feat: Implement initial Helm charts for backend and frontend, Gitea CI/CD pipeline, and Coder workspace configuration.

2025-12-03 23:53:38 +03:00
parent 8967497d25
commit afd85966e8
5 changed files with 192 additions and 25 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -15,39 +15,39 @@ jobs:
      # -----------------------------------------------------------------
      # CI PART
      # -----------------------------------------------------------------
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Docker Login (Gitea Registry)
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.GITEA_REGISTRY_URL }}
-          username: ${{ secrets.GITEA_REGISTRY_USERNAME }}
-          password: ${{ secrets.GITEA_REGISTRY_PASSWORD }}
+      # -----------------------------------------------------------------
+      # CI PART (Kaniko)
+      # -----------------------------------------------------------------
+      - name: Create Docker Config
+        run: |
+          mkdir -p ${{ github.workspace }}/.docker
+          echo "{\"auths\":{\"${{ vars.GITEA_REGISTRY_URL }}\":{\"username\":\"${{ secrets.GITEA_REGISTRY_USERNAME }}\",\"password\":\"${{ secrets.GITEA_REGISTRY_PASSWORD }}\"}}}" > ${{ github.workspace }}/.docker/config.json

      # BACKEND BUILD & PUSH
      - name: Build and Push Backend
-        id: docker_build_backend
-        uses: docker/build-push-action@v5
+        uses: docker://gcr.io/kaniko-project/executor:v1.14.0-debug
+        env:
+          DOCKER_CONFIG: /github/workspace/.docker
        with:
-          context: ./backend
-          push: true
-          tags: ${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/backend:latest
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          args: >
+            --context=dir:///github/workspace/backend
+            --dockerfile=Dockerfile
+            --destination=${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/backend:latest
+            --cache=true
+            --custom-platform=linux/arm64

      # FRONTEND BUILD & PUSH
      - name: Build and Push Frontend
-        id: docker_build_frontend
-        uses: docker/build-push-action@v5
+        uses: docker://gcr.io/kaniko-project/executor:v1.14.0-debug
+        env:
+          DOCKER_CONFIG: /github/workspace/.docker
        with:
-          context: ./frontend
-          push: true
-          tags: ${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/frontend:latest
-          platforms: linux/amd64,linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          args: >
+            --context=dir:///github/workspace/frontend
+            --dockerfile=Dockerfile
+            --destination=${{ vars.GITEA_REGISTRY_URL }}/${{ github.repository }}/frontend:latest
+            --cache=true
+            --custom-platform=linux/arm64

