chore: update deployment pipelines (#418)

Author: klpx

.github/workflows/build.yml

@@ -0,0 +1,94 @@
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      ref_name:
+        required: true
+        type: string
+      image_file:
+        required: false
+        default: './Dockerfile'
+        type: string
+      component:
+        required: false
+        type: string
+    outputs:
+      image_repo:
+        value: ${{ jobs.build.outputs.image_repo }}
+      image_tag:
+        value: ${{ jobs.build.outputs.image_tag }}
+      image_digest:
+        value: ${{ jobs.build.outputs.image_digest }}
+      component:
+        value: ${{ jobs.build.outputs.component }}
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: write
+      contents: read
+
+    env:
+      REF_NAME: ${{ inputs.ref_name || github.ref_name }}
+
+    outputs:
+      image_repo: ghcr.io/${{ steps.params.outputs.repository }}
+      image_tag: ${{ steps.params.outputs.tag }}
+      image_digest: ${{ steps.build.outputs.digest }}
+      component: ${{ steps.params.outputs.component }}
+
+    steps:
+      - name: Compute params
+        uses: actions/github-script@v7
+        id: params
+        env:
+          COMPONENT: ${{ inputs.component }}
+        with:
+          script: |
+            core.setOutput('tag', process.env.REF_NAME);
+            core.setOutput('component', process.env.COMPONENT);
+            let repository = process.env.GITHUB_REPOSITORY.toLowerCase();
+            if (process.env.COMPONENT) {
+              repository += '/' + process.env.COMPONENT
+            }
+            core.setOutput('repository', repository);
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: recursive
+          ref: ${{ env.REF_NAME }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ steps.params.outputs.repository }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          context: 'git'
+          tags: |
+            type=sha
+            type=sha,format=long
+            type=raw,value=${{ steps.params.outputs.tag }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        id: build
+        with:
+          context: .
+          file: ${{ inputs.image_file }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/deploy.yml

@@ -1,129 +1,49 @@
-name: Deploy to Kubernetes
+name: Deploy build
 
 on:
   push:
     branches:
       - main
-      - canary
       - staging
-      - td-nature
-      - td-book
       - td-art
 
+  workflow_dispatch:
+    inputs:
+      ref_name:
+        description: "Branch or tag"
+        required: true
+        type: string
+
+  workflow_call:
+    inputs:
+      ref_name:
+        required: true
+        type: string
+
 jobs:
   build:
-    runs-on: ubuntu-latest
-    environment: "${{ github.ref == 'refs/heads/main' && 'production' || github.ref == 'refs/heads/canary' && 'canary' || github.ref == 'refs/heads/staging' && 'staging' || startsWith(github.ref, 'refs/heads/td-') && 'testing' || 'unknown' }}"
-    env:
-      JOB_ENV: "${{ github.ref == 'refs/heads/main' && 'production' || github.ref == 'refs/heads/canary' && 'canary' || github.ref == 'refs/heads/staging' && 'staging' || startsWith(github.ref, 'refs/heads/td-') && 'testing' || 'unknown' }}"
-      APP_ENV: "${{ github.ref == 'refs/heads/main' && 'production' || github.ref == 'refs/heads/canary' && 'canary' || github.ref == 'refs/heads/staging' && 'staging' || startsWith(github.ref, 'refs/heads/td-') && format('{0}{1}', 'testing-', github.ref_name) || 'unknown' }}"
-      APP_DOMAIN: "${{ startsWith(github.ref, 'refs/heads/td-') && format('{0}{1}', github.ref_name, vars.APP_DOMAIN_TESTING) || github.ref == 'refs/heads/staging' && vars.APP_DOMAIN_STAGING || vars.APP_DOMAIN }}"
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}
-      cancel-in-progress: false
-
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
     permissions:
       packages: write
       contents: read
+    with:
+      ref_name: ${{ inputs.ref_name || github.ref_name }}
 
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION }}
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set sha-short
-        run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV
-
-      - id: lower-repo
-        name: Repository to lowercase
-        run: |
-          echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
+      - name: Run deployment wf
+        uses: the-actions-org/workflow-dispatch@v4
         with:
-          images: ghcr.io/${{ steps.lower-repo.outputs.repository }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          tags: |
-            type=sha
-            type=sha,format=long
-            type=ref,event=branch
-
-      - name: Build and push Docker image ${{ steps.lower-repo.outputs.repository }}:${{ env.APP_ENV }}
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.GITHUB_SHA_SHORT }},ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.APP_ENV }}
-          build-args: |
-            sha=${{ github.sha }}
-            sha_short=${{ env.GITHUB_SHA_SHORT }}
-            app_env=${{ vars.APP_ENV }}
-            REACT_APP_PROXY_KEY=${{ secrets.REACT_APP_PROXY_KEY }}
-            REACT_APP_MIXPANEL_TOKEN=${{ secrets.REACT_APP_MIXPANEL_TOKEN }}
-            REACT_APP_ANALYTICS_ENABLED=${{ secrets.REACT_APP_ANALYTICS_ENABLED }}
-
-      - name: Apply AWS k8s config
-        run: aws eks update-kubeconfig --name ${{ vars.AWS_CLUSTER }} --region ${{ vars.AWS_REGION }}
-
-      - name: Create namespace
-        run: |
-          kubectl create ns ${{ vars.APP_NAME }}-${{ env.APP_ENV }} || echo "Namespace already exists"
-
-      - name: Deploy ${{ vars.APP_NAME }} to Kubernetes
-        run: |
-          helm upgrade --install ${{ vars.APP_NAME }} ./helm/app \
-          --namespace ${{ vars.APP_NAME }}-${{ env.APP_ENV }} \
-          --values ./helm/app/values.yaml \
-          --values ./helm/app/values-${{ env.JOB_ENV }}.yaml \
-          --set imageRepo="ghcr.io/${{ steps.lower-repo.outputs.repository }}" \
-          --set imageTag="${{ env.GITHUB_SHA_SHORT }}" \
-          --set host=${{ env.APP_DOMAIN }} \
-          --set appName=${{ vars.APP_NAME }} \
-          --set ghcrSecret=${{ secrets.GHCR_SECRET }}
-
-      - name: Verify deployment
-        run: |
-          kubectl -n ${{ vars.APP_NAME }}-${{ env.APP_ENV }} rollout status deployment/${{ vars.APP_NAME }}-${{ env.JOB_ENV }}
-
-      - name: Telegram Notify (Success)
-        uses: appleboy/[email protected]
-        if: success() && contains('${{ vars.ENABLE_DEPLOY_BOT }}', 1)
-        with:
-          to: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
-          token: ${{ secrets.TELEGRAM_DEPLOY_TOKEN }}
-          format: markdown
-          message: |
-            🚂 The application from repository [${{ steps.lower-repo.outputs.repository }}](https://github.com/${{ steps.lower-repo.outputs.repository }}) has been successfully deployed by [${{ github.actor }}](https://github.com/users/${{ github.actor }}) on ${{ env.APP_ENV }}.
-
-            🏗️ [GitHub Actions Build](https://github.com/${{ steps.lower-repo.outputs.repository }}/actions/runs/${{ github.run_id }})
-            🐳 [Image](https://ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.GITHUB_SHA_SHORT }})
-            🔗 [Link](https://${{ env.APP_DOMAIN }})
-
-      - name: Telegram Notify (Failure)
-        uses: appleboy/[email protected]
-        if: failure()
-        with:
-          to: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
-          token: ${{ secrets.TELEGRAM_DEPLOY_TOKEN }}
-          format: markdown
-          message: |
-            🚨 Deploy of the application from repository [${{ steps.lower-repo.outputs.repository }}](https://github.com/${{ steps.lower-repo.outputs.repository }}) on ${{ env.APP_ENV }} has failed.
-
-            🏗️ [GitHub Actions Build](https://github.com/${{ steps.lower-repo.outputs.repository }}/actions/runs/${{ github.run_id }})
-            🐳 [Image](https://ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{ env.GITHUB_SHA_SHORT }})
-            🔗 [Link](https://${{ env.APP_DOMAIN }})
+          workflow: deploy-v2.yml
+          ref: main
+          repo: ${{ vars.DEPLOY_REPO }}
+          token: ${{ secrets.DEPLOY_REPO_TOKEN }}
+          inputs: |
+            {
+              "app_name": "${{ vars.APP_NAME }}",
+              "image_tag": "${{ needs.build.outputs.image_tag }}",
+              "image_digest": "${{ needs.build.outputs.image_digest }}"
+            }