Merge pull request #97 from FranklinDAO-Dev-Team/heronimus/ci-auto-de…

…ploy ci: init auto deployment update to railway
FranklinDAO-Dev-Team · Jun 13, 2024 · a9cb362 · a9cb362
2 parents 2808886 + 79af945
commit a9cb362
Show file tree

Hide file tree

Showing 5 changed files with 281 additions and 24 deletions.
diff --git a/.github/docker-godot-webexport/Dockerfile b/.github/docker-godot-webexport/Dockerfile
@@ -0,0 +1,12 @@
+# Runtime
+FROM nginx:1.27-alpine AS runtime
+
+## Copy Nginx config
+COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
+COPY ./nginx/confd-default.conf /etc/nginx/conf.d/default.conf
+
+## Copy Godot export html data
+COPY ./web_export/ /www/data/
+RUN chmod a+r -R /www/data/
+
+RUN mv /www/data/ArcaneReveal.html /www/data/index.html
diff --git a/.github/docker-godot-webexport/nginx/confd-default.conf b/.github/docker-godot-webexport/nginx/confd-default.conf
@@ -0,0 +1,12 @@
+## Index Server Directive
+server {
+    listen 80;
+    absolute_redirect off;
+
+    ## Add Required Godot export header
+    add_header Access-Control-Allow-Origin "*";
+    add_header Cross-Origin-Embedder-Policy "require-corp";
+    add_header Cross-Origin-Opener-Policy "same-origin";
+
+    root /www/data/;
+}
diff --git a/.github/docker-godot-webexport/nginx/nginx.conf b/.github/docker-godot-webexport/nginx/nginx.conf
@@ -0,0 +1,35 @@
+# Optimizing performance for serving content
+# See: https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/#optimizing-performance-for-serving-content
+
+# Optimizing performance for proxy
+# See: https://www.tweaked.io/guide/nginx-proxying/
+user                    nginx;
+worker_processes  2;
+events {
+    worker_connections  8096;
+    multi_accept        on;
+    use                 epoll;
+}
+worker_rlimit_nofile 40000;
+
+error_log               /var/log/nginx/error.log warn;
+pid                     /var/run/nginx.pid;
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # Enable gzip encryption
+    gzip on;
+
+    sendfile           on;
+    tcp_nopush         on;
+    tcp_nodelay        on;
+    keepalive_timeout  30;
+    types_hash_max_size 2048;
+
+    # Don't expose Nginx version
+    server_tokens off;
+
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -1,25 +1,25 @@
-name: Release
+name: Build
 
-## workflow will trigger on commit to "main" branch only
+## workflow will trigger by deploy workflow on main branch
 on:
+  workflow_call:
   workflow_dispatch:
-  push:
-    branches:
-      - main
+  # push:
+  #   branches:
+  #     - main
 
 env:
   GITHUB_REGISTRY_URL: ghcr.io
-  GITHUB_CONTAINER_NAME: ArcaneReveal/cardinal
+  GITHUB_CONTAINER_NAME: ${{ github.repository }}
   GO_VERSION: 1.22.1
 