      # -----------------------------------------------------------------
      # CD PART (HELM)
--- a/coder/main.tf
+++ b/coder/main.tf
@@ -0,0 +1,155 @@
+terraform {
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = "~> 0.12.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.23"
+    }
+  }
+}
+
+provider "coder" {}
+
+variable "use_kubeconfig" {
+  type        = bool
+  description = "Use kubeconfig instead of in-cluster config"
+  default     = false
+}
+
+provider "kubernetes" {
+  # If running inside the cluster, this will use the service account token.
+  # If running locally for dev, set use_kubeconfig = true
+  config_path = var.use_kubeconfig ? "~/.kube/config" : null
+}
+
+data "coder_workspace" "me" {}
+
+resource "coder_agent" "main" {
+  arch           = "arm64"
+  os             = "linux"
+  startup_script = <<EOT
+    #!/bin/bash
+    set -e
+
+    # Install basic tools
+    sudo apt-get update
+    sudo apt-get install -y curl git unzip nano wget
+
+    # Install Go (ARM64)
+    wget https://go.dev/dl/go1.21.5.linux-arm64.tar.gz
+    sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.21.5.linux-arm64.tar.gz
+    export PATH=$PATH:/usr/local/go/bin
+    echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
+
+    # Install Node.js (via NVM or direct) - Installing Node 20 LTS for ARM64
+    curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
+    sudo apt-get install -y nodejs
+
+    # Configure Git to use the token
+    git config --global credential.helper store
+    # We can't easily inject the password here without a secret, but we can setup the user
+    git config --global user.name "${data.coder_workspace.me.owner}"
+    git config --global user.email "${data.coder_workspace.me.owner_email}"
+    
+    # Clone repo if not exists
+    if [ ! -d "~/evrak" ]; then
+      git clone https://git.konstantiniyye.studio/muhammed/evrak.git ~/evrak
+    fi
+  EOT
+
+  # These environment variables are available in the workspace
+  env = {
+    GIT_AUTHOR_NAME     = "${data.coder_workspace.me.owner}"
+    GIT_COMMITTER_NAME  = "${data.coder_workspace.me.owner}"
+    GIT_AUTHOR_EMAIL    = "${data.coder_workspace.me.owner_email}"
+    GIT_COMMITTER_EMAIL = "${data.coder_workspace.me.owner_email}"
+  }
+}
+
+resource "kubernetes_persistent_volume_claim" "home" {
+  metadata {
+    name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}-home"
+    namespace = "default" # Adjust if Coder runs in a different namespace or if you want workspaces elsewhere
+    labels = {
+      "app.kubernetes.io/name"       = "coder-pvc"
+      "app.kubernetes.io/instance"   = "coder-pvc-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
+      "app.kubernetes.io/part-of"    = "coder"
+      "app.kubernetes.io/managed-by" = "coder"
+    }
+  }
+  wait_until_bound = false
+  spec {
+    access_modes = ["ReadWriteOnce"]
+    resources {
+      requests = {
+        storage = "10Gi"
+      }
+    }
+  }
+}
+
+resource "kubernetes_pod" "main" {
+  count = data.coder_workspace.me.start_count
+  metadata {
+    name      = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
+    namespace = "default"
+  }
+  spec {
+    security_context {
+      run_as_user = 1000
+      fs_group    = 1000
+    }
+
+    container {
+      name    = "dev"
+      image   = "ubuntu:22.04"
+      command = ["sh", "-c", coder_agent.main.init_script]
+      security_context {
+        run_as_user = 1000
+      }
+      env {
+        name  = "CODER_AGENT_TOKEN"
+        value = coder_agent.main.token
+      }
+      resources {
+        requests = {
+          "cpu"    = "250m"
+          "memory" = "512Mi"
+        }
+        limits = {
+          "cpu"    = "2"
+          "memory" = "4Gi"
+        }
+      }
+      volume_mount {
+        mount_path = "/home/coder"
+        name       = "home"
+        read_only  = false
+      }
+    }
+
+    volume {
+      name = "home"
+      persistent_volume_claim {
+        claim_name = kubernetes_persistent_volume_claim.home.metadata.0.name
+      }
+    }
+
+    affinity {
+      node_affinity {
+        required_during_scheduling_ignored_during_execution {
+          node_selector_term {
+            match_expressions {
+              key      = "kubernetes.io/arch"
+              operator = "In"
+              values   = ["arm64"]
+            }
+          }
+        }
+      }
+    }
+  }
+}
--- a/deploy/charts/evrak/templates/backend.yaml
+++ b/deploy/charts/evrak/templates/backend.yaml
@@ -17,6 +17,10 @@ spec:
        {{- include "evrak.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: backend
    spec:
+      {{- with .Values.backend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: backend
          image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
--- a/deploy/charts/evrak/templates/frontend.yaml
+++ b/deploy/charts/evrak/templates/frontend.yaml
@@ -17,6 +17,10 @@ spec:
        {{- include "evrak.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: frontend
    spec:
+      {{- with .Values.frontend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      containers:
        - name: frontend
          image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
--- a/deploy/charts/evrak/values.yaml
+++ b/deploy/charts/evrak/values.yaml
@@ -13,6 +13,8 @@ backend:
    dbPort: 5432
    dbDatabase: evrak
    # dbHost, dbUsername, dbPassword will be injected via secrets/templates
+  nodeSelector:
+    kubernetes.io/hostname: instance-20251124-1624-mzi

 frontend:
  image:
@@ -22,6 +24,8 @@ frontend:
  replicas: 1
  service:
    port: 80
+  nodeSelector:
+    kubernetes.io/hostname: instance-20251124-1624-mzi

 postgres:
  image: