test deploy

.github/workflows/cleanup.yml

+name: Cleanup environments
+
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  if_merged:
+    if: github.event.pull_request.merged == true
+    needs: push_to_registry
+    uses: blockscout/blockscout-ci-cd/.github/workflows/cleanup.yaml@deploy-smart-contract-verifier
+    with:
+      valuesDir: values/frontend
+      appNamespace: frontend-$GITHUB_REF_NAME
+      appName: frontend
+    secrets: inherit

.github/workflows/publish-docker-image-and-deploy.yml

@@ -2,8 +2,8 @@ name: Publish Docker image on every push to main branch
 
 on:
   push:
-    branches:
-      - main
+    # branches:
+    #   - main
 
 env:
   K8S_LOCAL_PORT: ${{ secrets.K8S_LOCAL_PORT }}
@@ -12,8 +12,6 @@ env:
   K8S_PORT: ${{ secrets.K8S_PORT }}
   USERNAME: ${{ secrets.USERNAME }}
   BASTION_SSH_KEY: ${{secrets.BASTION_SSH_KEY}}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
 jobs:
   push_to_registry:
@@ -50,29 +48,12 @@ jobs:
           cache-to: type=gha,mode=max
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-  deploy:
-    name: Deploy frontend to k8s
+
+  deploy_frontend:
     needs: push_to_registry
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v3
-      - name: Set Kubernetes Context
-        uses: azure/k8s-set-context@v1
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBE_CONFIG }}
-      - name: Deploy to k8s
-        shell: bash
-        working-directory: charts
-        # port forwarding works only inside the step, consider refactoring as TS action
-        env:
-          NAMESPACE_NAME: bs-frontend
-        run: |
-          mkdir ~/.ssh
-          ssh-keyscan -H $BASTION_HOST >> ~/.ssh/known_hosts
-          eval `ssh-agent -s`
-          ssh-add - <<< "$BASTION_SSH_KEY"
-          sudo echo "127.0.0.1 $K8S_HOST" | sudo tee -a /etc/hosts
-          ssh -fN -v -L $K8S_LOCAL_PORT:$K8S_HOST:$K8S_PORT $USERNAME@$BASTION_HOST
-          helm upgrade --install -n $NAMESPACE_NAME $NAMESPACE_NAME ./ -f values-frontend.yaml --create-namespace
+    uses: blockscout/blockscout-ci-cd/.github/workflows/deploy.yaml@deploy-smart-contract-verifier
+    with:
+      valuesDir: deploy/values
+      appNamespace: frontend-$GITHUB_REF_NAME
+      appName: frontend
+    secrets: inherit

.gitignore

@@ -39,3 +39,5 @@ yarn-error.log*
 
 # Sentry
 .sentryclirc
+
+**.decrypted~**

charts/.gitignore

-# values-frontend.yaml

charts/Chart.yaml

-apiVersion: v1
-appVersion: 0.0.1
-version: 0.0.1
-name: bs-frontend
-description: '''
-Helm chart for deploying blockscout frontend in K8S
-
-Deploy command: `helm upgrade --install -n=<namespace> bs-frontend ./ -f values-<name>.yaml`
-'''

charts/templates/_envs.tpl

-{{- define "app_env" }}
-{{- range $key, $value := .Values.environment }}
-{{- $item := get $.Values.environment $key }}
-{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}}
-- name: {{ $key }}
-  value: {{ $value | quote }}
-{{- else }}
-- name: {{ $key }}
-  value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{- define "node_env" }}
-{{- range $key, $value := .Values.node_environment }}
-{{- $item := get $.Values.node_environment $key }}
-{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}}
-- name: {{ $key }}
-  value: {{ $value | quote }}
-{{- else }}
-- name: {{ $key }}
-  value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }}
-{{- end }}
-{{- end }}
-{{- end }}

