build-application-docker script

betagouv · Nov 12, 2024 · 794af80 · 794af80
1 parent 4fec166
commit 794af80
Show file tree

Hide file tree

Showing 8 changed files with 246 additions and 30 deletions.
diff --git a/.github/workflows/wip-deploy-ci-admin.yml b/.github/workflows/wip-deploy-ci-admin.yml
@@ -0,0 +1,89 @@
+name: (WIP) CI - Admin - Build and deploy
+
+on:
+  push:
+    paths:
+      - "admin/**"
+      - "packages/**"
+      - ".github/**" # TODO: remove
+    branches: # TODO: remove me
+      - 3577-app
+
+env:
+  ENVIRONMENT: ci
+  APP_NAME: admin
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18.20"
+
+      - uses: actions/cache@v4
+        id: cache-npm
+        with:
+          path: |
+            node_modules
+            admin/node_modules
+            packages/ds/node_modules
+            packages/lib/node_modules
+          key: ${{ runner.os }}-nodemodules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nodemodules-
+
+      - name: Install packages
+        if: steps.cache-npm.outputs.cache-hit != 'true'
+        run: npm install --only=dev
+
+      # Typescript check
+      - name: Check types
+        continue-on-error: false
+        run: npm run check-types
+
+      # ESLint check
+      - name: Lint code
+        continue-on-error: false
+        run: npm run lint
+
+  deploy:
+    needs: [test]
+    runs-on: ubuntu-latest
+    outputs:
+      release: ${{ steps.release.outputs.release }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18.20"
+
+      - name: Get release name
+        id: release
+        working-directory: devops/scripts
+        run: |
+          release=$(node get-image-tag.js ${{ github.event.after }})
+          echo "release: $release"
+          echo "release=$release" >> $GITHUB_OUTPUT
+
+      - name: Docker Build & Publish
+        working-directory: devops/scripts
+        env:
+          SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
+          SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
+          VITE_RELEASE: ${{ steps.release.outputs.release }}
+        run: |
+          node ./build-application-docker.js $ENVIRONMENT $APP_NAME --push
+
+      # - name: Deploy on Scaleway
+      #   working-directory: devops/scripts
+      #   env:
+      #     SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
+      #     SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
+      #   run: |
+      #     node ./deploy-scaleway.js $ENVIRONMENT $APP_NAME ${{ steps.release.outputs.release }}
diff --git a/.github/workflows/wip-deploy-ci-api.yml b/.github/workflows/wip-deploy-ci-api.yml
@@ -0,0 +1,89 @@
+name: (WIP) CI - API - Build and deploy
+
+on:
+  push:
+    paths:
+      - "api/**"
+      - "packages/**"
+      - ".github/**" # TODO: remove
+    branches: # TODO: remove me
+      - 3577-app
+
+env:
+  ENVIRONMENT: ci
+  APP_NAME: api
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18.20"
+
+      - uses: actions/cache@v4
+        id: cache-npm
+        with:
+          path: |
+            node_modules
+            api/node_modules
+            packages/ds/node_modules
+            packages/lib/node_modules
+          key: ${{ runner.os }}-nodemodules-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nodemodules-
+
+      - name: Install packages
+        if: steps.cache-npm.outputs.cache-hit != 'true'
+        run: npm install --only=dev
+
+      # Typescript check
+      - name: Check types
+        continue-on-error: false
+        run: npm run check-types
+
+      # ESLint check
+      - name: Lint code
+        continue-on-error: false
+        run: npm run lint
+
+  deploy:
+    needs: [test]
+    runs-on: ubuntu-latest
+    outputs:
+      release: ${{ steps.release.outputs.release }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18.20"
+
+      - name: Get release name
+        id: release
+        working-directory: devops/scripts
+        run: |
+          release=$(node get-image-tag.js ${{ github.event.after }})
+          echo "release: $release"
+          echo "release=$release" >> $GITHUB_OUTPUT
+
+      - name: Docker Build & Publish
+        working-directory: devops/scripts
+        env:
+          SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
+          SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
+          VITE_RELEASE: ${{ steps.release.outputs.release }}
+        run: |
+          node ./build-application-docker.js $ENVIRONMENT $APP_NAME --push
+
+      # - name: Deploy on Scaleway
+      #   working-directory: devops/scripts
+      #   env:
+      #     SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
+      #     SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
+      #   run: |
+      #     node ./deploy-scaleway.js $ENVIRONMENT $APP_NAME ${{ steps.release.outputs.release }}
diff --git a/.github/workflows/wip-deploy-ci-app.yml b/.github/workflows/wip-deploy-ci-app.yml
@@ -1,4 +1,4 @@
-name: (WIP) Build and deploy app on CI
+name: (WIP) CI - MonCompte - Build and deploy
 
