chore: migrate to new infrastructure

Author: RafDevX

.github/workflows/deploy.yml

@@ -8,21 +8,10 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-
     steps:
-    - name: Git checkout
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    # See the following link for documentation:
-    # https://github.com/marketplace/actions/dokku
-    - name: Push to hermes
-      uses: dokku/[email protected]
-      with:
-        ssh_private_key: ${{ secrets.HERMES_GLOBAL_DEPLOY_KEY }}
-        git_remote_url: ssh://[email protected]/cashflow
-        # force might feel risky, but there is no good reason why the server
-        # should ever not be a mirror of the deploy branch. And the errors we
-        # could get otherwise would probably be nasty to deal with
-        git_push_flags: --force
+      - name: Deploy to Nomad
+        uses: datasektionen/nomad-deploy@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          nomad-token: ${{ secrets.NOMAD_TOKEN }}
+          nomad-addr: ${{ vars.NOMAD_ADDR }}

job.nomad.hcl

@@ -0,0 +1,66 @@
+job "cashflow" {
+  namespace = "money"
+
+  type = "service"
+
+  group "cashflow" {
+    network {
+      port "http" {
+        to = 8000 # hardcoded in Dockerfile
+      }
+    }
+
+    service {
+      name     = "cashflow"
+      port     = "http"
+      provider = "nomad"
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.cashflow.rule=Host(`cashflow.datasektionen.se`)",
+        "traefik.http.routers.cashflow.tls.certresolver=default",
+      ]
+    }
+
+    task "cashflow" {
+      driver = "docker"
+
+      config {
+        image = var.image_tag
+        ports = ["http"]
+      }
+
+      template {
+        data        = <<ENV
+{{ with nomadVar "nomad/jobs/cashflow" }}
+DATABASE_URL=postgres://cashflow:{{ .db_password }}@postgres.dsekt.internal:5432/cashflow
+SECRET_KEY={{ .secret_key }}
+LOGIN_KEY={{ .login_key }}
+SPAM_API_KEY={{ .spam_api_key }}
+S3_HOST={{ .s3_host }}
+S3_BUCKET_NAME={{ .s3_bucket }}
+S3_ACCESS_KEY_ID={{ .s3_access_key_id }}
+S3_SECRET_ACCESS_KEY={{ .s3_secret_access_key }}
+{{ end }}
+S3_USE_SIGV4=False
+GOOGLE_ANALYTICS_KEY=UA-96183461-2
+DEBUG=False
+SEND_EMAILS=True
+PLS_URL=https://pls.datasektionen.se
+LOGIN_API_URL=https://login.datasektionen.se # TODO: migrate to sso (internal)
+LOGIN_FRONTEND_URL=https://login.datasektionen.se # TODO: migrate to sso
+SPAM_URL=https://spam.datasektionen.se
+BUDGET_URL=https://budget.datasektionen.se
+GIT_REV=please-delete-from-code
+PYTHONUNBUFFERED=1
+ENV
+        destination = "local/.env"
+        env         = true
+      }
+    }
+  }
+}
+
+variable "image_tag" {
+  type = string
+  default = "ghcr.io/datasektionen/cashflow:latest"
+}