This guide covers the one-time setup required to deploy ws-scoring to Scaleway.
- Scaleway account with billing enabled
- GitHub repository with Actions enabled
- Local tools:
brew install opentofu scw
scw initFollow the prompts to set up your Scaleway CLI credentials.
scw object bucket create name=ws-scoring-tfstate region=fr-parThis bucket stores OpenTofu state and cannot be managed by OpenTofu itself (bootstrap problem).
# Display current configuration
scw config get
# Note these values for GitHub Secrets:
# - access_key
# - secret_key
# - default_project_id
# - default_organization_id
# - default_region (e.g., fr-par)Go to your GitHub repository → Settings → Secrets and variables → Actions
Add these secrets:
| Secret Name | Value | Where to Find |
|---|---|---|
SCW_ACCESS_KEY |
Your access key | scw config get access-key |
SCW_SECRET_KEY |
Your secret key | scw config get secret-key |
SCW_DEFAULT_PROJECT_ID |
Project ID | scw config get default-project-id |
SCW_DEFAULT_ORGANIZATION_ID |
Organization ID | scw config get default-organization-id |
SCW_DEFAULT_REGION |
Region (e.g., fr-par) | scw config get default-region |
TF_STATE_BUCKET |
ws-scoring-tfstate | Bucket name from Step 2 |
DB_PASSWORD |
Strong random password | Generate with openssl rand -base64 32 |
SCW_REGISTRY_ENDPOINT |
(Set after infrastructure deploy) | From infrastructure workflow output or tofu output -raw registry_endpoint |
# Push infrastructure code to main
git push origin main
# GitHub Actions will automatically:
# 1. Run infrastructure.yml workflow
# 2. Create all Scaleway resources
# 3. Output resource IDs and endpointsCheck GitHub Actions tab to monitor deployment progress.
After infrastructure deployment completes, add one more secret:
# Get registry endpoint from infrastructure workflow output or:
cd infrastructure
tofu output -raw registry_endpointGo to GitHub repository → Settings → Secrets and add:
- Secret Name:
SCW_REGISTRY_ENDPOINT - Value: The registry endpoint (e.g.,
rg.fr-par.scw.cloud/ws-scoring)
This secret is used by the deployment workflow to push Docker images.
cd infrastructure
# Initialize OpenTofu locally
tofu init \
-backend-config="bucket=ws-scoring-tfstate" \
-backend-config="access_key=<YOUR_ACCESS_KEY>" \
-backend-config="secret_key=<YOUR_SECRET_KEY>"
# View outputs
tofu output
# Get database connection string (sensitive)
tofu output -raw database_url# Push application code to main
git push origin main
# GitHub Actions will automatically:
# 1. Build and test
# 2. Build Docker image
# 3. Run database migrations
# 4. Deploy container# Get database URL from infrastructure
cd infrastructure
export POSTGRESQL_CONNECTION_STRING="$(tofu output -raw database_url)"
# Run user creation script
cd ..
bun run users:create
# Follow prompts to create administrator userAfter the first deployment completes, the container URL will be displayed in the GitHub Actions log.
Alternatively, query it with Scaleway CLI:
# Get namespace ID from Terraform
cd infrastructure
NAMESPACE_ID=$(tofu output -raw container_namespace_id)
# Get container URL
scw container container list namespace-id=$NAMESPACE_ID- Check Scaleway console: Billing → Overview
- Set up billing alerts: Billing → Alerts
- Expected cost: ~€0.67/month for 10 hours usage
Check:
- All GitHub Secrets are set correctly
- Scaleway account has billing enabled
- State bucket exists:
scw object bucket list
Check logs:
scw container container logs <CONTAINER_ID>Verify connection string:
cd infrastructure
tofu output database_urlTest connection:
psql "$(cd infrastructure && tofu output -raw database_url)"Trigger workflows manually from GitHub:
- Actions → Deploy Infrastructure → Run workflow
- Actions → Deploy Application → Run workflow