update infra for new setup

2025-11-12 13:57:44 +11:00
parent 45f2c61c17
commit 10e2eaa16b
5 changed files with 28 additions and 95 deletions
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -46,7 +46,15 @@ jobs:
          images: liamsgit.dev/LiamPietralla/code-snippets
          tags: |
            type=raw,value=latest
-            type=sha,value=${{ github.sha }}
+
+    # - name: Setup Docker Metadata
+    #   id: meta
+    #   uses: docker/metadata-action@v4
+    #   with:
+    #       images: liamsgit.dev/LiamPietralla/code-snippets
+    #       tags: |
+    #         type=raw,value=latest
+    #         type=sha,value=${{ github.sha }}

    - name: Login to Registry
      uses: docker/login-action@v3
@@ -63,7 +71,7 @@ jobs:
        labels: ${{ steps.meta.outputs.labels }}

  deploy: 
-    if: github.ref == 'refs/heads/main' && github.event_name == 'push'  
+    if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
    name: Deploy to Infrastructure
    runs-on: ubuntu-latest
    
@@ -73,42 +81,21 @@ jobs:
    steps:
    - uses: actions/checkout@v3

-    - name: Write GitHub SSH Key to File
-      env: 
-        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-      run: |
-        echo "$SSH_PRIVATE_KEY" > private.key
-        sudo chmod 400 private.key
-
-    - name: Write Ansible Inventory To File
-      env: 
-        APP_HOST: ${{ secrets.APP_HOST }}
-      run: |
-        echo "[app]" > hosts.ini
-        echo "$APP_HOST" >> hosts.ini
-
-    - name: Install Ansible
-      run: |
-        sudo apt-add-repository ppa:ansible/ansible -y
-        sudo apt-get update -y
-        sudo apt-get install ansible -y
-
-    - name: Run Ansible Playbook to Configure Servers
-      run: |
-        export ANSIBLE_HOST_KEY_CHECKING=False # Disable host key checking
-        ansible-playbook infra/ansible/deploy-playbook.yml --private-key private.key --inventory hosts.ini
-      env: 
-        APP_HOST: ${{ secrets.APP_HOST }}
-        REGISTRY_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-        REGISTRY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-
-    # - name: Setup Nomad
-    #   uses: hashicorp/setup-nomad@main
-    #   with:
-    #     nomad_version: '1.10.5'
+    - name: Setup Nomad
+      uses: hashicorp/setup-nomad@main
+      with:
+        nomad_version: '1.10.5'

    # - name: Deploy Job to Nomad
    #   run: |
    #     nomad job run -var="version=${{ github.sha }}" infra/nomad/code-snippets.nomad.hcl
    #   env: 
    #     NOMAD_ADDR: ${{ vars.NOMAD_ADDR }}
+    #     NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
+
+    - name: Deploy Job to Nomad
+      run: |
+        nomad job run infra/nomad/code-snippets.nomad.hcl
+      env: 
+        NOMAD_ADDR: ${{ vars.NOMAD_ADDR }}
+        NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
--- a/infra/ansible/deploy-playbook.yml
+++ b/infra/ansible/deploy-playbook.yml
@@ -1,11 +0,0 @@
---
- name: Configure App Server
-  hosts: app
-  remote_user: root
-  become: yes # sudo
-  roles:
-    - app
-  vars:
-    registry_username: "{{ lookup('env', 'REGISTRY_USERNAME') }}"
-    registry_password: "{{ lookup('env', 'REGISTRY_PASSWORD') }}"
-  
--- a/infra/ansible/roles/app/files/nginx.conf
+++ b/infra/ansible/roles/app/files/nginx.conf
@@ -1,13 +0,0 @@
-server {
-    listen                  80;
-    server_name             code.liampietralla.com;
-
-    location / {
-        proxy_pass          http://localhost:5000;
-        proxy_redirect      off;
-        proxy_set_header    Host $host;
-        proxy_set_header    X-Real-IP $remote_addr;
-        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header    X-Forwarded-Host $server_name;
-    }
-}
--- a/infra/ansible/roles/app/tasks/main.yml
+++ b/infra/ansible/roles/app/tasks/main.yml
@@ -1,31 +0,0 @@
- name: Login to Docker Registry
-  docker_login:
-    registry: liamsgit.dev
-    username: "{{ registry_username }}"
-    password: "{{ registry_password }}"
-
- name: Run Code App Container
-  docker_container: 
-    name: code
-    image: liamsgit.dev/liampietralla/code-snippets
-    pull: yes
-    ports:
-      - "5000:80"
-    restart_policy: unless-stopped
-
- name: Copy nginx config file
-  copy:
-    src: nginx.conf
-    dest: /etc/nginx/sites-available/code
-    force: no
-
- name: Create symlink to code
-  file:
-    src: /etc/nginx/sites-available/code
-    dest: /etc/nginx/sites-enabled/code
-    state: link
-
- name: Restart Nginx
-  service:
-    name: nginx
-    state: restarted
--- a/infra/nomad/code-snippets.nomad.hcl
+++ b/infra/nomad/code-snippets.nomad.hcl
@@ -1,6 +1,6 @@
 variable "version" {
-type    = string
-default = "latest"
+  type    = string
+  default = "latest"
 }

 job "code-snippets" {
@@ -20,7 +20,7 @@ job "code-snippets" {
      driver = "docker"

      config {
-        image      = "liamsgit.dev/LiamPietralla/code-snippets:${var.version}"
+        image      = "liamsgit.dev/liampietralla/code-snippets:${var.version}"
        force_pull = true
        ports      = ["http"]
      }
@@ -30,8 +30,9 @@ job "code-snippets" {
        port = "http"
        tags = [
          "traefik.enable=true",
-          "traefik.http.routers.code-snippets.rule=PathPrefix(`/`)",
-          "traefik.http.routers.code-snippets.entrypoints=p5003"
+          "traefik.http.routers.codesnippets.rule=Host(`code.liampietralla.com`)",
+          "traefik.http.routers.codesnippets.entrypoints=websecure",
+          "traefik.http.routers.codesnippets.tls.certresolver=letsencrypt"
        ]

        check {