-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #79 from fvst-dev/feature/working-on-secrets
chore: working on init script
- Loading branch information
Showing
67 changed files
with
1,332 additions
and
624 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: "Build docker container" | ||
description: "Builds a docker container" | ||
inputs: | ||
google_cloud_token: | ||
description: "google cloud token" | ||
required: true | ||
turborepo_cache_bucket: | ||
description: "turborepo cache bucket" | ||
required: true | ||
registry: | ||
description: "registry to push too" | ||
required: true | ||
service: | ||
description: "service" | ||
required: true | ||
dockerfile: | ||
description: "service" | ||
required: true | ||
tag: | ||
description: "service" | ||
required: true | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- uses: ./.github/actions/setup-google-cloud-auth | ||
id: "auth" | ||
with: | ||
google_cloud_token: ${{ inputs.google_cloud_token }} | ||
|
||
- uses: ./.github/actions/setup-turborepo-remote-cache | ||
id: "turborepo-cache" | ||
with: | ||
bucket: ${{ inputs.turborepo_cache_bucket }} | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
with: | ||
config: .github/buildkitd.toml | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v4 | ||
with: | ||
push: true | ||
context: . | ||
tags: ${{ inputs.registry }}/${{ inputs.service }}:${{ inputs.tag }},${{ inputs.registry }}/${{ inputs.service }}:latest | ||
file: ${{ inputs.dockerfile }} | ||
cache-to: type=registry,ref=${{ inputs.registry }}/${{ inputs.service }}:buildcache,mode=max,compression=zstd | ||
cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.service }}:buildcache | ||
build-args: | | ||
APP_NAME=${{ inputs.service }} | ||
TURBO_TOKEN=${{ steps.turborepo-cache.outputs.TURBO_TOKEN }} | ||
TURBO_TEAMID=${{ steps.turborepo-cache.outputs.TURBO_TEAMID }} | ||
TURBO_API=${{ steps.turborepo-cache.outputs.TURBO_API_FOR_DOCKER }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
name: "Service matrix" | ||
description: "Builds a matrix of all the services" | ||
outputs: | ||
matrix: | ||
description: "matrix of services and their docker file" | ||
value: ${{ steps.matrix.outputs.matrix }} | ||
runs: | ||
using: "composite" | ||
steps: | ||
- name: matrix | ||
id: matrix | ||
shell: bash | ||
run: | | ||
blog='{ "service": "blog-graphql", "dockerfile": "tooling/docker/nest/Dockerfile" }' | ||
todo='{ "service": "todo-graphql", "dockerfile": "tooling/docker/nest/Dockerfile" }' | ||
user='{ "service": "user-graphql", "dockerfile": "tooling/docker/nest/Dockerfile" }' | ||
demo='{ "service": "demo-worker", "dockerfile": "tooling/docker/nest/Dockerfile" }' | ||
gateway='{ "service": "graphql-gateway", "dockerfile": "tooling/docker/nest/Dockerfile" }' | ||
web='{ "service": "web", "dockerfile": "tooling/docker/next/Dockerfile" }' | ||
echo "matrix={\"include\":[$blog, $todo, $user, $demo, $gateway, $web]}" >> $GITHUB_OUTPUT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
name: Deploy | ||
on: push | ||
|
||
env: | ||
DOCKER_TAG: deploy-run-${{ github.run_number }} | ||
|
||
jobs: | ||
prebuild: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
matrix: ${{ steps.matrix.outputs.matrix }} | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
- uses: ./.github/actions/services-matrix | ||
id: "matrix" | ||
|
||
build-staging: | ||
needs: prebuild | ||
if: ${{ github.ref == 'refs/heads/develop' }} | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }} | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
- name: "Configure env variables" | ||
run: | | ||
project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-staging" | ||
registry="us-docker.pkg.dev/$project/registry" | ||
echo "project=$project" >> $GITHUB_ENV | ||
echo "registry=$registry" >> $GITHUB_ENV | ||
- uses: ./.github/actions/build-docker-container | ||
