infra

.github/workflows/build-docker.yml

@@ -0,0 +1,49 @@
+name: build docker images
+
+on:
+  push:
+    branches:
+      - 'master'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'master'
+
+permissions:
+  id-token: write # required to use OIDC authentication
+  contents: read # required to checkout the code from the repo
+
+jobs:
+  release:
+    name: Create Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            992382534381.dkr.ecr.us-east-1.amazonaws.com/cs-prod-craig-bot
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest,enable=false
+            type=raw,value={{sha}}
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::992382534381:role/ecr-push-cs-prod-craig-bot
+          aws-region: us-east-1
+      - name: Login to ECR
+        uses: docker/login-action@v3
+        with:
+          registry: 992382534381.dkr.ecr.us-east-1.amazonaws.com
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

deployment/app/deployment.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: craig
+spec:
+  selector:
+    matchLabels:
+      app: craig
+  template:
+    metadata:
+      labels:
+        app: craig
+    spec:
+      containers:
+      - name: craig
+        image: 992382534381.dkr.ecr.us-east-1.amazonaws.com/cs-prod-craig-bot:22d746a
+        resources:
+          limits:
+            cpu: 2
+            memory: 4Gi
+          requests:
+            cpu: 2
+            memory: 4Gi
+        envFrom:
+          - secretRef:
+              name: craig-secrets
+

deployment/app/externalsecret.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: craig-secrets
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: default
+    kind: ClusterSecretStore
+  target:
+    name: craig-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: DISCORD_BOT_TOKEN
+      remoteRef:
+        key: craig_secrets
+        property: DISCORD_BOT_TOKEN
+    - secretKey: DISCORD_APP_ID
+      remoteRef:
+        key: craig_secrets
+        property: DISCORD_APP_ID
+    - secretKey: CLIENT_ID
+      remoteRef:
+        key: craig_secrets
+        property: CLIENT_ID
+    - secretKey: CLIENT_SECRET
+      remoteRef:
+        key: craig_secrets
+        property: CLIENT_SECRET

deployment/argocd/app.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: app-craig-bot
+  namespace: cs
+spec:
+  destination:
+    name: cs-prod-us-east-1
+    namespace: craig-bot
+  project: apps-cs-prod
+  source:
+    repoURL: https://github.com/ConsenSys/w3f-craig.git
+    path: deployment/app
+    targetRevision: master
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

deployment/argocd/infra.yaml

@@ -0,0 +1,14 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infra-craig-bot
+  namespace: cs
+spec:
+  project: infra-cs-prod
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cs-prod
+  source:
+    repoURL: https://github.com/ConsenSys/w3f-craig.git
+    path: deployment/infra
+    targetRevision: master

deployment/infra/namespaces.yaml

@@ -0,0 +1,8 @@
+apiVersion: kubernetes.web3factory.consensys.net/v1alpha1
+kind: XNamespace
+metadata:
+  name: craig-bot
+  namespace: cs-prod
+spec:
+  name: craig-bot
+  cluster: us-east-1

deployment/infra/registries.yaml

@@ -0,0 +1,15 @@
+apiVersion: registry.web3factory.consensys.net/v1alpha1
+kind: Repository
+metadata:
+  name: craig-bot
+  namespace: cs-prod
+spec:
+  region: us-east-1
+---
+apiVersion: registry.web3factory.consensys.net/v1alpha1
+kind: GitHubPushPermission
+metadata:
+  name: craig-bot
+  namespace: cs-prod
+spec:
+  repositoryName: w3f-craig