From 9a3c4124ba54373d4318719ff78fb1b464061d23 Mon Sep 17 00:00:00 2001
From: james-otten <james-otten@users.noreply.github.com>
Date: Tue, 20 Aug 2024 21:56:57 -0400
Subject: [PATCH] Change the domain to db.mesh.nycmesh.net (#70)

* updates

* template

* template

* template

* template

* organize
---
 .github/workflows/build-push-image.yaml   | 43 ++++++++++++
 .github/workflows/deploy-to-k8s.yaml      |  3 +
 .github/workflows/publish-and-deploy.yaml | 81 ++++++-----------------
 infra/helm/meshforms/values.yaml          |  1 -
 4 files changed, 67 insertions(+), 61 deletions(-)
 create mode 100644 .github/workflows/build-push-image.yaml

diff --git a/.github/workflows/build-push-image.yaml b/.github/workflows/build-push-image.yaml
new file mode 100644
index 0000000..9491498
--- /dev/null
+++ b/.github/workflows/build-push-image.yaml
@@ -0,0 +1,43 @@
+name: Build Image
+permissions: read-all
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+
+jobs:
+  push_to_registry_env:
+    name: Push Docker Image to Docker Hub
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: willnilges/meshforms
+      
+      - name: Build and push Docker image
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: willnilges/meshforms:${{ inputs.environment }}
+          labels: ${{ steps.meta.outputs.labels }}
+          # Hardcoding the URL of meshdb into the image we build... There is probably
+          # a better way to do this.
+          build-args: |
+            "MESHDB_URL=${{ vars.MESHDB_URL }}"
\ No newline at end of file
diff --git a/.github/workflows/deploy-to-k8s.yaml b/.github/workflows/deploy-to-k8s.yaml
index 5819ba7..fae3246 100644
--- a/.github/workflows/deploy-to-k8s.yaml
+++ b/.github/workflows/deploy-to-k8s.yaml
@@ -47,5 +47,8 @@ jobs:
         --set aws.secret_key="${{ secrets.S3_SECRET_KEY }}" \
         --set meshforms.s3_bucket_name="${{ secrets.S3_BUCKET_NAME }}" \
         --set meshforms.s3_base_name="${{ secrets.S3_BASE_NAME }}" \
+        --set image.tag="${{ inputs.environment }}" \
         --set ingress.hosts[0].host="${{ vars.INGRESS_HOST }}",ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=Prefix
 
+        # Rolling restart
+        kubectl --kubeconfig ./config --server https://${{ secrets.SSH_TARGET_IP }}:6443 -n ${{ vars.APP_NAMESPACE }} rollout restart deploy
diff --git a/.github/workflows/publish-and-deploy.yaml b/.github/workflows/publish-and-deploy.yaml
index a07cd74..48179e2 100644
--- a/.github/workflows/publish-and-deploy.yaml
+++ b/.github/workflows/publish-and-deploy.yaml
@@ -1,4 +1,4 @@
-name: Publish Docker Image
+name: Publish and Deploy
 permissions: read-all
 
 on:
@@ -6,76 +6,37 @@ on:
     branches: [ main ]
 
 jobs:
-  push_to_registry:
-    name: Push Docker Image to Docker Hub
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v4
-      
-      - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: willnilges/meshforms
-      
-      - name: Build and push Docker image
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          # Hardcoding the URL of meshdb into the image we build... There is probably
-          # a better way to do this.
-          build-args: |
-            "MESHDB_URL=${{ secrets.MESHDB_URL }}"
-
-  deploy_to_grandsvc:
-    name: Deploy to grandsvc
-    needs: push_to_registry
-    runs-on: ubuntu-latest
-    steps:
-    - name: Setup WireGuard
-      run:  |
-        sudo apt install wireguard
-        echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey
-        sudo ip link add dev wg0 type wireguard
-        sudo ip address add dev wg0 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.WIREGUARD_PEER }}
-        sudo wg set wg0 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }}
-        sudo ip link set up dev wg0
-    - name: Install SSH key
-      uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2
-      with:
-        key: ${{ secrets.GRANDSVC_KEY }}
-        name: id_ed25519 # optional
-        known_hosts: ${{ secrets.GRANDSVC_KNOWN_HOSTS }}
-        #config: ${{ secrets.CONFIG }} # ssh_config; optional
-        if_key_exists: fail # replace / ignore / fail; optional (defaults to fail)
-    - name: Pull new Docker image
-      run: ssh ${{ secrets.GRANDSVC_SSH_TARGET }} "cd ${{ secrets.GRANDSVC_PROJECT_PATH }} && git pull && docker compose pull && docker compose up -d"
+  push_to_registry_dev:
+    name: Push to dev3
+    uses: ./.github/workflows/build-push-image.yaml
+    with:
+      environment: dev3
+    secrets: inherit
+    if: github.ref == 'refs/heads/main'
 
   deploy_to_dev3:
-    name: Deploy to dev 3
+    name: Deploy to dev3
     uses: ./.github/workflows/deploy-to-k8s.yaml
     with:
       environment: dev3
     secrets: inherit
-    needs: push_to_registry
+    needs: push_to_registry_dev
+    if: github.ref == 'refs/heads/main'
+
+  push_to_registry_prod:
+    name: Push to prod1
+    uses: ./.github/workflows/build-push-image.yaml
+    with:
+      environment: prod1
+    secrets: inherit
+    needs: deploy_to_dev3
     if: github.ref == 'refs/heads/main'
 
   deploy_to_prod1:
-    name: Deploy to prod 1
+    name: Deploy to prod1
     uses: ./.github/workflows/deploy-to-k8s.yaml
     with:
       environment: prod1
     secrets: inherit
-    needs: push_to_registry
+    needs: push_to_registry_prod
     if: github.ref == 'refs/heads/main'
diff --git a/infra/helm/meshforms/values.yaml b/infra/helm/meshforms/values.yaml
index abfce72..17f0c43 100644
--- a/infra/helm/meshforms/values.yaml
+++ b/infra/helm/meshforms/values.yaml
@@ -3,7 +3,6 @@ replicaCount: 1
 image:
   repository: willnilges/meshforms
   pullPolicy: IfNotPresent
-  tag: main
 
 imagePullSecrets: []
 nameOverride: "meshforms"