fix deploy workflow for fermyon cloud

Signed-off-by: Justin Pflueger <[email protected]>
fermyon · Jul 28, 2023 · d8442f9 · d8442f9
1 parent d595eaf
commit d8442f9
Show file tree

Hide file tree

Showing 12 changed files with 53 additions and 108 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,23 +1,22 @@
 name: Build
 on:
-  push:
-    branches: [main]
   pull_request:
     branches: [main]
+  workflow_call:
 
 jobs:
   build:
     runs-on: "ubuntu-latest"
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Install Wasm Rust target
         run: |
           rustup target add wasm32-wasi
 
       - name: Install wasi-vfs
         run: |
-          curl -LOs https://github.com/kateinoigakukun/wasi-vfs/releases/download/v0.1.1/wasi-vfs-cli-x86_64-unknown-linux-gnu.zip
+          curl -LOs https://github.com/kateinoigakukun/wasi-vfs/releases/download/v0.4.0/wasi-vfs-cli-x86_64-unknown-linux-gnu.zip
           unzip wasi-vfs-cli-x86_64-unknown-linux-gnu.zip
           mv wasi-vfs /usr/local/bin
 
@@ -32,6 +31,17 @@ jobs:
           tar zxvf spin-v1.4.1-linux-amd64.tar.gz
           mv spin /usr/local/bin
 
+      - name: Install node
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18"
+          cache: "npm"
+          cache-dependency-path: site/package-lock.json
+
+      - name: Install npm dependencies
+        working-directory: site
+        run: npm ci
+
       - name: Build
         env:
           ENABLE_WASM_OPT: false
@@ -43,3 +53,13 @@ jobs:
           TIMEOUT: 1m
         run: |
           make test-server
+
+      - name: Archive app artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: app
+          path: |
+            spin.toml
+            components/*.wasm
+            site/dist/
+            highscore/migration.sql
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -6,18 +6,6 @@ on:
       - 'main'
 
   workflow_dispatch:
-    inputs:
-      ref:
-        description: 'Git ref to deploy from (refs/tags/v* for tag)'
-        default: 'refs/heads/main'
-      commit:
-        description: 'Commit SHA to deploy from (optional)'
-      environment:
-        type: choice
-        description: 'Environment to deploy to (Default: canary)'
-        options:
-          - canary
-          - prod
 
 # Construct a concurrency group to be shared across workflow runs.
 # The default behavior ensures that only one is running at a time, with
@@ -26,97 +14,37 @@ concurrency: ${{ github.workflow }}
 
 permissions:
   contents: read
-  id-token: write # Allow the workflow to create a JWT for AWS auth
 
 jobs:
-  echo-inputs:
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'workflow_dispatch' }}
-    steps:
-      - name: Echo Inputs
-        run: |
-          echo ref: ${{ github.event.inputs.ref }}
-          echo commit: ${{ github.event.inputs.commit }}
-          echo environment: ${{ github.event.inputs.environment }}
+  build:
+    uses: fermyon/finicky-whiskers/.github/workflows/build.yml@main
 
   deploy:
     runs-on: ubuntu-latest
+    needs: build
     steps:
-      - uses: actions/checkout@v3
-
-      - name: Install Nomad
-        env:
-          NOMAD_VERSION: "1.4.3"
-        run: |
-          curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip
-          unzip nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip -d /usr/local/bin
-          chmod +x /usr/local/bin/nomad
-
-      # This action currently generates a warning due to using deprecated features.
-      # https://github.com/aws-actions/configure-aws-credentials/issues/521 tracks the new behaviour.
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: Download build artifacts
+        uses: actions/download-artifact@v3
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.INFRA_NAMESPACE }}-${{ secrets.AWS_REGION }}-gha-certs
-          role-session-name: fermyon-developer-deploy
-          aws-region: ${{ secrets.AWS_REGION }}
-
-      - name: Fetch Nomad Certs from S3
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          for cert in infra_ca \
-            api_client_cert_private_key \
-            api_client_cert_public_key; do
+          name: app
+          path: "${{ github.workspace }}"
 
-            aws s3api get-object \
-              --bucket "infra-certs-${{ secrets.INFRA_NAMESPACE }}-${{ secrets.AWS_REGION }}" \
-              --key "${cert}" \
-              "/tmp/${cert}"
-          done
-
-      - name: Configure Nomad
-        shell: bash
-        run: |
-          echo "NOMAD_CACERT=/tmp/infra_ca" >> $GITHUB_ENV
-          echo "NOMAD_CLIENT_CERT=/tmp/api_client_cert_public_key" >> $GITHUB_ENV
-          echo "NOMAD_CLIENT_KEY=/tmp/api_client_cert_private_key" >> $GITHUB_ENV
-          echo "NOMAD_ADDR=https://nomad.${{ secrets.INFRA_NAMESPACE }}.${{ secrets.AWS_REGION }}.fermyon.link:4646" >> $GITHUB_ENV
-
-      - name: Configure manual deploy
-        if: ${{ github.event_name == 'workflow_dispatch' }}
-        shell: bash
-        run: |
-          echo "GIT_REF=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
-          echo "GIT_SHA=${{ github.event.inputs.commit }}" >> $GITHUB_ENV
-          
-          if [[ "${{ github.event.inputs.environment }}" == "prod" ]]; then
-            echo "PRODUCTION=true" >> $GITHUB_ENV
-            echo "NOMAD_NAMESPACE=prod" >> $GITHUB_ENV
-          else
-            echo "PRODUCTION=false" >> $GITHUB_ENV
-            echo "NOMAD_NAMESPACE=staging" >> $GITHUB_ENV
-          fi
-
-      - name: Configure auto-deploy
-        if: ${{ github.event_name == 'push' }}
-        shell: bash
-        run: |
-          echo "GIT_REF=${{ github.ref }}" >> $GITHUB_ENV
-          echo "GIT_SHA=${{ github.sha }}" >> $GITHUB_ENV
+      - name: Setup Spin
+        uses: fermyon/actions/spin/setup@v1
+        with:
+          version: v1.4.1
 
