Add nomad deployment action

datasektionen · May 25, 2024 · 0732ea5 · 0732ea5
1 parent 1a13af2
commit 0732ea5
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 16 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -5,24 +5,50 @@ on:
     branches: [ master ]
   workflow_dispatch:
 
+env:
+  NOMAD_VERSION: 1.7.7
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Git checkout
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    # See the following link for documentation:
-    # https://github.com/marketplace/actions/dokku
-    - name: Push to sips
-      uses: dokku/[email protected]
-      with:
-        ssh_private_key: ${{ secrets.SIPS_GLOBAL_DEPLOY_KEY }}
-        git_remote_url: ssh://[email protected]/dfunkt
-        # force might feel risky, but there is no good reason why the server
-        # should ever not be a mirror of the deploy branch. And the errors we
-        # could get otherwise would probably be nasty to deal with
-        git_push_flags: --force
+      - name: Git checkout
+        uses: actions/checkout@v4
+
+      - name: Set environment variables
+        run: |
+          cat >> "$GITHUB_ENV" <<EOF
+          latest=ghcr.io/${{ github.repository }}:latest
+          current=ghcr.io/${{ github.repository }}:$(git rev-parse --short ${{ github.sha }})
+          EOF
+
+      - name: Download Nomad
+        run: |
+          curl -LO https://releases.hashicorp.com/nomad/${{ env.NOMAD_VERSION }}/nomad_${{ env.NOMAD_VERSION }}_linux_amd64.zip
+          unzip -d /usr/local/bin nomad_${{ env.NOMAD_VERSION }}_linux_amd64.zip nomad
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ env.latest }},${{ env.current }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Deploy to nomad
+        env:
+          NOMAD_ADDR: ${{ vars.NOMAD_ADDR }}
+          NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
+        run: |
+          nomad run -var=image_tag=${{ env.current }} job.nomad.hcl
diff --git a/job.nomad.hcl b/job.nomad.hcl
@@ -0,0 +1,54 @@
+job "dfunkt" {
+  namespace = "auth"
+
+  type = "service"
+
+  group "dfunkt" {
+    network {
+      port "http" { }
+    }
+
+    service {
+      name     = "dfunkt"
+      port     = "http"
+      provider = "nomad"
+      tags = [
+        "traefik-external.enable=true",
+        "traefik-external.http.routers.dfunkt.rule=Host(`dfunkt.datasektionen.se`)",
+        "traefik-external.http.routers.dfunkt.entrypoints=websecure",
+        "traefik-external.http.routers.dfunkt.tls.certresolver=default",
+      ]
+    }
+
+    task "dfunkt" {
+      driver = "docker"
+
+      config {
+        image = var.image_tag
+        ports = ["http"]
+      }
+
+      template {
+        data        = <<ENV
+PORT={{ env "NOMAD_PORT_http" }}
+{{ with nomadVar "nomad/jobs/dfunkt" }}
+SESSION_SECRET={{ .session_secret }}
+DATABASE_URL=postgres://dfunkt:{{ .database_password }}@postgres.dsekt.internal:5432/dfunkt
+LOGIN_KEY={{ .login_api_key }}
+{{ end }}
+NODE_ENV=production
+PLS_URL=https://pls.datasektionen.se
+LOGIN_API_URL=https://login.datasektionen.se
+LOGIN_FRONTEND_URL=https://login.datasektionen.se
+ENV
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+}
+
+variable "image_tag" {
+  type = string
+  default = "ghcr.io/datasektionen/dfunkt:latest"
+}