diff --git a/.deploy/blog.deploy.yml b/.deploy/blog.deploy.yml index 58acd194..bdfb4eab 100644 --- a/.deploy/blog.deploy.yml +++ b/.deploy/blog.deploy.yml @@ -10,7 +10,8 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.blog.rule=Host(`blog.mems.fun`)" - - "traefik.http.routers.blog.entrypoints=web" + - "traefik.http.routers.blog.entrypoints=websecure" + - "traefik.http.routers.blog.tls=true" - "traefik.http.services.blog.loadbalancer.server.port=3000" - "traefik.http.services.blog.loadbalancer.passhostheader=true" replicas: 1 diff --git a/.deploy/gamehub.deploy.yml b/.deploy/gamehub.deploy.yml index 0079bc2a..f4bfc8fa 100644 --- a/.deploy/gamehub.deploy.yml +++ b/.deploy/gamehub.deploy.yml @@ -8,9 +8,10 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.gamehub-client.rule=Host(`mems.fun`)" - - "traefik.http.routers.gamehub-client.entrypoints=web" + - "traefik.http.routers.gamehub-client.entrypoints=websecure" - "traefik.http.services.gamehub-client.loadbalancer.server.port=3000" - "traefik.http.services.gamehub-client.loadbalancer.passhostheader=true" + - "traefik.http.routers.gamehub-client.tls=true" replicas: 1 update_config: parallelism: 2 diff --git a/.deploy/ligretto.deploy.yml b/.deploy/ligretto.deploy.yml index d5ba3c83..e3acd73b 100644 --- a/.deploy/ligretto.deploy.yml +++ b/.deploy/ligretto.deploy.yml @@ -19,7 +19,8 @@ services: - "prometheus-port=3005" - "traefik.enable=true" - "traefik.http.routers.ligretto-gameplay-backend.rule=Host(`api.ligretto.app`)" - - "traefik.http.routers.ligretto-gameplay-backend.entrypoints=web" + - "traefik.http.routers.ligretto-gameplay-backend.entrypoints=websecure" + - "traefik.http.routers.ligretto-gameplay-backend.tls=true" - "traefik.http.services.ligretto-gameplay-backend.loadbalancer.server.port=3005" - "traefik.http.services.ligretto-gameplay-backend.loadbalancer.passhostheader=true" replicas: 1 @@ -57,7 +58,8 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.ligretto-core-backend.rule=Host(`core.ligretto.app`)" - - "traefik.http.routers.ligretto-core-backend.entrypoints=web" + - "traefik.http.routers.ligretto-core-backend.entrypoints=websecure" + - "traefik.http.routers.ligretto-core-backend.tls=true" - "traefik.http.services.ligretto-core-backend.loadbalancer.server.port=3333" - "traefik.http.services.ligretto-core-backend.loadbalancer.passhostheader=true" replicas: 1 @@ -99,7 +101,8 @@ services: - "prometheus-port=8080" - "traefik.enable=true" - "traefik.http.routers.ligretto-bot-clj.rule=Host(`bots.ligretto.app`)" - - "traefik.http.routers.ligretto-bot-clj.entrypoints=web" + - "traefik.http.routers.ligretto-bot-clj.entrypoints=websecure" + - "traefik.http.routers.ligretto-bot-clj.tls=true" - "traefik.http.services.ligretto-bot-clj.loadbalancer.server.port=3222" - "traefik.http.services.ligretto-bot-clj.loadbalancer.passhostheader=true" replicas: 1 diff --git a/.github/actions/deploy-to-s3/action.yml b/.github/actions/deploy-to-s3/action.yml index 2d1d20f3..1b0bcf58 100644 --- a/.github/actions/deploy-to-s3/action.yml +++ b/.github/actions/deploy-to-s3/action.yml @@ -13,30 +13,33 @@ inputs: bucket: required: true description: 's3 bucket to sync' - backup-bucket: - required: true - description: 's3 bucket to backup' AWS_REGION: required: false description: 'AWS region' - default: 'eu-north-1' + default: 'ru-central1' runs: using: "composite" steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-access-key-id: ${{ inputs.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ inputs.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ inputs.AWS_REGION }} + - name: Configure AWS + shell: 'bash' + run: | + mkdir ~/.aws + cat << 'EOF' > ~/.aws/credentials + [default] + aws_access_key_id = ${{ inputs.AWS_ACCESS_KEY_ID }} + aws_secret_access_key = ${{ inputs.AWS_SECRET_ACCESS_KEY }} + endpoint_url = https://storage.yandexcloud.net + EOF + + cat << 'EOF' > ~/.aws/config + [default] + region = ${{ inputs.AWS_REGION }} + EOF - name: Upload frontend build to s3 shell: 'bash' env: PROD_CLIENT_APP_S3_BUCKET: ${{ inputs.bucket }} - PROD_CLIENT_APP_S3_BUCKET_BACKUP: ${{ inputs.backup-bucket }} run: | - aws s3 sync s3://$PROD_CLIENT_APP_S3_BUCKET s3://$PROD_CLIENT_APP_S3_BUCKET_BACKUP --delete - aws s3 cp s3://$PROD_CLIENT_APP_S3_BUCKET/index.html s3://$PROD_CLIENT_APP_S3_BUCKET_BACKUP/index.html # aws s3 sync cant correctly invalidate index.html file aws s3 sync ${{ inputs.path-to-folder }} s3://$PROD_CLIENT_APP_S3_BUCKET --delete diff --git a/.github/actions/deploy-to-swarm/action.yml b/.github/actions/deploy-to-swarm/action.yml index 6b4d121e..a624e259 100644 --- a/.github/actions/deploy-to-swarm/action.yml +++ b/.github/actions/deploy-to-swarm/action.yml @@ -7,21 +7,16 @@ inputs: name: required: true description: "Stack name" - AWS_ACCESS_KEY_ID: + yc_folder_id: required: true - description: 'AWS_ACCESS_KEY_ID' - AWS_SECRET_ACCESS_KEY: + sa_auth_key: required: true - description: 'AWS_SECRET_ACCESS_KEY' - AWS_REGION: - required: false - description: 'AWS region' - default: 'eu-north-1' - docker_login: + description: "https://cloud.yandex.ru/en/docs/iam/concepts/authorization/key" + docker_registry_login: required: false default: '' description: 'Docker login' - docker_password: + docker_registry_password: required: false default: '' description: 'Docker password' @@ -33,23 +28,31 @@ inputs: runs: using: "composite" steps: + - name: Install yc cli + shell: bash + id: install_yc_cli + run: curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash -s -- -i /opt/yandex-cloud -n && ln -s /opt/yandex-cloud/bin/yc /usr/local/bin/yc + + - name: Configure yc cli + id: configure_yc_cli + shell: bash + run: | + yc config profile create worker + cat << 'EOF' > key.json + ${{ inputs.sa_auth_key }} + EOF + yc config set service-account-key key.json + yc config set folder-id ${{ inputs.yc_folder_id }} + + - name: Read stack file id: package uses: juliangruber/read-file-action@v1 with: path: ${{ inputs.path-to-stack }} - - uses: gagoar/invoke-aws-lambda@master - name: Invoke deploy to swarm lambda + - name: Invoke deploy to swarm lambda id: invoke-lambda - with: - AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }} - REGION: ${{ inputs.AWS_REGION }} - FunctionName: deploy-stack-lambda - Payload: '{ "body": {"name": "${{ inputs.name }}", "stack": ${{ toJSON(steps.package.outputs.content) }}, "dockerLogin": ${{ toJSON(inputs.docker_login) }}, "dockerPassword": ${{ toJSON(inputs.docker_password) }}, "dockerRegistry": ${{ toJSON(inputs.docker_registry) }} } }' - - - name: Invoke logs - if: ${{ always() }} shell: bash - run: echo "${{ steps.invoke-lambda.outputs.response }}" + run: | + yc serverless function invoke deploy-stack -d '{ "body": {"name": "${{ inputs.name }}", "stack": ${{ toJSON(steps.package.outputs.content) }}, "dockerLogin": ${{ toJSON(inputs.docker_registry_login) }}, "dockerPassword": ${{ toJSON(inputs.docker_registry_password) }}, "dockerRegistry": ${{ toJSON(inputs.docker_registry) }} } }' diff --git a/.github/workflows/blog-deploy.yml b/.github/workflows/blog-deploy.yml index 33abccf9..f72fc736 100644 --- a/.github/workflows/blog-deploy.yml +++ b/.github/workflows/blog-deploy.yml @@ -11,18 +11,17 @@ on: - '.deploy/blog.deploy.yml' - '.docker/Blog_Dockerfile*' - '.github/workflows/blog-deploy.yml' + - '.github/actions/deploy-to-swarm/**' -env: - AWS_REGION: 'eu-north-1' jobs: build-blog-image: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -51,14 +50,14 @@ jobs: deploy: needs: [build-blog-image] - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 environment: name: Blog-production url: https://blog.mems.fun steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@main name: Checkout - uses: ./.github/actions/deploy-to-swarm @@ -66,8 +65,8 @@ jobs: with: path-to-stack: '.deploy/blog.deploy.yml' name: 'BLOG' - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - docker_login: ${{ secrets.GHCR_USER }} - docker_password: ${{ secrets.GHCR_PULL_TOKEN }} + sa_auth_key: ${{ secrets.YC_WORKER_KEY }} + yc_folder_id: ${{ vars.YC_FOLDER_ID }} + docker_registry_login: ${{ secrets.GHCR_USER }} + docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }} docker_registry: 'ghcr.io' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index c07d4594..fa881e4c 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -10,12 +10,12 @@ on: jobs: e2e: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 timeout-minutes: 10 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Install node uses: actions/setup-node@v3 diff --git a/.github/workflows/gamehub-deploy.yml b/.github/workflows/gamehub-deploy.yml index a9f8a4b2..eae409f8 