From c3d8e7e15f014fcf1871c4916b8d6570f711ed6b Mon Sep 17 00:00:00 2001
From: Nischal Shrestha <nischalstha9@gmail.com>
Date: Thu, 5 Sep 2024 11:11:17 +0545
Subject: [PATCH] CI: try build and verify

---
 .github/workflows/build_and_deploy.yml | 56 ++++++++++-----
 .github/workflows/frontend-build.yml   | 13 ++--
 .github/workflows/remote_deploy.yml    | 99 ++++++++++++++++++++++++++
 3 files changed, 146 insertions(+), 22 deletions(-)
 create mode 100644 .github/workflows/remote_deploy.yml

diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
index e245ab0678..8638cf9f7d 100644
--- a/.github/workflows/build_and_deploy.yml
+++ b/.github/workflows/build_and_deploy.yml
@@ -16,14 +16,15 @@ on:
   workflow_dispatch:
 
 jobs:
-  # backend-build:
-  #   uses: hotosm/gh-workflows/.github/workflows/image_build.yml@2.0.5
-  #   with:
-  #     context: .
-  #     build_target: prod
-  #     image_name: ghcr.io/${{ github.repository }}/backend
-  #     dockerfile: Dockerfile
-  #   secrets: inherit
+  backend-build:
+    uses: hotosm/gh-workflows/.github/workflows/image_build.yml@2.0.5
+    with:
+      context: .
+      build_target: prod
+      image_name: ghcr.io/${{ github.repository }}/backend
+      dockerfile: Dockerfile
+      scan_image: false
+    secrets: inherit
 
   frontend-build:
     uses: naxa-developers/tasking-manager/.github/workflows/frontend-build.yml@ci-gh-workflows
@@ -33,14 +34,33 @@ jobs:
       context: ./frontend
       cache-key-file: ./frontend/yarn.lock
       package-manager: yarn
+      build-dist-folder-path: ./frontend/build
 
-  # deploy_to_vm:
-  #   name: Deploy to VM
-  #   needs:
-  #     - frontend-build
-  #     - backend-build
-  #   uses: hotosm/gh-workflows/.github/workflows/remote_deploy_compose.yml@2.0.5
-  #   with:
-  #     docker_compose_file: docker-compose.vm.yml
-  #     environment: ${{ github.ref_name }}
-  #   secrets: inherit
\ No newline at end of file
+  frontend-deploy:
+    runs-on: ubuntu-latest
+    needs: 
+      - frontend-build
+    name: Deploy Frontend Static Files
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ needs.frontend-build.outputs.artifact-name }}
+      
+      - name: Debug check files
+        run: |
+          ls -alh
+          ls -alh build
+
+  deploy_to_vm:
+    name: Deploy to VM
+    needs:
+      - frontend-build
+      - backend-build
+    uses: naxa-developers/tasking-manager/.github/workflows/remote_deploy_compose.yml@ci-gh-workflows
+    with:
+      docker_compose_file: docker-compose.vm.yml
+      environment: ${{ github.ref_name }}
+      example_env_file_path: example.env
+      env_file_path: tasking-manager.env
+    secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/frontend-build.yml b/.github/workflows/frontend-build.yml
index 8b6c8418dc..65f96b251d 100644
--- a/.github/workflows/frontend-build.yml
+++ b/.github/workflows/frontend-build.yml
@@ -43,7 +43,12 @@ on:
         required: false
         type: boolean
         default: true
-
+      build-dist-folder-path:
+        description: "Path to folder that stores build files"
+        required: false
+        type: string
+        default: "${{ inputs.context }}/dist"
+          
     outputs:
       artifact-name:
         description: "Node built artifact"
@@ -124,12 +129,12 @@ jobs:
           esac
 
