feat: service deployments (#1668)

Signed-off-by: Gašper Grom <gasper.grom@gmail.com>

Author: gaspergrom

.dockerignore

@@ -8,11 +8,7 @@
 node_modules
 **/node_modules
 
-# Submodules (not needed for frontend build)
-submodules
-
-# Other services (not needed for frontend build)
-workers
+# Other services (not needed for most builds)
 services
 database
 

.github/actions/build-docker-image/action.yaml

@@ -6,6 +6,16 @@ inputs:
     description: The APP_ENV to pass as a build argument
     required: false
     default: production
+  dockerfile:
+    description: Path to the Dockerfile
+    required: true
+  image-name:
+    description: Image name (e.g. insights-app, package-downloads-worker)
+    required: true
+  build-args:
+    description: Extra build args (newline-separated KEY=VALUE)
+    required: false
+    default: ''
 
 outputs:
   image:
@@ -21,7 +31,7 @@ runs:
       run: |
         SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-6)
         IMAGE_VERSION="${SHORT_SHA}.${{ github.run_attempt }}"
-        IMAGE_TAG="sjc.ocir.io/axbydjxa5zuh/insights-app:${IMAGE_VERSION}"
+        IMAGE_TAG="sjc.ocir.io/axbydjxa5zuh/${{ inputs.image-name }}:${IMAGE_VERSION}"
         echo "IMAGE_VERSION=${IMAGE_VERSION}" >> $GITHUB_OUTPUT
         echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_OUTPUT
 
@@ -39,11 +49,11 @@ runs:
       uses: docker/build-push-action@v6
       with:
         context: .
-        file: frontend/Dockerfile
+        file: ${{ inputs.dockerfile }}
         push: true
         tags: ${{ steps.tag-generator.outputs.IMAGE_TAG }}
         build-args: |
           APP_ENV=${{ inputs.app-env }}
-          NUXT_REDIS_URL=${{ env.NUXT_REDIS_URL }}
+          ${{ inputs.build-args }}
         no-cache: true
-        provenance: false
+        provenance: false

.github/workflows/production-deploy.yaml

@@ -2,6 +2,16 @@ name: Production Deploy
 
 on:
   workflow_dispatch:
+    inputs:
+      service:
+        description: Service to deploy
+        required: true
+        type: choice
+        default: frontend
+        options:
+          - frontend
+          - package-downloads-worker
+          - search-volume-worker
 
 env:
   CLOUD_ENV: lf-oracle-production
@@ -21,6 +31,36 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set service config
+        id: config
+        run: |
+          case "${{ inputs.service }}" in
+            frontend)
+              echo "dockerfile=frontend/Dockerfile" >> $GITHUB_OUTPUT
+              echo "image_name=insights-app" >> $GITHUB_OUTPUT
+              echo "k8s_deployment=insights-app-dpl" >> $GITHUB_OUTPUT
+              echo "k8s_container=frontend" >> $GITHUB_OUTPUT
+              ;;
+            package-downloads-worker)
+              echo "dockerfile=workers/temporal/package_downloads_worker/Dockerfile" >> $GITHUB_OUTPUT
+              echo "image_name=package-downloads-worker" >> $GITHUB_OUTPUT
+              echo "k8s_deployment=package-downloads-worker-dpl" >> $GITHUB_OUTPUT
+              echo "k8s_container=package-downloads-worker" >> $GITHUB_OUTPUT
+              ;;
+            search-volume-worker)
+              echo "dockerfile=workers/temporal/search_volume_worker/Dockerfile" >> $GITHUB_OUTPUT
+              echo "image_name=insights-search-volume-worker" >> $GITHUB_OUTPUT
+              echo "k8s_deployment=search-volume-worker-dpl" >> $GITHUB_OUTPUT
+              echo "k8s_container=search-volume-worker" >> $GITHUB_OUTPUT
+              ;;
+            *)
+              echo "::error::Unknown service: ${{ inputs.service }}"
+              exit 1
+              ;;
+          esac
 