 on:
   push:
@@ -9,6 +9,10 @@ on:
     branches: # TODO: remove me
       - 3577-app
 
+env:
+  ENVIRONMENT: ci
+  APP_NAME: app
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -38,15 +42,11 @@ jobs:
 
       # Typescript check
       - name: Check types
-        env:
-          APP_NAME: app
         continue-on-error: false
         run: npm run check-types
 
       # ESLint check
       - name: Lint code
-        env:
-          APP_NAME: app
         continue-on-error: false
         run: npm run lint
 
@@ -78,12 +78,12 @@ jobs:
           SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
           VITE_RELEASE: ${{ steps.release.outputs.release }}
         run: |
-          node ./build-front-app-docker.js ci app --push
+          node ./build-application-docker.js $ENVIRONMENT $APP_NAME --push
 
-      - name: Deploy on Scaleway
-        working-directory: devops/scripts
-        env:
-          SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
-          SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
-        run: |
-          node ./deploy-scaleway.js ci app ${{ steps.release.outputs.release }}
+      # - name: Deploy on Scaleway
+      #   working-directory: devops/scripts
+      #   env:
+      #     SCW_SECRET_KEY: ${{ secrets.SCW_CI_DEPLOY_SECRET_KEY }}
+      #     SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
+      #   run: |
+      #     node ./deploy-scaleway.js $ENVIRONMENT $APP_NAME ${{ steps.release.outputs.release }}
diff --git a/api/Dockerfile b/api/Dockerfile
@@ -51,7 +51,9 @@ ENV ENVIRONMENT=${ENVIRONMENT}
 ENV RELEASE=${RELEASE}
 
 RUN pm2 --no-daemon install --docker pm2-slack
-RUN pm2 set "pm2-slack:slack_url" "${PM2_SLACK_URL}"
+RUN --mount=type=secret,id=PM2_SLACK_URL \
+      PM2_SLACK_URL=$(cat /run/secrets/PM2_SLACK_URL) \
+      pm2 set "pm2-slack:slack_url" "${PM2_SLACK_URL}"
 RUN pm2 set "pm2-slack:servername" "PM2-ERROR-API"
 RUN pm2 set "pm2-slack:error" "false"
 

diff --git a/api/src/cryptoUtils.ts b/api/src/cryptoUtils.ts
@@ -1,5 +1,5 @@
 import * as crypto from "crypto";
-import * as config from "./config";
+import { config } from "./config";
 
 const ALGO = "aes-256-ctr";
 

diff --git a/devops/scripts/build-front-app-docker.js → devops/scripts/build-application-docker.js b/devops/scripts/build-front-app-docker.js → devops/scripts/build-application-docker.js
@@ -9,11 +9,8 @@ const {
   registryEndpoint,
 } = require("./lib/utils");
 
-const SECRET_KEYS = new Set(["SENTRY_AUTH_TOKEN"]);
-const RELEASE_KEY = "VITE_RELEASE";
-
 async function main() {
-  const input = new UserInput(`Build application MonCompte`)
+  const input = new UserInput(`Build application docker image`)
     .arg("environment", "Environment (ci, staging, production)")
     .arg("application", "Application (app, admin)")
     .optBool("push", "Push image on registry", {
@@ -30,7 +27,7 @@ async function main() {
   const config = new Config(input.environment, input.application);
   const secrets = await new GetSecrets(scaleway, {
     projectName: config.projectName(),
-    secretName: config.secretName(),
+    secretName: config.buildSecretName(),
     format: SECRET_FORMATS.ENVFILE,
   }).execute();
 