 jobs:
-  build:
-    name: World Engine - Cardinal Build
+  cardinal:
+    name: World Engine - Cardinal
     runs-on: ubuntu-latest
     defaults:
       run:
         shell: bash
-        working-directory: world-engine
     # Add "id-token" with the intended permissions.
     permissions:
       contents: read
@@ -34,28 +34,81 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Set SHA_SHORT outputs
-        id: vars
-        run:
-          echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
+      ## Execute makefile
+      - name: Run Make
+        working-directory: world-engine/cardinal
+        run: make
+      ## Set Docker metadata
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.GITHUB_REGISTRY_URL }}/${{ env.GITHUB_CONTAINER_NAME }}/cardinal
+          tags: |
+            type=ref,event=branch
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=sha
       ## Login into GCR / Github Packages
       - name: Docker - Auth to Github Container Registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.GITHUB_REGISTRY_URL }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      ## Push build image to GCR / Github Packages
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./world-engine/cardinal
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  godot:
+    name: Godot - HTML Export
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    # Add "id-token" with the intended permissions.
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       ## Execute makefile
-      - name: Run Make
-        working-directory: world-engine/cardinal
-        run: make
-      ## Build Cardinal dockerfile
-      - name: Cardinal Build
+      - name: Copy Godot Export HTML data
         run: |
-          # Build container image
-          # Image name: ghcr.io/FranklinDAO-Dev-Team/ArcaneReveal/cardinal:{sha_hort}
-          docker build -t ${{ env.GITHUB_REGISTRY_URL }}/${{ github.repository_owner }}/${{ env.GITHUB_CONTAINER_NAME }}:${{ steps.vars.outputs.sha_short }} .
+          cp -r ./godot/web_export .github/docker-godot-webexport/
+          ls -lah .github/docker-godot-webexport/web_export
+      ## Set Docker metadata
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.GITHUB_REGISTRY_URL }}/${{ env.GITHUB_CONTAINER_NAME }}/godotexport
+          tags: |
+            type=ref,event=branch
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=sha
+      ## Login into GCR / Github Packages
+      - name: Docker - Auth to Github Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GITHUB_REGISTRY_URL }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       ## Push build image to GCR / Github Packages
-      - name: Docker - Publish Image to Github Container Registry
-        run: |
-          docker push ${{ env.GITHUB_REGISTRY_URL }}/${{ github.repository_owner }}/${{ env.GITHUB_CONTAINER_NAME }}:${{ steps.vars.outputs.sha_short }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .github/docker-godot-webexport/
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -0,0 +1,145 @@
+name: Deploy
+
+## workflow will need manual trigger from actions page
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Build
+    uses: ./.github/workflows/build.yaml
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+  deploy:
+    name: Deploy Railway
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install Railway CLI
+        run: |
+          bash <(curl -fsSL cli.new)
+      - name: Install Redis-CLI
+        uses: shogo82148/actions-setup-redis@v1
+        with:
+          redis-version: 7
+          auto-start: "false"
+      - name: Install Postgresql client-only
+        run: |
+          sudo apt-get update
+          sudo apt-get install --yes --no-install-recommends postgresql-client
+      - name: Get Last Commit Short SHA
+        id: commit_data
+        run: |
+          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+      - name: Cardinal - Shutdown Previous Deployment
+        working-directory: world-engine/cardinal
+        run: |
+          ## Get Cardinal Latest Deployment ID
+          DEPLOYMENT_ID=$(curl --location 'https://backboard.railway.app/graphql/v2' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"query deployments($projectId: String!, $environmentId: String!, $serviceId: String!) {\n  deployments(\n    first: 1\n    input: {\n      projectId: $projectId\n      environmentId: $environmentId\n      serviceId: $serviceId\n    }\n  ) {\n    edges {\n      node {\n        id\n        staticUrl\n      }\n    }\n  }\n}",
+            "variables":{"projectId":"${{ vars.RAILWAY_PROJECT_ID }}","environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","serviceId":"${{ vars.RAILWAY_CARDINAL_SERVICE_ID }}"}}' | jq -r '.data.deployments.edges[].node.id')
+
+          ## Remove Deployment
+          curl --location 'https://backboard.railway.app/graphql/v2' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation deploymentRemove($id: String!) {\n  deploymentRemove(id: $id)\n}","variables":{"id":"'${DEPLOYMENT_ID}'"}}'
+      - name: Clear Up Redis
+        run: |
+          sleep 10
+          redis-cli -h ${{ secrets.PROD_REDIS_HOST }} -p ${{ secrets.PROD_REDIS_PORT }}  <<EOF
+          AUTH ${{ secrets.PROD_REDIS_PASSWORD }}
+          FLUSHALL
+          keys *
+          EOF
+      - name: Cardinal - Up New Deployment
+        env:
+          RAILWAY_TOKEN: ${{ secrets.PROD_RAILWAY_TOKEN }}
+        run: |
+          ## remove prev docker image
+          curl --location 'https://backboard.railway.app/graphql/internal?q=stageEnvironmentChanges' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation stageEnvironmentChanges($environmentId: String!, $payload: EnvironmentConfig!) {\n  environmentStageChanges(environmentId: $environmentId, input: $payload) {\n    id\n  }\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","payload":{"services":{"${{ vars.RAILWAY_CARDINAL_SERVICE_ID }}":{"source":{"image":null}}}}}}'
+
+          sleep 5
+          ## commit changes
