add DigitalOcean to redeploy steps (#680)

* add DigitalOcean to redeploy steps

* fix cluster name

* Split common code into actions

.github/workflows/actions/azure-login/action.yml

@@ -0,0 +1,40 @@
+name: AKS and ACS login
+description: Logs in to Azure subscription and Azure Container Registry
+inputs:
+    AZURE_CLIENT_ID_OIDC:
+      description: 'Azure Client ID OIDC'
+      required: true
+    AZURE_TENANT_ID:
+      description: 'Azure Tenant ID'
+      required: true
+    AZURE_SUBSCRIPTION_ID:
+      description: 'Azure Subscription ID'
+      required: true
+    AZURE_CLIENT_ID:
+      description: 'Azure Client ID'
+      required: true
+    AZURE_CLIENT_SECRET:
+      description: 'Azure Client Secret'
+      required: true
+runs:
+  using: composite
+  steps:
+  - name: Login to our Azure subscription.
+    uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+    with:
+      client-id: ${{ inputs.AZURE_CLIENT_ID_OIDC }}
+      tenant-id: ${{ inputs.AZURE_TENANT_ID }}
+      subscription-id: ${{ inputs.AZURE_SUBSCRIPTION_ID }}
+
+  - name: Login to Azure Container Registry
+    uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+    with:
+      registry: adoptopenjdkacr.azurecr.io
+      username: ${{ inputs.AZURE_CLIENT_ID }}
+      password: ${{ inputs.AZURE_CLIENT_SECRET }}
+
+  - name: Set the target Azure Kubernetes Service (AKS) cluster.
+    uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2
+    with:
+      resource-group: adopt-api
+      cluster-name: aksff92

.github/workflows/actions/do-login/action.yml

@@ -0,0 +1,16 @@
+name: DigitalOcean Login
+description: Logs in to DigitalOcean
+inputs:
+    DIGITALOCEAN_ACCESS_TOKEN:
+      description: 'DigitalOcean access token'
+      required: true
+runs:
+  using: composite
+  steps:
+  - name: Login to DigitalOcean
+    uses: digitalocean/action-doctl@cf10ddb4467f6fb84c01f7cc5f099cec71eabc93 # v2.4.1
+    with:
+      token: ${{ inputs.DIGITALOCEAN_ACCESS_TOKEN }}
+
+  - name: Set the target Azure Kubernetes Service (AKS) cluster.
+    run: doctl kubernetes cluster kubeconfig save k8s-1-27-4-do-0-blr1-1693486270021

.github/workflows/actions/docker-build/action.yml

@@ -0,0 +1,19 @@
+name: Docker Build
+description: Build and push Docker images to Azure Container Registry
+inputs:
+    DOCKER_REPO:
+      description: 'Docker repository'
+      required: true
+    BUILD_ARGS:
+      description: 'Build arguments'
+      required: false
+runs:
+  using: composite
+  steps:
+  - name: Build container image and push to Azure
+    uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1
+    with:
+      file: ./deploy/Dockerfile
+      tags: ${{ inputs.DOCKER_REPO }}:latest
+      build-args: ${{ inputs.BUILD_ARGS }}
+      push: true

.github/workflows/actions/kubectl-redeploy/action.yml

@@ -0,0 +1,14 @@
+name: Kubernetes Rollout Restart
+description: Redeploy frontend and updater
+inputs:
+    NAMESPACE:
+      description: 'Kubernetes namespace'
+      required: true
+runs:
+  using: composite
+  steps:
+  - name: Redeploy updater-api
+    run: kubectl config set-context --current --namespace=${{ inputs.NAMESPACE }} && kubectl rollout restart deployment updater-api
+
+  - name: Redeploy frontend-service
+    run: kubectl config set-context --current --namespace=${{ inputs.NAMESPACE }} && kubectl rollout restart deployment frontend-service

