add production workflows

Author: Mubangizi

.github/workflows/prod.yml

@@ -0,0 +1,142 @@
+---
+name: Prod
+
+on:
+  release:
+    types:
+      - released
+      - prereleased
+      - ch-add-releases-workflow
+
+jobs:
+  build:
+    outputs:
+      image: ${{ steps.export.outputs.image }}
+      tag: ${{ steps.export.outputs.tag }}
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: staging
+
+      - name: Install (Buildx)
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login (GCP)
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.CREDENTIALS_JSON }}
+
+      - name: Install (Gcloud)
+        uses: google-github-actions/setup-gcloud@v1
+        with:
+          project_id: crane-cloud-274413
+          install_components: "gke-gcloud-auth-plugin"
+
+      - name: Login (GCR)
+        run: gcloud auth configure-docker
+
+      - id: meta
+        name: Tag
+        uses: docker/metadata-action@v3
+        with:
+          flavor: |
+            latest=true
+          images: gcr.io/crane-cloud-274413/database-api
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+
+      - name: Build
+        uses: docker/build-push-action@v2
+        with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          context: .
+          file: docker/prod/Dockerfile
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - id: export
+        name: Export
+        uses: actions/github-script@v5
+        with:
+          script: |
+            const metadata = JSON.parse(`${{ steps.meta.outputs.json }}`)
+            const fullUrl = metadata.tags.find((t) => t.includes(':sha-'))
+            if (fullUrl == null) {
+              core.error('Unable to find sha tag of image')
+            } else {
+              const tag = fullUrl.split(':')[1]
+              core.setOutput('image', fullUrl)
+              core.setOutput('tag', tag)
+            }
+
+  Production:
+    name: Deploy (Production)
+
+    needs:
+      - build
+
+    runs-on: ubuntu-latest
+
+    env:
+      namespace: cranecloud-prod
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v2
+
+      - name: Login (GCP)
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.CREDENTIALS_JSON }}
+
+      - name: Install (Gcloud)
+        uses: google-github-actions/setup-gcloud@v1
+        with:
+          project_id: crane-cloud-274413
+          install_components: "gke-gcloud-auth-plugin"
+
+      - name: Login (Kubernetes Cluster)
+        uses: google-github-actions/get-gke-credentials@v1
+        with:
+          cluster_name: staging-cluster
+          location: us-central1-a
+          project_id: crane-cloud-274413
+
+      - name: Add Repo (cranecloud)
+        run: |
+          helm repo add cranecloud https://crane-cloud.github.io/helm-charts/
+
+      - name: Helm Release
+        run: |
+          helm upgrade --install \
+          database-api cranecloud/cranecloud \
+          --values helm/values.prod.yaml \
+          --namespace $namespace \
+          --set image.tag="${{ needs.build.outputs.tag }}" \
+          --set environment.DATABASE_URI="${{ secrets.PRODUCTION_DATABASE_URI }}" \
+          --set environment.JWT_SALT="${{ secrets.PRODUCTION_JWT_SALT }}" \
+          --set environment.ACTIVITY_LOGGER_URL="${{ secrets.PRODUCTION_ACTIVITY_LOGGER_URL }}" \
+          --set environment.ADMIN_MYSQL_USER="${{ secrets.PRODUCTION_ADMIN_MYSQL_USER }}" \
+          --set environment.ADMIN_MYSQL_PASSWORD="${{ secrets.PRODUCTION_ADMIN_MYSQL_PASSWORD }}" \
+          --set environment.ADMIN_MYSQL_HOST="${{ secrets.PRODUCTION_ADMIN_MYSQL_HOST }}" \
+          --set environment.ADMIN_MYSQL_PORT="${{ secrets.PRODUCTION_ADMIN_MYSQL_PORT }}" \
+          --set environment.ADMIN_PSQL_USER="${{ secrets.PRODUCTION_ADMIN_PSQL_USER }}" \
+          --set environment.ADMIN_PSQL_PASSWORD="${{ secrets.PRODUCTION_ADMIN_PSQL_PASSWORD }}" \
+          --set environment.ADMIN_PSQL_HOST="${{ secrets.PRODUCTION_ADMIN_PSQL_HOST }}" \
+          --set environment.ADMIN_PSQL_PORT="${{ secrets.PRODUCTION_ADMIN_PSQL_PORT }}" \
+          --set environment.MAIL_PASSWORD="${{ secrets.PRODUCTION_MAIL_PASSWORD }}" \
+          --timeout=300s
+
+      - name: Monitor Rollout
+        run: |
+          kubectl rollout status deployment/database-api --timeout=300s --namespace $namespace

