From 8a3f3812877e3cc2aa8f41254645dd8d0fa789d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Ber=C3=A1nek?= <berykubik@gmail.com>
Date: Thu, 23 Jan 2025 11:16:52 +0100
Subject: [PATCH] Change deployment method to Docker and switch to merge groups

---
 .github/workflows/ci.yml     | 114 +++++++++++++++++++++++++++++++++++
 .github/workflows/deploy.yml |  28 ---------
 .github/workflows/test.yml   |  56 -----------------
 3 files changed, 114 insertions(+), 84 deletions(-)
 create mode 100644 .github/workflows/ci.yml
 delete mode 100644 .github/workflows/deploy.yml
 delete mode 100644 .github/workflows/test.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..ce9c44b0
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,114 @@
+name: CI
+on:
+  pull_request:
+  merge_group:
+jobs:
+  test_backend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Install Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Install dependencies
+        run: |
+          sudo apt-get install libgraphviz-dev
+          python -m pip install --upgrade pip
+          pip install uv==0.4.4
+          # Use the legacy lockfile to battle test it
+          uv pip sync --system requirements.txt
+      # Update output format to enable automatic inline annotations.
+      - name: Lint Python code
+        run: ruff check --output-format=github
+      - name: Check Python formatting
+        run: ruff format --check
+      # Check that the lockfile does not need to be updated
+      # If this fails, run `uv export --format requirements-txt > requirements.txt`.
+      - name: Check lockfile
+        run: |
+          uv lock --locked
+          uv export --format requirements-txt > requirements.txt.locked
+          diff requirements.txt requirements.txt.locked
+  test_frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Install NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Install dependencies
+        run: |
+          cd frontend
+          npm ci
+      - name: Build packages
+        run: |
+          cd frontend
+          npm run build
+      - name: Check lints and formatting
+        run: |
+          cd frontend
+          npm run check
+
+  build-docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker registry
+        uses: docker/login-action@v3
+        continue-on-error: true
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          cache-from: type=registry,ref=ghcr.io/mrlvsb/kelvin-ci-cache
+          cache-to: type=registry,ref=ghcr.io/mrlvsb/kelvin-ci-cache,compression=zstd
+          tags: ghcr.io/mrlvsb/kelvin:latest
+          outputs: type=docker,dest=${{ runner.temp }}/kelvin.tar
+      - name: Share built image
+        uses: actions/upload-artifact@v4
+        with:
+          name: kelvin
+          path: ${{ runner.temp }}/kelvin.tar
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: [test_backend, test_frontend, build-docker]
+    environment: production
+    #if: ${{ github.event_name == 'merge_group' }}
+    steps:
+      - name: Set up Docker
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Download built image
+        uses: actions/download-artifact@v4
+        with:
+          name: kelvin
+          path: ${{ runner.temp }}
+      - name: Load image
+        run: |
+          docker load --input ${{ runner.temp }}/kelvin.tar
+          docker image ls -a
+      - name: Push Docker image
+        if: ${{ github.event_name == 'merge_group' }}
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ghcr.io/mrlvsb/kelvin:latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
deleted file mode 100644
index f184d25f..00000000
--- a/.github/workflows/deploy.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-# Deploys the current branch to Kelvin using a webhook.
-# The authorization token and the URL of the webhook are configured through
-# GHA environment secrets `ENV_DEPLOY_TOKEN` and `ENV_DEPLOY_URL`, respectively.
-name: Deploy
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - master
-jobs:
-  # Determine into which environment should this branch be deployed
-  # master => "production"
-  # other branch => "kelvin2"
-  setup:
-    runs-on: ubuntu-latest
-    outputs:
-      environment: ${{ steps.production.outputs.environment }}
-    steps:
-      - id: production
-        run: echo "environment=${{ github.ref_name == 'master' && 'production' || 'kelvin2' }}" >> $GITHUB_OUTPUT
-  deploy:
-    needs: setup
-    runs-on: ubuntu-latest
-    concurrency: ${{ needs.setup.outputs.environment }}
-    environment: ${{ needs.setup.outputs.environment }}
-    steps:
-      - run: echo "Deploying to environment ${{ needs.setup.outputs.environment }}"
-      - run: 'curl --fail --silent --show-error -H"Authorization: Bearer ${{ secrets.ENV_DEPLOY_TOKEN }}" ${{ secrets.ENV_DEPLOY_URL }}'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
deleted file mode 100644
index e6446965..00000000
--- a/.github/workflows/test.yml
+++ /dev/null
@@ -1,56 +0,0 @@
-name: Test
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-jobs:
-  test_backend:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@v4
-      - name: Install Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-      - name: Install dependencies
-        run: |
-          sudo apt-get install libgraphviz-dev
-          python -m pip install --upgrade pip
-          pip install uv==0.4.4
-          # Use the legacy lockfile to battle test it
-          uv pip sync --system requirements.txt
-      # Update output format to enable automatic inline annotations.
-      - name: Lint Python code
-        run: ruff check --output-format=github
-      - name: Check Python formatting
-        run: ruff format --check
-      # Check that the lockfile does not need to be updated
-      # If this fails, run `uv export --format requirements-txt > requirements.txt`.
-      - name: Check lockfile
-        run: |
-          uv lock --locked
-          uv export --format requirements-txt > requirements.txt.locked
-          diff requirements.txt requirements.txt.locked
-  test_frontend:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@v4
-      - name: Install NodeJS
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - name: Install dependencies
-        run: |
-          cd frontend
-          npm ci
-      - name: Build packages
-        run: |
-          cd frontend
-          npm run build
-      - name: Check lints and formatting
-        run: |
-          cd frontend
-          npm run check