.github/workflows/build-push-deploy.yml

name: Build and deploy to Azure Container Apps

on:
  push:
    branches:
      - main
      - production
      - acceptance
      - swarm
  workflow_dispatch:

permissions:
  contents: read
  packages: write

jobs:
  variables:
    runs-on: ubuntu-latest
    outputs:
      result: ${{ steps.variables.outputs.result }}
      tag: ${{ steps.tag.outputs.result }}
    steps:
      - uses: actions/checkout@v3
      - name: Variables
        uses: actions/github-script@v6
        id: variables
        with:
          script: |
            const getVariables = require('./.github/workflows/get-variables.js')
            return getVariables('${{ github.ref_name }}')
      - name: Tag
        uses: actions/github-script@v6
        id: tag
        with:
          result-encoding: string
          script: return '${{ github.ref_name }}-${{ github.run_number }}'

  build-and-push-images:
    runs-on: ubuntu-latest
    ## Ideally we shouldn't expose environment variables for runtime during build time.
    ## This is necessary just to bundle the backend URL in the browser JavaScript.
    needs: variables
    steps:
      - name: Check out repository
        uses: actions/checkout@main
      # Create environment variables ACTIONS_RUNTIME_TOKEN and ACTIONS_CACHE_URL
      # to let docker access the cache.
      - name: Expose variables
        uses: crazy-max/ghaction-github-runtime@v2
      - name: Log in GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # Need to use driver --driver=docker-container to use GitHub cache integration.
      # The GitHub cache is per-branch.
      - name: Docker build and push
        run: docker buildx create --use --driver=docker-container
      - run: >
          docker buildx build ./src
          --file ./src/prod.Dockerfile
          --target wagtail
          --cache-to type=gha,mode=min,scope=${{ github.ref_name }}-wagtail
          --cache-from type=gha,scope=${{ github.ref_name }}-wagtail
          --tag ghcr.io/zenmo/holon-wagtail:${{ needs.variables.outputs.tag }}
          --push
      - run: >
          docker buildx build ./frontend
          --file ./frontend/prod.Dockerfile
          --build-arg NEXT_PUBLIC_WAGTAIL_API_URL=https://${{ fromJson(needs.variables.outputs.result).WAGTAIL_HOSTNAME }}/wt/api/nextjs
          --cache-to type=gha,mode=min,scope=${{ github.ref_name }}-nextjs
          --cache-from type=gha,scope=${{ github.ref_name }}-nextjs
          --tag ghcr.io/zenmo/holon-nextjs:${{ needs.variables.outputs.tag }}
          --push

  ## This job takes pretty long and can be split up to parallelize the deploy.
  deploy-wagtail-azure:
    needs:
      - build-and-push-images
      - variables
    runs-on: ubuntu-latest
    steps:
      - name: Log in to Azure
        uses: azure/login@v1
        with:
          ## https://github.com/Azure/login#configure-a-service-principal-with-a-secret
          creds: ${{ secrets.AZURE_CREDENTIALS }}
#      - name: Create app environment
#        uses: azure/CLI@v1
#        with:
#          azcliversion: 2.51.0
#          inlineScript: >
#            az containerapp env create
#            --name holon-env
#            --location westeurope
#            --resource-group HOLON-webapp
      - name: Deploy-Wagtail
        uses: azure/CLI@v1
        with:
          ## Use generic azure/CLI@v1 instead of specific azure/container-apps-deploy-action@v1
          ## because it supports the options that we want.
          azcliversion: 2.51.0
          inlineScript: >
            az containerapp create
            --resource-group HOLON-webapp
            --environment holon-env
            --name wagtail-${{ github.ref_name }}
            --env-vars
            ALLOWED_HOSTS="*"
            AZURE_ACCOUNT_NAME=holonstorage
            AZURE_STORAGE_KEY=${{ secrets.AZURE_STORAGE_KEY }}
            MEDIA_LOCATION=${{ fromJson(needs.variables.outputs.result).MEDIA_LOCATION }}
            STATIC_LOCATION=${{ fromJson(needs.variables.outputs.result).STATIC_LOCATION }}
            DB_HOST=${{ secrets.DB_HOST }}
            DB_USER=${{ fromJson(needs.variables.outputs.result).DB_USER }}
            DB_NAME=${{ fromJson(needs.variables.outputs.result).DB_NAME }}
            DB_PASSWORD=${{ secrets[fromJson(needs.variables.outputs.result).DB_PASSWORD_KEY] }}
            RETURN_SCENARIO=${{ fromJson(needs.variables.outputs.result).RETURN_SCENARIO }}
            SECRET_KEY="${{ secrets.SECRET_KEY }}"
            SENTRY_DSN=https://764e9f2b886741bcbcfd2acd74a7f7b0@o4505045746384896.ingest.sentry.io/4505045759361024
            SENTRY_ENVIRONMENT=${{ fromJson(needs.variables.outputs.result).SENTRY_ENVIRONMENT }}
            DOMAIN_HOST=${{ fromJson(needs.variables.outputs.result).DOMAIN_HOST }}
            N_WORKERS=${{ fromJson(needs.variables.outputs.result).wagtail.N_WORKERS }}
            EMAIL_HOST_PASSWORD=${{ secrets.EMAIL_HOST_PASSWORD }}
            WAGTAILADMIN_BASE_URL=https://${{ fromJson(needs.variables.outputs.result).WAGTAIL_HOSTNAME }}
            --target-port 8000
            --ingress external
            --image ghcr.io/zenmo/holon-wagtail:${{ needs.variables.outputs.tag }}
            --cpu ${{ fromJson(needs.variables.outputs.result).wagtail.CPU }}
            --memory ${{ fromJson(needs.variables.outputs.result).wagtail.MEMORY }}
            --min-replicas 1
            --max-replicas 2
      - name: Bind-Wagtail
        uses: azure/CLI@v1
        with:
          azcliversion: 2.51.0
          inlineScript: >
            az containerapp hostname bind
            --resource-group HOLON-webapp
            --environment holon-env
            --name wagtail-${{ github.ref_name }}
            --hostname ${{ fromJson(needs.variables.outputs.result).WAGTAIL_HOSTNAME }}

