From 735474d4b8c1902fb1cb8a1e44a195c7af901135 Mon Sep 17 00:00:00 2001 From: Jose Ganora Date: Tue, 27 May 2025 18:25:00 -0300 Subject: [PATCH 1/4] changes to implement qa and production env --- .github/workflows/production-pipeline.yml | 50 ++++++++++++++ .github/workflows/qa-pipeline.yml | 51 ++++++++++++++ .gitignore | 9 ++- helm-chart/values-production.yaml | 83 +++++++++++++++++++++++ helm-chart/values-staging.yaml | 83 +++++++++++++++++++++++ 5 files changed, 275 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/production-pipeline.yml create mode 100644 .github/workflows/qa-pipeline.yml create mode 100644 helm-chart/values-production.yaml create mode 100644 helm-chart/values-staging.yaml diff --git a/.github/workflows/production-pipeline.yml b/.github/workflows/production-pipeline.yml new file mode 100644 index 0000000..bd1b152 --- /dev/null +++ b/.github/workflows/production-pipeline.yml @@ -0,0 +1,50 @@ +on: + pull_request: + types: + - closed + branches: + - 'develop' + +name: Linux_Container_Workflow +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@main + + - name: 'Login via Azure CLI' + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - name: 'Set up Kubernetes' + uses: azure/aks-set-context@v2 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + cluster-name: ${{ secrets.AKS_CLUSTER_NAME }} + resource-group: ${{ secrets.AKS_RESOURCE_GROUP }} + + - name: 'Build and push image' + uses: azure/docker-login@v1 + with: + login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - run: | + docker build -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi:${{ github.sha }} -f ./docker/Dockerfile . + docker tag ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi:${{ github.sha }} ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi:latest + + docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi:${{ github.sha }} + docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi:latest + - name: 'Copy production values files' + run: | + cp ./helm-chart/values-production.yaml ./helm-chart/values.yaml + + - name: 'Deploy to AKS with Helm' + run: | + helm upgrade --install whatnow ./helm-chart \ + --namespace ${{ secrets.AKS_CLUSTER_NAMESPACE }} \ + --create-namespace + + diff --git a/.github/workflows/qa-pipeline.yml b/.github/workflows/qa-pipeline.yml new file mode 100644 index 0000000..834fd12 --- /dev/null +++ b/.github/workflows/qa-pipeline.yml @@ -0,0 +1,51 @@ +on: + pull_request: + types: + - closed + branches: + - 'develop' + +name: Linux_Container_Workflow +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@main + + - name: 'Login via Azure CLI' + uses: azure/login@v1 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + + - name: 'Set up Kubernetes' + uses: azure/aks-set-context@v2 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + cluster-name: ${{ secrets.AKS_CLUSTER_NAME }} + resource-group: ${{ secrets.AKS_RESOURCE_GROUP }} + + - name: 'Build and push image' + uses: azure/docker-login@v1 + with: + login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - run: | + docker build -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi-qa:${{ github.sha }} -f ./docker/Dockerfile . + docker tag ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi-qa:${{ github.sha }} ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi-qa:latest + + docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi-qa:${{ github.sha }} + docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/whatnowapi-qa:latest + + - name: 'Copy staging values file' + run: | + cp ./helm-chart/values-staging.yaml ./helm-chart/values.yaml + + - name: 'Deploy to AKS with Helm' + run: | + helm upgrade --install whatnow-qa ./helm-chart \ + --namespace ${{ secrets.AKS_CLUSTER_NAMESPACE_QA }} \ + --create-namespace + + diff --git a/.gitignore b/.gitignore index 06bc057..faeec61 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,11 @@ Homestead.yaml npm-debug.log yarn-error.log helm-chart/secrets.yml -.idea/* \ No newline at end of file +.idea/* +helm-chart/fullchain.pem +helm-chart/privkey.pem +helm-chart/secrets.yml +helm-chart/secrets-ifrc.yml +helm-chart/secrets-qa.yml +helm-chart/secrets-prod.yml +helm-chart/ssl-secret.yaml diff --git a/helm-chart/values-production.yaml b/helm-chart/values-production.yaml new file mode 100644 index 0000000..64b076d --- /dev/null +++ b/helm-chart/values-production.yaml @@ -0,0 +1,83 @@ +# Azure Container Registry details +image: + repository: ifrcsmdb.azurecr.io/whatnowapi + tag: "latest" + pullPolicy: Always + +replicaCount: 1 + +# Kubernetes service configuration +service: + type: ClusterIP + port: 80 + targetPort: 80 +# Environment variables +env: + APP_NAME: Laravel + APP_ENV: local + APP_DEBUG: false + APP_URL: http://localhost + LOG_CHANNEL: stack + DB_PORT: 3306 + DB_CONNECTION: mysql + BROADCAST_DRIVER: log + CACHE_DRIVER: file + QUEUE_CONNECTION: sync + SESSION_DRIVER: file + SESSION_LIFETIME: 120 + REDIS_HOST: 127.0.0.1 + REDIS_PASSWORD: null + REDIS_PORT: 6379 + MAIL_DRIVER: smtp + MAIL_HOST: smtp.mailtrap.io + MAIL_PORT: 2525 + MAIL_USERNAME: null + MAIL_PASSWORD: null + MAIL_ENCRYPTION: null + AWS_ACCESS_KEY_ID: + AWS_SECRET_ACCESS_KEY: + AWS_DEFAULT_REGION: us-east-1 + AWS_BUCKET: + PUSHER_APP_ID: + PUSHER_APP_KEY: + PUSHER_APP_SECRET: + PUSHER_APP_CLUSTER: mt1 + MIX_PUSHER_APP_KEY: "${PUSHER_APP_KEY}" + MIX_PUSHER_APP_CLUSTER: "${PUSHER_APP_CLUSTER}" + AZURE_STORAGE_ACCOUNT: smdbstorageaccount + AZURE_STORAGE_CONTAINER: images + AZURE_STORAGE_DOMAIN: blob.core.windows.net + +secrets: + dbSecretName: admin-credentials + variables: + ADMIN_USER: ADMIN_USER + ADMIN_PASSWORD: ADMIN_PASSWORD + DB_HOST: DB_HOST + DB_DATABASE: DB_DATABASE + DB_USERNAME: DB_USERNAME + DB_PASSWORD: DB_PASSWORD + APP_KEY: APP_KEY + AZURE_STORAGE_KEY: AZURE_STORAGE_KEY + AZURE_STORAGE_CONNECTION_STRING: AZURE_STORAGE_CONNECTION_STRING + +# Ingress (if using) +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + hosts: + - host: "api.whatnow" + paths: + - path: / + pathType: ImplementationSpecific + - host: "api-preparemessages.ifrc.org" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - "api-preparemessages.ifrc.org" + secretName: "ifrc.certificates.secret" diff --git a/helm-chart/values-staging.yaml b/helm-chart/values-staging.yaml new file mode 100644 index 0000000..d397c89 --- /dev/null +++ b/helm-chart/values-staging.yaml @@ -0,0 +1,83 @@ +# Azure Container Registry details +image: + repository: ifrcsmdb.azurecr.io/whatnowapi-qa + tag: "latest" + pullPolicy: Always + +replicaCount: 1 + +# Kubernetes service configuration +service: + type: ClusterIP + port: 80 + targetPort: 80 +# Environment variables +env: + APP_NAME: Laravel + APP_ENV: stage + APP_DEBUG: false + APP_URL: http://localhost + LOG_CHANNEL: stack + DB_PORT: 3306 + DB_CONNECTION: mysql + BROADCAST_DRIVER: log + CACHE_DRIVER: file + QUEUE_CONNECTION: sync + SESSION_DRIVER: file + SESSION_LIFETIME: 120 + REDIS_HOST: 127.0.0.1 + REDIS_PASSWORD: null + REDIS_PORT: 6379 + MAIL_DRIVER: smtp + MAIL_HOST: smtp.mailtrap.io + MAIL_PORT: 2525 + MAIL_USERNAME: null + MAIL_PASSWORD: null + MAIL_ENCRYPTION: null + AWS_ACCESS_KEY_ID: + AWS_SECRET_ACCESS_KEY: + AWS_DEFAULT_REGION: us-east-1 + AWS_BUCKET: + PUSHER_APP_ID: + PUSHER_APP_KEY: + PUSHER_APP_SECRET: + PUSHER_APP_CLUSTER: mt1 + MIX_PUSHER_APP_KEY: "${PUSHER_APP_KEY}" + MIX_PUSHER_APP_CLUSTER: "${PUSHER_APP_CLUSTER}" + AZURE_STORAGE_ACCOUNT: smdbstorageaccount + AZURE_STORAGE_CONTAINER: images-stage + AZURE_STORAGE_DOMAIN: blob.core.windows.net + +secrets: + dbSecretName: admin-credentials + variables: + ADMIN_USER: ADMIN_USER + ADMIN_PASSWORD: ADMIN_PASSWORD + DB_HOST: DB_HOST + DB_DATABASE: DB_DATABASE + DB_USERNAME: DB_USERNAME + DB_PASSWORD: DB_PASSWORD + APP_KEY: APP_KEY + AZURE_STORAGE_KEY: AZURE_STORAGE_KEY + AZURE_STORAGE_CONNECTION_STRING: AZURE_STORAGE_CONNECTION_STRING + +# Ingress (if using) +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + hosts: + - host: "qa.api.whatnow" + paths: + - path: / + pathType: ImplementationSpecific + - host: "api-preparemessages-stage.ifrc.org" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - "api-preparemessages-stage.ifrc.org" + secretName: "ifrc.certificates.secret" From c633d2403cec9ccf74756824b0433e7900d173ab Mon Sep 17 00:00:00 2001 From: Jose Ganora Date: Tue, 27 May 2025 18:28:41 -0300 Subject: [PATCH 2/4] changes to implement qa and production env --- .github/workflows/production-pipeline.yml | 9 +++------ .github/workflows/qa-pipeline.yml | 6 ++++-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/production-pipeline.yml b/.github/workflows/production-pipeline.yml index bd1b152..918c374 100644 --- a/.github/workflows/production-pipeline.yml +++ b/.github/workflows/production-pipeline.yml @@ -1,11 +1,8 @@ +name: Production pipeline + on: - pull_request: - types: - - closed - branches: - - 'develop' + workflow_dispatch: # Allows manual execution -name: Linux_Container_Workflow jobs: build-and-deploy: runs-on: ubuntu-latest diff --git a/.github/workflows/qa-pipeline.yml b/.github/workflows/qa-pipeline.yml index 834fd12..785d809 100644 --- a/.github/workflows/qa-pipeline.yml +++ b/.github/workflows/qa-pipeline.yml @@ -1,11 +1,13 @@ +name: Stage pipeline + on: pull_request: types: - closed branches: - - 'develop' + - 'staging' + -name: Linux_Container_Workflow jobs: build-and-deploy: runs-on: ubuntu-latest From dd6f2da8d7f5a36b5fe413906c5abe7b66201ea3 Mon Sep 17 00:00:00 2001 From: Jose Ganora Date: Tue, 27 May 2025 18:32:03 -0300 Subject: [PATCH 3/4] changes to implement qa and production env --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index faeec61..d3b6cf6 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ helm-chart/secrets-ifrc.yml helm-chart/secrets-qa.yml helm-chart/secrets-prod.yml helm-chart/ssl-secret.yaml +.DS_Store From 7d211d95fea5f23397f0ea3de9556950e97819a8 Mon Sep 17 00:00:00 2001 From: Jose Ganora Date: Tue, 27 May 2025 18:34:58 -0300 Subject: [PATCH 4/4] changes to implement qa and production env --- helm-chart/values-production.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/helm-chart/values-production.yaml b/helm-chart/values-production.yaml index 64b076d..ad5b3fd 100644 --- a/helm-chart/values-production.yaml +++ b/helm-chart/values-production.yaml @@ -13,10 +13,11 @@ service: targetPort: 80 # Environment variables env: - APP_NAME: Laravel - APP_ENV: local + APP_NAME: 'IFRC National Society Preparedness Messages' + APP_ENV: production APP_DEBUG: false - APP_URL: http://localhost + APP_LOG_LEVEL: info + APP_URL: https://api-preparemessages.ifrc.org LOG_CHANNEL: stack DB_PORT: 3306 DB_CONNECTION: mysql