@@ -39,7 +36,10 @@ async function main() {
   };
   const values = { ...secrets, ...env }; // override secrets from env
 
-  const image = registryEndpoint(config.registry(), values[RELEASE_KEY]);
+  const image = registryEndpoint(
+    config.registry(),
+    values[config.releaseKey()]
+  );
 
   const args = [
     "build",
@@ -53,7 +53,7 @@ async function main() {
   ];
   for (const key in secrets) {
     const value = values[key];
-    if (SECRET_KEYS.has(key)) {
+    if (config.mountSecretKeys().includes(key)) {
       args.push("--secret");
       args.push(`id=${key}`);
       env[key] = value;

diff --git a/devops/scripts/build-front-app.js → devops/scripts/build-application.js b/devops/scripts/build-front-app.js → devops/scripts/build-application.js
@@ -6,7 +6,7 @@ const { childProcess } = require("./lib/utils");
 const { GetSecrets, SECRET_FORMATS } = require("./get-secrets");
 
 async function main() {
-  const input = new UserInput(`Build application MonCompte`)
+  const input = new UserInput(`Build application`)
     .arg("environment", "Environment (ci, staging, production)")
     .arg("application", "Frontend application (app, admin)")
     .env("SCW_SECRET_KEY", "Scaleway secret key")
@@ -20,7 +20,7 @@ async function main() {
   const config = new Config(input.environment, input.application);
   const secrets = await new GetSecrets(scaleway, {
     projectName: config.projectName(),
-    secretName: config.secretName(),
+    secretName: config.buildSecretName(),
     format: SECRET_FORMATS.ENVFILE,
   }).execute();
 

diff --git a/devops/scripts/lib/config.js b/devops/scripts/lib/config.js
@@ -1,12 +1,33 @@
-const ENVS = new Set(["ci", "staging", "production"]);
-const APPS = new Set(["app", "admin", "api"]);
+const ENVS = ["ci", "staging", "production"];
+const APPS = ["app", "admin", "api"];
 
+const FRONTEND_APPS = ["app", "admin"];
+
+function releaseKey(app) {
+  switch (app) {
+    case "app":
+    case "admin":
+      return "VITE_RELEASE";
+    default:
+      return "RELEASE";
+  }
+}
+
+function mountSecretKeys(app) {
+  switch (app) {
+    case "app":
+    case "admin":
+      return ["SENTRY_AUTH_TOKEN"];
+    default:
+      return ["PM2_SLACK_URL"];
+  }
+}
 class Config {
   constructor(environment, application) {
-    if (!ENVS.has(environment)) {
+    if (!ENVS.includes(environment)) {
       throw new Error(`Unknown environment: ${environment}`);
     }
-    if (!APPS.has(application)) {
+    if (!APPS.includes(application)) {
       throw new Error(`Unknown application: ${application}`);
     }
     this.env = environment;
@@ -25,13 +46,28 @@ class Config {
     return `snu-${this.env}`;
   }
 
-  secretName() {
-    return `${this.env}-${this.app}`;
+  runSecretName() {
+    if (FRONTEND_APPS.includes(this.app)) {
+      throw new Error("No runtime configuration for frontend applications");
+    }
+    return `${this.env}-${this.app}-run`;
+  }
+
+  buildSecretName() {
+    return `${this.env}-${this.app}-build`;
   }
 
   registry() {
     return `rg.fr-par.scw.cloud/snu-${this.env}/${this.app}`;
   }
+
+  releaseKey() {
+    return releaseKey(this.app);
+  }
+
+  mountSecretKeys() {
+    return mountSecretKeys(this.app);
+  }
 }
 
 module.exports = {