[#475]: deploy to swarm action update

.deploy/blog.deploy.yml

@@ -10,7 +10,8 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.blog.rule=Host(`blog.mems.fun`)"
-        - "traefik.http.routers.blog.entrypoints=web"
+        - "traefik.http.routers.blog.entrypoints=websecure"
+        - "traefik.http.routers.blog.tls=true"
         - "traefik.http.services.blog.loadbalancer.server.port=3000"
         - "traefik.http.services.blog.loadbalancer.passhostheader=true"
       replicas: 1

.deploy/gamehub.deploy.yml

@@ -8,9 +8,10 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.gamehub-client.rule=Host(`mems.fun`)"
-        - "traefik.http.routers.gamehub-client.entrypoints=web"
+        - "traefik.http.routers.gamehub-client.entrypoints=websecure"
         - "traefik.http.services.gamehub-client.loadbalancer.server.port=3000"
         - "traefik.http.services.gamehub-client.loadbalancer.passhostheader=true"
+        - "traefik.http.routers.gamehub-client.tls=true"
       replicas: 1
       update_config:
         parallelism: 2

.deploy/ligretto.deploy.yml

@@ -19,7 +19,8 @@ services:
         - "prometheus-port=3005"
         - "traefik.enable=true"
         - "traefik.http.routers.ligretto-gameplay-backend.rule=Host(`api.ligretto.app`)"
-        - "traefik.http.routers.ligretto-gameplay-backend.entrypoints=web"
+        - "traefik.http.routers.ligretto-gameplay-backend.entrypoints=websecure"
+        - "traefik.http.routers.ligretto-gameplay-backend.tls=true"
         - "traefik.http.services.ligretto-gameplay-backend.loadbalancer.server.port=3005"
         - "traefik.http.services.ligretto-gameplay-backend.loadbalancer.passhostheader=true"
       replicas: 1
@@ -57,7 +58,8 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.ligretto-core-backend.rule=Host(`core.ligretto.app`)"
-        - "traefik.http.routers.ligretto-core-backend.entrypoints=web"
+        - "traefik.http.routers.ligretto-core-backend.entrypoints=websecure"
+        - "traefik.http.routers.ligretto-core-backend.tls=true"
         - "traefik.http.services.ligretto-core-backend.loadbalancer.server.port=3333"
         - "traefik.http.services.ligretto-core-backend.loadbalancer.passhostheader=true"
       replicas: 1
@@ -99,7 +101,8 @@ services:
         - "prometheus-port=8080"
         - "traefik.enable=true"
         - "traefik.http.routers.ligretto-bot-clj.rule=Host(`bots.ligretto.app`)"
-        - "traefik.http.routers.ligretto-bot-clj.entrypoints=web"
+        - "traefik.http.routers.ligretto-bot-clj.entrypoints=websecure"
+        - "traefik.http.routers.ligretto-bot-clj.tls=true"
         - "traefik.http.services.ligretto-bot-clj.loadbalancer.server.port=3222"
         - "traefik.http.services.ligretto-bot-clj.loadbalancer.passhostheader=true"
       replicas: 1

.github/actions/deploy-to-s3/action.yml

@@ -13,30 +13,33 @@ inputs:
   bucket:
     required: true
     description: 's3 bucket to sync'
-  backup-bucket:
-    required: true
-    description: 's3 bucket to backup'
   AWS_REGION:
     required: false
     description: 'AWS region'
-    default: 'eu-north-1'
+    default: 'ru-central1'
 
 runs:
   using: "composite"
   steps:
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1-node16
-      with:
-        aws-access-key-id: ${{ inputs.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ inputs.AWS_SECRET_ACCESS_KEY }}
-        aws-region: ${{ inputs.AWS_REGION }}
+    - name: Configure AWS
+      shell: 'bash'
+      run: |
+        mkdir ~/.aws
+        cat << 'EOF' > ~/.aws/credentials
+          [default]
+            aws_access_key_id = ${{ inputs.AWS_ACCESS_KEY_ID }}
+            aws_secret_access_key = ${{ inputs.AWS_SECRET_ACCESS_KEY }}
+            endpoint_url = https://storage.yandexcloud.net
+        EOF
+
+        cat << 'EOF' > ~/.aws/config
+          [default]
+            region = ${{ inputs.AWS_REGION }}
+        EOF
 
