Merge pull request #185 from Kerosene-Labs/BIL-6-update-fixed

BIL-6: initial new main workflow
Kerosene-Labs · Jan 2, 2025 · 16fd0f8 · 16fd0f8
2 parents e22bc6d + 6a1ec94
commit 16fd0f8
Show file tree

Hide file tree

Showing 4 changed files with 241 additions and 20 deletions.
diff --git a/.github/actions/remote-command/action.yml b/.github/actions/remote-command/action.yml
@@ -1,20 +1,38 @@
 name: Remote Command
 description: Run a command on one of our servers.
+
 inputs:
-  server:
-    description: Name of the server
+  # bastion
+  bastion_private_key:
+    description: The private SSH key of the bastion
+    required: true
+  bastion_ssh_user:
+    description: The user of the bastion
+    required: true
+  bastion_ssh_host:
+    description: The host of the bastion
+    required: true
+
+  # deployment server
+  deployment_private_key:
+    description: The private SSH key for the deployment server
     required: true
-  user:
+  deployment_ssh_user:
     description: Name of the user on the server
     required: true
+  deployment_server:
+    description: Name of the server
+    required: true
+
+  # other
   command:
-    description: Shell command to run for develop
+    description: Shell command to run
     required: true
 runs:
   using: composite
   steps:
     - name: Write Keys
-      run: mkdir -p ~/.ssh && echo "${{secrets.BASTION_PRIVATE_KEY}}" >> ~/.ssh/bastion && echo "${{secrets.DEPLOYMENT_PRIVATE_KEY}}" >> ~/.ssh/deployment
+      run: mkdir -p ~/.ssh && echo "${{ inputs.bastion_private_key}}" >> ~/.ssh/bastion && echo "${{ inputs.deployment_private_key}}" >> ~/.ssh/deployment
       shell: bash
 
     - name: Set Key Permissions
@@ -31,9 +49,9 @@ runs:
       shell: bash
 
     - name: Acknowledge Host Key on Bastion
-      run: ssh -T -i ~/.ssh/bastion -o "StrictHostKeyChecking no" -p 2222 ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}
+      run: ssh -T -i ~/.ssh/bastion -o "StrictHostKeyChecking no" -p 2222 ${{ inputs.bastion_ssh_user}}@${{ inputs.bastion_ssh_host}}
       shell: bash
 
     - name: Run Command
-      run: ssh -o "StrictHostKeyChecking no" -A -J ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}:2222 ${{inputs.user}}@${{inputs.server}}.kerosenelabs.com "${{inputs.command}}"
+      run: ssh -o "StrictHostKeyChecking no" -A -J ${{ inputs.bastion_ssh_user }}@${{ inputs.bastion_ssh_host}}:2222 ${{ inputs.deployment_ssh_user }}@${{ inputs.deployment_server }}.kerosenelabs.com "${{ inputs.command }}"
       shell: bash
diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
@@ -1,10 +1,8 @@
-name: Build
+name: CI/CD - Develop
 on:
   push:
     branches:
       - develop
-    tags:
-      - "v*"
 
 jobs:
   backend_dist:
@@ -111,12 +109,9 @@ jobs:
       - name: Set Target
         uses: ./.github/actions/set-target
 