with: | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }} | ||
turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_STAGING }} | ||
registry: ${{ env.registry }} | ||
service: ${{ matrix.service }} | ||
dockerfile: ${{ matrix.dockerfile }} | ||
tag: ${{ env.DOCKER_TAG }} | ||
|
||
deploy-staging: | ||
needs: build-staging | ||
if: ${{ github.ref == 'refs/heads/develop' }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
|
||
- uses: ./.github/actions/setup-google-cloud-auth | ||
id: "auth" | ||
with: | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }} | ||
|
||
- uses: ./.github/actions/terraform-apply | ||
with: | ||
environment: "staging" | ||
terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_STAGING }} | ||
region: ${{ vars.FVST_PROJECT_REGION }} | ||
prefix: ${{ vars.FVST_PROJECT_PREFIX }} | ||
docker-tag: ${{ env.DOCKER_TAG }} | ||
|
||
build-production: | ||
needs: prebuild | ||
if: ${{ github.ref == 'refs/heads/main' }} | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }} | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
- name: "Configure env variables" | ||
run: | | ||
project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-production" | ||
registry="us-docker.pkg.dev/$project/registry" | ||
echo "project=$project" >> $GITHUB_ENV | ||
echo "registry=$registry" >> $GITHUB_ENV | ||
- uses: ./.github/actions/build-docker-container | ||
with: | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }} | ||
turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_PRODUCTION }} | ||
registry: ${{ env.registry }} | ||
service: ${{ matrix.service }} | ||
dockerfile: ${{ matrix.dockerfile }} | ||
tag: ${{ env.DOCKER_TAG }} | ||
|
||
deploy-production: | ||
needs: build-production | ||
if: ${{ github.ref == 'refs/heads/main' }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
|
||
- uses: ./.github/actions/setup-google-cloud-auth | ||
id: "auth" | ||
with: | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }} | ||
|
||
- uses: ./.github/actions/terraform-apply | ||
with: | ||
environment: "production" | ||
terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_PRODUCTION }} | ||
region: ${{ vars.FVST_PROJECT_REGION }} | ||
prefix: ${{ vars.FVST_PROJECT_PREFIX }} | ||
docker-tag: ${{ env.DOCKER_TAG }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,86 +1,96 @@ | ||
name: Initialize environment | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
type: "choice" | ||
description: "What environment should we initialize" | ||
required: true | ||
default: "STAGING" | ||
options: | ||
- "STAGING" | ||
- "PRODUCTION" | ||
name: Initialize environments | ||
on: [workflow_dispatch] | ||
env: | ||
DOCKER_TAG: gh-run-${{ github.run_number }} | ||
DOCKER_TAG: initialize-run-${{ github.run_number }} | ||
|
||
jobs: | ||
build: | ||
prebuild: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
matrix: ${{ steps.matrix.outputs.matrix }} | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
- uses: ./.github/actions/services-matrix | ||
id: "matrix" | ||
|
||
build-staging: | ||
needs: prebuild | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
include: | ||
- service: "blog-graphql" | ||
dockerfile: "tooling/docker/nest/Dockerfile" | ||
|
||
- service: "todo-graphql" | ||
dockerfile: "tooling/docker/nest/Dockerfile" | ||
|
||
- service: "user-graphql" | ||
dockerfile: "tooling/docker/nest/Dockerfile" | ||
|
||
- service: "demo-worker" | ||
dockerfile: "tooling/docker/nest/Dockerfile" | ||
|
||
- service: "graphql-gateway" | ||
dockerfile: "tooling/docker/nest/Dockerfile" | ||
|
||
- service: "web" | ||
dockerfile: "tooling/docker/next/Dockerfile" | ||
|
||
env: | ||
GOOGLE_CLOUD_TOKEN_KEY: GOOGLE_CLOUD_TOKEN_${{ inputs.environment }} | ||
TURBOREPO_BUCKET_KEY: FVST_PROJECT_TURBOREPO_BUCKET_${{ inputs.environment }} | ||
|
||
matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }} | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
