fix(ci): autodevops-helm

SocialGouv · Feb 23, 2022 · eff3e9e · eff3e9e
2 parents 6b40106 + 3956c8e
commit eff3e9e
Show file tree

Hide file tree

Showing 10 changed files with 38 additions and 55 deletions.
diff --git a/.github/dev.env b/.github/dev.env
diff --git a/.github/preprod.env b/.github/preprod.env
diff --git a/.github/prod.env b/.github/prod.env
diff --git a/.github/workflows/preproduction.yml b/.github/workflows/preproduction.yml
@@ -28,35 +28,24 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           imageName: monsuivipsy/monsuivipsy-site
 
-  ##############################################################################
-  ## GENERATE KUBERNETES MANIFESTS
-  ##############################################################################
-  manifests:
-    name: Generate k8s manifests
-    runs-on: ubuntu-latest
-    steps:
-      - name: Use autodevops manifests generation
-        uses: SocialGouv/actions/autodevops-manifests@v1
-        with:
-          environment: "preprod"
-          rancherId: ${{ secrets.RANCHER_PROJECT_ID }}
-          socialgouvBaseDomain: ${{ secrets.SOCIALGOUV_BASE_DOMAIN }}
-
   ##############################################################################
   ## DEPLOY APPLICATION OVER KUBERNETES
   ##############################################################################
   deploy:
     name: Deploy application
     runs-on: ubuntu-latest
-    needs: [register, manifests]
+    needs: [register]
     environment:
       name: preproduction
       url: https://monsuivipsy-site-preprod.dev.fabrique.social.gouv.fr
     steps:
       - name: Use autodevops deployment
-        uses: SocialGouv/actions/autodevops-deploy@v1
+        uses: SocialGouv/actions/autodevops-helm-deploy@v1
         with:
           environment: "preprod"
           token: ${{ secrets.GITHUB_TOKEN }}
           kubeconfig: ${{ secrets.KUBECONFIG }}
           rancherId: ${{ secrets.RANCHER_PROJECT_ID }}
+          rancherProjectName: ${{ secrets.RANCHER_PROJECT_NAME }}
+          socialgouvBaseDomain: ${{ secrets.SOCIALGOUV_BASE_DOMAIN }}
+          imageName: monsuivipsy/monsuivipsy-site
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -41,18 +41,16 @@ jobs:
     needs: [register]
     environment:
       name: production
-      url: https://monsuivipsy.fabrique.social.gouv.Fr
+      url: https://monsuivipsy.fabrique.social.gouv.fr
     steps:
-    - name: Use autodevops manifests generation
-      uses: SocialGouv/actions/autodevops-manifests@master
-      with:
-        environment: "prod"
-        rancherId: ${{ secrets.RANCHER_PROJECT_ID }}
-        socialgouvBaseDomain: ${{ secrets.SOCIALGOUV_BASE_DOMAIN }}
+
     - name: Use autodevops deployment
-      uses: SocialGouv/actions/autodevops-deploy@master
+      uses: SocialGouv/actions/autodevops-helm-deploy@v1
       with:
         environment: "prod"
         token: ${{ secrets.GITHUB_TOKEN }}
         kubeconfig: ${{ secrets.SOCIALGOUV_KUBE_CONFIG_PROD }}
         rancherId: ${{ secrets.RANCHER_PROJECT_ID }}
+        rancherProjectName: ${{ secrets.RANCHER_PROJECT_NAME }}
+        imageName: monsuivipsy/monsuivipsy-site
+        productionHost: monsuivipsy.fabrique.social.gouv.fr
diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
@@ -32,31 +32,22 @@ jobs:
         token: ${{ secrets.GITHUB_TOKEN }}
         imageName: monsuivipsy/monsuivipsy-site
 
-  ##############################################################################
-  ## GENERATE KUBERNETES MANIFESTS
-  ##############################################################################
-  manifests:
-    name: Generate k8s manifests
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Use autodevops manifests generation
-      uses: SocialGouv/actions/autodevops-manifests@master
-      with:
-        environment: "dev"
-
   ##############################################################################
   ## DEPLOY APPLICATION OVER KUBERNETES
   ##############################################################################
   deploy:
     name: Deploy application
     runs-on: ubuntu-latest
-    needs: [register, manifests]
+    needs: [register]
     steps:
 
     - name: Use autodevops deployment
-      uses: SocialGouv/actions/autodevops-deploy@master
+      uses: SocialGouv/actions/autodevops-helm-deploy@v1
       with:
         environment: "dev"
         token: ${{ secrets.GITHUB_TOKEN }}
         kubeconfig: ${{ secrets.SOCIALGOUV_KUBE_CONFIG_DEV }}
+        rancherId: ${{ secrets.RANCHER_PROJECT_ID }}
+        rancherProjectName: ${{ secrets.RANCHER_PROJECT_NAME }}
+        socialgouvBaseDomain: ${{ secrets.SOCIALGOUV_BASE_DOMAIN }}
+        imageName: monsuivipsy/monsuivipsy-site
diff --git a/.socialgouv/chart/base/kustomization.yaml b/.socialgouv/chart/base/kustomization.yaml
@@ -0,0 +1,15 @@
+resources:
+- ../autodevops/base
+
+patches:
+- target:
+    kind: Ingress
+  patch: |
+    - op: add
+      path: "/metadata/annotations"
+      value:
+        "nginx.ingress.kubernetes.io/configuration-snippet": |
+          more_set_headers "Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; media-src 'self' https://*.gouv.fr; img-src 'self' https://*.gouv.fr https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'";
+          more_set_headers "X-Frame-Options: deny";
+          more_set_headers "X-XSS-Protection: 1; mode=block";
+          more_set_headers "X-Content-Type-Options: nosniff";
diff --git a/.socialgouv/chart/values.project.yaml b/.socialgouv/chart/values.project.yaml
@@ -0,0 +1,4 @@
+app:
+  containerPort: 3000
+  probesPath: /api/healthz
+  envSecretName: monsuivipsy-site-sealed-secret
diff --git a/.socialgouv/config.json b/.socialgouv/config.json
@@ -1,13 +1,6 @@
 {
   "type": "app",
   "name": "monsuivipsy-site",
-  "subdomain": "monsuivipsy",
-  "probesPath": "/api/healthz",
   "registry": "ghcr",
-  "project": "monsuivipsy",
-  "ingress": {
-    "annotations": {
-      "nginx.ingress.kubernetes.io/configuration-snippet": "more_set_headers \"Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; media-src 'self' https://*.gouv.fr; img-src 'self' https://*.gouv.fr https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'\";\nmore_set_headers \"X-Frame-Options: deny\";\nmore_set_headers \"X-XSS-Protection: 1; mode=block\";\nmore_set_headers \"X-Content-Type-Options: nosniff\";"
-    }
-  }
+  "project": "monsuivipsy"
 }
diff --git a/.socialgouv/environments/prod/yaml/redirect.yaml b/.socialgouv/environments/prod/yaml/redirect.yaml
@@ -7,8 +7,7 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/tls-acme: "true"
   labels:
-    app.kubernetes.io/component: redirect
-    app.kubernetes.io/name: www
+    component: app
   name: www-redirect
   namespace: monsuivipsy-site
 spec: