Merge pull request #79 from fvst-dev/feature/working-on-secrets

chore: working on init script

.github/actions/build-docker-container/action.yaml

@@ -0,0 +1,54 @@
+name: "Build docker container"
+description: "Builds a docker container"
+inputs:
+  google_cloud_token:
+    description: "google cloud token"
+    required: true
+  turborepo_cache_bucket:
+    description: "turborepo cache bucket"
+    required: true
+  registry:
+    description: "registry to push too"
+    required: true
+  service:
+    description: "service"
+    required: true
+  dockerfile:
+    description: "service"
+    required: true
+  tag:
+    description: "service"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: ./.github/actions/setup-google-cloud-auth
+      id: "auth"
+      with:
+        google_cloud_token: ${{ inputs.google_cloud_token }}
+
+    - uses: ./.github/actions/setup-turborepo-remote-cache
+      id: "turborepo-cache"
+      with:
+        bucket: ${{ inputs.turborepo_cache_bucket }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+      with:
+        config: .github/buildkitd.toml
+
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        push: true
+        context: .
+        tags: ${{ inputs.registry }}/${{ inputs.service }}:${{ inputs.tag }},${{ inputs.registry }}/${{ inputs.service }}:latest
+        file: ${{ inputs.dockerfile }}
+        cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.service }}:buildcache,mode=max,compression=zstd
+        cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.service }}:buildcache
+        build-args: |
+          APP_NAME=${{ inputs.service }}
+          TURBO_TOKEN=${{ steps.turborepo-cache.outputs.TURBO_TOKEN }}
+          TURBO_TEAMID=${{ steps.turborepo-cache.outputs.TURBO_TEAMID }}
+          TURBO_API=${{ steps.turborepo-cache.outputs.TURBO_API_FOR_DOCKER }}

.github/actions/services-matrix/action.yaml

@@ -0,0 +1,20 @@
+name: "Service matrix"
+description: "Builds a matrix of all the services"
+outputs:
+  matrix:
+    description: "matrix of services and their docker file"
+    value: ${{ steps.matrix.outputs.matrix }}
+runs:
+  using: "composite"
+  steps:
+    - name: matrix
+      id: matrix
+      shell: bash
+      run: |
+        blog='{ "service": "blog-graphql", "dockerfile": "tooling/docker/nest/Dockerfile" }'
+        todo='{ "service": "todo-graphql", "dockerfile": "tooling/docker/nest/Dockerfile" }'
+        user='{ "service": "user-graphql", "dockerfile": "tooling/docker/nest/Dockerfile" }'
+        demo='{ "service": "demo-worker", "dockerfile": "tooling/docker/nest/Dockerfile" }'
+        gateway='{ "service": "graphql-gateway", "dockerfile": "tooling/docker/nest/Dockerfile" }'
+        web='{ "service": "web", "dockerfile": "tooling/docker/next/Dockerfile" }'
+        echo "matrix={\"include\":[$blog, $todo, $user, $demo, $gateway, $web]}" >> $GITHUB_OUTPUT

.github/actions/terraform-apply/action.yaml

@@ -10,6 +10,9 @@ inputs:
   region:
     description: "The region we are deploying too"
     required: true
+  docker-tag:
+    description: "The docker tag we are deploying"
+    required: true
   prefix:
     description: "The unix prefix we set up"
     required: true
@@ -21,6 +24,7 @@ runs:
       run: |
         echo "TF_VAR_project=${{ inputs.prefix }}-fvst-${{ inputs.environment }}" >> $GITHUB_ENV
         echo "TF_VAR_region=${{ inputs.region }}" >> $GITHUB_ENV
+        echo "TF_VAR_docker_tag=${{ inputs.docker-tag }}"
     - name: Setup terraform remote and configuration
       shell: bash
       run: |

.github/actions/terraform-plan/action.yaml

@@ -10,6 +10,9 @@ inputs:
   region:
     description: "The region we are deploying too"
     required: true
+  docker-tag:
+    description: "The docker tag we are deploying"
+    required: true
   prefix:
     description: "The unix prefix we set up"
     required: true
@@ -24,6 +27,7 @@ runs:
       run: |
         echo "TF_VAR_project=${{ inputs.prefix }}-fvst-${{ inputs.environment }}" >> $GITHUB_ENV
         echo "TF_VAR_region=${{ inputs.region }}" >> $GITHUB_ENV
+        echo "TF_VAR_docker_tag=${{ inputs.docker-tag }}" >> $GITHUB_ENV
     - name: Setup github token
       shell: bash
       run: |

