chore(k8s): add cd via timoni+flux

Author: kjubybot

.github/workflows/master.yml

@@ -130,3 +130,8 @@ jobs:
       #   run: make test-code-checkers
       #   env:
       #     MIX_ENV: test
+
+  build-package:
+    uses: ./.github/workflows/package.yaml
+    with:
+      is-pr: false

.github/workflows/package.yaml

@@ -0,0 +1,60 @@
+name: Build package
+
+on:
+  workflow_call:
+    inputs:
+      is-pr:
+        description: Whether it's a pr
+        type: boolean
+        required: true
+jobs:
+  build-package:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Timoni
+        uses: stefanprodan/timoni/actions/setup@main
+      - name: Setup Flux
+        uses: fluxcd/flux2/action@main
+
+      - name: Preapre tag
+        if: ${{ inputs.is-pr }}
+        run: |
+          tag=$(echo ${{ github.head_ref }} | tr '/' '-')
+          echo "tag=${tag}" >> "${GITHUB_ENV}"
+
+      - name: Prepare tag
+        if: ${{ ! inputs.is-pr }}
+        run: echo "tag=${{ github.ref_name }}" >> "${GITHUB_ENV}"
+
+      - name: Build bundle
+        env:
+          BUNDLE_PATH: k8s/timoni/
+        run: |
+          mkdir ${{ runner.temp }}/timoni
+          timoni bundle build \
+            -f ${BUNDLE_PATH}bundle.cue \
+            -f ${BUNDLE_PATH}runners.cue \
+            -f ${BUNDLE_PATH}values.cue > ${{ runner.temp }}/timoni/build.yaml
+
+      - name: Diff artifacts
+        run: |
+          set +e
+          flux diff artifact \
+            --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
+            oci://ghcr.io/${{ github.repository }}-manifests:${tag} \
+            --path ${{ runner.temp }}/timoni
+          echo "diff=$?" >> "${GITHUB_ENV}"
+
+      - name: Push artifact
+        if: ${{ env.diff != '0' }}
+        run: |
+          flux push artifact \
+            --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
+            -f ${{ runner.temp }}/timoni \
+            --source ${{ github.repositoryUrl }} \
+            --revision ${{ inputs.tag }}@sha1:${{ github.sha }} \
+            oci://ghcr.io/${{ github.repository }}-manifests:${tag}

.github/workflows/pr.yml

@@ -96,3 +96,8 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
           file: ./services/app/assp/codebattle/cover/excoveralls.json
           fail_ci_if_error: false
+
+  build-package:
+    uses: ./.github/workflows/package.yaml
+    with:
+      is-pr: true

k8s/flux.cue

@@ -0,0 +1,39 @@
+bundle: {
+	apiVersion: "v1alpha1"
+	name:       "codebattle"
+	instances: {
+		"codebattle": {
+			module: url: "file://timoni/kustomize-oci"
+			namespace: "flux-system"
+			values: {
+				artifact: {
+					url: "oci://ghcr.io/hexlet-codebattle/codebattle-manifests"
+					tag: "master"
+				}
+				auth: credentials: {
+					username: string @timoni(runtime:string:GITHUB_USERNAME)
+					password: string @timoni(runtime:string:GITHUB_TOKEN)
+				}
+				patches: [{
+					apiVersion: "gateway.networking.k8s.io/v1"
+					kind:       "HTTPRoute"
+					spec: {
+						_hostname: string @timoni(runtime:string:CODEBATTLE_HOSTNAME)
+						hostnames: [_hostname]
+					}
+				}]
+			}
+		}
+		"gateway": {
+			module: url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
+			namespace: "flux-system"
+			values: {
+				repository: url: "oci://registry-1.docker.io/envoyproxy"
+				chart: {
+					name:    "gateway-helm"
+					version: "v1.3.0"
+				}
+			}
+		}
+	}
+}

k8s/timoni/bundle.cue

@@ -0,0 +1,39 @@
+#RunnerConfig: {
+	image:    string
+	version:  string
+	lang:     string
+	replicas: uint
+}
+
+runners: [string]: #RunnerConfig
+codebattleValues: {}
+
+bundle: {
+	apiVersion: "v1alpha1"
+	name:       "codebattle"
+	instances: {
+		codebattle: {
+			module: url: "file://codebattle"
+			namespace: "codebattle"
+			values:    codebattleValues
+		}
+		for runner in runners {
+			"runner-\(runner.lang)": {
+				module: url: "file://runner"
+				namespace: "codebattle"
+				values: {
+					registry: "docker.io"
+					image: {
+						repository: "\(registry)/\(runner.image)"
+						tag:        runner.version
+					}
+					replicas: runner.replicas
+				}
+			}
+		}
+		gateway: {
+			module: url: "file://gateway"
+			namespace: "codebattle"
+		}
+	}
+}