100644 --- a/.github/workflows/gamehub-deploy.yml +++ b/.github/workflows/gamehub-deploy.yml @@ -5,24 +5,21 @@ on: branches: - master push: - branches: [ master ] + branches: [ master, 475-modify-deploy-to-swarm-action-to-use-with-yandex-cloud ] paths: - 'apps/gamehub-client/**' - '.deploy/gamehub.deploy.yml' - '.docker/GameHub-client_Dockerfile*' - '.github/workflows/gamehub-deploy.yml' -env: - AWS_REGION: 'eu-north-1' - jobs: build-gamehub-client-image: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -51,14 +48,14 @@ jobs: deploy: needs: [build-gamehub-client-image] - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 environment: name: GameHub-production url: https://mems.fun steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@main name: Checkout - uses: ./.github/actions/deploy-to-swarm @@ -66,8 +63,8 @@ jobs: with: path-to-stack: '.deploy/gamehub.deploy.yml' name: 'GAMEHUB' - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - docker_login: ${{ secrets.GHCR_USER }} - docker_password: ${{ secrets.GHCR_PULL_TOKEN }} + yc_folder_id: ${{ vars.YC_FOLDER_ID }} + sa_auth_key: ${{ secrets.YC_WORKER_KEY }} + docker_registry_login: ${{ secrets.GHCR_USER }} + docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }} docker_registry: 'ghcr.io' diff --git a/.github/workflows/ligretto-deploy.yml b/.github/workflows/ligretto-deploy.yml index 900f1eb0..8407b382 100644 --- a/.github/workflows/ligretto-deploy.yml +++ b/.github/workflows/ligretto-deploy.yml @@ -7,6 +7,7 @@ on: push: branches: - master + - 475-modify-deploy-to-swarm-action-to-use-with-yandex-cloud paths-ignore: - 'apps/gamehub-client/**' - 'apps/blog/**' @@ -15,18 +16,15 @@ on: - '.docker' - '!.docker/Ligretto*' -env: - AWS_REGION: 'eu-north-1' - jobs: ligretto-frontend-build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Install node uses: actions/setup-node@v3 @@ -59,11 +57,11 @@ jobs: ligretto-gameplay-backend-image: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -91,11 +89,11 @@ jobs: ligretto-core-backend-image: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -124,14 +122,14 @@ jobs: deploy: needs: [ligretto-gameplay-backend-image, ligretto-core-backend-image, ligretto-frontend-build] - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 environment: name: Ligretto-production url: https://ligretto.app steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@main name: Checkout - name: Download frontend dist @@ -146,10 +144,10 @@ jobs: with: path-to-stack: '.deploy/ligretto.deploy.yml' name: 'LIGRETTO' - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - docker_login: ${{ secrets.GHCR_USER }} - docker_password: ${{ secrets.GHCR_PULL_TOKEN }} + yc_folder_id: ${{ vars.YC_FOLDER_ID }} + sa_auth_key: ${{ secrets.YC_WORKER_KEY }} + docker_registry_login: ${{ secrets.GHCR_USER }} + docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }} docker_registry: 'ghcr.io' - uses: ./.github/actions/deploy-to-s3 @@ -158,6 +156,5 @@ jobs: path-to-folder: apps/ligretto-frontend/dist AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - bucket: 'lig-production-cdn-origin' - backup-bucket: 'lig-production-cdn-backup' + bucket: 'ligretto.app' diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index e15558ef..adc41f16 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -13,11 +13,11 @@ jobs: lint: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Install node uses: actions/setup-node@v3 @@ -36,11 +36,11 @@ jobs: tests: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Install node uses: actions/setup-node@v3 @@ -72,11 +72,11 @@ jobs: tsc: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Install node uses: actions/setup-node@v3 @@ -114,12 +114,12 @@ jobs: --health-timeout 5s --health-retries 5 - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 timeout-minutes: 10 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@main - name: Install node uses: actions/setup-node@v3 diff --git a/.vscode/settings.json b/.vscode/settings.json index 6c0c5d03..555581d7 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -18,6 +18,6 @@ "cSpell.words": ["injectable", "nestjs", "postgres", "styleguide", "typeorm"], "gitlens.advanced.blame.customArguments": [], "editor.codeActionsOnSave": { - "source.fixAll.eslint": true + "source.fixAll.eslint": "explicit" } }