Add continuous deployment configuration (#15)

redbrick · Jan 29, 2024 · 3ea3828 · 3ea3828
1 parent 2a0812f
commit 3ea3828
Show file tree

Hide file tree

Showing 4 changed files with 144 additions and 20 deletions.
diff --git a/.github/deploy/production.hcl b/.github/deploy/production.hcl
@@ -0,0 +1,34 @@
+job "blockbot" {
+  datacenters = ["aperture"]
+  type        = "service"
+
+  meta {
+    git_sha = "[[.git_sha]]"
+  }
+
+  group "blockbot" {
+    count = 1
+
+    task "blockbot" {
+      driver = "docker"
+
+      config {
+        image = "ghcr.io/redbrick/blockbot:latest"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+
+      template {
+        data        = <<EOF
+TOKEN={{ key "blockbot/discord/token" }}
+DEBUG=false
+EOF
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+}
diff --git a/.github/deploy/review.hcl b/.github/deploy/review.hcl
@@ -0,0 +1,34 @@
+job "blockbot-[[.environment_slug]]" {
+  datacenters = ["aperture"]
+  type        = "service"
+
+  meta {
+    git_sha = "[[.git_sha]]"
+  }
+
+  group "blockbot" {
+    count = 1
+
+    task "blockbot-review-[[.git_sha]]" {
+      driver = "docker"
+
+      config {
+        image = "ghcr.io/redbrick/blockbot:sha-[[.git_sha]]"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+
+      template {
+        data        = <<EOF
+TOKEN={{ key "blockbot-dev/discord/token" }}
+DEBUG=false
+EOF
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,46 +1,40 @@
-name: Build & Publish Container
+# Environment variables defined in a calling workflow are not accessible to this reusable workflow. Refer to the documentation for further details on this limitation.
+name: Build & Publish Image
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 on:
-  push:
-    branches:
-      - "main"
-
+  workflow_call:
 jobs:
-  build-and-push-image:
+  build:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
+    timeout-minutes: 60
     steps:
-      - uses: actions/checkout@v3
-        
+      - uses: actions/checkout@v4
+
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=ref,event=tag
+            type=sha,format=long
+            type=match,pattern=main
           flavor: |
-            latest=true
+            latest=auto
 
       - name: Build and push
-        uses: docker/build-push-action@v4
-        with: 
+        uses: docker/build-push-action@v5
+        with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,62 @@
+name: Deploy
+
+on:
+  push:
+  workflow_dispatch:
+
+concurrency:
+  group: '${{ github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: build
+    uses: './.github/workflows/build.yml'
+
+  deploy_review:
+    needs:
+      - build
+
+    runs-on: [self-hosted, deployment-runner]
+    container:
+      image: git.dbyte.xyz/distro/levant
+    if: github.ref != 'refs/heads/master' && github.event_name == 'workflow_dispatch'
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          levant deploy \
+          -var git_sha="${GITHUB_SHA}" \
+          -var environment_slug="${GITHUB_REF_NAME}" \
+          -address "http://nomad.service.consul:4646" \
+          ./.github/deploy/review.hcl
+
+  stop_review:
+    needs:
+      - build
+    runs-on: [self-hosted, deployment-runner]
+    container:
+      image: multani/nomad
+    if: github.event_name == 'workflow_dispatch'
+    timeout-minutes: 60
+    steps:
+      - run: echo "null"
+      - run: nomad status -address=http://nomad.service.consul:4646
+      - run: nomad job stop -address=http://nomad.service.consul:4646 -purge blockbot-${GITHUB_SHA}
+
+  deploy_prod:
+    needs:
+      - deploy_review
+      - stop_review
+    runs-on: [self-hosted, deployment-runner]
+    container:
+      image: git.dbyte.xyz/distro/levant
+    if: github.ref == 'refs/heads/master'
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          levant deploy \
+          -var git_sha="${GITHUB_SHA}" \
+          -address "http://nomad.service.consul:4646" \
+          ./.github/deploy/production.hcl