diff --git a/.forgejo/workflows/build-deploy.yaml b/.forgejo/workflows/build-deploy-staging.yaml similarity index 50% rename from .forgejo/workflows/build-deploy.yaml rename to .forgejo/workflows/build-deploy-staging.yaml index a9ddbcb..67ab07c 100644 --- a/.forgejo/workflows/build-deploy.yaml +++ b/.forgejo/workflows/build-deploy-staging.yaml @@ -1,4 +1,4 @@ -name: Build and Deploy +name: Build and Deploy Staging on: push: @@ -35,3 +35,29 @@ jobs: tags: ${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_NAME }}:latest cache-from: type=gha cache-to: type=gha,mode=max + + deploy: + needs: build + runs-on: ubuntu-latest + container: catthehacker/ubuntu:act-latest + environment: + name: staging + url: https://staging.portal.servala.com/ + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Deploy to OpenShift + uses: docker://quay.io/appuio/oc:v4.16 + with: + entrypoint: /bin/bash + args: | + -c "oc login --token=${OPENSHIFT_TOKEN} --server=${OPENSHIFT_URL} && \ + oc -n ${NAMESPACE} apply --overwrite -k deployment/kustomize/overlays/staging && \ + oc -n ${NAMESPACE} rollout restart deployment/servala" + env: + NAMESPACE: ${{ vars.NAMESPACE_PORTAL_STAGING }} + KUBECONFIG: /tmp/kube_config + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_URL: ${{ secrets.OPENSHIFT_URL }} diff --git a/.gitignore b/.gitignore index ab3e8ce..307b1dc 100644 --- a/.gitignore +++ b/.gitignore @@ -162,3 +162,5 @@ cython_debug/ # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ +# Deployment Stuff +deployment/secrets/* \ No newline at end of file diff --git a/README.md b/README.md index 28700d2..9af34d2 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Paths: * `docs/modules/ROOT/nav.adoc`: Site navigation (new pages need to be added there) Writing documentation is best done by running `make docs-preview` and connecting to the site at http://localhost:2020/. -The browser addon [LiveReload - Web extension](https://addons.mozilla.org/en-US/firefox/addon/livereload-web-extension/) will help while editing with automated page reload in the browser. +The browser add-on [LiveReload - Web extension](https://addons.mozilla.org/en-US/firefox/addon/livereload-web-extension/) will help while editing with automated page reload in the browser. ## Development setup @@ -39,7 +39,7 @@ This will start the development server on http://localhost:8000. TODO -### Code style and linting +## Code style and linting Servala uses several linters / formatters to keep the project style consistent for you. Run them like this: @@ -54,7 +54,7 @@ uv run flake8 src/ # Python linter The repository features a [pre-commit](https://pre-commit.com/) configuration which helps to properly format the source code before committing. It's recommended to install and use it. -### Docker +## Docker The project provides a Dockerfile which builds a production-ready container image. It uses [Caddy](https://caddyserver.com/) to serve static files and connect to [Gunicorn](https://gunicorn.org/), the Python WSGI application server. @@ -73,6 +73,10 @@ docker run --rm -ti -p 8080:8080 --name=servala-portal --rm --env-file .env loca TODO: Persistence -### Testing +## Deployment + +TODO + +## Testing TODO diff --git a/deployment/kustomize/base/database/kustomization.yaml b/deployment/kustomize/base/database/kustomization.yaml new file mode 100644 index 0000000..3bf5d5c --- /dev/null +++ b/deployment/kustomize/base/database/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - vshnpostgresql.yaml diff --git a/deployment/kustomize/base/database/vshnpostgresql.yaml b/deployment/kustomize/base/database/vshnpostgresql.yaml new file mode 100644 index 0000000..e17b4a2 --- /dev/null +++ b/deployment/kustomize/base/database/vshnpostgresql.yaml @@ -0,0 +1,19 @@ +apiVersion: vshn.appcat.vshn.io/v1 +kind: VSHNPostgreSQL +metadata: + name: servala +spec: + parameters: + service: + majorVersion: "16" + pgSettings: + timezone: Europe/Zurich + size: + plan: standard-2 + backup: + schedule: "30 23 * * *" + retention: 12 + encryption: + enabled: true + writeConnectionSecretToRef: + name: database-creds diff --git a/deployment/kustomize/base/portal/deployment.yaml b/deployment/kustomize/base/portal/deployment.yaml new file mode 100644 index 0000000..f738475 --- /dev/null +++ b/deployment/kustomize/base/portal/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: servala + name: servala +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: servala + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: servala + spec: + containers: + - name: servala + image: servala-2nkgm.app.codey.ch/servala/servala-portal:latest + imagePullPolicy: Always + readinessProbe: + httpGet: + path: /admin/ + port: 8080 + periodSeconds: 60 + livenessProbe: + httpGet: + path: /admin/ + port: 8080 + periodSeconds: 60 + initialDelaySeconds: 5 + ports: + - name: http + containerPort: 8080 + protocol: TCP + envFrom: + - secretRef: + name: servala + env: + - name: SERVALA_DB_USER + valueFrom: + secretKeyRef: + name: database-creds + key: POSTGRESQL_USER + - name: SERVALA_DB_PASSWORD + valueFrom: + secretKeyRef: + name: database-creds + key: POSTGRESQL_PASSWORD + - name: SERVALA_DB_HOST + valueFrom: + secretKeyRef: + name: database-creds + key: POSTGRESQL_HOST + - name: SERVALA_DB_PORT + valueFrom: + secretKeyRef: + name: database-creds + key: POSTGRESQL_PORT diff --git a/deployment/kustomize/base/portal/kustomization.yaml b/deployment/kustomize/base/portal/kustomization.yaml new file mode 100644 index 0000000..6d1374a --- /dev/null +++ b/deployment/kustomize/base/portal/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - deployment.yaml + - service.yaml diff --git a/deployment/kustomize/base/portal/service.yaml b/deployment/kustomize/base/portal/service.yaml new file mode 100644 index 0000000..bd8bb47 --- /dev/null +++ b/deployment/kustomize/base/portal/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: servala + labels: + app: servala +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: http + selector: + app: servala + type: ClusterIP diff --git a/deployment/kustomize/overlays/staging/ingress.yaml b/deployment/kustomize/overlays/staging/ingress.yaml new file mode 100644 index 0000000..835a17e --- /dev/null +++ b/deployment/kustomize/overlays/staging/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + name: servala +spec: + rules: + - host: staging.portal.servala.com + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: servala + port: + number: 8080 + tls: + - hosts: + - staging.portal.servala.com + secretName: ingress-cert diff --git a/deployment/kustomize/overlays/staging/kustomization.yaml b/deployment/kustomize/overlays/staging/kustomization.yaml new file mode 100644 index 0000000..d746bb1 --- /dev/null +++ b/deployment/kustomize/overlays/staging/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/instance: test + app.kubernetes.io/name: servala +resources: + - ../../base/portal + - ../../base/database + - ingress.yaml +patches: + - path: portal-deployment.yaml diff --git a/deployment/kustomize/overlays/staging/portal-deployment.yaml b/deployment/kustomize/overlays/staging/portal-deployment.yaml new file mode 100644 index 0000000..e435bb3 --- /dev/null +++ b/deployment/kustomize/overlays/staging/portal-deployment.yaml @@ -0,0 +1,14 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: servala +spec: + template: + spec: + containers: + - name: servala + env: + - name: SERVALA_ENVIRONMENT + value: staging + - name: SERVALA_ALLOWED_HOSTS + value: staging.portal.servala.com