|
||
- uses: ./.github/actions/string-manipulation | ||
id: "string" | ||
- name: "Configure env variables" | ||
run: | | ||
project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-staging" | ||
registry="us-docker.pkg.dev/$project/registry" | ||
echo "project=$project" >> $GITHUB_ENV | ||
echo "registry=$registry" >> $GITHUB_ENV | ||
- uses: ./.github/actions/build-docker-container | ||
with: | ||
string: ${{ inputs.environment }} | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }} | ||
turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_STAGING }} | ||
registry: ${{ env.registry }} | ||
service: ${{ matrix.service }} | ||
dockerfile: ${{ matrix.dockerfile }} | ||
tag: ${{ env.DOCKER_TAG }} | ||
|
||
- name: Build registry url | ||
run: | | ||
echo ${{ steps.string.outputs.lowercase }} | ||
echo "REGISTRY=us-docker.pkg.dev/${{ vars.FVST_PROJECT_PREFIX }}-fvst-${{steps.string.outputs.lowercase}}/registry" >>${GITHUB_ENV} | ||
deploy-staging: | ||
needs: build-staging | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
|
||
- uses: ./.github/actions/setup-google-cloud-auth | ||
id: "auth" | ||
with: | ||
google_cloud_token: ${{ secrets[env.GOOGLE_CLOUD_TOKEN_KEY] }} | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_STAGING }} | ||
|
||
- uses: ./.github/actions/terraform-apply | ||
with: | ||
environment: "staging" | ||
terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_STAGING }} | ||
region: ${{ vars.FVST_PROJECT_REGION }} | ||
prefix: ${{ vars.FVST_PROJECT_PREFIX }} | ||
docker-tag: ${{ env.DOCKER_TAG }} | ||
|
||
- uses: ./.github/actions/setup-turborepo-remote-cache | ||
id: "turborepo-cache" | ||
build-production: | ||
needs: prebuild | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: ${{ fromJSON(needs.prebuild.outputs.matrix) }} | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
- name: "Configure env variables" | ||
run: | | ||
project="${{ vars.FVST_PROJECT_PREFIX }}-fvst-production" | ||
registry="us-docker.pkg.dev/$project/registry" | ||
echo "project=$project" >> $GITHUB_ENV | ||
echo "registry=$registry" >> $GITHUB_ENV | ||
- uses: ./.github/actions/build-docker-container | ||
with: | ||
bucket: ${{ vars[env.TURBOREPO_BUCKET_KEY] }} | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }} | ||
turborepo_cache_bucket: ${{ vars.FVST_PROJECT_TURBOREPO_BUCKET_PRODUCTION }} | ||
registry: ${{ env.registry }} | ||
service: ${{ matrix.service }} | ||
dockerfile: ${{ matrix.dockerfile }} | ||
tag: ${{ env.DOCKER_TAG }} | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
deploy-production: | ||
needs: build-production | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: "actions/checkout@v3" | ||
|
||
- uses: ./.github/actions/setup-google-cloud-auth | ||
id: "auth" | ||
with: | ||
config: .github/buildkitd.toml | ||
google_cloud_token: ${{ secrets.GOOGLE_CLOUD_TOKEN_PRODUCTION }} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v4 | ||
- uses: ./.github/actions/terraform-apply | ||
with: | ||
push: true | ||
context: . | ||
tags: ${{env.REGISTRY}}/${{matrix.service}}:${{env.DOCKER_TAG}},${{env.REGISTRY}}/${{matrix.service}}:latest | ||
file: ${{ matrix.dockerfile }} | ||
cache-to: type=registry,ref=${{env.REGISTRY}}/${{matrix.service}}:buildcache,mode=max,compression=zstd | ||
cache-from: type=registry,ref=${{env.REGISTRY}}/${{matrix.service}}:buildcache | ||
build-args: | | ||
APP_NAME=${{ matrix.service }} | ||
TURBO_TOKEN=${{ steps.turborepo-cache.outputs.TURBO_TOKEN }} | ||
TURBO_TEAMID=${{ steps.turborepo-cache.outputs.TURBO_TEAMID }} | ||
TURBO_API=${{ steps.turborepo-cache.outputs.TURBO_API_FOR_DOCKER }} | ||
environment: "production" | ||
terraform-bucket: ${{ vars.FVST_PROJECT_TF_STATE_BUCKET_PRODUCTION }} | ||
region: ${{ vars.FVST_PROJECT_REGION }} | ||
prefix: ${{ vars.FVST_PROJECT_PREFIX }} | ||
docker-tag: ${{ env.DOCKER_TAG }} |
Oops, something went wrong.