From e4f5133d96fc1bdfe8062a0d58cbdefc1a9ea12c Mon Sep 17 00:00:00 2001 From: Alexandre Chappaz Date: Mon, 6 Jan 2025 14:54:32 +0100 Subject: [PATCH] infra --- .github/workflows/build-docker.yml | 49 ++++++++++++++++++++++++++++++ deployment/app/deployment.yaml | 27 ++++++++++++++++ deployment/app/externalsecret.yaml | 30 ++++++++++++++++++ deployment/argocd/app.yaml | 18 +++++++++++ deployment/argocd/infra.yaml | 14 +++++++++ deployment/infra/namespaces.yaml | 8 +++++ deployment/infra/registries.yaml | 15 +++++++++ 7 files changed, 161 insertions(+) create mode 100644 .github/workflows/build-docker.yml create mode 100644 deployment/app/deployment.yaml create mode 100644 deployment/app/externalsecret.yaml create mode 100644 deployment/argocd/app.yaml create mode 100644 deployment/argocd/infra.yaml create mode 100644 deployment/infra/namespaces.yaml create mode 100644 deployment/infra/registries.yaml diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml new file mode 100644 index 00000000..4f6939fd --- /dev/null +++ b/.github/workflows/build-docker.yml @@ -0,0 +1,49 @@ +name: build docker images + +on: + push: + branches: + - 'master' + tags: + - 'v*' + pull_request: + branches: + - 'master' + +permissions: + id-token: write # required to use OIDC authentication + contents: read # required to checkout the code from the repo + +jobs: + release: + name: Create Build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + 992382534381.dkr.ecr.us-east-1.amazonaws.com/cs-prod-craig-bot + tags: | + type=ref,event=tag + type=raw,value=latest,enable=false + type=raw,value={{sha}} + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::992382534381:role/ecr-push-cs-prod-craig-bot + aws-region: us-east-1 + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: 992382534381.dkr.ecr.us-east-1.amazonaws.com + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ./ + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/deployment/app/deployment.yaml b/deployment/app/deployment.yaml new file mode 100644 index 00000000..41b0a206 --- /dev/null +++ b/deployment/app/deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: craig +spec: + selector: + matchLabels: + app: craig + template: + metadata: + labels: + app: craig + spec: + containers: + - name: craig + image: 992382534381.dkr.ecr.us-east-1.amazonaws.com/cs-prod-craig-bot:22d746a + resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 2 + memory: 4Gi + envFrom: + - secretRef: + name: craig-secrets + diff --git a/deployment/app/externalsecret.yaml b/deployment/app/externalsecret.yaml new file mode 100644 index 00000000..f8118af8 --- /dev/null +++ b/deployment/app/externalsecret.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: craig-secrets +spec: + refreshInterval: 1m + secretStoreRef: + name: default + kind: ClusterSecretStore + target: + name: craig-secrets + creationPolicy: Owner + data: + - secretKey: DISCORD_BOT_TOKEN + remoteRef: + key: craig_secrets + property: DISCORD_BOT_TOKEN + - secretKey: DISCORD_APP_ID + remoteRef: + key: craig_secrets + property: DISCORD_APP_ID + - secretKey: CLIENT_ID + remoteRef: + key: craig_secrets + property: CLIENT_ID + - secretKey: CLIENT_SECRET + remoteRef: + key: craig_secrets + property: CLIENT_SECRET diff --git a/deployment/argocd/app.yaml b/deployment/argocd/app.yaml new file mode 100644 index 00000000..8f8cbf80 --- /dev/null +++ b/deployment/argocd/app.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: app-craig-bot + namespace: cs +spec: + destination: + name: cs-prod-us-east-1 + namespace: craig-bot + project: apps-cs-prod + source: + repoURL: https://github.com/ConsenSys/w3f-craig.git + path: deployment/app + targetRevision: master + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/deployment/argocd/infra.yaml b/deployment/argocd/infra.yaml new file mode 100644 index 00000000..4e647d9a --- /dev/null +++ b/deployment/argocd/infra.yaml @@ -0,0 +1,14 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: infra-craig-bot + namespace: cs +spec: + project: infra-cs-prod + destination: + server: https://kubernetes.default.svc + namespace: cs-prod + source: + repoURL: https://github.com/ConsenSys/w3f-craig.git + path: deployment/infra + targetRevision: master \ No newline at end of file diff --git a/deployment/infra/namespaces.yaml b/deployment/infra/namespaces.yaml new file mode 100644 index 00000000..e1d4302b --- /dev/null +++ b/deployment/infra/namespaces.yaml @@ -0,0 +1,8 @@ +apiVersion: kubernetes.web3factory.consensys.net/v1alpha1 +kind: XNamespace +metadata: + name: craig-bot + namespace: cs-prod +spec: + name: craig-bot + cluster: us-east-1 \ No newline at end of file diff --git a/deployment/infra/registries.yaml b/deployment/infra/registries.yaml new file mode 100644 index 00000000..5b8207e6 --- /dev/null +++ b/deployment/infra/registries.yaml @@ -0,0 +1,15 @@ +apiVersion: registry.web3factory.consensys.net/v1alpha1 +kind: Repository +metadata: + name: craig-bot + namespace: cs-prod +spec: + region: us-east-1 +--- +apiVersion: registry.web3factory.consensys.net/v1alpha1 +kind: GitHubPushPermission +metadata: + name: craig-bot + namespace: cs-prod +spec: + repositoryName: w3f-craig