From c4991ea3c4eff4928a69f5380f75bc59267a8602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 14:47:16 +0200 Subject: [PATCH] fix(infrastructure): add env variables to deployment --- .github/workflows/deploy-pr.yaml | 33 +++++----- .github/workflows/deploy-prod.yaml | 27 ++++---- .github/workflows/frontend-pages.yml | 61 +++---------------- .github/workflows/url_generator.yml | 43 +++++++++++++ .../charts/myapp-chart/templates/NOTES.txt | 54 ---------------- .../myapp-chart/templates/app-deployment.yaml | 16 +++++ 7project/charts/myapp-chart/values.yaml | 12 ++++ 7 files changed, 116 insertions(+), 130 deletions(-) create mode 100644 .github/workflows/url_generator.yml delete mode 100644 7project/charts/myapp-chart/templates/NOTES.txt diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 54b6b33..314fc53 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -29,6 +29,14 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit + get_urls: + if: github.event.action != 'closed' + uses: ./.github/workflows/url_generator.yml + with: + mode: pr + pr_number: ${{ github.event.pull_request.number }} + secrets: inherit + deploy: if: github.event.action != 'closed' name: Helm upgrade/install (PR preview) @@ -36,7 +44,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -64,23 +72,23 @@ jobs: DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} + DOMAIN: ${{ needs.get_urls.outputs.backend_url }} + DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} + FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | PR=${{ github.event.pull_request.number }} - if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi - if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi - if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi - if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR - DOMAIN=pr-$PR.$DEV_BASE_DOMAIN - if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \ -n "$NAMESPACE" --create-namespace \ -f 7project/charts/myapp-chart/values-dev.yaml \ --set prNumber="$PR" \ --set deployment="pr-$PR" \ --set domain="$DOMAIN" \ - --set image.repository="$IMAGE_REPO" \ + --set domain_scheme="$DOMAIN_SCHEME" \ + --set frontend_domain="$FRONTEND_DOMAIN" \ + --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ --set-string database.password="$DB_PASSWORD" @@ -88,17 +96,14 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} - FRONTEND_URL: ${{ needs.frontend.outputs.deployed_url }} + BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; if (!pr) { core.setFailed('No pull_request context'); return; } const prNumber = pr.number; - const domainBase = process.env.DEV_BASE_DOMAIN; - if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; } - const backendDomain = `pr-${prNumber}.${domainBase}`; - const backendUrl = `https://${backendDomain}`; + const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index 91fda92..dfaf21d 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -37,10 +37,17 @@ jobs: mode: prod secrets: inherit + get_urls: + name: Get URLs + uses: ./.github/workflows/url_generator.yml + with: + mode: prod + secrets: inherit + deploy: name: Helm upgrade/install (prod) runs-on: vhs - needs: [build, frontend] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -63,25 +70,23 @@ jobs: - name: Helm upgrade/install prod env: - DOMAIN: ${{ secrets.PROD_DOMAIN }} + DOMAIN: ${{ needs.get_urls.outputs.backend_url }} + DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} + FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} run: | - if [ -z "$DOMAIN" ]; then - echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi - if [ -z "$RABBITMQ_PASSWORD" ]; then - echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi - if [ -z "$DB_PASSWORD" ]; then - echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi - if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi helm upgrade --install myapp ./7project/charts/myapp-chart \ -n prod --create-namespace \ -f 7project/charts/myapp-chart/values-prod.yaml \ --set deployment="prod" \ --set domain="$DOMAIN" \ - --set image.repository="$IMAGE_REPO" \ + --set domain_scheme="$DOMAIN_SCHEME" \ + --set frontend_domain="$FRONTEND_DOMAIN" \ + --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" + --set-string database.password="$DB_PASSWORD" diff --git a/.github/workflows/frontend-pages.yml b/.github/workflows/frontend-pages.yml index cf47997..d5c91f6 100644 --- a/.github/workflows/frontend-pages.yml +++ b/.github/workflows/frontend-pages.yml @@ -25,18 +25,18 @@ on: description: 'URL of deployed frontend' value: ${{ jobs.deploy.outputs.deployed_url }} -# Required repository secrets: -# CLOUDFLARE_API_TOKEN - API token with Pages:Edit (or Account:Workers Scripts:Edit) permissions -# CLOUDFLARE_ACCOUNT_ID - Your Cloudflare account ID -# Optional repository variables: -# CF_PAGES_PROJECT_NAME - Default Cloudflare Pages project name -# PROD_DOMAIN - App domain for prod releases (e.g., api.example.com or https://api.example.com) -# BACKEND_URL_PR_TEMPLATE - Template for PR backend URL. Use {PR} placeholder for PR number (e.g., https://api-pr-{PR}.example.com) - jobs: + get_urls: + uses: ./.github/workflows/url_generator.yml + with: + mode: ${{ inputs.mode }} + pr_number: ${{ inputs.pr_number }} + secrets: inherit + build: name: Build frontend runs-on: ubuntu-latest + needs: [get_urls] defaults: run: working-directory: 7project/frontend @@ -54,50 +54,9 @@ jobs: - name: Install dependencies run: npm ci - - name: Compute backend URL for Vite - id: be - env: - EVENT_NAME: ${{ github.event_name }} - PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }} - PR_TEMPLATE: ${{ vars.BACKEND_URL_PR_TEMPLATE }} - DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} - PROD_DOMAIN_VAR: ${{ vars.PROD_DOMAIN }} - PROD_DOMAIN_SECRET: ${{ secrets.PROD_DOMAIN }} - BACKEND_URL_OVERRIDE: ${{ vars.BACKEND_URL || secrets.BACKEND_URL }} - MODE: ${{ inputs.mode }} + - name: Set backend URL from url_generator run: | - set -euo pipefail - URL="" - # 1) Explicit override wins (from repo var or secret) - if [ -n "${BACKEND_URL_OVERRIDE:-}" ]; then - if echo "$BACKEND_URL_OVERRIDE" | grep -Eiq '^https?://'; then - URL="$BACKEND_URL_OVERRIDE" - else - URL="https://${BACKEND_URL_OVERRIDE}" - fi - else - # 2) PR-specific URL when building for PR - if [ "${MODE:-}" = "pr" ] || [ "${EVENT_NAME}" = "pull_request" ]; then - if [ -n "${PR_TEMPLATE:-}" ] && [ -n "${PR_NUMBER:-}" ] ; then - URL="${PR_TEMPLATE//\{PR\}/${PR_NUMBER}}" - elif [ -n "${DEV_BASE_DOMAIN:-}" ] && [ -n "${PR_NUMBER:-}" ]; then - URL="https://pr-${PR_NUMBER}.${DEV_BASE_DOMAIN}" - fi - fi - # 3) Fallback to PROD_DOMAIN (prefer repo var, then secret) - if [ -z "$URL" ]; then - PROD_DOMAIN="${PROD_DOMAIN_VAR:-${PROD_DOMAIN_SECRET:-}}" - if [ -n "$PROD_DOMAIN" ]; then - if echo "$PROD_DOMAIN" | grep -Eiq '^https?://'; then - URL="$PROD_DOMAIN" - else - URL="https://${PROD_DOMAIN}" - fi - fi - fi - fi - echo "Using backend URL: ${URL:-}" - echo "VITE_BACKEND_URL=${URL}" >> $GITHUB_ENV + echo "VITE_BACKEND_URL=${{ needs.get_urls.outputs.backend_url_scheme }}" >> $GITHUB_ENV - name: Build run: npm run build diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml new file mode 100644 index 0000000..02fa084 --- /dev/null +++ b/.github/workflows/url_generator.yml @@ -0,0 +1,43 @@ +name: url_generator +on: + workflow_call: + inputs: + mode: + description: "Mode: 'prod' or 'pr'" + required: true + type: string + pr_number: + description: 'PR number (required when mode=pr)' + required: false + type: string + +jobs: + get_urls: + runs-on: ubuntu-latest + outputs: + backend_url: ${{ steps.urls.outputs.backend_url }} + frontend_url: ${{ steps.urls.outputs.frontend_url }} + frontend_url_scheme: ${{ steps.urls.outputs.frontend_url_scheme }} + backend_url_scheme: ${{ steps.urls.outputs.backend_url_scheme }} + + steps: + - name: Compute URLs PROD + id: urls + run: | + set -euo pipefail + + if [ "${{ inputs.mode }}" = "prod" ]; then + BACKEND_URL="api.${{ secrets.PROD_DOMAIN }}" + FRONTEND_URL="finance.${{ secrets.PROD_DOMAIN }}" + + else + FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" + BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + + FRONTEND_URL_SCHEME="https://$FRONTEND_URL" + BACKEND_URL_SCHEME="https://$BACKEND_URL" + + echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT + echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT + echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT + echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT diff --git a/7project/charts/myapp-chart/templates/NOTES.txt b/7project/charts/myapp-chart/templates/NOTES.txt deleted file mode 100644 index 9eeb1e5..0000000 --- a/7project/charts/myapp-chart/templates/NOTES.txt +++ /dev/null @@ -1,54 +0,0 @@ -Thank you for installing myapp-chart. - -This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access. - -Namespaces per developer (important): -- Install each developer's environment into their own namespace using Helm's -n/--namespace flag. -- No hardcoded namespace is used in templates; resources are created in .Release.Namespace. -- Example namespaces: dev-alice, dev-bob, pr-123, etc. - -Key values: -- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER) -- image.repository/tag or image.digest -> container image -- domain -> public FQDN used by TunnelBinding (required to expose app) -- app/worker names, replicas, ports - -Examples: -- Dev install (Alice): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-alice --create-namespace \ - -f values-dev.yaml \ - --set domain=alice.demo.example.com \ - --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" - -- Dev install (Bob): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-bob --create-namespace \ - -f values-dev.yaml \ - --set domain=bob.demo.example.com - -- Prod install (different cleanupPolicy): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n prod --create-namespace \ - -f values-prod.yaml \ - --set domain=app.example.com - -- PR (preview) install with DB name containing PR number (also its own namespace): - PR=123 - helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \ - -n pr-$PR --create-namespace \ - -f values-dev.yaml \ - --set prNumber=$PR \ - --set deployment=preview-$PR \ - --set domain=pr-$PR.example.com - -- Use a custom deployment identifier to suffix DB name, DB username and Secret name: - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-alice --create-namespace \ - -f values-dev.yaml \ - --set deployment=alice \ - --set domain=alice.demo.example.com - -Render locally (dry run): - helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30 diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml index 1d264ab..499c1e4 100644 --- a/7project/charts/myapp-chart/templates/app-deployment.yaml +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -52,6 +52,22 @@ spec: value: {{ .Values.rabbitmq.vhost | default "/" | quote }} - name: MAIL_QUEUE value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }} + - name: MOJEID_CLIENT_ID + value: {{ .Values.oauth.mojeid.clientId | quote }} + - name: MOJEID_CLIENT_SECRET + value: {{ .Values.oauth.mojeid.clientSecret | quote }} + - name: BANKID_CLIENT_ID + value: {{ .Values.oauth.bankid.clientId | quote }} + - name: BANKID_CLIENT_SECRET + value: {{ .Values.oauth.bankid.clientSecret | quote }} + - name: DOMAIN + value: {{ required "Set .Values.domain" .Values.domain | quote }} + - name: DOMAIN_SCHEME + value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }} + - name: FRONTEND_DOMAIN + value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }} + - name: FRONTEND_DOMAIN_SCHEME + value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }} livenessProbe: httpGet: path: / diff --git a/7project/charts/myapp-chart/values.yaml b/7project/charts/myapp-chart/values.yaml index 4b36e35..6186a32 100644 --- a/7project/charts/myapp-chart/values.yaml +++ b/7project/charts/myapp-chart/values.yaml @@ -11,6 +11,10 @@ deployment: "" # Public domain to expose the app under (used by TunnelBinding fqdn) # Set at install time: --set domain=example.com domain: "" +domain_scheme: "" + +frontend_domain: "" +frontend_domain_scheme: "" image: repository: lukastrkan/cc-app-demo @@ -33,6 +37,14 @@ worker: service: port: 80 +oauth: + bankid: + clientId: "" + clientSecret: "" + mojeid: + clientId: "" + clientSecret: "" + rabbitmq: create: true replicas: 1