ci: ADR-0009 prod and staging ci (#408)

.github/workflows/cicd.yaml

@@ -110,7 +110,7 @@ jobs:
       image: ${{ matrix.image }}
     secrets: inherit
 
-  fly-deploy:
+  fly-deploy-staging:
     needs: detect-changes
     if: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && needs.detect-changes.outputs.services != '[]' && needs.detect-changes.outputs.services != '' }}
     strategy:
@@ -121,7 +121,29 @@ jobs:
     uses: ./.github/workflows/fly-deploy.yaml
     with:
       service: ${{ matrix.service }}
-      app: ${{ vars.FLY_ORGANIZATION_NAME }}-${{ matrix.service }}
-      organization: ${{ vars.FLY_ORGANIZATION_NAME }}
+      app: ${{ vars.FLY_ORGANIZATION_STAGING }}-${{ matrix.service }}
+      organization: ${{ vars.FLY_ORGANIZATION_STAGING }}
       version: ${{ needs.detect-changes.outputs.commit_hash }}
+      environment: "staging"
+    secrets: inherit
+
+  fly-deploy-prod:
+    needs: detect-changes
+    # TODO
+    # For now, it's ok to deploy if ANY version tag is pushed to (we assume it's the newest version and needs deployment)
+    # In the future we need to be able to deploy to different, API incompatible, production environments
+    # Maybe even automate resource creation
+    if: ${{ github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/v') && needs.detect-changes.outputs.services != '[]' && needs.detect-changes.outputs.services != '' }}
+    strategy:
+      fail-fast: false
+      max-parallel: 2
+      matrix:
+        service: ${{ fromJson(needs.detect-changes.outputs.services) }}
+    uses: ./.github/workflows/fly-deploy.yaml
+    with:
+      service: ${{ matrix.service }}
+      app: ${{ vars.FLY_ORGANIZATION_PROD }}-${{ matrix.service }}
+      organization: ${{ vars.FLY_ORGANIZATION_PROD }}
+      version: ${{ needs.detect-changes.outputs.commit_hash }}
+      environment: "production"
     secrets: inherit

.github/workflows/fly-deploy.yaml

@@ -1,3 +1,6 @@
+# Deploys a single service to fly based on inputs provided
+# does nothing if no fly.toml exists
+
 name: 'Deploy to Fly'
 
 on:
@@ -19,6 +22,14 @@ on:
         description: "The version of the app."
         type: string
         required: false
+      environment:
+        description:
+          Which config file to choose.
+          Currently either "staging" or "production".
+          If no such fly.<environment>.toml exists, we fallback to fly.toml.
+        type: string
+        required: false
+        default: ""
 
 concurrency:
   group: ${{ github.workflow }}-${{ inputs.app }}
@@ -29,20 +40,24 @@ jobs:
   fly-toml:
     runs-on: ubuntu-latest
     outputs:
-      exist: ${{ steps.fly-toml.outputs.fly-toml-exist }}
+      fly_toml: ${{ steps.fly-toml.outputs.fly_toml }}
     steps:
       - uses: actions/checkout@v4
       - name: Does a fly.toml exist?
         id: fly-toml
         run: |
-          echo "fly-toml-exist=$(test -f services/$service/fly.toml && echo true)" >> $GITHUB_OUTPUT
+          # fallback to fly.toml if needed
+          fly_toml=$([ "$suggested_fly_toml" = "fly..toml" ] && echo "fly.toml" || echo "$suggested_fly_toml")
+          # only set if it exists
+          echo "fly_toml=$((test -f services/$service/$fly_toml && echo $fly_toml) || (test -f services/$service/fly.toml && echo fly.toml))" >> $GITHUB_OUTPUT
         env:
           service: ${{ inputs.service }}
+          suggested_fly_toml: fly.${{ inputs.environment }}.toml
 
   deploy:
     runs-on: ubuntu-latest
     needs: fly-toml
-    if: ${{ needs.fly-toml.outputs.exist == 'true' }}
+    if: ${{ needs.fly-toml.outputs.fly_toml != '' }}
     env:
       FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
     steps:
@@ -56,6 +71,6 @@ jobs:
         uses: superfly/flyctl-actions/setup-flyctl@master
       - name: Deploy
         run: |
-          flyctl deploy --config services/${{ inputs.service }}/fly.toml --app ${{ inputs.app }} --build-arg VERSION=${{ inputs.version }} --remote-only
+          flyctl deploy --config services/${{ inputs.service }}/${{ needs.fly-toml.outputs.fly_toml }} --app ${{ inputs.app }} --build-arg VERSION=${{ inputs.version }} --remote-only
         env:
           DOCKER_BUILDKIT: 1

dapr/config.yaml

@@ -7,4 +7,4 @@ spec:
     component: "kubernetes"
     configuration:
       # https://fly.io/docs/reference/private-networking/#fly-internal-addresses
-      template: "helpwave-staging-{{.ID}}.internal:{{.Port}}"
+      template: "helpwave-staging-{{.ID}}.internal:{{.Port}}" # "helpwave-staging" will be replaced by the actual organization in fly-deploy.yaml

services/task-svc/fly.production.toml

@@ -0,0 +1,33 @@
+primary_region = "ams"
+
+[build]
+  dockerfile = "../../Dockerfile.standalone"
+
+[build.args]
+  SERVICE = "task-svc"
+
+[env]
+  OAUTH_CLIENT_ID="425f8b8d-c786-4ff7-b2bf-e52f505fb588"
+
+[deploy]
+  strategy = "bluegreen"
+  release_command = "./run-migrations.sh"
+
+[[services]]
+  auto_stop_machines = false
+  auto_start_machines = false
+
+[checks]
+  [checks.dapr_sidecar]
+    grace_period = "15s"
+    interval = "10s"
+    method = "get"
+    path = "/v1.0/healthz"
+    port = 3500
+    timeout = "2s"
+    type = "http"
+
+[metrics]
+  port = 9090
+  path = "/metrics"
+

services/user-svc/fly.production.toml

@@ -0,0 +1,32 @@
+primary_region = "ams"
+
+[build]
+  dockerfile = "../../Dockerfile.standalone"
+
+[build.args]
+  SERVICE = "user-svc"
+
+[env]
+  OAUTH_CLIENT_ID="425f8b8d-c786-4ff7-b2bf-e52f505fb588"
+
+[deploy]
+  strategy = "bluegreen"
+  release_command = "./run-migrations.sh"
+
+[[services]]
+  auto_stop_machines = false
+  auto_start_machines = false
+
+[checks]
+  [checks.dapr_sidecar]
+    grace_period = "15s"
+    interval = "10s"
+    method = "get"
+    path = "/v1.0/healthz"
+    port = 3500
+    timeout = "2s"
+    type = "http"
+
+[metrics]
+  port = 9090
+  path = "/metrics"