-          echo "PRODUCTION=true" >> $GITHUB_ENV
-          echo "NOMAD_NAMESPACE=prod" >> $GITHUB_ENV
+      - name: Login to Fermyon Cloud
+        run: spin cloud login --token "${{ secrets.FERMYAPPS_CLOUD_TOKEN }}"
 
-      - name: Deploy
-        shell: bash
+      - name: Run sqlite migration(s)
         run: |
-          set -euo pipefail
+          # NOTE: workaround for not being able to use 'default' as the database name
+          SQLITE_DB_NAME="$(spin cloud sqlite list | grep 'default' | cut -d ' ' -f1)"
+          spin cloud sqlite execute "$SQLITE_DB_NAME" "@highscore/migration.sql"
 
-          nomad run \
-            -var "region=${{ secrets.AWS_REGION }}" \
-            -var "production=${{ env.PRODUCTION }}" \
-            -var "git_ref=${{ env.GIT_REF }}" \
-            -var "commit_sha=${{ env.GIT_SHA }}" \
-            deploy/finicky-whiskers.nomad
+      - name: Deploy to Fermyon Cloud
+        uses: fermyon/actions/spin/deploy@v1
+        with:
+          run_build: false
+          fermyon_token: "${{ secrets.FERMYAPPS_CLOUD_TOKEN }}"
diff --git a/components/highscore.wasm b/components/highscore.wasm
diff --git a/components/redirect.wasm b/components/redirect.wasm
diff --git a/components/reset.wasm b/components/reset.wasm
diff --git a/components/scoreboard.wasm b/components/scoreboard.wasm
diff --git a/components/session.wasm b/components/session.wasm
diff --git a/components/tally.wasm b/components/tally.wasm
diff --git a/session/Makefile b/session/Makefile
@@ -6,7 +6,7 @@ build: $(RUBY_FLAVOR) .gem
 		--mapdir /lib::./lib \
 		--mapdir /.gem::./.gem \
 		--mapdir /usr::./$(RUBY_FLAVOR)/usr \
-		-o session.wasm
+		-o ../components/session.wasm
 
 $(RUBY_FLAVOR):
 	curl -fsLO https://github.com/ruby/ruby.wasm/releases/download/ruby-head-wasm-wasi-0.3.0/ruby-$(RUBY_FLAVOR).tar.gz

diff --git a/session/spin.toml b/session/spin.toml
@@ -5,7 +5,7 @@ trigger = { type = "http", base = "/" }
 
 [[component]]
 id = "ruby"
-source = "session.wasm"
+source = "../components/session.wasm"
 [component.trigger]
 executor = { type = "wagi", argv = "${SCRIPT_NAME} -v /lib/session.rb ${SCRIPT_NAME} ${ARGS}" }
 route = "/session"
diff --git a/site/Makefile b/site/Makefile
@@ -1,9 +1,3 @@
-SPIN_FILESERVER ?= ../../spin-fileserver
-ENABLE_WASM_OPT ?= true
-
 .PHONY: build
 build:
-	cd $(SPIN_FILESERVER) && cargo build --target wasm32-wasi --release
-ifeq ($(ENABLE_WASM_OPT),true)
-	wasm-opt -Os -o ../components/fileserver.wasm $(SPIN_FILESERVER)/target/wasm32-wasi/release/spin_static_fs.wasm
-endif
+	npm run build
diff --git a/spin.toml b/spin.toml
@@ -10,6 +10,9 @@ source = "components/fileserver.wasm"
 files = [{ source = "site/dist", destination = "/" }]
 [component.trigger]
 route = "/..."
+[component.build]
+workdir = "site"
+command = "npm run build"
 
 # Redirect / to /index.html
 [[component]]
@@ -39,7 +42,7 @@ watch = ["src/**/*.rs", "Cargo.toml"]
 # Initialize session data
 [[component]]
 id = "session"
-source = "session/session.wasm"
+source = "components/session.wasm"
 [component.trigger]
 executor = { type = "wagi", argv = "${SCRIPT_NAME} -v /lib/session.rb ${SCRIPT_NAME} ${ARGS}" }
 route = "/session"