[#475]: deploy to swarm action update

.deploy/blog.deploy.yml

@@ -10,7 +10,8 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.blog.rule=Host(`blog.mems.fun`)"
-        - "traefik.http.routers.blog.entrypoints=web"
+        - "traefik.http.routers.blog.entrypoints=websecure"
+        - "traefik.http.routers.blog.tls=true"
         - "traefik.http.services.blog.loadbalancer.server.port=3000"
         - "traefik.http.services.blog.loadbalancer.passhostheader=true"
       replicas: 1

.deploy/gamehub.deploy.yml

@@ -8,9 +8,10 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.gamehub-client.rule=Host(`mems.fun`)"
-        - "traefik.http.routers.gamehub-client.entrypoints=web"
+        - "traefik.http.routers.gamehub-client.entrypoints=websecure"
         - "traefik.http.services.gamehub-client.loadbalancer.server.port=3000"
         - "traefik.http.services.gamehub-client.loadbalancer.passhostheader=true"
+        - "traefik.http.routers.gamehub-client.tls=true"
       replicas: 1
       update_config:
         parallelism: 2

.deploy/ligretto.deploy.yml

@@ -19,7 +19,8 @@ services:
         - "prometheus-port=3005"
         - "traefik.enable=true"
         - "traefik.http.routers.ligretto-gameplay-backend.rule=Host(`api.ligretto.app`)"
-        - "traefik.http.routers.ligretto-gameplay-backend.entrypoints=web"
+        - "traefik.http.routers.ligretto-gameplay-backend.entrypoints=websecure"
+        - "traefik.http.routers.ligretto-gameplay-backend.tls=true"
         - "traefik.http.services.ligretto-gameplay-backend.loadbalancer.server.port=3005"
         - "traefik.http.services.ligretto-gameplay-backend.loadbalancer.passhostheader=true"
       replicas: 1
@@ -57,7 +58,8 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.ligretto-core-backend.rule=Host(`core.ligretto.app`)"
-        - "traefik.http.routers.ligretto-core-backend.entrypoints=web"
+        - "traefik.http.routers.ligretto-core-backend.entrypoints=websecure"
+        - "traefik.http.routers.ligretto-core-backend.tls=true"
         - "traefik.http.services.ligretto-core-backend.loadbalancer.server.port=3333"
         - "traefik.http.services.ligretto-core-backend.loadbalancer.passhostheader=true"
       replicas: 1
@@ -99,7 +101,8 @@ services:
         - "prometheus-port=8080"
         - "traefik.enable=true"
         - "traefik.http.routers.ligretto-bot-clj.rule=Host(`bots.ligretto.app`)"
-        - "traefik.http.routers.ligretto-bot-clj.entrypoints=web"
+        - "traefik.http.routers.ligretto-bot-clj.entrypoints=websecure"
+        - "traefik.http.routers.ligretto-bot-clj.tls=true"
         - "traefik.http.services.ligretto-bot-clj.loadbalancer.server.port=3222"
         - "traefik.http.services.ligretto-bot-clj.loadbalancer.passhostheader=true"
       replicas: 1

.github/actions/deploy-to-swarm/action.yml

@@ -7,21 +7,14 @@ inputs:
   name:
     required: true
     description: "Stack name"
-  AWS_ACCESS_KEY_ID:
+  sa_auth_key:
     required: true
-    description: 'AWS_ACCESS_KEY_ID'
-  AWS_SECRET_ACCESS_KEY:
-    required: true
-    description: 'AWS_SECRET_ACCESS_KEY'
-  AWS_REGION:
-    required: false
-    description: 'AWS region'
-    default: 'eu-north-1'
-  docker_login:
+    description: "https://cloud.yandex.ru/en/docs/iam/concepts/authorization/key"
+  docker_registry_login:
     required: false
     default: ''
     description: 'Docker login'
-  docker_password:
+  docker_registry_password:
     required: false
     default: ''
     description: 'Docker password'
@@ -33,23 +26,23 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Install yc cli
+      id: install_yc_cli
+      run: curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash -s
+
+    - name: Configure yc cli
+      id: configure_yc_cli
+      run: |
+        yc config profile create worker
+        echo ${{ inputs.sa_auth_key }} > key.json
+        yc config set service-account-key key.json
+
     - name: Read stack file
       id: package
       uses: juliangruber/read-file-action@v1
       with:
         path: ${{ inputs.path-to-stack }}
 
-    - uses: gagoar/invoke-aws-lambda@master
-      name: Invoke deploy to swarm lambda
+    - name: Invoke deploy to swarm lambda
       id: invoke-lambda
-      with:
-        AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}
-        REGION: ${{ inputs.AWS_REGION }}
-        FunctionName: deploy-stack-lambda
-        Payload: '{ "body": {"name": "${{ inputs.name }}", "stack": ${{ toJSON(steps.package.outputs.content) }}, "dockerLogin": ${{ toJSON(inputs.docker_login) }}, "dockerPassword": ${{ toJSON(inputs.docker_password) }}, "dockerRegistry": ${{ toJSON(inputs.docker_registry) }} } }'
-
-    - name: Invoke logs
-      if: ${{ always() }}
-      shell: bash
-      run: echo "${{ steps.invoke-lambda.outputs.response }}"
+      run: yc serverless function invoke deploy-stack-lambda -d '{ "body": {"name": "${{ inputs.name }}", "stack": ${{ toJSON(steps.package.outputs.content) }}, "dockerLogin": ${{ toJSON(inputs.docker_registry_login) }}, "dockerPassword": ${{ toJSON(inputs.docker_registry_password) }}, "dockerRegistry": ${{ toJSON(inputs.docker_registry) }} } }'

.github/workflows/blog-deploy.yml

@@ -5,7 +5,7 @@ on:
     branches:
       - master
   push:
-    branches: [ master ]
+    branches: [ master, 475-modify-deploy-to-swarm-action-to-use-with-yandex-cloud ]
     paths:
       - 'apps/blog/**'
       - '.deploy/blog.deploy.yml'
@@ -66,8 +66,7 @@ jobs:
         with:
           path-to-stack: '.deploy/blog.deploy.yml'
           name: 'BLOG'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          docker_login: ${{ secrets.GHCR_USER }}
-          docker_password: ${{ secrets.GHCR_PULL_TOKEN }}
+          sa_auth_key: ${{ secrets.YC_WORKER_KEY }}
+          docker_registry_login: ${{ secrets.GHCR_USER }}
+          docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }}
           docker_registry: 'ghcr.io'

.github/workflows/gamehub-deploy.yml

@@ -66,8 +66,7 @@ jobs:
         with:
           path-to-stack: '.deploy/gamehub.deploy.yml'
           name: 'GAMEHUB'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          docker_login: ${{ secrets.GHCR_USER }}
-          docker_password: ${{ secrets.GHCR_PULL_TOKEN }}
+          sa_auth_key: ${{ secrets.YC_WORKER_KEY }}
+          docker_registry_login: ${{ secrets.GHCR_USER }}
+          docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }}
           docker_registry: 'ghcr.io'

.github/workflows/ligretto-deploy.yml

@@ -146,16 +146,15 @@ jobs:
         with:
           path-to-stack: '.deploy/ligretto.deploy.yml'
           name: 'LIGRETTO'
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          docker_login: ${{ secrets.GHCR_USER }}
-          docker_password: ${{ secrets.GHCR_PULL_TOKEN }}
+          docker_registry_login: ${{ secrets.GHCR_USER }}
+          docker_registry_password: ${{ secrets.GHCR_PULL_TOKEN }}
           docker_registry: 'ghcr.io'
 
       - uses: ./.github/actions/deploy-to-s3
         name: Deploy to s3
         with:
           path-to-folder: apps/ligretto-frontend/dist
+          sa_auth_key: ${{ secrets.YC_WORKER_KEY }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           bucket: 'lig-production-cdn-origin'

.vscode/settings.json

@@ -18,6 +18,6 @@
   "cSpell.words": ["injectable", "nestjs", "postgres", "styleguide", "typeorm"],
   "gitlens.advanced.blame.customArguments": [],
   "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": true
+    "source.fixAll.eslint": "explicit"
   }
 }