       - name: Setup OCI CLI and Kubectl
         run: |
@@ -64,17 +104,21 @@ jobs:
         id: build-docker-image
         with:
           app-env: production
-        env:
-          NUXT_REDIS_URL: ${{ env.NUXT_REDIS_URL }}
+          dockerfile: ${{ steps.config.outputs.dockerfile }}
+          image-name: ${{ steps.config.outputs.image_name }}
+          build-args: ''
 
       - name: Update Deployment Image
         run: |
-          kubectl set image deployment/insights-app-dpl frontend=${{ steps.build-docker-image.outputs.image }} -n insights
-          kubectl rollout status deployment/insights-app-dpl -n insights --timeout=300s
+          kubectl set image deployment/${{ steps.config.outputs.k8s_deployment }} \
+            ${{ steps.config.outputs.k8s_container }}=${{ steps.build-docker-image.outputs.image }} \
+            -n insights
+          kubectl rollout status deployment/${{ steps.config.outputs.k8s_deployment }} -n insights --timeout=300s
 
       - name: Flush Redis cache
+        if: inputs.service == 'frontend'
         run: |
           REDIS_URL=$(kubectl get configmap insights-config-map -n insights -o jsonpath="{.data.NUXT_REDIS_URL}")
           PASSWORD=$(echo "$REDIS_URL" | sed -n 's|.*://:\([^@]*\)@.*|\1|p')
           kubectl exec -i redis-client -n insights -- \
-            redis-cli -h redis-svc -a "$PASSWORD" FLUSHALL
+            redis-cli -h redis-svc -a "$PASSWORD" FLUSHALL

.github/workflows/staging-deploy.yaml

@@ -2,6 +2,16 @@ name: Staging Deploy
 
 on:
   workflow_dispatch:
+    inputs:
+      service:
+        description: Service to deploy
+        required: true
+        type: choice
+        default: frontend
+        options:
+          - frontend
+          - package-downloads-worker
+          - search-volume-worker
 
 env:
   CLOUD_ENV: lf-oracle-staging
@@ -21,6 +31,36 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set service config
+        id: config
+        run: |
+          case "${{ inputs.service }}" in
+            frontend)
+              echo "dockerfile=frontend/Dockerfile" >> $GITHUB_OUTPUT
+              echo "image_name=insights-app" >> $GITHUB_OUTPUT
+              echo "k8s_deployment=insights-app-dpl" >> $GITHUB_OUTPUT
+              echo "k8s_container=frontend" >> $GITHUB_OUTPUT
+              ;;
+            package-downloads-worker)
+              echo "dockerfile=workers/temporal/package_downloads_worker/Dockerfile" >> $GITHUB_OUTPUT
+              echo "image_name=package-downloads-worker" >> $GITHUB_OUTPUT
+              echo "k8s_deployment=package-downloads-worker-dpl" >> $GITHUB_OUTPUT
+              echo "k8s_container=package-downloads-worker" >> $GITHUB_OUTPUT
+              ;;
+            search-volume-worker)
+              echo "dockerfile=workers/temporal/search_volume_worker/Dockerfile" >> $GITHUB_OUTPUT
+              echo "image_name=insights-search-volume-worker" >> $GITHUB_OUTPUT
+              echo "k8s_deployment=search-volume-worker-dpl" >> $GITHUB_OUTPUT
+              echo "k8s_container=search-volume-worker" >> $GITHUB_OUTPUT
+              ;;
+            *)
+              echo "::error::Unknown service: ${{ inputs.service }}"
+              exit 1
+              ;;
+          esac
 
       - name: Setup OCI CLI and Kubectl
         run: |
@@ -64,10 +104,13 @@ jobs:
         id: build-docker-image
         with:
           app-env: staging
-        env:
-          NUXT_REDIS_URL: ${{ env.NUXT_REDIS_URL }}
+          dockerfile: ${{ steps.config.outputs.dockerfile }}
+          image-name: ${{ steps.config.outputs.image_name }}
+          build-args: ''
 
