Merge pull request #37 from zooniverse/production-deploy

Production deploy setup

.github/workflows/deploy_lambda_production.yml

@@ -0,0 +1,37 @@
+name: Deploy Production Lambda Function
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy_lambda:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./kinesis-to-http
+    name: Deploy production lambda
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.LAMBDA_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.LAMBDA_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+          role-session-name: lambda-deploy-production
+
+      - name: Install dependencies
+        run: |
+          mkdir ./package && pip install --target ./package requests
+
+      - name: Zip package
+        run: |
+          zip -r ./lambda.zip .
+
+      - name: AWS Deploy
+        run: |
+          aws lambda update-function-code \
+            --function-name eras-forwarder-production \
+            --zip-file fileb://lambda.zip

.github/workflows/deploy_lambda_staging.yml

@@ -1,9 +1,6 @@
-name: Deploy Lambda Function
+name: Deploy Staging Lambda Function
 
 on:
-  push:
-    tags:
-      - lambda-release
   workflow_dispatch:
 
 jobs:
@@ -12,7 +9,7 @@ jobs:
     defaults:
       run:
         working-directory: ./kinesis-to-http
-    name: Deploy lambda function
+    name: Deploy staging lambda
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/deploy_production.yml

@@ -0,0 +1,39 @@
+name: Deploy to Production
+
+on:
+  push:
+    tags:
+      - production-release
+  workflow_dispatch:
+
+jobs:
+  build_and_push_image:
+    name: Build and Push Image
+    uses: zooniverse/ci-cd/.github/workflows/build_and_push_image.yaml@main
+    with:
+      repo_name: eras
+      commit_id: ${{ github.sha }}
+      latest: true
+
+  db_migration_production:
+    name: Production DB Migration
+    uses: zooniverse/ci-cd/.github/workflows/db_migration.yaml@main
+    needs: build_and_push_image
+    with:
+      app_name: eras
+      environment: production
+      commit_id: ${{ github.sha }}
+    secrets:
+      creds: ${{ secrets.AZURE_AKS }}
+
+  deploy_production:
+    name: Deploy to Production
+    uses: zooniverse/ci-cd/.github/workflows/deploy_app.yaml@main
+    needs: [build_and_push_image, db_migration_production]
+    with:
+      app_name: eras
+      repo_name: eras
+      commit_id: ${{ github.sha }}
+      environment: production
+    secrets:
+      creds: ${{ secrets.AZURE_AKS }}

config/credentials/production.yml.enc

@@ -0,0 +1 @@
+eqnALI7MN47S0mBhfjaK5EGmDYeswAgKWkiduqfkLlscxRPc5UmIQPI4mu89UNL70xyhI9EKI9FL/s+j3Aq5G6Mbok9QnjU8gVqVhaB0wesFov0yKvPsL9J5s4aqoPlmj6A3IP7zrRSLJjVIm51xRqyjp5jONo+s5blGR3e7Uts3B5zLaOFfW56J2FUF6zJUICDQbNAWl03Nuec6U0GIgPJM3FVCbyvcwYHsLXxMug9kNlU+Sq85DmDxpL2OpBcuT3TyUUh4OVbsWC4jJmdkuGl9ZqgLOjTMyADwofaWB/xPBpjXZMOJrPEssDZplYCrh4ZxaIFJzkO1jalYQ8HIIaNLyiDDRNV5UJnzl/kdxVyrjdxdqyXcWa737CIhlnAtetRg+Xs1S3sxCCqowLcULccPhaQtD7arVYPS2Ox7vXI614PwLv4fgcaNpLjB3QDcgHH1yl+8X7YkJPXbmrECJDIaJVJbX9jLmm7gY481jtzsJhB8TOl5z648aWwSs3NcUO/w8FywZ4htCq4yesK84z4XqxoqztMh1UqP67KNo7MRZ+NVlqa5Z4rqKCX2kBOy1MvzIX4WNFyFdJbWXek8Pq0P+fDmRE6I/qydptRWbKidcWqJP9AjCso997Q5qg==--/WuoYgMCEHz1UMzq--6pLCOPC56KYGEilMTbAA/w==

kubernetes/db-migrate-production.tmpl

@@ -0,0 +1,23 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: __JOB_NAME__
+spec:
+  template:
+    spec:
+      containers:
+      - name: eras-db-migrate-production
+        image: ghcr.io/zooniverse/eras:__IMAGE_TAG__
+        command: ["bundle",  "exec", "rails", "db:migrate"]
+        env:
+        - name: RAILS_LOG_TO_STDOUT
+          value: "true"
+        - name: RAILS_ENV
+          value: staging
+        - name: RAILS_MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              name: eras-production
+              key: rails-master-key
+      restartPolicy: Never
+  backoffLimit: 1

kubernetes/deployment-production.tmpl

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: eras-production-app
+  labels:
+    app: eras-production-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: eras-production-app
+  template:
+    metadata:
+      labels:
+        app: eras-production-app
+    spec:
+      containers:
+        - name: eras-production-app
+          image: ghcr.io/zooniverse/eras:__IMAGE_TAG__
+          resources:
+            requests:
+              memory: "200Mi"
+              cpu: "100m"
+            limits:
+              memory: "1000Mi"
+              cpu: "1000m"
+          startupProbe:
+            httpGet:
+              path: /
+              port: 80
+              httpHeaders:
+                 - name: X-Forwarded-Proto
+                   value: https
+            # wait 6 * 10 seconds(default periodSeconds) for the container to start
+            # after this succeeds once the liveness probe takes over
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 80
+              httpHeaders:
+                 - name: X-Forwarded-Proto
+                   value: https
+            # allow a longer response time than 1s
+            timeoutSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 80
+              httpHeaders:
+                 - name: X-Forwarded-Proto
+                   value: https
+            # start checking for readiness after 20s (to serve traffic)
+            initialDelaySeconds: 20
+            # allow a longer response time than 1s
+            timeoutSeconds: 10
+          env:
+            - name: RAILS_LOG_TO_STDOUT
+              value: "true"
+            - name: RAILS_ENV
+              value: production
+            - name: RAILS_MASTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: eras-production
+                  key: rails-master-key
+          volumeMounts:
+          - mountPath: /tmp
+            name: eras-production-app-data
+      volumes:
+        - name: eras-production-app-data
+          hostPath:
+            # directory location on host node temp disk
+            path: /mnt/eras-production-app-data
+            type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: eras-production-app
+spec:
+  selector:
+    app: eras-production-app
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: NodePort

kubernetes/deployment-staging.tmpl

@@ -24,6 +24,36 @@ spec:
             limits:
               memory: "600Mi"
               cpu: "500m"
+          startupProbe:
+            httpGet:
+              path: /
+              port: 80
+              httpHeaders:
+                 - name: X-Forwarded-Proto
+                   value: https
+            # wait 6 * 10 seconds(default periodSeconds) for the container to start
+            # after this succeeds once the liveness probe takes over
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 80
+              httpHeaders:
+                 - name: X-Forwarded-Proto
+                   value: https
+            # allow a longer response time than 1s
+            timeoutSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 80
+              httpHeaders:
+                 - name: X-Forwarded-Proto
+                   value: https
+            # start checking for readiness after 20s (to serve traffic)
+            initialDelaySeconds: 20
+            # allow a longer response time than 1s
+            timeoutSeconds: 10
           env:
             - name: RAILS_LOG_TO_STDOUT
               value: "true"