Merge pull request #2 from loginwashere/GH-1

GH-1 Configure build deploy

Author: markoa

.sample.env

@@ -1,3 +1,4 @@
-POSTGRES_DB=demo
-POSTGRES_USER=demouser
-POSTGRES_PASSWORD=qwerty
+POSTGRES_DB=postgres
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=
+POSTGRES_PORT=5432

.semaphore/.gitignore

@@ -0,0 +1 @@
+*-secret.yml

.semaphore/client-deploy-build.yml

@@ -0,0 +1,78 @@
+# Use the latest stable version of Semaphore 2.0 YML syntax:
+version: v1.0
+
+# Name your pipeline. In case you connect multiple pipelines with promotions,
+# the name will help you differentiate between, for example, a CI build phase
+# and delivery phases.
+name: Semaphore JavaScript Example Pipeline
+
+# An agent defines the environment in which your code runs.
+# It is a combination of one of available machine types and operating
+# system images.
+# See https://docs.semaphoreci.com/article/20-machine-types
+# and https://docs.semaphoreci.com/article/32-ubuntu-1804-image
+agent:
+  machine:
+    type: e1-standard-2
+    os_image: ubuntu1804
+
+# Blocks are the heart of a pipeline and are executed sequentially.
+# Each block has a task that defines one or more jobs. Jobs define the
+# commands to execute.
+# See https://docs.semaphoreci.com/article/62-concepts
+blocks:
+  - name: Install dependencies
+    task:
+      # Set environment variables that your project requires.
+      # See https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+      env_vars:
+        - name: NODE_ENV
+          value: production
+        - name: CI
+          value: 'true'
+      secrets:
+        - name: client-production-env-secret
+      # This block runs two jobs in parallel and they both share common
+      # setup steps. We can group them in a prologue.
+      # See https://docs.semaphoreci.com/article/50-pipeline-yaml#prologue
+      prologue:
+        commands:
+          # Get the latest version of our source code from GitHub:
+          - checkout
+
+          # Use the version of Node.js specified in .nvmrc.
+          # Semaphore provides nvm preinstalled.
+          - nvm use
+          - node --version
+          - npm --version
+      jobs:
+        # First parallel job:
+        - name: client npm install and cache
+          commands:
+            - cd src/client
+
+            # Copy production configs we linked using secrets
+            - cp /home/semaphore/client-production.env .env
+
+            # Restore dependencies from cache.
+            # For more info on caching, see https://docs.semaphoreci.com/article/68-caching-dependencies
+            - cache restore client-node-modules-$SEMAPHORE_GIT_BRANCH-$(checksum package-lock.json),client-node-modules-$SEMAPHORE_GIT_BRANCH,client-node-modules-master
+
+            - npm run build
+
+            # Store the latest version of client build in cache to reuse in further blocks:
+            - cache store client-build-$SEMAPHORE_WORKFLOW_ID build
+
+# The deployment pipeline is defined to run on manual approval from the UI.
+# Semaphore will the time and the name of the person who promotes each
+# deployment.
+#
+# You could, for example, add another promotion to a pipeline that
+# automatically deploys to a staging environment from branches named
+# after a certain pattern.
+# https://docs.semaphoreci.com/article/50-pipeline-yaml#promotions
+promotions:
+  - name: Deploy Client
+    pipeline_file: client-deploy.yml
+    auto_promote_on:
+      - result: passed