.github/workflows/deploy.yml

@@ -0,0 +1,101 @@
+name: Deploy
+on: push
+
+env:
+  DOCKER_TAG: deploy-run-${{ github.run_number }}
+
+jobs:
+  prebuild:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.matrix.outputs.matrix }}
+    steps:
+      - uses: "actions/checkout@v3"
+      - uses: ./.github/actions/services-matrix
+        id: "matrix"
+
+  build-staging:
+    needs: prebuild
+    if: ${{ github.ref == 'refs/heads/develop' }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }}
+    steps:
+      - uses: "actions/checkout@v3"
+      - name: "Configure env variables"
+        run: |
+          project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-staging"
+          registry="us-docker.pkg.dev/$project/registry"
+          echo "project=$project" >> $GITHUB_ENV
+          echo "registry=$registry" >> $GITHUB_ENV
+      - uses: ./.github/actions/build-docker-container
+        with:
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }}
+          turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_STAGING }}
+          registry: ${{ env.registry }}
+          service: ${{ matrix.service }}
+          dockerfile: ${{ matrix.dockerfile }}
+          tag: ${{ env.DOCKER_TAG }}
+
+  deploy-staging:
+    needs: build-staging
+    if: ${{ github.ref == 'refs/heads/develop' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: "actions/checkout@v3"
+
+      - uses: ./.github/actions/setup-google-cloud-auth
+        id: "auth"
+        with:
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }}
+
+      - uses: ./.github/actions/terraform-apply
+        with:
+          environment: "staging"
+          terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_STAGING }}
+          region: ${{ vars.FVST_PROJECT_REGION }}
+          prefix: ${{ vars.FVST_PROJECT_PREFIX }}
+          docker-tag: ${{ env.DOCKER_TAG }}
+
+  build-production:
+    needs: prebuild
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }}
+    steps:
+      - uses: "actions/checkout@v3"
+      - name: "Configure env variables"
+        run: |
+          project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-production"
+          registry="us-docker.pkg.dev/$project/registry"
+          echo "project=$project" >> $GITHUB_ENV
+          echo "registry=$registry" >> $GITHUB_ENV
+      - uses: ./.github/actions/build-docker-container
+        with:
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }}
+          turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_PRODUCTION }}
+          registry: ${{ env.registry }}
+          service: ${{ matrix.service }}
+          dockerfile: ${{ matrix.dockerfile }}
+          tag: ${{ env.DOCKER_TAG }}
+
+  deploy-production:
+    needs: build-production
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: "actions/checkout@v3"
+
+      - uses: ./.github/actions/setup-google-cloud-auth
+        id: "auth"
+        with:
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }}
+
+      - uses: ./.github/actions/terraform-apply
+        with:
+          environment: "production"
+          terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_PRODUCTION }}
+          region: ${{ vars.FVST_PROJECT_REGION }}
+          prefix: ${{ vars.FVST_PROJECT_PREFIX }}
+          docker-tag: ${{ env.DOCKER_TAG }}

.github/workflows/initialize.yml

@@ -1,86 +1,96 @@
-name: Initialize environment
-on:
-  workflow_dispatch:
-    inputs:
-      environment:
-        type: "choice"
-        description: "What environment should we initialize"
-        required: true
-        default: "STAGING"
-        options:
-          - "STAGING"
-          - "PRODUCTION"
+name: Initialize environments
+on: [workflow_dispatch]
 env:
-  DOCKER_TAG: gh-run-${{ github.run_number }}
+  DOCKER_TAG: initialize-run-${{ github.run_number }}
 
 jobs:
-  build:
+  prebuild:
     runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.matrix.outputs.matrix }}
+    steps:
+      - uses: "actions/checkout@v3"
+      - uses: ./.github/actions/services-matrix
+        id: "matrix"
 
