true
+          files: |
+            ./docker-bake.hcl
+
+      - name: Update kube config
+        run: aws eks update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME }} --region ${{ secrets.AWS_REGION }}
+
+      - name: Deploy the images 🚀
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}/${{ env.PROJECT }}-${{ env.STACK }}
+        run: |-
+          set -eu
+          # run deploy.sh script before deployments
+          helm upgrade -i ${{ env.PROJECT }} infra/helm -n ${{ env.PROJECT}}-${{ env.STACK }} --set image.repository=${{ env.REGISTRY }} \
+            --set image.tag=${{ env.VERSION }} --set 'api_host=${{ secrets.API_HOST }}' --set 'socketcluster_host=${{ secrets.SOCKETCLUSTER_HOST }}' \
+            --set gcp=false --set 'ingress.annotations.kubernetes\.io/ingress\.class=null' --set 'ingress.annotations.alb\.ingress\.kubernetes\.io/scheme=internet-facing' \
+            --set serviceAccount.name=default --set serviceAccount.create=false --set ingress.className=alb \
+            --set 'ingress.annotations.alb\.ingress\.kubernetes\.io/listen-ports=[{"HTTPS":443}]' \
+            --set service.type=NodePort
+
+  build_frontend:
+    name: Build and Deploy the Console
+    needs: [build_service]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Set Dynamic ENV Vars
+        run: |
+          SHORT_COMMIT=$(echo $GITHUB_SHA | cut -c -8)
+          echo "VERSION=${SHORT_COMMIT}" >> $GITHUB_ENV
+          echo "STACK=$(basename $GITHUB_REF)" >> $GITHUB_ENV
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.EKS_DEPLOYER_ROLE }}
+          role-session-name: github
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Get infra-provided configuration
+        run: |
+          set -eu
+
+          wget -O- https://github.com/springload/ssm-parent/releases/download/1.8.0/ssm-parent_1.8.0_linux_amd64.tar.gz | tar xvzf - ssm-parent
+
+          ./ssm-parent -n /actions/${{ env.PROJECT }}/${{ env.STACK }}/configuration dotenv /tmp/dotenv.file
+          # remove double quotes and pipe into the env
+          cat /tmp/dotenv.file | sed -e 's/"//g' >> $GITHUB_ENV
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+
+      - uses: pnpm/action-setup@v2
+        name: Install pnpm
+        id: pnpm-install
+        with:
+          version: 8
+          run_install: false
+
+      - name: Get pnpm Store Directory
+        id: pnpm-cache
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
+
+      - uses: actions/cache@v3
+        name: Setup pnpm Cache
+        with:
+          path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Check for _GITHUB_AUTH_TOKEN and create .npmrc
+        run: |
+          if [[ -n "${{ secrets._GITHUB_AUTH_TOKEN }}" ]]; then
+            echo "//npm.pkg.github.com/:_authToken=${{ secrets._GITHUB_AUTH_TOKEN }}" > .npmrc
+          fi
+        working-directory: ./console
+
+      - name: Install dependencies
+        run: pnpm install
+        working-directory: ./console
+
+      - name: Build
+        env:
+          API_HOST: ${{ secrets.API_HOST }}
+          SOCKETCLUSTER_HOST: ${{ secrets.SOCKETCLUSTER_HOST }}
+          SOCKETCLUSTER_PORT: "443" # it uses common ingress so port 443
+        run: |
+          set -eu
+
+          pnpm build --environment production
+        working-directory: ./console
+
+      - name: Deploy Console 🚀
+        run: |
+          set -u
+
+          DEPLOY_BUCKET=${STATIC_DEPLOY_BUCKET:-${{ env.PROJECT }}-${{ env.STACK }}}
+          # this value will come from the dotenv above
+          echo "Deploying to $DEPLOY_BUCKET"
+          wget -O- https://github.com/bep/s3deploy/releases/download/v2.11.0/s3deploy_2.11.0_linux-amd64.tar.gz | tar xzv -f - s3deploy
+          ./s3deploy -region ${AWS_REGION} -source console/dist -bucket ${DEPLOY_BUCKET}
diff --git a/infra/helm/templates/deployment.yaml b/infra/helm/templates/deployment.yaml
@@ -34,7 +34,11 @@ spec:
         - name: {{ .Chart.Name }}-httpd
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.gcp }}
           image: "{{ .Values.image.repository }}/app-httpd:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ .Values.image.repository }}:app-httpd-{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
             - name: NGINX_APPLICATION_HOSTNAME
@@ -56,7 +60,11 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.gcp }}
           image: "{{ .Values.image.repository }}/app:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ .Values.image.repository }}:app-{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           envFrom:
             - secretRef:

diff --git a/infra/helm/templates/deployment_services.yaml b/infra/helm/templates/deployment_services.yaml
@@ -35,7 +35,11 @@ spec:
           command: ["php", "artisan", "queue:work"]
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.gcp }}
           image: "{{ .Values.image.repository }}/events:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ .Values.image.repository }}:events-{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           envFrom:
             - secretRef:
@@ -93,7 +97,11 @@ spec:
         - name: scheduler
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.gcp }}
           image: "{{ .Values.image.repository }}/scheduler:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- else }}
+          image: "{{ .Values.image.repository }}:scheduler-{{ .Values.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           envFrom:
             - secretRef:

diff --git a/infra/helm/templates/hooks.yaml b/infra/helm/templates/hooks.yaml
@@ -28,8 +28,12 @@ spec:
       - name: deployment-job
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- if .Values.gcp }}
         image: "{{ .Values.image.repository }}/app:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        command: ["./deploy.sh"]
+        {{- else }}
+        image: "{{ .Values.image.repository }}:app-{{ .Values.image.tag | default .Chart.AppVersion }}"
+        {{- end }}
+        args: ["./deploy.sh"]
         env:
         {{- include "helm.commonVariables" . | nindent 12 }}
         envFrom:

diff --git a/infra/helm/templates/ingress.yaml b/infra/helm/templates/ingress.yaml
@@ -44,7 +44,7 @@ spec:
             pathType: ImplementationSpecific
             backend:
               service:
-                name: fleetbase-app
+                name: {{ include "helm.fullname" . }}
                 port:
                   number: {{ $svcPort }}
     - host: {{ .Values.socketcluster_host }}

diff --git a/infra/helm/templates/socketcluster.yaml b/infra/helm/templates/socketcluster.yaml
@@ -32,4 +32,4 @@ spec:
     - protocol: TCP
       port: 80
       targetPort: 8000
-  type: ClusterIP
+  type: {{ .Values.service.type }}