Kubernetes Builds

.env.sample

@@ -0,0 +1,59 @@
+ENVIRONMENT=dev
+SECURITY_KEY=
+
+# For Craft Postgres DB
+DB_DSN=pgsql:host=postgres;dbname=craft
+DB_SERVER=postgres
+DB_NAME=
+DB_USER=
+DB_PASSWORD=
+DB_DATABASE=
+DB_SCHEMA=public
+DB_DRIVER=pgsql
+DB_PORT=5432
+
+ENABLE_MEMCACHED="true"
+MEMCACHED_IP=cache
+
+# For Google Storage Assets
+GCP_PROJECT_ID=
+GCS_GENERAL_BUCKET=
+GCS_HEROES_BUCKET=
+GCS_CONTENT_BUCKET=
+GCS_CALLOUTS_BUCKET=
+GCS_STAFF_BUCKET=
+
+# For required and custom Craft aliases
+PRIMARY_SITE_URL=http://localhost:8080
+WEB_BASE_URL=http://localhost:3000
+ALIAS_PREVIEW_URL_FORMAT=http://localhost:3000/api/preview?site={site}&entryUid={sourceUid}
+
+# For AWS Assets
+AWS_ASSET_KEY_ID=
+AWS_ASSET_SECRET_KEY=
+AWS_ASSET_S3_BUCKET=
+AWS_ASSET_S3_REGION=
+AWS_ASSET_S3_ASSET_VARIANT_SUBFOLDER=
+
+# For contact form
+EMAIL_FROM_ADDRESS=
+EMAIL_REPLY_TO_ADDRESS=
+EMAIL_SENDER_NAME=
+EMAIL_HTML_EMAIL_TEMPLATE=
+
+EMAIL_SMTP_HOST_NAME=
+EMAIL_SMTP_PORT=
+EMAIL_SMTP_USERNAME=
+EMAIL_SMTP_PASSWORD=
+
+# For GraphQL Authentication
+GOOGLE_APP_ID=
+GOOGLE_APP_SECRET=
+
+FACEBOOK_APP_ID=
+FACEBOOK_APP_SECRET=
+FACEBOOK_APP_REDIRECT_URL=
+
+# FE User account management paths
+VERIFY_EMAIL_PATH=http://localhost:3000/?activate=true
+SET_PASSWORD_PATH=http://localhost:3000/?set_password=true