charts/templates/deployment.yml

-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: {{ .Release.Name }}
-  annotations:
-    prometheus.io/scrape: "true"
-    prometheus.io/port: "http-metrics"
-spec:
-  replicas: {{ .Values.replicas.app }}
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}
-    spec:
-      # serviceAccountName: vault-auth
-      imagePullSecrets:
-        - name: regcred
-      containers:
-        - name: {{ .Release.Name }}
-          image: {{ .Values.image }}
-          resources:
-          {{- with .Values.resources }}
-            limits:
-              memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }}
-              cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }}
-            requests:
-              memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }}
-              cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }}
-          {{- end }}
-          imagePullPolicy: Always
-          ports:
-            - containerPort: {{ .Values.docker.targetPort }}
-          env:
-{{- include "app_env" . | indent 10 }}
-          # volumeMounts:
-          #   - name: smweb-logs
-          #     mountPath: /usr/local/sm-web-server/log
-          # readinessProbe:
-          #   httpGet:
-          #     path: /appversion
-          #     port: {{ .Values.docker.port }}
-          #     scheme: HTTP
-          #   initialDelaySeconds: 60
-          #   periodSeconds: 10
-          # livenessProbe:
-          #   httpGet:
-          #     path: /appversion
-          #     port: {{ .Values.docker.port }}
-          #     scheme: HTTP
-          #   initialDelaySeconds: 100
-          #   periodSeconds: 100
-      # volumes:
-      #   - name: smweb-logs
-      #     emptyDir: { }
-      #   - name: config
-      #     configMap:
-      #       name: {{ .Release.Name }}-promtail-configmap
-      restartPolicy: Always
----

charts/templates/ingress.yaml

-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/ingress.class: internal-and-public
-    nginx.ingress.kubernetes.io/proxy-body-size: 500m
-    nginx.ingress.kubernetes.io/client-max-body-size: "500M"
-    nginx.ingress.kubernetes.io/proxy-buffering: "off"
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "15m"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "15m"
-    # cert-manager.io/cluster-issuer: vault
-  name: {{ .Release.Name }}-ingress
-spec:
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: "/"
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}-svc
-                port:
-                  number: {{ .Values.docker.port }}
-  # tls:
-  #   - hosts:
-  #       - {{ .Values.ingress.host }}
-  #     secretName: xcloud-cert-srv

charts/templates/service.yml

-kind: Service
-apiVersion: v1
-metadata:
-  name: {{ .Release.Name }}-svc
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.docker.port }}
-      targetPort: {{ .Values.docker.targetPort }}
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ .Release.Name }}
----

charts/values-frontend.yaml

-image: ghcr.io/blockscout/frontend:main
-
-replicas:
-  app: 1
-docker:
-  port: 80
-  targetPort: 3000
-
-ingress:
-  host: blockscout-frontend.aws-k8s.blockscout.com
-
-resources:
-  limits:
-    memory:
-      _default: "0.3Gi"
-    cpu:
-      _default: "0.2"
-  requests:
-    memory:
-      _default: "0.3Gi"
-    cpu:
-      _default: "0.2"
-
-environment: {}
-  NEXT_PUBLIC_BLOCKSCOUT_VERSION:
-    _default: v4.1.7-beta
-  NEXT_PUBLIC_FOOTER_GITHUB_LINK:
-    _default: https://github.com/blockscout/blockscout
-  NEXT_PUBLIC_FOOTER_TWITTER_LINK:
-    _default: https://www.twitter.com/blockscoutcom
-  NEXT_PUBLIC_FOOTER_TELEGRAM_LINK:
-    _default: https://t.me/poa_network
-  NEXT_PUBLIC_FOOTER_STAKING_LINK:
-    _default: https://duneanalytics.com/maxaleks/xdai-staking
-  NEXT_PUBLIC_SUPPORTED_NETWORKS:
-    _default: [{"name":"Gnosis Chain","type":"xdai","subType":"mainnet","group":"mainnets","isAccountSupported":true},{"name":"Optimism on Gnosis Chain","type":"xdai","subType":"optimism","group":"mainnets"},{"name":"Arbitrum on xDai","type":"xdai","subType":"aox","group":"mainnets"},{"name":"Ethereum","type":"eth","subType":"mainnet","group":"mainnets"},{"name":"Ethereum Classic","type":"etc","subType":"mainnet","group":"mainnets"},{"name":"POA","type":"poa","subType":"core","group":"mainnets"},{"name":"RSK","type":"rsk","subType":"mainnet","group":"mainnets"},{"name":"Gnosis Chain Testnet","type":"xdai","subType":"testnet","group":"testnets","isAccountSupported":true},{"name":"POA Sokol","type":"poa","subType":"sokol","group":"testnets"},{"name":"ARTIS Σ1","type":"artis","subType":"sigma1","group":"other"},{"name":"LUKSO L14","type":"lukso","subType":"l14","group":"other"}]
-
-global:
-  env: test