       - id: upload_build_artifacts
-        name: Upload dist folder as build artifacts
+        name: Upload build files as build artifacts
         uses: actions/upload-artifact@v4
         if: ${{ inputs.upload-artifacts }}
         with:
-          name: ${{ github.repository_id }}-${{ github.sha }}-frontend-dist
-          path: ${{ inputs.context }}/dist/*
+          name: ${{ github.repository_id }}-${{ github.sha }}-frontend-build-dist
+          path: ${{ inputs.build-dist-folder-path }}
           retention-days: 1
 
       - id: get_artifact_name
diff --git a/.github/workflows/remote_deploy.yml b/.github/workflows/remote_deploy.yml
new file mode 100644
index 0000000000..06eded1269
--- /dev/null
+++ b/.github/workflows/remote_deploy.yml
@@ -0,0 +1,99 @@
+# Note: variables: SSH_HOST and SSH_USER must be set for your environment.
+# Note: secrets: SSH_PRIVATE_KEY must be set for your environment.
+
+name: Remote Deploy (Compose)
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: "The Github environment to get variables from. Default repository vars."
+        required: false
+        type: string
+      docker_compose_file:
+        description: "Path to docker compose file to deploy."
+        required: true
+        type: string
+      example_env_file_path:
+        description: "Path to example dotenv file to substitute variables for."
+        type: string
+        default: .env.example
+      env_file_path:
+        description: "Path to write dotenv file"
+        type: string
+        default: .env
+
+jobs:
+  remote-deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Vars and Secrets to Env
+        env:
+          GIT_BRANCH: ${{ github.ref_name }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+        run: |
+          # Random delimeter string for security
+          delim=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+
+          # Parse JSON with multiline strings, using delimeter (Github specific)
+          to_envs() { jq -r "to_entries[] | \"\(.key)<<$delim\n\(.value)\n$delim\n\""; }
+
+          # Set vars to env for next step
+          echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_ENV
+          echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> $GITHUB_ENV
+
+          # Set VARS_CONTEXT if not null
+          if [ "${VARS_CONTEXT}" != "null" ]; then
+            echo "${VARS_CONTEXT}" | to_envs >> $GITHUB_ENV
+          fi
+
+          # Set SECRETS_CONTEXT if not null
+          if [ "${SECRETS_CONTEXT}" != "null" ]; then
+            echo "${SECRETS_CONTEXT}" | to_envs >> $GITHUB_ENV
+          fi
+
+      - name: Create .env file
+        env:
+          EXAMPLE_DOTENV: ${{ inputs.example_env_file_path }}
+        run: |
+          echo "Checking if ${EXAMPLE_DOTENV} exists"
+          if [ -f ${EXAMPLE_DOTENV} ]; then
+            # Get a8m/envsubst (required for default vals syntax ${VAR:-default})
+            echo "Downloading envsubst"
+            curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
+            if [ $? -ne 0 ]; then
+                echo "Failed to download envsubst"
+                exit 1
+            fi
+            chmod +x envsubst
+            echo "Substituting variables from ${EXAMPLE_DOTENV} --> ${{ inputs.env_file_path }}"
+            ./envsubst < "${EXAMPLE_DOTENV}" > ${{ inputs.env_file_path }}
+          else
+            echo "${EXAMPLE_DOTENV} not found, creating empty ${{ inputs.env_file_path }}"
+            touch ${{ inputs.env_file_path }}
+          fi
+
+          echo "GIT_BRANCH=${GIT_BRANCH}" >> ${{ inputs.env_file_path }}
+          echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> ${{ inputs.env_file_path }}
+
+      - uses: webfactory/ssh-agent@v0.8.0
+        with:
+          ssh-private-key: "${{ secrets.SSH_PRIVATE_KEY }}"
+
+      - name: Add host keys to known_hosts
+        run: |
+          ssh-keyscan "${{ vars.SSH_HOST }}" >> ~/.ssh/known_hosts
+
+      - name: Deploy
+        run: |
+          docker compose --file ${{ inputs.docker_compose_file }} pull
+          docker compose --file ${{ inputs.docker_compose_file }} up \
+            --detach --remove-orphans --force-recreate
+        env:
+          DOCKER_HOST: "ssh://${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}"
\ No newline at end of file