update the deployment process

we're still using vercel to deploy this project, but this commit adds
the setup for github actions to deploy the project to kubernetes.

moving eslint from a DevDependency to a Dependency is necessary because
eslint is currently part of the build process.

.github/workflows/build.yml

@@ -1,78 +1,24 @@
-# we are running the build in vercel now so we don't need this github action
-# commenting this out because this action kept failing on https://github.com/scientist-softserv/webstore/pull/268
-# TODO(alishaevn): figure out the sentry error if we switch from vercel to an in house deploy infrastructure
+name: "Build Docker Images"
+run-name: Build of ${{ github.ref_name }} by @${{ github.actor }}
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        type: boolean
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
+        required: false
+        default: false
 
-# name: "Build Docker Images"
-# run-name: Build of ${{ github.ref_name }} by @${{ github.actor }}
-# on:
-#   push:
-#     branches:
-#       - main
-#   pull_request:
-#     branches:
-#       - main
-#   workflow_dispatch:
-#     inputs:
-#       debug_enabled:
-#         type: boolean
-#         description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
-#         required: false
-#         default: false
-
-# env:
-#   REGISTRY: ghcr.io
-
-# jobs:
-#   build:
-#     runs-on: ubuntu-latest
-#     permissions:
-#       contents: read
-#       packages: write
-#     steps:
-#       - id: setup
-#         name: Setup
-#         uses: scientist-softserv/actions/[email protected]
-#         with:
-#           tag: ${{ inputs.tag }}
-#           image_name: ${{ inputs.image_name }}
-#           token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
-#       - uses: actions/setup-node@v3
-#         with:
-#           registry-url: 'https://npm.pkg.github.com'
-#           # Defaults to the user or organization that owns the workflow file
-#           scope: '@scientist-softserv'
-#           node-version-file: package.json
-#       - name: GPR authToken
-#         run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > $NPM_CONFIG_USERCONFIG
-#       - name: GPR alias
-#         run: echo "@scientist-softserv:registry=https://npm.pkg.github.com" >> $NPM_CONFIG_USERCONFIG
-#       - run: yarn install
-#       - run: yarn test
-
-#       - name: Login to GitHub Container Registry
-#         uses: docker/login-action@v2
-#         with:
-#           registry: ${{ env.REGISTRY }}
-#           username: ${{ github.actor }}
-#           password: ${{ secrets.GITHUB_TOKEN }}
-
-#       - name: Retag action for Docker image
-#         id: meta-docker-image
-#         uses: docker/[email protected]
-#         with:
-#           images: |
-#             name=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}
-#           tags: |
-#             type=raw,value=latest,enable={{is_default_branch}}
-
-#       - run: cp $NPM_CONFIG_USERCONFIG .npmrc; cat .npmrc
-
-#       - name: Build and push Docker image
-#         uses: docker/build-push-action@v3
-#         with:
-#           cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO_LOWER }}:${{ env.TAG }}
-#           context: .
-#           push: true
-#           tags: |
-#             ${{ steps.meta-docker-image.outputs.tags }}
-#             ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}:${{ env.TAG }}
+jobs:
+  build:
+    uses: scientist-softserv/actions/.github/workflows/[email protected]
+    secrets: inherit
+    with:
+      platforms: "linux/amd64"
+      webTarget: web

.github/workflows/deploy.yml

@@ -1,5 +1,8 @@
-# we are running the deploy through vercel now so we don't need this github action
-# TODO(alishaevn): fix any potential sentry error's if we switch from vercel to an in house deploy infrastructure
+# This webstore instance is currently deployed to: https://webstore-staging.vercel.app
+# In order to deploy via github actions instead, please update/confirm the following files:
+# - ops/production-deploy.tmpl.yaml
+# - ops/staging-deploy.tmpl.yaml
+# Next, uncomment the following lines
 
 # name: "Deploy"
 # run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }}
@@ -13,6 +16,7 @@
 #         type: choice
 #         options:
 #           - staging
+#           - production
 #       debug_enabled:
 #         type: boolean
 #         description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
@@ -21,5 +25,5 @@
 
 # jobs:
 #   deploy:
-#     uses: scientist-softserv/actions/.github/workflows/[email protected].10
+#     uses: scientist-softserv/actions/.github/workflows/[email protected].16
 #     secrets: inherit