.semaphore/client-deploy.yml

@@ -0,0 +1,46 @@
+# This pipeline runs after semaphore.yml
+version: v1.0
+name: Client deploy
+agent:
+  machine:
+    # Use a machine type with more RAM and CPU power for faster container
+    # builds:
+    type: e1-standard-4
+    os_image: ubuntu1804
+blocks:
+  - name: Build
+    task:
+      # Mount a secret which defines DOCKER_USERNAME and DOCKER_PASSWORD
+      # environment variables.
+      # For info on creating secrets, see:
+      # https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+      secrets:
+        - name: gh-pages-secret
+      prologue:
+        commands:
+          # Get the latest version of our source code from GitHub:
+          - checkout --use-cache
+      jobs:
+        - name: Deploy to GitHub Pages
+          commands:
+            - cd src/client
+
+            # Restore dependencies from cache.
+            # For more info on caching, see https://docs.semaphoreci.com/article/68-caching-dependencies
+            - cache restore client-node-modules-$SEMAPHORE_GIT_BRANCH-$(checksum package-lock.json),client-node-modules-$SEMAPHORE_GIT_BRANCH,client-node-modules-master
+
+            # Restore build from cache.
+            - cache restore client-build-$SEMAPHORE_WORKFLOW_ID
+
+            # Config ssh and git to push new build files into gh-pages branch of app repository
+            - ssh-keyscan -H github.com >> ~/.ssh/known_hosts
+            - chmod 600 ~/.ssh/id_rsa_semaphoreci_ghpages_deploy
+            - ssh-add ~/.ssh/id_rsa_semaphoreci_ghpages_deploy
+            - git config --global url."[email protected]:".insteadOf "https://github.com/"
+            - git config --global user.name '$GH_USERNAME'
+            - git config --global user.email '$GH_EMAIL'
+
+            - npm run deploy
+
+            # Restore change to global git repository url rewrite to previous value
+            - git config --global url."https://github.com/".insteadOf "[email protected]:"

.semaphore/secrets/.gitignore

@@ -0,0 +1 @@
+*-secret.yml

.semaphore/secrets/client-production-env-secret.sample.yml

@@ -0,0 +1,19 @@
+# Copy this file into one without .sample part and then populate it with actual values.
+# Then you can create secret, by using command
+# `sem create -f path/to/this/file`
+# More info https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+apiVersion: v1alpha
+kind: Secret
+metadata:
+  # Use this name to create this secret manually
+  name: client-production-env-secret
+data:
+  files:
+    # Client production.env file doesn't exist by default, copy src/client/sample.env into src/client/production.env
+    # and populate with production values
+    # Then create secret - in the end it should be here - https://<put-your-namespace-here>.semaphoreci.com/secrets
+    - path: client-production.env
+      # Could be created by
+      # - `base64 -w 0 /path/to/file` and put in
+      # - upload in https://<your-namesace>.semaphoreci.com/secrets
+      content: PASTE_BASE64_ENCODED_CONTENT_HERE

.semaphore/secrets/gc-k8s-secret.sample.yml

@@ -0,0 +1,26 @@
+# Copy this file into one without .sample part and then populate it with actual values.
+# Then you can create secret, by using command
+# `sem create -f path/to/this/file`
+# More info https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+apiVersion: v1alpha
+kind: Secret
+metadata:
+  # Use this name to create this secret manually
+  name: gc-k8s-secret
+data:
+  files:
+    # If you haven't set up k8s on google you need to do it first
+    # Start with https://cloud.google.com/kubernetes-engine/docs/quickstart
+    # Play with it and then you can use it with this project.
+    # Also check out https://docs.semaphoreci.com/article/119-ci-cd-for-microservices-on-kubernetes
+    # as example of k8s deploy.
+    # If you have admin of dev ops - contact them to obtain this config
+    # Also you could try to get this yourself in case you have permissions
+    # Run command
+    # `gcloud container clusters get-credentials [CLUSTER_NAME]`
+    # Then look for `.kube` folder and find config.yaml there.
+    - path: .kube/gc-k8s.yaml
+      # Could be created by
+      # - `base64 -w 0 /path/to/file` and put in
+      # - upload in https://<your-namesace>.semaphoreci.com/secrets
+      content: PASTE_BASE64_ENCODED_CONTENT_HERE