+          curl --location 'https://backboard.railway.app/graphql/internal?q=environmentPatchCommitStaged' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation environmentPatchCommitStaged($environmentId: String!, $message: String, $skipDeploys: Boolean) {\n  environmentPatchCommitStaged(\n    environmentId: $environmentId\n    commitMessage: $message\n    skipDeploys: $skipDeploys\n  )\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","skipDeploys":false}}'
+
+          sleep 5
+          ## change new docker image
+          curl --location 'https://backboard.railway.app/graphql/internal?q=stageEnvironmentChanges' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation stageEnvironmentChanges($environmentId: String!, $payload: EnvironmentConfig!) {\n  environmentStageChanges(environmentId: $environmentId, input: $payload) {\n    id\n  }\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","payload":{"services":{"${{ vars.RAILWAY_CARDINAL_SERVICE_ID }}":{"source":{"image":"ghcr.io/franklindao-dev-team/arcanereveal/cardinal:sha-${{ steps.commit_data.outputs.sha_short }}","repo":null,"branch":null,"upstreamUrl":null},"deploy":{"registryCredentials":{"username":"USERNAME","password":"${{ secrets.RAILWAY_GITHUB_REGISTRY_TOKEN }}"}}}}}}}'
+
+          sleep 5
+          ## commit changes
+          curl --location 'https://backboard.railway.app/graphql/internal?q=environmentPatchCommitStaged' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation environmentPatchCommitStaged($environmentId: String!, $message: String, $skipDeploys: Boolean) {\n  environmentPatchCommitStaged(\n    environmentId: $environmentId\n    commitMessage: $message\n    skipDeploys: $skipDeploys\n  )\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","skipDeploys":false}}'
+
+      - name: Godot Client - Up New Deployment
+        env:
+          RAILWAY_TOKEN: ${{ secrets.PROD_RAILWAY_TOKEN }}
+        run: |
+          ## remove prev docker image
+          curl --location 'https://backboard.railway.app/graphql/internal?q=stageEnvironmentChanges' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation stageEnvironmentChanges($environmentId: String!, $payload: EnvironmentConfig!) {\n  environmentStageChanges(environmentId: $environmentId, input: $payload) {\n    id\n  }\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","payload":{"services":{"${{ vars.RAILWAY_GODOT_SERVICE_ID }}":{"source":{"image":null}}}}}}'
+
+          sleep 5
+          ## commit changes
+          curl --location 'https://backboard.railway.app/graphql/internal?q=environmentPatchCommitStaged' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation environmentPatchCommitStaged($environmentId: String!, $message: String, $skipDeploys: Boolean) {\n  environmentPatchCommitStaged(\n    environmentId: $environmentId\n    commitMessage: $message\n    skipDeploys: $skipDeploys\n  )\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","skipDeploys":false}}'
+
+          sleep 5
+          ## change new docker image
+          curl --location 'https://backboard.railway.app/graphql/internal?q=stageEnvironmentChanges' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation stageEnvironmentChanges($environmentId: String!, $payload: EnvironmentConfig!) {\n  environmentStageChanges(environmentId: $environmentId, input: $payload) {\n    id\n  }\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","payload":{"services":{"${{ vars.RAILWAY_GODOT_SERVICE_ID }}":{"source":{"image":"ghcr.io/franklindao-dev-team/arcanereveal/godotexport:sha-${{ steps.commit_data.outputs.sha_short }}","repo":null,"branch":null,"upstreamUrl":null},"deploy":{"registryCredentials":{"username":"USERNAME","password":"${{ secrets.RAILWAY_GITHUB_REGISTRY_TOKEN }}"}}}}}}}'
+
+          sleep 5
+          ## commit changes
+          curl --location 'https://backboard.railway.app/graphql/internal?q=environmentPatchCommitStaged' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation environmentPatchCommitStaged($environmentId: String!, $message: String, $skipDeploys: Boolean) {\n  environmentPatchCommitStaged(\n    environmentId: $environmentId\n    commitMessage: $message\n    skipDeploys: $skipDeploys\n  )\n}","variables":{"environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","skipDeploys":false}}'
+
+      - name: Cardinal Healthcheck
+        run: |
+          curl -X POST --max-time 10 --retry 20 --retry-delay 5 --retry-max-time 300 ${{ vars.PROD_CARDINAL_HEALTHCHECK }} -d "{}"
+      - name: Remove Nakama Database (Railway)
+        run: |
+          PGPASSWORD=${{ secrets.PROD_RAILWAY_POSTGRES_PASSWORD }} psql -h ${{ secrets.PROD_RAILWAY_POSTGRES_HOST }} -U ${{ secrets.PROD_RAILWAY_POSTGRES_USER }} -p ${{ secrets.PROD_RAILWAY_POSTGRES_PORT }} -d railway -c "DROP SCHEMA public CASCADE; CREATE SCHEMA public;"
+      - name: Restart Nakama Services (Railway)
+        run: |
+          ## Get NAKAMA Latest Deployment ID
+          DEPLOYMENT_ID=$(curl --location 'https://backboard.railway.app/graphql/v2' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"query deployments($projectId: String!, $environmentId: String!, $serviceId: String!) {\n  deployments(\n    first: 1\n    input: {\n      projectId: $projectId\n      environmentId: $environmentId\n      serviceId: $serviceId\n    }\n  ) {\n    edges {\n      node {\n        id\n        staticUrl\n      }\n    }\n  }\n}",
+            "variables":{"projectId":"${{ vars.RAILWAY_PROJECT_ID }}","environmentId":"${{ vars.PROD_RAILWAY_ENVIRONMENT_ID }}","serviceId":"${{ vars.RAILWAY_NAKAMA_SERVICE_ID }}"}}' | jq -r '.data.deployments.edges[].node.id')
+
+          ## RESTART Deployment
+          curl --location 'https://backboard.railway.app/graphql/v2' \
+            --header 'Authorization: Bearer ${{ secrets.RAILWAY_API_TOKEN }}' \
+            --header 'Content-Type: application/json' \
+            --data '{"query":"mutation deploymentRestart($id: String!) {\n  deploymentRestart(id: $id)\n}","variables":{"id":"'${DEPLOYMENT_ID}'"}}'