     - name: Upload frontend build to s3
       shell: 'bash'
       env:
         PROD_CLIENT_APP_S3_BUCKET: ${{ inputs.bucket }}
-        PROD_CLIENT_APP_S3_BUCKET_BACKUP: ${{ inputs.backup-bucket }}
       run: |
-        aws s3 sync s3://$PROD_CLIENT_APP_S3_BUCKET s3://$PROD_CLIENT_APP_S3_BUCKET_BACKUP --delete
-        aws s3 cp s3://$PROD_CLIENT_APP_S3_BUCKET/index.html s3://$PROD_CLIENT_APP_S3_BUCKET_BACKUP/index.html # aws s3 sync cant correctly invalidate index.html file
         aws s3 sync ${{ inputs.path-to-folder }} s3://$PROD_CLIENT_APP_S3_BUCKET --delete

.github/actions/deploy-to-swarm/action.yml

@@ -7,21 +7,16 @@ inputs:
   name:
     required: true
     description: "Stack name"
-  AWS_ACCESS_KEY_ID:
+  yc_folder_id:
     required: true
-    description: 'AWS_ACCESS_KEY_ID'
-  AWS_SECRET_ACCESS_KEY:
+  sa_auth_key:
     required: true
-    description: 'AWS_SECRET_ACCESS_KEY'
-  AWS_REGION:
-    required: false
-    description: 'AWS region'
-    default: 'eu-north-1'
-  docker_login:
+    description: "https://cloud.yandex.ru/en/docs/iam/concepts/authorization/key"
+  docker_registry_login:
     required: false
     default: ''
     description: 'Docker login'
-  docker_password:
+  docker_registry_password:
     required: false
     default: ''
     description: 'Docker password'
@@ -33,23 +28,31 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Install yc cli
+      shell: bash
+      id: install_yc_cli
+      run: curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash -s -- -i /opt/yandex-cloud -n && ln -s /opt/yandex-cloud/bin/yc /usr/local/bin/yc
+
+    - name: Configure yc cli
+      id: configure_yc_cli
+      shell: bash
+      run: |
+        yc config profile create worker
+        cat << 'EOF' > key.json
+        ${{ inputs.sa_auth_key }}
+        EOF
+        yc config set service-account-key key.json
+        yc config set folder-id ${{ inputs.yc_folder_id }}
+
+
     - name: Read stack file
       id: package
       uses: juliangruber/read-file-action@v1
       with:
         path: ${{ inputs.path-to-stack }}
 
-    - uses: gagoar/invoke-aws-lambda@master
-      name: Invoke deploy to swarm lambda
+    - name: Invoke deploy to swarm lambda
       id: invoke-lambda
-      with:
-        AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}
-        REGION: ${{ inputs.AWS_REGION }}
-        FunctionName: deploy-stack-lambda
-        Payload: '{ "body": {"name": "${{ inputs.name }}", "stack": ${{ toJSON(steps.package.outputs.content) }}, "dockerLogin": ${{ toJSON(inputs.docker_login) }}, "dockerPassword": ${{ toJSON(inputs.docker_password) }}, "dockerRegistry": ${{ toJSON(inputs.docker_registry) }} } }'
-
-    - name: Invoke logs
-      if: ${{ always() }}
       shell: bash
-      run: echo "${{ steps.invoke-lambda.outputs.response }}"
+      run: |
+        yc serverless function invoke deploy-stack -d '{ "body": {"name": "${{ inputs.name }}", "stack": ${{ toJSON(steps.package.outputs.content) }}, "dockerLogin": ${{ toJSON(inputs.docker_registry_login) }}, "dockerPassword": ${{ toJSON(inputs.docker_registry_password) }}, "dockerRegistry": ${{ toJSON(inputs.docker_registry) }} } }'

.github/workflows/blog-deploy.yml

@@ -11,18 +11,17 @@ on:
       - '.deploy/blog.deploy.yml'
       - '.docker/Blog_Dockerfile*'
       - '.github/workflows/blog-deploy.yml'
+      - '.github/actions/deploy-to-swarm/**'
 
-env:
-  AWS_REGION: 'eu-north-1'
 
 jobs:
 
   build-blog-image:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -51,23 +50,23 @@ jobs:
   deploy:
     needs: [build-blog-image]
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     environment:
       name: Blog-production
       url: https://blog.mems.fun
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
         name: Checkout
 