deploy/values/.sops.yaml

+
+---
+creation_rules:
+  - path_regex: ^(.+/)?secrets\.yaml$
+    pgp: >-
+      99E83B7490B1A9F51781E6055317CE0D5CE1230B

deploy/values/secrets.yaml

+frontend:
+    environment:
+        SENTRY_DSN:
+            _default: ENC[AES256_GCM,data:8l6EM9q2FAxcBvixc0y/guIvStdOv9QfXQksFp6YAuYMJ/3s/jkZfpUgFs17dY2qg3Ze2mKLmUSxCy0hAFlOxBOfHcAha+qS6VI=,iv:uVScV6zYfR+4d8DdT/Gg23ZmCypGkIGESOieqkdXC9g=,tag:5E+JxKh+5wWU/GaAa/Dldg==,type:str]
+        NEXT_PUBLIC_SENTRY_DSN:
+            _default: ENC[AES256_GCM,data:qMheLmNm5Mzy9O/bg1tVxysXctCRW3XTZOFtVBssy4H3cBrf2XFoyZd/9w03jciep/zKghuKPOoVNK0928GUOXSJDnPqWFAW3p8=,iv:1qkaxjTY0jF0KWC1CBMrvWJnANhomZYArXbXGsAHVFw=,tag:BcN7VRrIGCERWsp+JVcwFg==,type:str]
+        SENTRY_CSP_REPORT_URI:
+            _default: ENC[AES256_GCM,data:LKEqPqJM2NPP/OpQN8fP5eMWNq4S67LB376Kc4GNOn2efu+thTBkFcdraYkLbk7AiHQG/0lEmFqlXtxv2YGNkKzs9p3RaM5XNrxEWYKp6ht61VOVeHMFSEaDs9+LAzujAJq8,iv:dVB3Rcsms9XNTbxim8WGRj3wU8mNvmyKnfZGv4LC9Ro=,tag:DrAXnd7c9Rma+ZIlJrRizg==,type:str]
+        SENTRY_AUTH_TOKEN:
+            _default: ENC[AES256_GCM,data:4TvbGnf7DPf6LMNZZWV0WniIrH4l916cmIkyYZwMafK2p9bGC0PdNAPcJw/yVYAR976N8R9l6Ujk7Ht5Hiqg8A==,iv:vNGmpgIpsIUpazxxYfQvoh4Eh/VW7no48hdP3624VQs=,tag:dD93MaJ0gVOeR5oSKMco5A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-09-14T15:36:11Z"
+    mac: ENC[AES256_GCM,data:M6tz5ochKg2joEslcMFiG34tg/ezwDxzZqlNzTFwJ7XdrnUKM9T/pb8xD6vyoaYX5y8YUpLB9ezGGTX/nbssc3VTG/rvbBcHJXWFSOBSkMzHhghy3ZmGVoKCOnWH35A20DGlyjKnxiOudMlpCGY8HsF0Uu+O6/RZta66HDjGipQ=,iv:IX+aLo0l4K9nNxRdXgEc8mKKv7ZKQkzFFaMWuppbdbM=,tag:E75w3svmLSZf8Xag/pcdaw==,type:str]
+    pgp:
+        - created_at: "2022-09-14T13:42:28Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQEMA1MXzg1c4SMLAQgAoRceoDDpqXEbiz6DaMX7YS7j5mcp+xVoemU9qY4ln7dT
+            XtwAWiRVr7mf1ZDI77bQunbyWAU3zM/lFDsrlNUMAUGZzoOOtIGSnjCqCYB5JGiP
+            ZfdjG88RAJx+WMIgWl66PW1ceru8We+KauQyG7bD5g59g3b5RadEhH3VER4cYJof
+            VI0+NPpAcGciRsV3vxGGf4q1ppM3Pz0AnXcC+HB+hxWa5DeAhZlavFO2zYBCzw/o
+            ypyLCoOcuEDSj9AY+EYnjyXIS72DXPA953/8QSaMSZ9JVKG5imtXslGEdj9PIQOp
+            0rPqjZCxzydQaPZ68jXMg2Ci4gZT4ZPle9fRFxNGdtJeAScCUk+5L70orvNmWwgD
+            3fFnMY6tMDd/qSqSRFEJ0Vm0M4MYSg5mgW9M64zGfw1bZLLjsIGMe2ZqQC/sZh1O
+            Mrk3/xd4md/Ko8BQcaZ6lCi0olz6KWTzmQhXgNTx9A==
+            =mNH9
+            -----END PGP MESSAGE-----
+          fp: 99E83B7490B1A9F51781E6055317CE0D5CE1230B
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