.semaphore/secrets/gcr-secret.sample.yml

@@ -0,0 +1,33 @@
+# Copy this file into one without .sample part and then populate it with actual values.
+# Then you can create secret, by using command
+# `sem create -f path/to/this/file`
+# More info https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+apiVersion: v1alpha
+kind: Secret
+metadata:
+  # Use this name to create this secret manually
+  name: gcr-secret
+data:
+  # If you haven't set up k8s on google you need to do it first
+  # Start with https://cloud.google.com/kubernetes-engine/docs/quickstart
+  # Play with it and then you can use it with this project.
+  # Check out https://docs.semaphoreci.com/article/72-google-container-registry-gcr as an example.
+  # Also check out https://docs.semaphoreci.com/article/119-ci-cd-for-microservices-on-kubernetes
+  # as example of k8s deploy.
+  env_vars:
+    # Id of your project
+    # More info here https://cloud.google.com/resource-manager/docs/creating-managing-projects?visit_id=636878590586351739-3388570778&rd=1#identifying_projects
+    - name: GCP_PROJECT_ID
+      value: "your-gcp-project-id"
+    # Default compute zone you've selected
+    # https://cloud.google.com/compute/docs/regions-zones/#available
+    - name: GCP_PROJECT_DEFAULT_ZONE
+      value: "europe-west1-b"
+  files:
+    # You need to create service account and export json key file for it here https://console.cloud.google.com/iam-admin/serviceaccounts
+    # to use in this file.
+    - path: .secrets.gcp.json
+      # Could be created by
+      # - `base64 -w 0 /path/to/file` and put in
+      # - upload in https://<your-namesace>.semaphoreci.com/secrets
+      content: PASTE_BASE64_ENCODED_CONTENT_HERE

.semaphore/secrets/gh-pages-secret.sample.yml

@@ -0,0 +1,25 @@
+# Copy this file into one without .sample part and then populate it with actual values.
+# Then you can create secret, by using command
+# `sem create -f path/to/this/file`
+# More info https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+apiVersion: v1beta
+kind: Secret
+metadata:
+  # Use this name to create this secret manually
+  name: gh-pages-secret
+data:
+  env_vars:
+    # Username of github user used for deploy
+    - name: GH_USERNAME
+      value: "super secret github username"
+    # Email of github user used for deploy
+    - name: GH_EMAIL
+      value: "super secret github email"
+  files:
+    # Generate ssh key https://help.github.com/en/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
+    # Add it to account you will use to deploy to github here https://github.com/settings/keys
+    - path: .ssh/id_rsa_semaphoreci_ghpages_deploy
+      # Could be created by
+      # - `base64 -w 0 /path/to/file` and put in
+      # - upload in https://<your-namesace>.semaphoreci.com/secrets
+      content: PASTE_BASE64_ENCODED_CONTENT_HERE

.semaphore/secrets/server-ormconfig-production-secret.sample.yml

@@ -0,0 +1,21 @@
+# Copy this file into one without .sample part and then populate it with actual values.
+# Then you can create secret, by using command
+# `sem create -f path/to/this/file`
+# More info https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+apiVersion: v1beta
+kind: Secret
+metadata:
+  # Use this name to create this secret manually
+  name: server-ormconfig-production
+data:
+  files:
+  # Copy src/server/ormconfig.sample.json into ormconfig.production.json and populate with production values
+  # You will need production connection settings in this config file.
+  # In this eample heroku postgres database addon is used.
+  # You will need to create heroku app and then add addon https://elements.heroku.com/addons/heroku-postgresql
+  # Then you will be able to view database connection settings like described here https://devcenter.heroku.com/articles/heroku-postgresql#external-connections-ingress
+  - path: ormconfig.production.json
+    # Could be created by
+    # - `base64 -w 0 /path/to/file` and put in
+    # - upload in https://<your-namesace>.semaphoreci.com/secrets
+    content: PASTE_BASE64_ENCODED_CONTENT_HERE

.semaphore/secrets/server-production-env-secret.sample.yml

@@ -0,0 +1,19 @@
+# Copy this file into one without .sample part and then populate it with actual values.
+# Then you can create secret, by using command
+# `sem create -f path/to/this/file`
+# More info https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+apiVersion: v1beta
+kind: Secret
+metadata:
+  # Use this name to create this secret manually
+  name: server-production-env
+data:
+  files:
+  # Server production.env file doesn't exist by default, copy src/server/sample.env into src/server/production.env
+  # and populate with production values
+  # Then create secret - in the end it should be here - https://<put-your-namespace-here>.semaphoreci.com/secrets
+  - path: server-production.env
+    # Could be created by
+    # - `base64 -w 0 /path/to/file` and put in
+    # - upload in https://<your-namesace>.semaphoreci.com/secrets
+    content: PASTE_BASE64_ENCODED_CONTENT_HERE

.semaphore/semaphore.yml

@@ -153,7 +153,26 @@ blocks:
           commands:
             - cd src/server
             - cache restore server-node-modules-$SEMAPHORE_GIT_BRANCH-$(checksum package-lock.json),server-node-modules-$SEMAPHORE_GIT_BRANCH,server-node-modules-master
-            - cp ci.env .env
             - cp ormconfig.ci.json ormconfig.json
             - npm run migrate:up
             - npm run test:e2e
+
+# If all tests pass, we move on to build a Docker image.
+# This is a job for a separate pipeline which we link with a promotion.
+#
+# What happens outside semaphore.yml will not appear in GitHub pull
+# request status report.
+#
+# In this example we run docker build automatically on every branch.
+# You may want to limit it by branch name, or trigger it manually.
+# For more on such options, see:
+# https://docs.semaphoreci.com/article/50-pipeline-yaml#promotions
+promotions:
+  - name: Dockerize server
+    pipeline_file: server-docker-build.yml
+    auto_promote_on:
+      - result: passed
+  - name: Deploy client
+    pipeline_file: client-deploy-build.yml
+    auto_promote_on:
+      - result: passed

.semaphore/server-deploy-k8s.yml

@@ -0,0 +1,72 @@
+# This pipeline runs after docker-build.yml
+version: v1.0
+name: Deploy server to Kubernetes
+agent:
+  machine:
+    type: e1-standard-2
+    os_image: ubuntu1804
+blocks:
+  - name: Deploy server to Kubernetes
+    task:
+      # Mount a secret which defines /home/semaphore/.kube/gc-k8s.yaml.
+      # By mounting it, we make file available in the job environment.
+      # For info on creating secrets, see:
+      # https://docs.semaphoreci.com/article/66-environment-variables-and-secrets
+      secrets:
+        - name: gc-k8s-secret
+        - name: gcr-secret
+
+      # Define an environment variable which configures kubectl:
+      env_vars:
+        - name: KUBECONFIG
+          value: /home/semaphore/.kube/gc-k8s.yaml
+      prologue:
+        commands:
+          # Authenticate using the file injected from the secret
+          - gcloud auth activate-service-account --key-file=.secrets.gcp.json
+          # Don't forget -q to silence confirmation prompts
+          - gcloud auth configure-docker -q
+          - gcloud config set project $GCP_PROJECT_ID
+          - gcloud config set compute/zone $GCP_PROJECT_DEFAULT_ZONE
+          - checkout
+          - cd src/server
+      jobs:
+      - name: Deploy
+        commands:
+          - kubectl get nodes
+          - kubectl get pods
+
+          # Our deployment.yml instructs Kubernetes to pull container image
+          # named semaphoredemos/semaphore-demo-javascript-server:$SEMAPHORE_WORKFLOW_ID
+          #
+          # envsubst is a tool which will replace $SEMAPHORE_WORKFLOW_ID with
+          # its current value. The same variable was used in server-docker-build.yml
+          # pipeline to tag and push a container image.
+          - envsubst < deployment.yml | tee deployment.yml
+
+          # Perform declarative deployment:
+          - kubectl apply -f deployment.yml
+
+  # If deployment to production succeeded, let's create a new version of
+  # our `latest` Docker image.
+  - name: Tag latest release
+    task:
+      secrets:
+        - name: gcr-secret
+      prologue:
+        commands:
+          # Authenticate using the file injected from the secret
+          - gcloud auth activate-service-account --key-file=.secrets.gcp.json
+          # Don't forget -q to silence confirmation prompts
+          - gcloud auth configure-docker -q
+          - gcloud config set project $GCP_PROJECT_ID
+          - gcloud config set compute/zone $GCP_PROJECT_DEFAULT_ZONE
+          - whereis gcloud
+          - checkout
+          - cd src/server
+      jobs:
+      - name: docker tag latest
+        commands:
+          - docker pull "gcr.io/$GCP_PROJECT_ID/semaphore-demo-javascript-server:$SEMAPHORE_WORKFLOW_ID"
+          - docker tag "gcr.io/$GCP_PROJECT_ID/semaphore-demo-javascript-server:$SEMAPHORE_WORKFLOW_ID" "gcr.io/$GCP_PROJECT_ID/semaphore-demo-javascript-server:latest"
+          - docker push "gcr.io/$GCP_PROJECT_ID/semaphore-demo-javascript-server:latest"