Vauhtijuoksu
diff --git a/‎.github/workflows/azure-deployment.yml‎
Lines changed: 0 additions & 95 deletions b/‎.github/workflows/azure-deployment.yml‎
Lines changed: 0 additions & 95 deletions
diff --git a/‎.github/workflows/docker.yml‎
Lines changed: 0 additions & 65 deletions b/‎.github/workflows/docker.yml‎
Lines changed: 0 additions & 65 deletions
diff --git a/‎.github/workflows/gh-publish.yaml‎
Lines changed: 76 additions & 0 deletions b/‎.github/workflows/gh-publish.yaml‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎deployment/prod-values.yaml‎
Lines changed: 15 additions & 0 deletions b/‎deployment/prod-values.yaml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎deployment/templates/deployment.yaml‎
Lines changed: 16 additions & 0 deletions b/‎deployment/templates/deployment.yaml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎deployment/templates/ingress.yaml‎
Lines changed: 26 additions & 8 deletions b/‎deployment/templates/ingress.yaml‎
Lines changed: 26 additions & 8 deletions
diff --git a/‎deployment/templates/nginx-cm.yaml‎
Lines changed: 25 additions & 0 deletions b/‎deployment/templates/nginx-cm.yaml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎deployment/templates/nginx-ingress.yaml‎
Lines changed: 23 additions & 0 deletions b/‎deployment/templates/nginx-ingress.yaml‎
Lines changed: 23 additions & 0 deletions
@@ -0,0 +1,76 @@
+name: Publish and deploy
+
+on:
+  push:
+    branches:
+    - trunk
+
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Docker build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.production
+          load: true
+          tags: vauhtijuoksu/cms:test
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            name=ghcr.io/vauhtijuoksu/wwwauhtijuoksu-cms
+          tags: |
+            # sha for branch triggers
+            type=ref,event=branch
+            type=ref,event=branch,suffix=-{{sha}}
+            type=ref,event=pr,suffix=-{{sha}}
+            # semver only for version tags
+            type=semver,pattern={{version}}
+
+      - name: Log in to GHCR
+        if: github.event_name == 'push'
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      # This should use cached image and not actually trigger a new build
+      - name: Build and push images
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.production
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Login to to Tailscale
+        uses: tailscale/github-action@v4.1.0
+        with:
+          oauth-client-id: ${{ vars.TS_OIDC_CLIENT_ID }}
+          audience: ${{ vars.TS_OIDC_AUDIENCE }}
+          tags: tag:gh-runner
+      - name: Setup Kubectl
+        uses: azure/setup-kubectl@v4
+      - name: Setup kubeconfig
+        run: |
+          mkdir ~/.kube
+          echo "${{ vars.KUBECONFIG }}" > ~/.kube/config
+          kubectl get all
+      - name: Extract main sha tag
+        id: main_sha
+        run: |
+          # Find the line with `:main-...`
+          full_line="$(echo '${{ steps.meta.outputs.tags }}' | grep ':main-pipeline-')"
+          # Strip everything before the last :
+          tag="${full_line##*:}"
+          echo "tag=$tag" >> $GITHUB_OUTPUT
+      - uses: azure/setup-helm@v3.5
+      - run: |
+           helm upgrade --install -n cms cms deployment/ -f deployment/prod-values.yaml --set image.tag=${{ steps.main_sha.outputs.tag }}
@@ -0,0 +1,15 @@
+database:
+  address: postgres-rw.postgres.svc.cluster.local
+  database: wwwauhtijuoksu-cms
+  secret: vjcms-psql
+  user: wwwauhtijuoksu-cms
+django:
+  allowed_hosts: cms.dev.vauhtijuoksu.fi,www.vauhtijuoksu.fi,vauhtijuoksu.fi
+  media_url: https://vjcms.blob.core.windows.net/media/
+  static_url: https://cms-static.dev.vauhtijuoksu.fi/static/
+  vj_api_url: http://vauhtijuoksu-api.vauhtijuoksu-api.svc.cluster.local:8080
+http:
+  staticfiles_host: cms-static.dev.vauhtijuoksu.fi
+image:
+  registry: ghcr.io/
+  repository: vauhtijuoksu/wwwauhtijuoksu-cms
@@ -47,6 +47,8 @@ spec:
         envFrom:
         - configMapRef:
             name: django-env
+        - secretRef:
+            name: discord
         env:
         - name: POSTGRES_PASSWORD
           valueFrom:
@@ -66,6 +68,17 @@ spec:
               name: {{ .Values.storage.secret }}
               key: key
               optional: true
+      - name: nginx
+        image: nginx:stable
+        ports:
+          - name: nginx
+            containerPort: 80
+            protocol: TCP
+        volumeMounts:
+          - name: nginx-config
+            mountPath: /etc/nginx/conf.d
+          - name: django-static
+            mountPath: /usr/share/nginx/html/static
       volumes:
       - name: django-static
         emptyDir: {}
@@ -74,3 +87,6 @@ spec:
       # TODO: Persistent media volume
       - name: django-media
         emptyDir: {}
+      - name: nginx-config
+        configMap:
+          name: nginx-config
@@ -3,25 +3,43 @@ kind: Ingress
 metadata:
   name: {{ .Chart.Name }}
   annotations:
-    kubernetes.io/ingress.class: nginx
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/rewrite-target: /$1
-    nginx.ingress.kubernetes.io/use-regex: "true"
     # To work on kind cluster
     nginx.ingress.kubernetes.io/server-alias: localhost
 spec:
   tls:
     - hosts:
         - {{ .Values.http.host }}
-      secretName: {{ .Values.http.host }}
+        - www.vauhtijuoksu.fi
+        - vauhtijuoksu.fi
+  ingressClassName: traefik
   rules:
     - host: {{ .Values.http.host }}
       http:
         paths:
-          - path: /(.*)
+          - backend:
+              service:
+                name: {{ .Chart.Name }}
+                port:
+                  name: http
+            path: /
+            pathType: Prefix
+    - host: www.vauhtijuoksu.fi
+      http:
+        paths:
+          - backend:
+              service:
+                name: {{ .Chart.Name }}
+                port:
+                  name: http
+            path: /
             pathType: Prefix
-            backend:
+    - host: vauhtijuoksu.fi
+      http:
+        paths:
+          - backend:
               service:
                 name: {{ .Chart.Name }}
                 port:
-                  name: http
+                  name: http
+            path: /
+            pathType: Prefix
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+data:
+  default.conf: |
+    server {
+        listen 80;
+        server_name _;
+
+        location ~* \.(eot|ttf|woff|woff2|otf)$ {
+            add_header Access-Control-Allow-Origin "*";
+            root /usr/share/nginx/html;
+            expires 30d;
+            add_header Cache-Control "public";
+            access_log off;
+        }
+
+        location /static/ {
+            alias /usr/share/nginx/html/static/;
+            expires 30d;
+            add_header Cache-Control "public";
+            access_log off;
+        }
+    }
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Chart.Name }}-nginx
+  annotations:
+    # To work on kind cluster
+    nginx.ingress.kubernetes.io/server-alias: localhost
+spec:
+  tls:
+    - hosts:
+        - {{ .Values.http.staticfiles_host }}
+  ingressClassName: traefik
+  rules:
+    - host: {{ .Values.http.staticfiles_host }}
+      http:
+        paths:
+          - backend:
+              service:
+                name: {{ .Chart.Name }}-nginx
+                port:
+                  name: http
+            path: /
+            pathType: Prefix