helm/values.prod.yaml

@@ -0,0 +1,52 @@
+replicaCount: 1
+
+image:
+  repository: gcr.io/crane-cloud-274413/database-api
+  pullPolicy: Always
+  tag: ${{ DOCKER_IMAGE_TAG }}
+
+nameOverride: "database-api"
+
+service:
+  type: NodePort
+  port: 80
+
+nginxConf:
+  server {
+        listen 80;
+
+        location / {
+            proxy_pass http://localhost:8000/;
+        }
+    }
+
+port: 8000
+
+environment:
+  FASTAPI_ENV: production
+  DATABASE_URI: ${{ DATABASE_URI }}
+  JWT_SALT: ${{ JWT_SALT }}
+  ACTIVITY_LOGGER_URL: ${{ ACTIVITY_LOGGER_URL }}
+  ADMIN_MYSQL_USER: ${{ ADMIN_MYSQL_USER }}
+  ADMIN_MYSQL_PASSWORD: ${{ ADMIN_MYSQL_PASSWORD }}
+  ADMIN_MYSQL_HOST: ${{ ADMIN_MYSQL_HOST }}
+  ADMIN_MYSQL_PORT: ${{ ADMIN_MYSQL_PORT }}
+  ADMIN_PSQL_USER: ${{ ADMIN_PSQL_USER }}
+  ADMIN_PSQL_PASSWORD: ${{ ADMIN_PSQL_PASSWORD }}
+  ADMIN_PSQL_HOST: ${{ ADMIN_PSQL_HOST }}
+  ADMIN_PSQL_PORT: ${{ ADMIN_PSQL_PORT }}
+  MAIL_PASSWORD: ${{ MAIL_PASSWORD }}
+  MAIL_USERNAME: no-reply@cranecloud.io
+
+
+celery:
+  create: true
+  command: 
+    - "poetry"
+    - "run"
+    - "celery"
+    - "-A"
+    - "main.celery"
+    - "worker"
+    - "--loglevel=info"
+  port: 5001

helm/values.staging.yaml

@@ -53,6 +53,7 @@ nginxConf:
             proxy_pass http://localhost:8000/;
         }
     }
+port: 8000
 
 environment:
   FASTAPI_ENV: production
@@ -67,8 +68,19 @@ environment:
   ADMIN_PSQL_PASSWORD: ${{ ADMIN_PSQL_PASSWORD }}
   ADMIN_PSQL_HOST: ${{ ADMIN_PSQL_HOST }}
   ADMIN_PSQL_PORT: ${{ ADMIN_PSQL_PORT }}
+  MAIL_PASSWORD: ${{ MAIL_PASSWORD }}
+  MAIL_USERNAME: no-reply@cranecloud.io
 
 
 
 celery:
-  create: false
+  create: true
+  command: 
+    - "poetry"
+    - "run"
+    - "celery"
+    - "-A"
+    - "main.celery"
+    - "worker"
+    - "--loglevel=info"
+  port: 5001

scripts/start-prod.sh

@@ -0,0 +1,9 @@
+#! /bin/bash
+
+
+# apply migrations onto db
+poetry run alembic upgrade head
+
+# start server
+poetry run uvicorn main:app --host 0.0.0.0 --port 8000 --reload
+# NEW_RELIC_CONFIG_FILE=newrelic.ini newrelic-admin run-program gunicorn --worker-tmp-dir /dev/shm --workers=4 --bind 0.0.0.0:8000 --timeout 240 main:app