Dockerfile

@@ -1,30 +1,14 @@
-FROM node:18-alpine AS builder
-
-ENV NODE_ENV=production \
-    NEXT_TELEMETRY_DISABLED=1
-
-WORKDIR /home/node/app
-
-ADD . /home/node/app
-
-# https://github.com/vercel/next.js/discussions/22149#discussioncomment-366180
-RUN yarn install && yarn build && npm prune --omit=dev
-
-FROM node:18-alpine
+FROM node:18-alpine as web
 
 ENV NODE_ENV="production" \
     NEXT_TELEMETRY_DISABLED=1
 
 WORKDIR /home/node/app
+RUN yarn add --dev eslint
 
-# https://javascript.plainenglish.io/reduce-docker-image-size-for-your-next-js-app-bcb65d322222
-# and
-# https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder /home/node/app/package.json       /home/node/app/
-COPY --from=builder /home/node/app/yarn.lock          /home/node/app/
-COPY --from=builder /home/node/app/next.config.js     /home/node/app/
-COPY --from=builder /home/node/app/public             /home/node/app/public
-COPY --from=builder /home/node/app/.next/standalone   /home/node/app/
-COPY --from=builder /home/node/app/.next/static       /home/node/app/.next/static
+COPY package.json yarn.lock /home/node/app/
+RUN  yarn
 
-CMD ["node", "server.js"]
+COPY . /home/node/app
+RUN yarn build
+CMD ["yarn", "start"]

bin/helm_deploy

@@ -29,4 +29,4 @@ helm upgrade \
     --namespace="$namespace" \
     --create-namespace \
     "$release_name" \
-    ./charts/webstore
+    ./charts/webstore

bin/helm_deploy_local

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# This script wraps up helm deployment. It is meant as a clear starting point for
+# commandline deployment or CI based deployment. It requires the following ENV vars be set
+#
+# CHART_VERSION: this is the version of the hyrax chart you want to deploy. default - 0.22.0
+# DEPLOY_IMAGE: this is the build image that runs the rails application. Typically this would run puma or passenger. eg: samvera/hyrax or ghcr.io/samvera/hyku. Defaults to gcrh.io/samvera/hyku
+# DEPLOY_TAG: name of of the tag you want to deploy for deploy image. eg: "latest" or "v3.0.1" or "f123asdf1". Defaults to latest
+# HELM_EXTRA_ARGS: any additional arguments you'd like passed to helm upgrade directly. can be blank.
+
+if [ -z "$1" ] || [ -z "$2" ]
+then
+    echo './bin/helm_deploy RELEASE_NAME NAMESPACE'
+    exit 1
+fi
+release_name="${1}"
+namespace="${2}"
+
+HELM_EXTRA_ARGS="${HELM_EXTRA_ARGS}:---values ops/production-deploy.yaml"
+DEPLOY_IMAGE="${DEPLOY_IMAGE:-ghcr.io/scientist-softserv/webstore}"
+DEPLOY_TAG="${DEPLOY_TAG:-latest}"
+
+helm upgrade \
+    --install \
+    --atomic \
+    --timeout 15m0s \
+    --set image.repository="$DEPLOY_IMAGE" \
+    --set image.tag="$DEPLOY_TAG" \
+    --values ops/production-deploy.yaml \
+    --namespace="$namespace" \
+    --create-namespace \
+    "$release_name" \
+    ./charts/webstore

charts/webstore/templates/deployment.yaml

@@ -34,33 +34,47 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
+            - name: CLIENT_SECRET
+              value: "{{ .Values.clientSecret }}"
+            - name: CLIENT_ID
+              value: "{{ .Values.clientId }}"
+            - name: NEXTAUTH_SECRET
+              value: "{{ .Values.nextAuthSecret }}"
             - name: NEXTAUTH_URL
               value: "{{ .Values.nextAuthUrl }}"
-            - name: NEXT_PUBLIC_PROVIDER_NAME
-              value: "{{ .Values.providerName }}"
+            - name: NEXT_PUBLIC_APP_BASE_URL
+              value: "{{ .Values.appBaseUrl }}"
             - name: NEXT_PUBLIC_PROVIDER_ID
               value: "{{ .Values.providerId }}"
+            - name: NEXT_PUBLIC_PROVIDER_NAME
+              value: "{{ .Values.providerName }}"
             - name: NEXT_PUBLIC_SCIENTIST_API_VERSION
               value: "{{ .Values.scientistApiVersion }}"
             - name: NEXT_PUBLIC_TOKEN
               value: "{{ .Values.nextPublicToken }}"
-            - name: NEXTAUTH_SECRET
-              value: "{{ .Values.nextAuthSecret }}"
-            - name: CLIENT_SECRET
-              value: "{{ .Values.clientSecret }}"
-            - name: CLIENT_ID
-              value: "{{ .Values.clientId }}"
+            - name: NEXT_PUBLIC_WEBHOOK_URL
+              value: "{{ .Values.webhookUrl }}"
+            - name: SENTRY_AUTH_TOKEN
+              value: "{{ .Values.sentryAuthToken }}"
             - name: SENTRY_DSN
               value: "{{ .Values.sentryDsn }}"
+            - name: SENTRY_ORG
+              value: "{{ .Values.sentryOrg }}"
+            - name: SENTRY_PROJECT
+              value: "{{ .Values.sentryProject }}"
+            - name: SENTRY_URL
+              value: "{{ .Values.sentryUrl }}"
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
           livenessProbe:
+            initialDelaySeconds: 60
             httpGet:
               path: /
               port: http
           readinessProbe:
+            initialDelaySeconds: 60
             httpGet:
               path: /
               port: http

charts/webstore/values.yaml

@@ -8,16 +8,27 @@ image:
   repository: ghcr.io/scientist-softserv/webstore
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "0.0.2"
+  tag: '0.0.2'
 
+appBaseUrl: ''
+clientId: ''
+clientSecret: ''
+fullnameOverride: ''
 imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-apiTokenConfigSecret: ""
-nextAuthUrl: ""
-providerName: ""
-providerId: ""
-scientistApiVersion: ""
+nameOverride: ''
+nextAuthSecret: ''
+nextAuthUrl: ''
+nextPublicToken: ''
+providerId: ''
+providerName: ''
+replicaCount: ''
+scientistApiVersion: ''
+sentryAuthToken: ''
+sentryDsn: ''
+sentryOrg: ''
+sentryProject: ''
+sentryUrl: ''
+webhookUrl: ''
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -26,7 +37,7 @@ serviceAccount:
   annotations: {}
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: ''
 
 podAnnotations: {}
 
@@ -47,7 +58,7 @@ service:
 
 ingress:
   enabled: false
-  className: ""
+  className: ''
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

docker-compose.yaml

@@ -0,0 +1,23 @@
+version: '3.8'
+
+volumes:
+  node_modules:
+services:
+  web:
+    image: ghcr.io/scientist-softserv/webstore:${TAG:-latest}
+    # command: sleep infinity
+    build:
+      context: .
+      target: web
+    ports:
+      - 3000
+    env_file:
+      - .env
+      - .env.development
+    environment:
+      - VIRTUAL_PORT=3000
+      - VIRTUAL_HOST=webstore.test
+    volumes:
+      - /home/node/app/.next
+      - .:/home/node/app
+      - node_modules:/home/node/app/node_modules

ops/production-deploy.tmpl.yaml

@@ -0,0 +1,42 @@
+appBaseUrl: 'https://webstore.softserv.cloud'
+clientId: $CLIENT_ID
+clientSecret: $CLIENT_SECRET
+nextAuthSecret: $NEXTAUTH_SECRET
+nextAuthUrl: 'https://webstore.softserv.cloud/api/auth'
+nextPublicToken: $NEXT_PUBLIC_TOKEN
+providerId: '5159'
+providerName: 'beachsidebiotech'
+replicaCount: 1
+scientistApiVersion: 'v2'
+sentryAuthToken: $SENTRY_AUTH_TOKEN
+sentryDsn: 'https://[email protected]/4506236741025792'
+sentryOrg: 'scientist-inc'
+sentryProject: 'webstore'
+sentryUrl: 'https://sentry.io/'
+webhookUrl: 'http://ss-mailer/webstore'
+
+image:
+  repository: ghcr.io/scientist-softserv/webstore
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  # tag: '0.0.2'
+
+imagePullSecrets:
+  - name: github
+
+ingress:
+  enabled: true
+  className: 'nginx'
+  annotations: {
+    nginx.ingress.kubernetes.io/proxy-body-size: '0',
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  }
+  hosts:
+    - host: webstore.softserv.cloud
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - webstore.softserv.cloud
+      secretName: softservcloud