From 27ee6133ab0c9c39c08a248b7dc8b4e5379e7808 Mon Sep 17 00:00:00 2001
From: blissful <blissful@sunsetglow.net>
Date: Sun, 9 Jun 2024 08:10:12 -0400
Subject: [PATCH] add continuous deployment

---
 .github/workflows/ci.yml | 74 ++++++++++++++++++++++++++++++++++++++++
 deploy.nomad             | 72 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 146 insertions(+)
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 deploy.nomad

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..345127b
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,74 @@
+name: ci
+on: 
+  push:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+    outputs:
+      artifact_source_url: ${{ steps.upload.outputs.sunsetglow_artifact_url }}
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v20
+      - uses: cachix/cachix-action@v12
+        with:
+          name: sunsetglow
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: Build Nix
+        run: nix build -j8 ../\#devShells.x86_64-linux.frontend
+      - name: Build Website
+        run: nix develop ../\#devShells.x86_64-linux.frontend --command make build
+      - name: Create Tarball
+        run: nix develop ../\#devShells.x86_64-linux.frontend --command bash -c '(cd dist/ && tar -czvf ../sunsetglow.tar.gz *)'
+      - name: Create release and upload tarball
+        id: upload
+        run: |
+          commit_sha="$(git rev-parse --short HEAD)"
+          timestamp="$(date +%Y-%m-%d_%H-%M-%S)"
+          release_name="sunsetglow-${timestamp}-${commit_sha}"
+          token=${{ secrets.GITHUB_TOKEN }}
+
+          # https://docs.github.com/en/rest/releases/releases#create-a-release
+          # https://stackoverflow.com/questions/45240336/how-to-use-github-release-api-to-make-a-release-without-source-code
+          upload_url="$(curl -s -H "Authorization: token $token" \
+            -d "{\"tag_name\": \"$release_name\", \"name\":\"$release_name\",\"target_comitish\": \"$commit_sha\"}" \
+            "https://api.github.com/repos/azuline/sunsetglow/releases" | jq -r '.upload_url')"
+          upload_url="${upload_url%\{*}"
+          echo "Created release $release_name"
+
+          artifact_url="$(curl -s -H "Authorization: token $token" \
+            -H "Content-Type: application/gzip" \
+            --data-binary @sunsetglow.tar.gz \
+            "$upload_url?name=sunsetglow.tar.gz&label=sunsetglow.tar.gz" | jq -r '.browser_download_url')"
+          echo "Uploaded sunsetglow.tar.gz to release"
+
+          echo "sunsetglow_artifact_url=${artifact_url}"
+          echo "sunsetglow_artifact_url=${artifact_url}" >> $GITHUB_OUTPUT
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+      ARTIFACT_SOURCE_URL: ${{ needs.build-sunsetglow.outputs.artifact_source_url }}
+      NOMAD_ADDR: http://100.84.146.55:4646
+      NOMAD_NAMESPACE: sunsetglow
+      NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v20
+      - uses: cachix/cachix-action@v12
+        with:
+          name: sunsetglow
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: Tailscale
+        uses: tailscale/github-action@v1
+        with:
+          authkey: ${{ secrets.TAILSCALE_AUTHKEY }}
+      - name: Build Nix
+        run: nix build -j8 ../\#devShells.x86_64-linux.deployments
+      - name: Deploy
+        run: nix develop ../\#devShells.x86_64-linux.deployments --command levant deploy -log-level=debug -var "artifact_source_url=$ARTIFACT_SOURCE_URL" deploy.nomad
diff --git a/deploy.nomad b/deploy.nomad
new file mode 100644
index 0000000..47e2e7a
--- /dev/null
+++ b/deploy.nomad
@@ -0,0 +1,72 @@
+job "sunsetglow-site" {
+  datacenters = ["frieren"]
+  namespace   = "sunsetglow"
+  type        = "service"
+
+  group "sunsetglow-site" {
+    count = 1
+
+    network {
+      mode = "bridge"
+    }
+
+    service {
+      name = "sunsetglow-site"
+      port = "80"
+      connect {
+        sidecar_service {}
+      }
+      check {
+        expose   = true
+        type     = "http"
+        path     = "/health"
+        interval = "10s"
+        timeout  = "2s"
+      }
+    }
+
+    task "sunsetglow-site" {
+      driver = "docker"
+      config {
+        image = "nginx"
+        volumes = [
+          "local/dist:/www",
+          "local/nginx.conf:/etc/nginx/conf.d/default.conf",
+        ]
+      }
+      artifact {
+        source      = "[[.artifact_source_url]]"
+        destination = "local/dist"
+      }
+      template {
+        data          = <<EOF
+server {
+  listen 80;
+  listen [::]:80;
+  root /www;
+  index index.html;
+
+  location /health {
+    return 200 'ok';
+  }
+}
+EOF
+        destination   = "local/nginx.conf"
+        change_mode   = "signal"
+        change_signal = "SIGHUP"
+      }
+    }
+  }
+
+  update {
+    max_parallel      = 1
+    health_check      = "checks"
+    min_healthy_time  = "10s"
+    healthy_deadline  = "1m"
+    progress_deadline = "10m"
+    auto_revert       = true
+    auto_promote      = true
+    canary            = 1
+  }
+}
+