.github/workflows/build-and-push.yaml

@@ -0,0 +1,157 @@
+name: Build, Push, and Deploy
+
+on:
+  push:
+    branches:
+       - 'develop'
+       - 'master'
+    tags:
+      - 'v.*'
+  pull_request:
+    types:
+      - 'opened'
+      - 'synchronize'
+      - 'reopened'
+      - 'closed'
+    branches:
+      - 'develop'
+      - 'master'
+
+jobs:
+  build:
+    name: Build Container Image
+    runs-on: ubuntu-latest
+    outputs:
+      image_tag: ${{ steps.deploy-info.outputs.image_tag }}
+      image_name: ${{ steps.deploy-info.outputs.image_name }}
+      environment_name: ${{ steps.deploy-info.outputs.environment_name }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            gcr.io/skyviewer/rubinobs-api,enable=${{ github.ref != 'master' && github.ref_type != 'tag' && github.base_ref == 'develop' }}
+            gcr.io/edc-int-6c5e/rubinobs-api,enable=${{ github.ref == 'master' || github.base_ref == 'master'}}
+            gcr.io/edc-prod-eef0/rubinobs-api,enable=${{ github.ref_type == 'tag'}}
+          flavor: |
+            latest=${{ github.event_name == 'push'}}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+      -
+        name: Parse deployment info
+        id: deploy-info
+        run: |
+          # Determine environment to deploy to
+          if ${{ github.ref != 'master' && github.ref_type != 'tag' && github.base_ref == 'develop' }}; then
+            environment_name="dev"
+            credentials_json='${{ secrets.DEV_SA_KEY }}'
+          elif ${{ github.ref == 'master' || github.base_ref == 'master'}}; then
+            environment_name="int"
+            credentials_json='${{ secrets.SKYVIEWER_INT_SERVICE_ACCOUNT }}'
+          elif ${{ github.ref_type == 'tag'}}; then
+            environment_name="prod"
+            credentials_json='${{ secrets.PIPELINE_EPO_PROD_PROJECT }}'
+          else
+            environment_name=""
+            credentials_json=""
+          fi
+          echo environment_name=$environment_name >> "$GITHUB_OUTPUT"
+          echo credentials_json=$credentials_json >> "$GITHUB_OUTPUT"
+
+          # Parse container image tag to deploy
+          full_tag=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[] | limit(1; select(. | test(":sha-|:v.")))')
+          echo "Will use tag \"$full_tag\" for deployment."
+          echo image_tag=$(echo "$full_tag" | cut -f2 -d:) >> "$GITHUB_OUTPUT"
+          echo image_name=$(echo "$full_tag" | cut -f1 -d:) >> "$GITHUB_OUTPUT"
+          echo full_tag=$full_tag >> "$GITHUB_OUTPUT"
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - 
+        name: Login to GCP
+        uses: 'google-github-actions/auth@v2'
+        with:
+          credentials_json: ${{ steps.deploy-info.outputs.credentials_json }}
+      - 
+        name: 'Set up Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v2'
+      - 
+        run: gcloud --quiet auth configure-docker
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-to: |
+            type=gha
+          cache-from: |
+            type=gha
+          build-args: |
+            BASE_TAG=k8s
+      - 
+        name: Summary
+        run: |
+          cat <<-EOT >> "$GITHUB_STEP_SUMMARY"
+            # Container Build Completed
+
+            ## Tags
+            ${{ steps.meta.outputs.tags }}
+          EOT
+
+  deploy:
+    name: Trigger deploy to ${{ needs.build.outputs.environment_name }}
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate Webhook Payload
+        id: payload
+        run: |-
+          PARAMETERS=(
+            api.image.tag=${{ needs.build.outputs.image_tag }}
+            api.image.repository=${{ needs.build.outputs.image_name }}
+          )
+          DATA="{
+            \"app_name\": \"rubinobs-site\",
+            \"environment_name\": \"${{ needs.build.outputs.environment_name }}\",
+            \"parameters\": $(jq -c -n '$ARGS.positional' --args ${PARAMETERS[@]})
+          }"
+          echo "data=$(echo $DATA | jq -rc '.')" >> "$GITHUB_OUTPUT"
+      - uses: lasith-kg/[email protected]
+        id: dispatch
+        name: Trigger Deployment
+        with:
+          dispatch-method: repository_dispatch
+          repo: edc-deploy
+          owner: lsst-epo
+          event-type: app_update_values 
+          token: ${{ secrets.EDC_DEPLOY_GITHUB_TOKEN_FOR_REST_API }} 
+          workflow-inputs: ${{ steps.payload.outputs.data }}
+          discover: true
+      - name: Await Run ID ${{ steps.dispatch.outputs.run-id }}
+        uses: Codex-/[email protected]
+        with:
+          token: ${{ secrets.EDC_DEPLOY_GITHUB_TOKEN_FOR_REST_API }}
+          repo: edc-deploy
+          owner: lsst-epo
+          run_id: ${{ steps.dispatch.outputs.run-id }}
+          run_timeout_seconds: 1500

