ref(*): deploy spin docs/redirect app to cloud

.github/workflows/deploy-website.yml

@@ -8,18 +8,6 @@ on:
       - 'main'
 
   workflow_dispatch:
-    inputs:
-      ref:
-        description: 'Git ref to deploy from (refs/tags/v* for tag)'
-        default: 'refs/heads/main'
-      commit:
-        description: 'Commit SHA to deploy from (optional)'
-      environment:
-        type: choice
-        description: 'Environment to deploy to (Default: canary)'
-        options:
-          - canary
-          - prod
 
 # Construct a concurrency group to be shared across workflow runs.
 # The default behavior ensures that only one is running at a time, with
@@ -28,117 +16,24 @@ concurrency: ${{ github.workflow }}
 
 permissions:
   contents: read
-  id-token: write # Allow the workflow to create a JWT for AWS auth
-
-env:
-  JOB: spin-docs
 
 jobs:
-  echo-inputs:
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'workflow_dispatch' }}
-    steps:
-      - name: Echo Inputs
-        run: |
-          echo ref: ${{ github.event.inputs.ref }}
-          echo commit: ${{ github.event.inputs.commit }}
-          echo environment: ${{ github.event.inputs.environment }}
-
   deploy:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'fermyon' }}
     steps:
       - uses: actions/checkout@v3
 
-      - name: Install Nomad
-        env:
-          NOMAD_VERSION: "1.4.3"
-        run: |
-          curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip
-          unzip nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip -d /usr/local/bin
-          chmod +x /usr/local/bin/nomad
-
-      # This action currently generates a warning due to using deprecated features.
-      # https://github.com/aws-actions/configure-aws-credentials/issues/521 tracks the new behaviour.
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: Setup Spin
+        uses: fermyon/actions/spin/setup@v1
         with:
-          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.INFRA_NAMESPACE }}-${{ secrets.AWS_REGION }}-gha-certs
-          role-session-name: fermyon-developer-deploy
-          aws-region: ${{ secrets.AWS_REGION }}
-
-      - name: Fetch Nomad Certs from S3
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          for cert in infra_ca \
-            api_client_cert_private_key \
-            api_client_cert_public_key; do
-
-            aws s3api get-object \
-              --bucket "infra-certs-${{ secrets.INFRA_NAMESPACE }}-${{ secrets.AWS_REGION }}" \
-              --key "${cert}" \
-              "/tmp/${cert}"
-          done
-
-      - name: Configure Nomad
-        shell: bash
-        run: |
-          echo "NOMAD_CACERT=/tmp/infra_ca" >> $GITHUB_ENV
-          echo "NOMAD_CLIENT_CERT=/tmp/api_client_cert_public_key" >> $GITHUB_ENV
-          echo "NOMAD_CLIENT_KEY=/tmp/api_client_cert_private_key" >> $GITHUB_ENV
-          echo "NOMAD_ADDR=https://nomad.${{ secrets.INFRA_NAMESPACE }}.${{ secrets.AWS_REGION }}.fermyon.link:4646" >> $GITHUB_ENV
+          version: latest
 
-      - name: Configure manual deploy
-        if: ${{ github.event_name == 'workflow_dispatch' }}
-        shell: bash
-        run: |
-          echo "GIT_REF=${{ github.event.inputs.ref }}" >> $GITHUB_ENV
-          echo "GIT_SHA=${{ github.event.inputs.commit }}" >> $GITHUB_ENV
-
-          if [[ "${{ github.event.inputs.environment }}" == "prod" ]]; then
-            echo "PRODUCTION=true" >> $GITHUB_ENV
-            echo "NOMAD_NAMESPACE=prod" >> $GITHUB_ENV
-          else
-            echo "PRODUCTION=false" >> $GITHUB_ENV
-            echo "NOMAD_NAMESPACE=staging" >> $GITHUB_ENV
-          fi
+      - name: Login to Fermyon Cloud
+        run: spin cloud login --token "${{ secrets.FERMYON_CLOUD_TOKEN }}"
 
-      - name: Configure auto-deploy
-        if: ${{ github.event_name == 'push' }}
-        shell: bash
-        run: |
-          echo "GIT_REF=${{ github.ref }}" >> $GITHUB_ENV
-          echo "GIT_SHA=${{ github.sha }}" >> $GITHUB_ENV
-
-          echo "PRODUCTION=true" >> $GITHUB_ENV
-          echo "NOMAD_NAMESPACE=prod" >> $GITHUB_ENV
-
-      - name: Deploy
-        shell: bash
-        run: |
-          set -euox pipefail
-
-          # purge any lingering/completed publish jobs
-          nomad job inspect publish-${{ env.JOB }} &>/dev/null && \
-            nomad stop -purge -yes publish-${{ env.JOB }}
-
-          # run the publish job
-          nomad run \
-            -var "region=${{ secrets.AWS_REGION }}" \
-            -var "git_ref=${{ env.GIT_REF }}" \
-            -var "commit_sha=${{ env.GIT_SHA }}" \
-            deploy/publish-${{ env.JOB }}.nomad
-
-          # wait for publish job to complete
-          timeout 300s bash -c 'until [[ "$(nomad job inspect publish-${{ env.JOB }} | jq -j '.Job.Status')" == "dead" ]]; do sleep 2; done'
-
-          readonly bindle_id="$(nomad logs -job publish-${{ env.JOB }} | sed -n 's/pushed: //p')"
-
-          # run/update the website job
-          nomad run \
-            -var "region=${{ secrets.AWS_REGION }}" \
-            -var "production=${{ env.PRODUCTION }}" \
-            -var "bindle_id=${bindle_id}" \
-            deploy/${{ env.JOB }}.nomad
+      - name: Deploy to Fermyon Cloud
+        uses: fermyon/actions/spin/deploy@v1
+        with:
+          run_build: true
+          fermyon_token: "${{ secrets.FERMYON_CLOUD_TOKEN }}"