Add deployment to nomad

datasektionen · May 9, 2024 · a01f4a7 · a01f4a7
1 parent b1776f5
commit a01f4a7
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 16 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -5,24 +5,53 @@ on:
     branches: [ main ]
   workflow_dispatch:
 
+env:
+  NOMAD_VERSION: 1.7.7
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Git checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
-    # See the following link for documentation:
-    # https://github.com/marketplace/actions/dokku
-    - name: Push to medusa
-      uses: dokku/[email protected]
-      with:
-        ssh_private_key: ${{ secrets.MEDUSA_GLOBAL_DEPLOY_KEY }}
-        git_remote_url: ssh://[email protected]/aaallt2
-        # force might feel risky, but there is no good reason why the server
-        # should ever not be a mirror of the deploy branch. And the errors we
-        # could get otherwise would probably be nasty to deal with
-        git_push_flags: --force
+      - name: Git checkout
+        uses: actions/checkout@v4
+
+      - name: Set environment variables
+        run: |
+          cat >> "$GITHUB_ENV" <<EOF
+          latest=ghcr.io/${{ github.repository }}:latest
+          current=ghcr.io/${{ github.repository }}:$(git rev-parse --short ${{ github.sha }})
+          EOF
+
+      - name: Download Nomad
+        run: |
+          curl -LO https://releases.hashicorp.com/nomad/${{ env.NOMAD_VERSION }}/nomad_${{ env.NOMAD_VERSION }}_linux_amd64.zip
+          unzip -d /usr/local/bin nomad_${{ env.NOMAD_VERSION }}_linux_amd64.zip
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ env.latest }},${{ env.current }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Deploy to nomad
+        env:
+          NOMAD_ADDR: ${{ env.NOMAD_ADDR }}
+          NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
+          NOMAD_CACERT_CONTENTS: ${{ env.NOMAD_CACERT }}
+          NOMAD_CACERT: ./nomad_cacert.pem
+        run: |
+          echo "$NOMAD_CACERT_CONTENTS" > "$NOMAD_CACERT"
+          nomad run -var=image_tag=${{ env.current }} job.nomad.hcl
diff --git a/job.nomad.hcl b/job.nomad.hcl
@@ -0,0 +1,41 @@
+job "aaallt2" {
+  type = "service"
+
+  group "aaallt2" {
+    network {
+      port "http" { }
+    }
+
+    service {
+      name     = "aaallt2"
+      port     = "http"
+      provider = "nomad"
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.aaallt2.rule=Host(`aaallt.betasektionen.se`)",
+        "traefik.http.routers.aaallt2.entrypoints=websecure",
+        "traefik.http.routers.aaallt2.tls.certresolver=default",
+      ]
+    }
+
+    task "aaallt2" {
+      driver = "docker"
+
+      config {
+        image = var.image_tag
+        ports = ["http"]
+      }
+
+      template {
+        data        = "PORT={{ env \"NOMAD_PORT_http\" }}"
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+}
+
+variable "image_tag" {
+  type = string
+  default = "ghcr.io/datasektionen/aaallt2:latest"
+}