.github/workflows/deploy-gke.yaml

@@ -0,0 +1,156 @@
+name: Deploy to GKE
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: The environment to deploy to (prod, int, or dev)
+        type: string
+        required: true
+      image_tag:
+        description: The container image tag to deploy
+        type: string
+        required: false
+        default: latest
+      image_name:
+        description: The repo URL (minus the tag) of the container image to deploy
+        type: string
+        required: true
+      preview:
+        description: A boolean indicating if this is a preview deployment
+        type: boolean
+        required: false
+        default: false
+      application_name:
+        description: The name of the application to deploy (e.g. 'rubinobs-site')
+        type: string
+        required: false
+        default: rubinobs-site
+
+concurrency: ${{ inputs.environment }}-deploy
+
+env:
+  MANIFEST_FILENAME: ${{ inputs.application_name }}-${{inputs.environment}}-${{ github.sha }}.yaml
+
+jobs:
+  generate-manifest:
+    name: Make App Manifest
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Make Sync Patch File
+        if: ${{ !inputs.preview }}
+        run: |
+          cat <<-EOF > ${{ env.MANIFEST_FILENAME }}
+            spec:
+              source:
+                helm:
+                  parameters:
+                    - name: api.image.tag
+                      value: ${{ inputs.image_tag }}
+                    - name: api.image.repository
+                      value: ${{ inputs.image_name }}
+              info: 
+                - name: api-repo-url
+                  value: ${{ github.repositoryUrl }}
+                - name: api-commit
+                  value: ${{ github.sha }}
+                - name: api-ref
+                  value: ${{ github.ref }}
+            operation:
+              initiatedBy:
+                username: ${{ github.actor }}
+              sync:
+                resources:
+                  - kind: Deployment
+                    group: apps
+                    name: edc-${{ inputs.environment }}-${{ inputs.application_name }}-api
+                    namespace: rubinobs
+                syncStrategy:
+                  hook: {}
+          EOF
+
+      # -
+      #   name: Make Preview Version Manifest
+      #   if: ${{ inputs.preview }}
+      #   run: |
+      #     cat <<-EOF > ${{ env.MANIFEST_FILENAME }}
+      #         apiVersion: argoproj.io/v1alpha1
+      #         kind: Application
+      #         metadata:
+      #           name: edc-${{ inputs.environment }}-${{ inputs.application_name }}-preview-${{ github.ref }}
+      #           namespace: argocd
+      #         spec:
+      #           source:
+      #             repoURL: '[email protected]:lsst-epo/edc-deploy.git'
+      #             path: environment/applications/epo-site/charts/epo-api
+      #             targetRevision: master
+      #             helm:
+      #               parameters:
+      #                 - name: test
+      #                   value: test
+      #           destination:
+      #             server: 'https://kubernetes.default.svc'
+      #             namespace: rubinobs
+      #         operation:
+      #           initiatedBy:
+      #             username: ${{ github.actor }}
+      #           sync:
+      #             syncStrategy:
+      #               hook: {}
+      #       EOF
+
+      -
+        uses: actions/upload-artifact@v4
+        with:
+          path: ${{ env.MANIFEST_FILENAME }}
+          name: deployment-manifest
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - 
+        name: Login to GCP Int
+        uses: 'google-github-actions/auth@v2'
+        if: ${{ inputs.environment == 'int'}}
+        with:
+          credentials_json: ${{ secrets.SKYVIEWER_INT_SERVICE_ACCOUNT }}
+
+      - 
+        name: Login to GCP Prod
+        uses: 'google-github-actions/auth@v2'
+        if: ${{ inputs.environment == 'prod'}}
+        with:
+          credentials_json: ${{ secrets.PIPELINE_EPO_PROD_PROJECT  }}
+
+      - 
+        name: 'Set up Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v2'
+
+      - 
+        name: Get Int Cluster Credentials
+        uses: 'google-github-actions/get-gke-credentials@v2'
+        if: ${{ inputs.environment == 'int' }}
+        with:
+          cluster_name: gke-ap-edc-int
+          location: us-central1
+
+      - 
+        name: Get Prod Cluster Credentials
+        uses: 'google-github-actions/get-gke-credentials@v2'
+        if: ${{ inputs.environment == 'prod' }}
+        with:
+          cluster_name: gke-ap-edc-prod
+          location: us-central1
+
+      -
+        name: Download Manifest
+        id: download
+        uses: actions/download-artifact@v4
+        with:
+          name: deployment-manifest
+
+      -
+        name: Apply Application Manifest
+        run: |
+          kubectl patch -n argocd app edc-${{ inputs.environment }}-${{ inputs.application_name }} \
+            --patch-file ${{ steps.download.outputs.download-path }}/${{ env.MANIFEST_FILENAME }}

Dockerfile

@@ -22,4 +22,4 @@ RUN mkdir /var/secrets && [ -d ./storage ] || mkdir storage
 
 USER www-data
 
-CMD ["supervisord"]
+CMD ["supervisord"]

api/composer.json

@@ -15,7 +15,8 @@
         "venveo/craft-bulkedit": "4.0.1",
         "verbb/super-table": "3.0.9",
         "vlucas/phpdotenv": "^3.4.0",
-        "wrav/oembed": "^2.2.2"
+        "wrav/oembed": "^2.2.2",
+        "yiisoft/yii2-redis": "^2.0"
     },
     "repositories": [
         {