feat: setup frontend on argus (#1666)

Author: kaloster

.github/workflows/argus-stack-prod-upsert.yaml

@@ -0,0 +1,24 @@
+name: Update prod
+
+on:
+  release:
+    types: [published]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  prod_stack_upsert:
+    runs-on: ARM64
+    permissions:
+      id-token: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Update Prod Stack
+        uses: chanzuckerberg/argus-artifacts/ci/packages/create-stack@v0.54.1
+        with:
+          appName: cryoet-frontend
+          envName: prod

.github/workflows/argus-stack-rdev-create.yaml

@@ -0,0 +1,26 @@
+name: Create an RDev Stack
+
+on:
+  pull_request:
+    types: [labeled, synchronize]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  create-stack:
+    runs-on: ARM64
+    if: contains(github.event.pull_request.labels.*.name, 'stack')
+    permissions:
+      id-token: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Create Stack
+        id: upsert
+        uses: chanzuckerberg/argus-artifacts/ci/packages/create-stack@v0.54.1
+        with:
+          appName: cryoet-frontend
+          envName: rdev

.github/workflows/argus-stack-rdev-delete.yaml

@@ -0,0 +1,21 @@
+name: Delete an RDev Stack
+
+on:
+  pull_request:
+    types: [ unlabeled, closed ]
+
+jobs:
+  delete-stack:
+    runs-on: ARM64
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'stack') || github.event.pull_request.state == 'closed' }}
+    permissions:
+      id-token: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Delete Stack
+        uses: chanzuckerberg/argus-artifacts/ci/packages/delete-stack@v0.54.1
+        with:
+          appName: cryoet-frontend
+          envName: rdev

.github/workflows/argus-stack-staging-upsert.yaml

@@ -0,0 +1,35 @@
+name: Update staging
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    paths:
+      - '.infra/common.yaml'
+      - '.infra/staging/values.yaml'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  run_if:
+    if: github.head_ref == 'release-please--branches--main--components--frontend'
+    runs-on: ARM64
+    steps:
+      - run: echo "The head branch of this PR is the release please branch"
+
+  staging_stack_upsert:
+    needs: run_if
+    runs-on: ARM64
+    permissions:
+      id-token: write
+      issues: write
+      pull-requests: write
+
+    steps:
+      - name: Update Staging Stack
+        uses: chanzuckerberg/argus-artifacts/ci/packages/create-stack@v0.54.1
+        with:
+          appName: cryoet-frontend
+          envName: staging
+          postStackDetails: false

.github/workflows/docker-build-rdev.yaml

@@ -0,0 +1,21 @@
+name: Docker Build Rdev
+
+on:
+  pull_request:
+    types: [ labeled, synchronize ]
+    paths:
+      - 'frontend/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  rdev_argus_builder:
+    uses: ./.github/workflows/workflow-argus-docker-build.yaml
+    secrets: inherit
+    if: contains(github.event.pull_request.labels.*.name, 'stack') && github.event.sender.type != 'Bot'
+    with:
+      envs: rdev
+      path_filters: 'frontend/**'
+      branches_ignore: main,release-please--branches--main

.github/workflows/docker-build-staging-prod.yaml

@@ -0,0 +1,18 @@
+name: Docker Build Staging/Prod
+
+on:
+  push:
+    paths:
+    - 'frontend/**'
+    branches:
+    - release-please--branches--main--components--frontend
+
+jobs:
+  argus_builder:
+    uses: ./.github/workflows/workflow-argus-docker-build.yaml
+    secrets: inherit
+    with:
+      envs: staging,prod
+      path_filters: '!.infra/**,frontend/**'
+      branches_include: release-please--branches--main--components--frontend
+      force_update_manifests: true

.github/workflows/release.yml .github/workflows/release-please.yml.github/workflows/release.yml renamed to .github/workflows/release-please.yml

@@ -13,11 +13,19 @@ permissions:
 jobs:
   release-please:
     concurrency:
-      group: release-prs-${{ github.ref }}
+      group: ${{ github.workflow }}-${{ github.ref }}
       cancel-in-progress: true
 
-    runs-on: ubuntu-latest
+    runs-on: ARM64
     steps:
+      # See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
+      # For why we need to generate a token and not use the default
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.CZI_RELEASE_PLEASE_APP_ID }}
+          private_key: ${{ secrets.CZI_RELEASE_PLEASE_PK }}
       - name: release please
         uses: googleapis/release-please-action@v4
         id: release
@@ -26,7 +34,7 @@ jobs:
           manifest-file: "release-please.manifest.json"
           config-file: "release-please.config.json"
           target-branch: "main"
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.generate_token.outputs.token }}
 
     outputs:
       paths_released: ${{ steps.release.outputs.paths_released }}
@@ -50,7 +58,7 @@ jobs:
 
       - uses: actions/setup-python@v4
         with:
-          pyton-version: "3.10"
+          python-version: "3.12"
 
       - name: build
         run: |

.github/workflows/workflow-argus-docker-build.yaml

@@ -0,0 +1,46 @@
+name: Docker Image Build
+
+on:
+  workflow_call:
+    inputs:
+      envs:
+        description: "Env names, comma delimited"
+        required: true
+        type: string
+      path_filters:
+        description: "Glob patterns to match against changed files in the repository, comma delimited"
+        required: true
+        type: string
+      branches_include:
+        description: "Branches to build on, comma delimited"
+        required: false
+        type: string
+        default: "*"
+      branches_ignore:
+        description: "Branches to skip build on, comma delimited"
+        required: false
+        type: string
+        default: ""
+      force_update_manifests:
+        description: "Whether to always update ArgoCD manifests after building the Docker images"
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  argus_builder:
+    uses: chanzuckerberg/github-actions/.github/workflows/argus-docker-build.yaml@v4.2.0
+    secrets: inherit
+    with:
+      branches_include: ${{ inputs.branches_include }}
+      branches_ignore: ${{ inputs.branches_ignore }}
+      force_update_manifests: ${{ inputs.force_update_manifests }}
+      path_filters: ${{ inputs.path_filters }}
+      envs: ${{ inputs.envs }}
+      images: |
+        {
+          "frontend": {
+            "context": "frontend",
+            "dockerfile": "frontend/packages/data-portal/Dockerfile"
+          }
+        }

.infra/common.yaml

@@ -0,0 +1,25 @@
+stack:
+  global:
+    replicaCount: 2
+    autoscaling:
+      enabled: false
+    service:
+      port: 8080
+    env:
+      - name: AWS_REGION
+        value: us-west-2
+      - name: AWS_ACCESS_KEY_ID
+        value: test
+      - name: AWS_SECRET_ACCESS_KEY
+        value: test
+      - name: JWK_PUBLIC_KEY_FILE
+        value: /var/keys/public_key.pem
+      - name: JWK_PRIVATE_KEY_FILE
+        value: /var/keys/private_key.pem
+  services:
+    frontend:
+      image:
+        repository: 533267185808.dkr.ecr.us-west-2.amazonaws.com/core-platform/cryoet-data-portal/frontend/frontend
+      paths:
+      - /
+      pathType: Prefix

.infra/prod/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: stack
+type: application
+version: 1.0.0
+dependencies:
+  - name: stack
+    version: 2.5.3
+    repository: https://chanzuckerberg.github.io/argo-helm-charts