  deploy-next-azure:
    needs:
      - build-and-push-images
      - variables
    runs-on: ubuntu-latest
    steps:
      - name: Log in to Azure
        uses: azure/login@v1
        with:
          ## https://github.com/Azure/login#configure-a-service-principal-with-a-secret
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      - name: Deploy-Next.js
        uses: azure/CLI@v1
        with:
          azcliversion: 2.51.0
          inlineScript: >
            az containerapp create
            --resource-group HOLON-webapp
            --name next-${{ github.ref_name }}
            --environment holon-env
            --env-vars
            WAGTAIL_API_URL=http://wagtail-${{ github.ref_name }}/wt/api/nextjs
            NEXT_PUBLIC_WAGTAIL_API_URL=https://${{ fromJson(needs.variables.outputs.result).WAGTAIL_HOSTNAME }}/wt/api/nextjs
            NEXT_PUBLIC_TINY_URL_API_KEY=${{ secrets.TINY_URL_API_KEY }}
            --target-port 3000
            --ingress external
            --tags branch=${{ github.ref_name }}
            --image ghcr.io/zenmo/holon-nextjs:${{ needs.variables.outputs.tag }}
            --cpu 0.25
            --memory 0.5
            --min-replicas 1
            --max-replicas 1
      - name: Bind-Next.js
        uses: azure/CLI@v1
        with:
          azcliversion: 2.51.0
          inlineScript: >
            az containerapp hostname bind
            --resource-group HOLON-webapp
            --environment holon-env
            --name next-${{ github.ref_name }}
            --hostname ${{ fromJson(needs.variables.outputs.result).NEXT_HOSTNAME }}
      - name: Bind-www
        if: github.ref_name == 'production'
        uses: azure/CLI@v1
        with:
          azcliversion: 2.51.0
          inlineScript: >
            az containerapp hostname bind
            --resource-group HOLON-webapp
            --environment holon-env
            --name next-${{ github.ref_name }}
            --hostname www.holontool.nl

  deploy-swarm:
      runs-on: ubuntu-latest
      environment: ${{ fromJson(needs.variables.outputs.result).GITHUB_ENVIRONMENT }}
      needs:
          - build-and-push-images
          - variables
      steps:
          -   name: Check out repository
              uses: actions/checkout@v4
              with:
                  sparse-checkout: docker
          -   name: Deploy to Docker Swarm
              uses: sagebind/docker-swarm-deploy-action@v2
              env:
                  # Shared
                  TAG: ${{ needs.variables.outputs.tag }}
                  WAGTAIL_HOSTNAME: ${{ fromJson(needs.variables.outputs.result).WAGTAIL_HOSTNAME }}
                  # Wagtail
                  AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
                  MEDIA_LOCATION: ${{ fromJson(needs.variables.outputs.result).MEDIA_LOCATION }}
                  STATIC_LOCATION: ${{ fromJson(needs.variables.outputs.result).STATIC_LOCATION }}
                  DB_USER: ${{ fromJson(needs.variables.outputs.result).DB_USER }}
                  DB_NAME: ${{ fromJson(needs.variables.outputs.result).DB_NAME }}
                  DB_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
                  RETURN_SCENARIO: ${{ fromJson(needs.variables.outputs.result).RETURN_SCENARIO }}
                  SECRET_KEY: "${{ secrets.SECRET_KEY }}"
                  SENTRY_ENVIRONMENT: ${{ fromJson(needs.variables.outputs.result).SENTRY_ENVIRONMENT }}
                  DOMAIN_HOST: ${{ fromJson(needs.variables.outputs.result).DOMAIN_HOST }}
                  EMAIL_HOST_PASSWORD: ${{ secrets.EMAIL_HOST_PASSWORD }}
                  # NextJS
                  NEXT_HOSTNAME: ${{ fromJson(needs.variables.outputs.result).NEXT_HOSTNAME }}
                  NEXT_PUBLIC_TINY_URL_API_KEY: ${{ secrets.TINY_URL_API_KEY }}
              with:
                  remote_host: ssh://root@server.zenmo.com
                  ssh_private_key: ${{ secrets.SWARM_SSH_PRIVATE_KEY }}
                  ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1E4LUG22qgzc8U7oNYGWCn0cyA31+iyX2pck9wcPMS
                  args: stack deploy --compose-file ./docker/compose-prod.yaml holon-${{ github.ref_name }}