Merge pull request #3 from texttechnologylab/feature/auto-deploy

Add Kustomization and GitHub Actions for UDAV deployment and image au…

Author: LociStar

.github/workflows/build-push-ghcr.yaml

@@ -0,0 +1,48 @@
+name: build-and-push
+
+on:
+  push:
+    branches: [ main ]
+    # Only rebuild when app/build-relevant files change.
+    # Do NOT rebuild when Flux only updates manifests under clusters/.
+    paths-ignore:
+      - 'clusters/**'
+      - '**/*.md'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build:
+    # Extra safety: skip commits created by Flux bot
+    if: github.actor != 'fluxcdbot'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Compute image tag
+        id: meta
+        shell: bash
+        run: |
+          ts=$(date -u +%Y%m%d%H%M%S)
+          echo "tag=${ts}-${GITHUB_SHA}" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/texttechnologylab/unified-dynamic-annotation-visualizer:${{ steps.meta.outputs.tag }}
+            ghcr.io/texttechnologylab/unified-dynamic-annotation-visualizer:latest

clusters/homelab/apps-kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: apps
+  namespace: flux-system
+spec:
+  interval: 5m
+  path: ./clusters/homelab
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system

clusters/homelab/flux-system/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../apps-kustomization.yaml

clusters/homelab/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - udav-source.yaml
+  - udav-configmap.yaml
+  - udav-deployment.yaml
+  - udav-image-automation.yaml

clusters/homelab/namespace.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: uni
+

clusters/homelab/udav-configmap.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: udav-config
+  namespace: uni
+data:
+  # Database configuration (non-sensitive)
+  DB_URL: "jdbc:postgresql://pg-postgresql.dlti.svc.cluster.local:5432/udav"
+  DB_SCHEMA: "public"
+  DB_BATCH_SIZE: "5000"
+  DB_MAX_IDENT: "255"
+  DB_DIALECT: "POSTGRES"
+
+  # DUUI Importer Configuration
+  DUUI_IMPORTER: "false"
+  DUUI_IMPORTER_PATH: "/app/data/input"
+  DUUI_IMPORTER_WORKERS: "4"
+  DUUI_IMPORTER_CAS_POOL_SIZE: "8"
+
+  # Application Configuration
+  APP_INPUT_DIR: "/app/data/input"
+  SROUCE_BUILDER: "false"
+  PIPELINE_IMPORTER: "true"
+  PIPELINE_IMPORTER_FOLDER: "/app/pipelines"
+
+  # JVM options
+  JAVA_OPTS: "-Xmx1024m -Xms512m"

clusters/homelab/udav-deployment.yaml

@@ -0,0 +1,92 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: udav
+  namespace: uni
+  labels:
+    app: udav
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: udav
+  template:
+    metadata:
+      labels:
+        app: udav
+    spec:
+      imagePullSecrets:
+        - name: ghcr-secret
+      containers:
+        - name: app
+          image: ghcr.io/texttechnologylab/unified-dynamic-annotation-visualizer:latest # {"$imagepolicy": "flux-system:udav"}
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: udav-config
+            - secretRef:
+                name: udav-secrets
+          readinessProbe:
+            httpGet:
+              path: /actuator/health
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: http
+            initialDelaySeconds: 60
+            periodSeconds: 20
+          resources:
+            requests:
+              memory: "512Mi"
+              cpu: "250m"
+            limits:
+              memory: "1.5Gi"
+              cpu: "1000m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: udav
+  namespace: uni
+  labels:
+    app: udav
+spec:
+  selector:
+    app: udav
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: udav-ingress
+  namespace: uni
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - udav.example.com   # TODO: replace with your actual hostname
+      secretName: udav-tls
+  rules:
+    - host: udav.example.com   # TODO: replace with your actual hostname
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: udav
+                port:
+                  name: http
+

clusters/homelab/udav-image-automation.yaml

@@ -0,0 +1,50 @@
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImageRepository
+metadata:
+  name: udav
+  namespace: flux-system
+spec:
+  image: ghcr.io/texttechnologylab/unified-dynamic-annotation-visualizer
+  interval: 1m
+  secretRef:
+    name: ghcr-credentials
+---
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImagePolicy
+metadata:
+  name: udav
+  namespace: flux-system
+spec:
+  imageRepositoryRef:
+    name: udav
+  filterTags:
+    # Match tags like: 20260226205739-ccfd3df13de72a194bb4be9bc34465dd4939ab6b
+    pattern: '^[0-9]{14}-[0-9a-z]{40}$'
+  policy:
+    alphabetical:
+      order: asc
+---
+apiVersion: image.toolkit.fluxcd.io/v1
+kind: ImageUpdateAutomation
+metadata:
+  name: udav
+  namespace: flux-system
+spec:
+  interval: 5m
+  sourceRef:
+    kind: GitRepository
+    name: udav-repo
+  git:
+    checkout:
+      ref:
+        branch: main
+    commit:
+      author:
+        name: fluxcdbot
+        email: fluxcdbot@users.noreply.github.com
+      messageTemplate: "chore(udav): update image"
+    push:
+      branch: main
+  update:
+    path: ./clusters/homelab
+    strategy: Setters

clusters/homelab/udav-source.yaml

@@ -0,0 +1,13 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: udav-repo
+  namespace: flux-system
+spec:
+  interval: 1m
+  ref:
+    branch: main
+  secretRef:
+    name: udav-repo-auth
+  url: https://github.com/texttechnologylab/Unified-Dynamic-Annotation-Visualizer.git
+