Add deployment to nomad cluster

datasektionen · May 24, 2024 · a9cf1f6 · a9cf1f6
1 parent 10f7093
commit a9cf1f6
Show file tree

Hide file tree

Showing 2 changed files with 138 additions and 0 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,54 @@
+name: Deploy
+
+on:
+  push:
+    branches: [ master ]
+  workflow_dispatch:
+
+env:
+  NOMAD_VERSION: 1.7.7
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v4
+
+      - name: Set environment variables
+        run: |
+          cat >> "$GITHUB_ENV" <<EOF
+          latest=ghcr.io/${{ github.repository }}:latest
+          current=ghcr.io/${{ github.repository }}:$(git rev-parse --short ${{ github.sha }})
+          EOF
+
+      - name: Download Nomad
+        run: |
+          curl -LO https://releases.hashicorp.com/nomad/${{ env.NOMAD_VERSION }}/nomad_${{ env.NOMAD_VERSION }}_linux_amd64.zip
+          unzip -d /usr/local/bin nomad_${{ env.NOMAD_VERSION }}_linux_amd64.zip nomad
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ env.latest }},${{ env.current }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Deploy to nomad
+        env:
+          NOMAD_ADDR: ${{ vars.NOMAD_ADDR }}
+          NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
+        run: |
+          nomad run -var=image_tag=${{ env.current }} job.nomad.hcl
diff --git a/job.nomad.hcl b/job.nomad.hcl
@@ -0,0 +1,84 @@
+job "taitan" {
+  type = "service"
+
+  group "bawang" {
+    network {
+      port "http" { }
+    }
+
+    service {
+      name     = "taitan-bawang"
+      port     = "http"
+      provider = "nomad"
+      tags = [
+        "traefik-external.enable=true",
+        "traefik-external.http.routers.taitan-bawang.rule=Host(`taitan.betasektionen.se`)",
+        "traefik-external.http.routers.taitan-bawang.entrypoints=websecure",
+        "traefik-external.http.routers.taitan-bawang.tls.certresolver=default",
+      ]
+    }
+
+    task "taitan" {
+      driver = "docker"
+
+      config {
+        image = var.image_tag
+        ports = ["http"]
+      }
+
+      template {
+        data        = <<ENV
+PORT={{ env "NOMAD_PORT_http" }}
+DARKMODE_URL=https://darkmode.datasektionen.se/
+CONTENT_URL=https://github.com/datasektionen/bawang-content.git
+TOKEN={{ with nomadVar "nomad/jobs/taitan" }}{{ .bawang_content_token }}{{ end }}
+ENV
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+
+  group "styrdokument" {
+    network {
+      port "http" { }
+    }
+
+    service {
+      name     = "taitan-styrdokument"
+      port     = "http"
+      provider = "nomad"
+      tags = [
+        "traefik-external.enable=true",
+        "traefik-external.http.routers.taitan-styrdokument.rule=Host(`taitan-styrdokument.betasektionen.se`)",
+        "traefik-external.http.routers.taitan-styrdokument.entrypoints=websecure",
+        "traefik-external.http.routers.taitan-styrdokument.tls.certresolver=default",
+      ]
+    }
+
+    task "taitan" {
+      driver = "docker"
+
+      config {
+        image = var.image_tag
+        ports = ["http"]
+      }
+
+      template {
+        data        = <<ENV
+PORT={{ env "NOMAD_PORT_http" }}
+DARKMODE_URL=https://darkmode.datasektionen.se/
+CONTENT_URL=https://github.com/datasektionen/styrdokument.git
+TOKEN={{ with nomadVar "nomad/jobs/taitan" }}{{ .styrdokument_token }}{{ end }}
+ENV
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+}
+
+variable "image_tag" {
+  type = string
+  default = "ghcr.io/datasektionen/taitan:latest"
+}