       - uses: ./.github/actions/deploy-to-swarm
         name: Deploy to swarm lambda
         with:
           path-to-stack: '.deploy/blog.deploy.yml'
           name: 'BLOG'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          docker_login: ${{ secrets.GHCR_USER }}
-          docker_password: ${{ secrets.GHCR_PULL_TOKEN }}
+          sa_auth_key: ${{ secrets.YC_WORKER_KEY }}
+          yc_folder_id: ${{ vars.YC_FOLDER_ID }}
+          docker_registry_login: ${{ secrets.GHCR_USER }}
+          docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }}
           docker_registry: 'ghcr.io'

.github/workflows/e2e.yml

@@ -10,12 +10,12 @@ on:
 jobs:
 
   e2e:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 10
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
 
       - name: Install node
         uses: actions/setup-node@v3

.github/workflows/gamehub-deploy.yml

@@ -5,24 +5,21 @@ on:
     branches:
       - master
   push:
-    branches: [ master ]
+    branches: [ master, 475-modify-deploy-to-swarm-action-to-use-with-yandex-cloud ]
     paths:
       - 'apps/gamehub-client/**'
       - '.deploy/gamehub.deploy.yml'
       - '.docker/GameHub-client_Dockerfile*'
       - '.github/workflows/gamehub-deploy.yml'
 
-env:
-  AWS_REGION: 'eu-north-1'
-
 jobs:
 
   build-gamehub-client-image:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -51,23 +48,23 @@ jobs:
   deploy:
     needs: [build-gamehub-client-image]
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     environment:
       name: GameHub-production
       url: https://mems.fun
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
         name: Checkout
 
       - uses: ./.github/actions/deploy-to-swarm
         name: Deploy to swarm lambda
         with:
           path-to-stack: '.deploy/gamehub.deploy.yml'
           name: 'GAMEHUB'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          docker_login: ${{ secrets.GHCR_USER }}
-          docker_password: ${{ secrets.GHCR_PULL_TOKEN }}
+          yc_folder_id: ${{ vars.YC_FOLDER_ID }}
+          sa_auth_key: ${{ secrets.YC_WORKER_KEY }}
+          docker_registry_login: ${{ secrets.GHCR_USER }}
+          docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }}
           docker_registry: 'ghcr.io'

.github/workflows/ligretto-deploy.yml

@@ -7,6 +7,7 @@ on:
   push:
     branches:
       - master
+      - 475-modify-deploy-to-swarm-action-to-use-with-yandex-cloud
     paths-ignore:
       - 'apps/gamehub-client/**'
       - 'apps/blog/**'
@@ -15,18 +16,15 @@ on:
       - '.docker'
       - '!.docker/Ligretto*'
 
-env:
-  AWS_REGION: 'eu-north-1'
-
 jobs:
 
   ligretto-frontend-build:
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@main
 
     - name: Install node
       uses: actions/setup-node@v3
@@ -59,11 +57,11 @@ jobs:
 
   ligretto-gameplay-backend-image:
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -91,11 +89,11 @@ jobs:
 
   ligretto-core-backend-image:
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -124,14 +122,14 @@ jobs:
   deploy:
     needs: [ligretto-gameplay-backend-image, ligretto-core-backend-image, ligretto-frontend-build]
 
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     environment:
       name: Ligretto-production
       url: https://ligretto.app
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
         name: Checkout
 
       - name: Download frontend dist
@@ -146,10 +144,10 @@ jobs:
         with:
           path-to-stack: '.deploy/ligretto.deploy.yml'
           name: 'LIGRETTO'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          docker_login: ${{ secrets.GHCR_USER }}
-          docker_password: ${{ secrets.GHCR_PULL_TOKEN }}
+          yc_folder_id: ${{ vars.YC_FOLDER_ID }}
+          sa_auth_key: ${{ secrets.YC_WORKER_KEY }}
+          docker_registry_login: ${{ secrets.GHCR_USER }}
+          docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }}
           docker_registry: 'ghcr.io'
 
       - uses: ./.github/actions/deploy-to-s3
@@ -158,6 +156,5 @@ jobs:
           path-to-folder: apps/ligretto-frontend/dist
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          bucket: 'lig-production-cdn-origin'
-          backup-bucket: 'lig-production-cdn-backup'
+          bucket: 'ligretto.app'