Add workflow for build app and deploy to k8s (#105)

* add job for docker build
* debug deploy to k8s

.github/workflows/publish-docker-image-and-deploy.yml

+name: Publish Docker image on every push to main branch
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  K8S_LOCAL_PORT: ${{ secrets.K8S_LOCAL_PORT }}
+  K8S_HOST: ${{ secrets.K8S_HOST }}
+  BASTION_HOST: ${{ secrets.BASTION_HOST }}
+  K8S_PORT: ${{ secrets.K8S_PORT }}
+  USERNAME: ${{ secrets.USERNAME }}
+  BASTION_SSH_KEY: ${{secrets.BASTION_SSH_KEY}}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to registry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      # Will automatically make nice tags, see the table here https://github.com/docker/metadata-action#basic
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/blockscout/frontend
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+  deploy:
+    name: Deploy frontend to k8s
+    needs: push_to_registry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+      - name: Set Kubernetes Context
+        uses: azure/k8s-set-context@v1
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBE_CONFIG }}
+      - name: Deploy to k8s
+        shell: bash
+        working-directory: charts
+        # port forwarding works only inside the step, consider refactoring as TS action
+        env:
+          NAMESPACE_NAME: bs-frontend
+        run: |
+          mkdir ~/.ssh
+          ssh-keyscan -H $BASTION_HOST >> ~/.ssh/known_hosts
+          eval `ssh-agent -s`
+          ssh-add - <<< "$BASTION_SSH_KEY"
+          sudo echo "127.0.0.1 $K8S_HOST" | sudo tee -a /etc/hosts
+          ssh -fN -v -L $K8S_LOCAL_PORT:$K8S_HOST:$K8S_PORT $USERNAME@$BASTION_HOST
+          helm upgrade --install -n $NAMESPACE_NAME $NAMESPACE_NAME ./ -f values-frontend.yaml --create-namespace

charts/.gitignore

+# values-frontend.yaml

charts/Chart.yaml

+apiVersion: v1
+appVersion: 0.0.1
+version: 0.0.1
+name: bs-frontend
+description: '''
+Helm chart for deploying blockscout frontend in K8S
+
+Deploy command: `helm upgrade --install -n=<namespace> bs-frontend ./ -f values-<name>.yaml`
+'''

charts/templates/_envs.tpl

+{{- define "app_env" }}
+{{- range $key, $value := .Values.environment }}
+{{- $item := get $.Values.environment $key }}
+{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}}
+- name: {{ $key }}
+  value: {{ $value | quote }}
+{{- else }}
+- name: {{ $key }}
+  value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "node_env" }}
+{{- range $key, $value := .Values.node_environment }}
+{{- $item := get $.Values.node_environment $key }}
+{{- if or (kindIs "string" $item) (kindIs "int64" $item) (kindIs "bool" $item)}}
+- name: {{ $key }}
+  value: {{ $value | quote }}
+{{- else }}
+- name: {{ $key }}
+  value: {{ pluck $.Values.global.env $item | first | default $item._default | quote }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/templates/deployment.yml

+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Release.Name }}
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "http-metrics"
+spec:
+  replicas: {{ .Values.replicas.app }}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+    spec:
+      # serviceAccountName: vault-auth
+      imagePullSecrets:
+        - name: regcred
+      containers:
+        - name: {{ .Release.Name }}
+          image: {{ .Values.image }}
+          resources:
+          {{- with .Values.resources }}
+            limits:
+              memory: {{ pluck $.Values.global.env .limits.memory | first | default .limits.memory._default | quote }}
+              cpu: {{ pluck $.Values.global.env .limits.cpu | first | default .limits.cpu._default | quote }}
+            requests:
+              memory: {{ pluck $.Values.global.env .requests.memory | first | default .requests.memory._default | quote }}
+              cpu: {{ pluck $.Values.global.env .requests.cpu | first | default .requests.cpu._default | quote }}
+          {{- end }}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: {{ .Values.docker.targetPort }}
+          env:
+{{- include "app_env" . | indent 10 }}
+          # volumeMounts:
+          #   - name: smweb-logs
+          #     mountPath: /usr/local/sm-web-server/log
+          # readinessProbe:
+          #   httpGet:
+          #     path: /appversion
+          #     port: {{ .Values.docker.port }}
+          #     scheme: HTTP
+          #   initialDelaySeconds: 60
+          #   periodSeconds: 10
+          # livenessProbe:
+          #   httpGet:
+          #     path: /appversion
+          #     port: {{ .Values.docker.port }}
+          #     scheme: HTTP
+          #   initialDelaySeconds: 100
+          #   periodSeconds: 100
+      # volumes:
+      #   - name: smweb-logs
+      #     emptyDir: { }
+      #   - name: config
+      #     configMap:
+      #       name: {{ .Release.Name }}-promtail-configmap
+      restartPolicy: Always
+---

charts/templates/ingress.yaml

+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: internal-and-public
+    nginx.ingress.kubernetes.io/proxy-body-size: 500m
+    nginx.ingress.kubernetes.io/client-max-body-size: "500M"
+    nginx.ingress.kubernetes.io/proxy-buffering: "off"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "15m"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "15m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "15m"
+    # cert-manager.io/cluster-issuer: vault
+  name: {{ .Release.Name }}-ingress
+spec:
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: "/"
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-svc
+                port:
+                  number: {{ .Values.docker.port }}
+  # tls:
+  #   - hosts:
+  #       - {{ .Values.ingress.host }}
+  #     secretName: xcloud-cert-srv

charts/templates/service.yml

+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ .Release.Name }}-svc
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.docker.port }}
+      targetPort: {{ .Values.docker.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ .Release.Name }}
+---

charts/values-frontend.yaml

+image: ghcr.io/blockscout/frontend:build-ci-cd
+
+replicas:
+  app: 1
+docker:
+  port: 80
+  targetPort: 3000
+
+ingress:
+  host: blockscout-frontend.aws-k8s.blockscout.com
+
+resources:
+  limits:
+    memory:
+      _default: "0.3Gi"
+    cpu:
+      _default: "0.2"
+  requests:
+    memory:
+      _default: "0.3Gi"
+    cpu:
+      _default: "0.2"
+
+
+environment: {}
+
+global:
+  env: test