+  build-staging:
+    needs: prebuild
+    runs-on: ubuntu-latest
     strategy:
-      matrix:
-        include:
-          - service: "blog-graphql"
-            dockerfile: "tooling/docker/nest/Dockerfile"
-
-          - service: "todo-graphql"
-            dockerfile: "tooling/docker/nest/Dockerfile"
-
-          - service: "user-graphql"
-            dockerfile: "tooling/docker/nest/Dockerfile"
-
-          - service: "demo-worker"
-            dockerfile: "tooling/docker/nest/Dockerfile"
-
-          - service: "graphql-gateway"
-            dockerfile: "tooling/docker/nest/Dockerfile"
-
-          - service: "web"
-            dockerfile: "tooling/docker/next/Dockerfile"
-
-    env:
-      GOOGLE_CLOUD_TOKEN_KEY: GOOGLE_CLOUD_TOKEN_${{ inputs.environment }}
-      TURBOREPO_BUCKET_KEY: FVST_PROJECT_TURBOREPO_BUCKET_${{ inputs.environment }}
-
+      matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }}
     steps:
       - uses: "actions/checkout@v3"
-
-      - uses: ./.github/actions/string-manipulation
-        id: "string"
+      - name: "Configure env variables"
+        run: |
+          project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-staging"
+          registry="us-docker.pkg.dev/$project/registry"
+          echo "project=$project" >> $GITHUB_ENV
+          echo "registry=$registry" >> $GITHUB_ENV
+      - uses: ./.github/actions/build-docker-container
         with:
-          string: ${{ inputs.environment }}
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }}
+          turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_STAGING }}
+          registry: ${{ env.registry }}
+          service: ${{ matrix.service }}
+          dockerfile: ${{ matrix.dockerfile }}
+          tag: ${{ env.DOCKER_TAG }}
 
-      - name: Build registry url
-        run: |
-          echo ${{ steps.string.outputs.lowercase }}
-          echo "REGISTRY=us-docker.pkg.dev/${{ vars.FVST_PROJECT_PREFIX }}-fvst-${{steps.string.outputs.lowercase}}/registry" >>${GITHUB_ENV}
+  deploy-staging:
+    needs: build-staging
+    runs-on: ubuntu-latest
+    steps:
+      - uses: "actions/checkout@v3"
 
       - uses: ./.github/actions/setup-google-cloud-auth
         id: "auth"
         with:
-          google_cloud_token: ${{ secrets[env.GOOGLE_CLOUD_TOKEN_KEY] }}
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }}
+
+      - uses: ./.github/actions/terraform-apply
+        with:
+          environment: "staging"
+          terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_STAGING }}
+          region: ${{ vars.FVST_PROJECT_REGION }}
+          prefix: ${{ vars.FVST_PROJECT_PREFIX }}
+          docker-tag: ${{ env.DOCKER_TAG }}
 
-      - uses: ./.github/actions/setup-turborepo-remote-cache
-        id: "turborepo-cache"
+  build-production:
+    needs: prebuild
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }}
+    steps:
+      - uses: "actions/checkout@v3"
+      - name: "Configure env variables"
+        run: |
+          project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-production"
+          registry="us-docker.pkg.dev/$project/registry"
+          echo "project=$project" >> $GITHUB_ENV
+          echo "registry=$registry" >> $GITHUB_ENV
+      - uses: ./.github/actions/build-docker-container
         with:
-          bucket: ${{ vars[env.TURBOREPO_BUCKET_KEY] }}
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }}
+          turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_PRODUCTION }}
+          registry: ${{ env.registry }}
+          service: ${{ matrix.service }}
+          dockerfile: ${{ matrix.dockerfile }}
+          tag: ${{ env.DOCKER_TAG }}
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+  deploy-production:
+    needs: build-production
+    runs-on: ubuntu-latest
+    steps:
+      - uses: "actions/checkout@v3"
+
+      - uses: ./.github/actions/setup-google-cloud-auth
+        id: "auth"
         with:
-          config: .github/buildkitd.toml
+          google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v4
+      - uses: ./.github/actions/terraform-apply
         with:
-          push: true
-          context: .
-          tags: ${{env.REGISTRY}}/${{matrix.service}}:${{env.DOCKER_TAG}},${{env.REGISTRY}}/${{matrix.service}}:latest
-          file: ${{ matrix.dockerfile }}
-          cache-to: type=registry,ref=${{env.REGISTRY}}/${{matrix.service}}:buildcache,mode=max,compression=zstd
-          cache-from: type=registry,ref=${{env.REGISTRY}}/${{matrix.service}}:buildcache
-          build-args: |
-            APP_NAME=${{ matrix.service }}
-            TURBO_TOKEN=${{ steps.turborepo-cache.outputs.TURBO_TOKEN }}
-            TURBO_TEAMID=${{ steps.turborepo-cache.outputs.TURBO_TEAMID }}
-            TURBO_API=${{ steps.turborepo-cache.outputs.TURBO_API_FOR_DOCKER }}
+          environment: "production"
+          terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_PRODUCTION }}
+          region: ${{ vars.FVST_PROJECT_REGION }}
+          prefix: ${{ vars.FVST_PROJECT_PREFIX }}
+          docker-tag: ${{ env.DOCKER_TAG }}