.github/workflows/deploy-adoptium.yml

@@ -0,0 +1,43 @@
+name: Docker Build (Adoptium)
+
+on:
+  workflow_dispatch:
+  push:
+   branches: [ main, production ]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  docker-build:
+    if: startsWith(github.repository, 'adoptium/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+
+      - name: Login to Azure
+        uses: ./.github/actions/azure-login
+        with:
+          AZURE_CLIENT_ID_OIDC: ${{ secrets.AZURE_CLIENT_ID_OIDC }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_OIDC }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+      - name: Detect Branch
+        run: |
+          case ${GITHUB_REF##*/} in
+            production) echo "NAMESPACE=api" >> $GITHUB_ENV ;;
+            *) echo "NAMESPACE=api-staging" >> $GITHUB_ENV ;;
+          esac
+
+      - name: Build container image and push to Azure
+        uses: ././github/actions/docker-build
+        with:
+          DOCKER_REPO: adoptopenjdkacr.azurecr.io/adoptopenjdk-${{ env.NAMESPACE }}
+
+      - name: Redeploy Kubernetes Updater and Frontend
+        uses: ./.github/actions/kubectl-redeploy
+        with:
+          NAMESPACE: ${{ env.NAMESPACE }}

.github/workflows/deploy-adoptopenjdk.yml

@@ -0,0 +1,56 @@
+name: Docker Build (AdoptOpenJDK)
+
+on:
+  workflow_dispatch:
+  push:
+   branches: [ main, production ]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  docker-build:
+    if: startsWith(github.repository, 'adoptium/')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+
+      - name: Login to Azure
+        uses: ./.github/actions/azure-login
+        with:
+          AZURE_CLIENT_ID_OIDC: ${{ secrets.AZURE_CLIENT_ID_OIDC }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_OIDC }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+
+      - name: Detect Branch
+        run: |
+          case ${GITHUB_REF##*/} in
+            production) echo "NAMESPACE=adoptopenjdk-alt" >> $GITHUB_ENV ;;
+            *) echo "NAMESPACE=adoptopenjdk-alt-staging" >> $GITHUB_ENV ;;
+          esac
+
+      - name: Build container image and push to Azure
+        uses: ././github/actions/docker-build
+        with:
+          DOCKER_REPO: adoptopenjdkacr.azurecr.io/azure-${{ env.NAMESPACE }}
+          BUILD_ARGS: MAVEN_FLAGS="-Padoptopenjdk,-adoptium"
+
+      - name: Redeploy Kubernetes Updater and Frontend
+        uses: ./.github/actions/kubectl-redeploy
+        with:
+          NAMESPACE: ${{ env.NAMESPACE }}
+
+      # if the branch is production, redeploy the k8s service on digitalocean too
+      - name: Login to DigitalOcean
+        uses: ././github/actions/do-login
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Redeploy Kubernetes Updater and Frontend
+        if: startsWith(github.ref, 'refs/heads/production')
+        uses: ./.github/actions/kubectl-redeploy
+        with:
+          NAMESPACE: adoptopenjdk-do

deploy/Dockerfile

@@ -1,6 +1,8 @@
 FROM eclipse-temurin:17
 
 # BUILDS FOR ADOPTIUM, NOT ADOPTOPENJDK
+ARG MAVEN_FLAGS="-Padoptium,-adoptopenjdk"
+ENV MAVEN_FLAGS=$MAVEN_FLAGS
 
 ARG REPOSITORY="https://github.com/adoptium/api.adoptium.net.git"
 ENV REPOSITORY=$REPOSITORY
@@ -25,7 +27,7 @@ RUN chown -R api: /tmp/build
 
 USER api
 
-RUN     ./mvnw clean install -Padoptium,-adoptopenjdk && \
+RUN     ./mvnw clean install $MAVEN_FLAGS && \
         cp adoptium-updater-parent/adoptium-api-v3-updater/target/adoptium-api-v3-updater-*-jar-with-dependencies.jar /home/api/deployment/updater.jar && \
         cp -r adoptium-frontend-parent/adoptium-api-v3-frontend/target/quarkus-app/* /home/api/deployment/ && \
         mv /home/api/deployment/quarkus-run.jar /home/api/deployment/frontend.jar && \