deploy/values/values.yaml

+global:
+  env: test
+frontend:
+  enabled: true
+  image: ghcr.io/blockscout/frontend:main
+  replicas:
+    app: 1
+  docker:
+    port: 80
+    targetPort: 3000
+  ingress:
+    enabled: true
+    host: bs-frontend.aws-k8s.blockscout.com
+  resources:
+    limits:
+      memory:
+        _default: 0.3Gi
+      cpu:
+        _default: "0.2"
+    requests:
+      memory:
+        _default: 0.3Gi
+      cpu:
+        _default: "0.2"
+  # node label
+  nodeSelector:
+    app: blockscout
+  environment:
+    NEXT_PUBLIC_BLOCKSCOUT_VERSION:
+      _default: v4.1.7-beta
+    NEXT_PUBLIC_FOOTER_GITHUB_LINK:
+      _default: https://github.com/blockscout/blockscout
+    NEXT_PUBLIC_FOOTER_TWITTER_LINK:
+      _default: https://www.twitter.com/blockscoutcom
+    NEXT_PUBLIC_FOOTER_TELEGRAM_LINK:
+      _default: https://t.me/poa_network
+    NEXT_PUBLIC_FOOTER_STAKING_LINK:
+      _default: https://duneanalytics.com/maxaleks/xdai-staking
+    NEXT_PUBLIC_SUPPORTED_NETWORKS:
+      _default: '[{"name":"Gnosis Chain","type":"xdai","subType":"mainnet","group":"mainnets","isAccountSupported":true},{"name":"Optimism on Gnosis Chain","type":"xdai","subType":"optimism","group":"mainnets"},{"name":"Arbitrum on xDai","type":"xdai","subType":"aox","group":"mainnets"},{"name":"Ethereum","type":"eth","subType":"mainnet","group":"mainnets"},{"name":"Ethereum Classic","type":"etc","subType":"mainnet","group":"mainnets"},{"name":"POA","type":"poa","subType":"core","group":"mainnets"},{"name":"RSK","type":"rsk","subType":"mainnet","group":"mainnets"},{"name":"Gnosis Chain Testnet","type":"xdai","subType":"testnet","group":"testnets","isAccountSupported":true},{"name":"POA Sokol","type":"poa","subType":"sokol","group":"testnets"},{"name":"ARTIS Σ1","type":"artis","subType":"sigma1","group":"other"},{"name":"LUKSO L14","type":"lukso","subType":"l14","group":"other"}]'