-      - name: Build Distributable for Target
-        uses: ./.github/actions/target-specific-command
-        with:
-          working_directory: ./frontend
-          production: npm run build -- --mode=production
-          develop: npm run build -- --mode=develop
+      - name: Build Distributable
+        run: npm run build -- --mode=develop
+
       - run: ls
       - name: Upload Artifact
         uses: actions/upload-artifact@v4
@@ -166,17 +161,25 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-  frontend_deploy:
+  deploy:
     runs-on: ubuntu-24.04
     defaults:
       run:
         working-directory: ./frontend
     needs:
       - frontend_oci_image
+      - backend_oci_image
+    environment: develop
     steps:
+      - uses: actions/checkout@v4
+
       - name: Remote Command on Infrastructure
         uses: ./.github/actions/remote-command
         with:
-          server: mars1d
-          user: infra
-          command: ls
+          bastion_private_key: ${{ secrets.BASTION_PRIVATE_KEY }}
+          bastion_ssh_user: ${{ secrets.BASTION_SSH_USER }}
+          bastion_ssh_host: ${{ secrets.BASTION_HOST }}
+          deployment_private_key: ${{secrets.DEPLOYMENT_PRIVATE_KEY}}
+          deployment_ssh_user: infra
+          deployment_server: mars1d
+          command: cd billtracker && docker compose pull frontend backend && docker compose up frontend backend -d
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,185 @@
+name: CI/CD - Production
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  backend_dist:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      actions: read
+      security-events: write
+    defaults:
+      run:
+        working-directory: ./backend
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: "21"
+          distribution: "corretto"
+          server-id: github
+          settings-path: ${{ github.workspace }}
+          cache: "maven"
+
+      - name: Cache Maven dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Build with Maven
+        run: ./mvnw -B package --file pom.xml
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: backend
+          path: |
+            ./backend/target/billtracker-backend-1.0.0.jar
+  
+  backend_oci_image:
+    runs-on: ubuntu-24.04
+    defaults:
+      run:
+        working-directory: ./backend
+    needs:
+      - backend_dist
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.ACCESS_TOKEN }}
+
+      - name: Set Target
+        uses: ./.github/actions/set-target
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: backend
+          path: ./backend
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./backend
+          push: true
+          tags: ghcr.io/kerosene-labs/billtracker-backend:${{ env.TARGET }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  frontend_dist:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      actions: read
+      security-events: write
+    defaults:
+      run:
+        working-directory: ./frontend
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      
+      - name: Install NPM Packages
+        run: npm i
+
+      - name: Set Target
+        uses: ./.github/actions/set-target
+
+      - name: Build Distributable
+        run: npm run build -- --mode=production
+
+      - run: ls
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend
+          path: ./frontend/build
+
+  frontend_oci_image:
+    runs-on: ubuntu-24.04
+    defaults:
+      run:
+        working-directory: ./frontend
+    needs:
+      - frontend_dist
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.ACCESS_TOKEN }}
+
+      - name: Set Target
+        uses: ./.github/actions/set-target
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: frontend
+          path: ./frontend/build
+
+      - name: Install NPM Packages
+        run: npm i
+
+      - run: ls
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./frontend
+          push: true
+          tags: ghcr.io/kerosene-labs/billtracker-frontend:${{ env.TARGET }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  deploy:
+    runs-on: ubuntu-24.04
+    defaults:
+      run:
+        working-directory: ./frontend
+    needs:
+      - frontend_oci_image
+      - backend_oci_image
+    environment: develop
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Remote Command on Infrastructure
+        uses: ./.github/actions/remote-command
+        with:
+          bastion_private_key: ${{ secrets.BASTION_PRIVATE_KEY }}
+          bastion_ssh_user: ${{ secrets.BASTION_SSH_USER }}
+          bastion_ssh_host: ${{ secrets.BASTION_HOST }}
+          deployment_private_key: ${{secrets.DEPLOYMENT_PRIVATE_KEY}}
+          deployment_ssh_user: infra
+          deployment_server: mars1d
+          command: cd billtracker && docker compose pull frontend backend && docker compose up frontend backend -d
diff --git a/scripts/mr_create_merge.sh b/scripts/mr_create_merge.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+BASE_BRANCH="develop"
+FEATURE_BRANCH="BIL-6-update-fixed"
+PR_TITLE="BIL-6: Building Workflow"
+PR_BODY="Building workflow"
+
+PR_URL=$(gh pr create --base "$BASE_BRANCH" --head "$FEATURE_BRANCH" --title "$PR_TITLE" --body "$PR_BODY" | grep "https")
+
+echo "Pull request created: $PR_URL"
+
+# Merge the pull request
+gh pr merge "$PR_URL" --merge --admin
+echo "Pull request merged and branch deleted."