       - name: Update Deployment Image
         run: |
-          kubectl set image deployment/insights-app-dpl frontend=${{ steps.build-docker-image.outputs.image }} -n insights
-          kubectl rollout status deployment/insights-app-dpl -n insights --timeout=300s
+          kubectl set image deployment/${{ steps.config.outputs.k8s_deployment }} \
+            ${{ steps.config.outputs.k8s_container }}=${{ steps.build-docker-image.outputs.image }} \
+            -n insights
+          kubectl rollout status deployment/${{ steps.config.outputs.k8s_deployment }} -n insights --timeout=300s

frontend/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.4
-ARG NODE_VERSION=22
+ARG NODE_VERSION=24
 
 # ============================================
 # Base stage: Node with pnpm via corepack
@@ -33,10 +33,8 @@ RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store \
 FROM deps AS builder
 
 ARG APP_ENV=production
-ARG NUXT_REDIS_URL
 
 ENV NUXT_APP_ENV=$APP_ENV
-ENV NUXT_REDIS_URL=$NUXT_REDIS_URL
 ENV NODE_OPTIONS=--max-old-space-size=4096
 
 WORKDIR /app

…le.package_downloads_worker.dockerignore …l/package_downloads_worker/.dockerignoreworkers/temporal/package_downloads_worker/src/Dockerfile.package_downloads_worker.dockerignore renamed to workers/temporal/package_downloads_worker/.dockerignore workers/temporal/package_downloads_worker/src/Dockerfile.package_downloads_worker.dockerignore renamed to workers/temporal/package_downloads_worker/.dockerignore

@@ -15,4 +15,4 @@ scripts/
 .flake8
 *.md
 Makefile
-backend/
+backend/

…/src/Dockerfile.package_downloads_worker …oral/package_downloads_worker/Dockerfileworkers/temporal/package_downloads_worker/src/Dockerfile.package_downloads_worker renamed to workers/temporal/package_downloads_worker/Dockerfile workers/temporal/package_downloads_worker/src/Dockerfile.package_downloads_worker renamed to workers/temporal/package_downloads_worker/Dockerfile

@@ -1,23 +1,24 @@
-FROM node:20-alpine as builder
+FROM node:24-alpine AS builder
 
 RUN apk add --no-cache python3 make g++
 
 WORKDIR /usr/insights/app
-RUN npm install -g corepack@latest && corepack enable pnpm && corepack prepare pnpm@9.15.0 --activate
+RUN npm install -g corepack@latest && corepack enable pnpm && corepack prepare pnpm@10.12.4 --activate
 
 COPY ./package.json ./pnpm-workspace.yaml ./pnpm-lock.yaml ./
-RUN pnpm fetch
+COPY ./patches ./patches
+RUN pnpm fetch --ignore-scripts
 
 COPY ./submodules ./submodules
 COPY ./workers/temporal/base ./workers/temporal/base
 COPY ./workers/temporal/package_downloads_worker ./workers/temporal/package_downloads_worker
 
 RUN pnpm i --frozen-lockfile
 
-FROM node:20-bookworm-slim as runner
+FROM node:20-bookworm-slim AS runner
 
 WORKDIR /usr/insights/app
-RUN npm install -g corepack@latest && corepack enable pnpm && corepack prepare pnpm@9.15.0 --activate && apt update && apt install -y ca-certificates --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN npm install -g corepack@latest && corepack enable pnpm && corepack prepare pnpm@10.12.4 --activate && apt update && apt install -y ca-certificates --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /usr/insights/app/node_modules ./node_modules
 COPY --from=builder /usr/insights/app/submodules ./submodules

workers/temporal/search_volume_worker/Dockerfile

@@ -17,12 +17,13 @@ RUN npm install -g corepack@latest && \
 
 # Copy root-level files
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY patches ./patches
 
 COPY ./workers/temporal/search_volume_worker/package.json ./workers/temporal/search_volume_worker/
 
 # Pre-fetch dependencies and use a Docker cache mount for pnpm to speed up subsequent builds
 RUN --mount=type=cache,id=pnpm,target=${PNPM_CACHE_DIR} pnpm config set store-dir ${PNPM_CACHE_DIR} && \
-    pnpm fetch --frozen-lockfile
+    pnpm fetch --frozen-lockfile --ignore-scripts
 
 COPY ./submodules ./submodules
 COPY ./workers/temporal/base ./workers/temporal/base