feat(delivery): Move delivery manifests back to this repository

This change adjusts this repository to the new deployment methodology
used in the "arikkfir/delivery" repository by hosting the deployment
manifests here, and using FluxCD substitutions for dynamic values.

.github/workflows/pr_deploy.yml

@@ -49,10 +49,10 @@ jobs:
           echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
 
   backend-format:
-    needs: get-ref
     name: Backend Code Format
-    runs-on: ubuntu-22.04
+    needs: get-ref
     if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
         with:
@@ -70,10 +70,10 @@ jobs:
         working-directory: backend
 
   backend-unit-tests:
-    needs: get-ref
     name: Backend Unit Tests
-    runs-on: ubuntu-22.04
     if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
+    needs: get-ref
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
         with:
@@ -91,15 +91,15 @@ jobs:
         working-directory: backend
 
   docker:
+    name: Build ${{ matrix.image }} image
+    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
     needs: get-ref
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
     strategy:
       matrix:
         image: [ backend, frontend, neo4j, migrations ]
       fail-fast: false
-    name: Build ${{ matrix.image }} image
-    runs-on: ubuntu-22.04
-    timeout-minutes: 30
-    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
     permissions:
       packages: write
     steps:
@@ -126,122 +126,153 @@ jobs:
           cache-to: type=gha,mode=max,scope=${{ needs.get-ref.outputs.ref }}-${{ matrix.image }}
           context: ${{ matrix.image }}
           push: true
-          tags: |
-            ghcr.io/${{ github.repository }}/${{ matrix.image }}:${{ needs.get-ref.outputs.sha }}
+          tags: ghcr.io/${{ github.repository }}/${{ matrix.image }}:${{ needs.get-ref.outputs.sha }}
 
   deploy:
     name: Deploy
-    needs: get-ref
-    uses: arikkfir/delivery/.github/workflows/deploy-to-environment.yml@main
     if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
-    with:
-      branch: ${{ needs.get-ref.outputs.ref }}
-      images: |-
-        ghcr.io/${{ github.repository }}/backend: ${{ needs.get-ref.outputs.sha }}
-        ghcr.io/${{ github.repository }}/frontend: ${{ needs.get-ref.outputs.sha }}
-        ghcr.io/${{ github.repository }}/migrations: ${{ needs.get-ref.outputs.sha }}
-        ghcr.io/${{ github.repository }}/neo4j: ${{ needs.get-ref.outputs.sha }}
-    secrets: inherit
-
-  e2e-tests:
-    name: End-to-end Tests
-    needs: [ get-ref, deploy ]
+    needs: get-ref
     runs-on: ubuntu-22.04
-    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
-    container:
-      image: mcr.microsoft.com/playwright:v1.37.1-jammy
     steps:
-      - run: apt-get update && apt-get install -y patch
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ needs.get-ref.outputs.sha }}
-      - uses: arikkfir/delivery-env-name@v1
-        id: env
+      - uses: arikkfir/deploy@main
         with:
+          repository: ${{ github.repository }}
           branch: ${{ needs.get-ref.outputs.ref }}
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20.x
-          cache: npm
-          cache-dependency-path: e2e/package-lock.json
-      - run: npm ci
-        working-directory: e2e
-      - run: ./apply-patches.sh
-        working-directory: e2e
-      - id: test
-        run: npx playwright test
-        working-directory: e2e
-        env:
-          DESCOPE_PROJECT_ID: ${{ secrets.DESCOPE_PROJECT_ID }}
-          DESCOPE_MANAGEMENT_KEY: ${{ secrets.DESCOPE_MANAGEMENT_KEY }}
-          DESCOPE_TENANT_ADMIN_ACCESS_KEY: ${{ secrets.DESCOPE_TENANT_ADMIN_ACCESS_KEY }}
-          ENV_NAME: ${{ steps.env.outputs.name }}
-      - uses: actions/upload-artifact@v3
-        if: success() || (failure() && steps.test.conclusion == 'failure')
-        with:
-          name: playwright-report
-          path: |
-            e2e/playwright-report
-            e2e/custom-summary.txt
-          if-no-files-found: error
-          retention-days: 1
+          token: ${{ github.token }}
 
-  e2e-report:
-    name: End-to-end Report
-    needs: [ get-ref, deploy, e2e-tests ]
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: write
-      pull-requests: write
-      id-token: write
-    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha && (success() || (failure() && needs.e2e-tests.result == 'failure'))
-    env:
-      BUCKET_NAME: arikkfir-playwright-reports
-      BUCKET_PATH: ${{ github.repository }}/actions/${{ github.run_number }}/${{ github.run_attempt }}
-    steps:
-      - uses: arikkfir/delivery-env-name@v1
-        id: env
-        with:
-          branch: ${{ needs.get-ref.outputs.ref }}
-      - uses: actions/download-artifact@v3
-        with:
-          name: playwright-report
-          path: report
-      - uses: google-github-actions/auth@v1
-        with:
-          workload_identity_provider: projects/8909046976/locations/global/workloadIdentityPools/github-actions/providers/github-oidc
-          service_account: playwright-uploader@arikkfir.iam.gserviceaccount.com
-      - uses: google-github-actions/setup-gcloud@v1
-        with:
-          skip_install: true
-      - run: gcloud storage cp -r -P ./report/playwright-report/* "gs://${BUCKET_NAME}/${BUCKET_PATH}/"
-      - run: |
-          APP_WEB_URL="https://acme.${ENV_NAME}.greenstar.kfirs.com"
-          REPORT_WEB_URL="https://playwright.kfirs.com/${BUCKET_PATH}/index.html"
-          
-          touch comment.txt
-          echo "End to end tests result: ${RESULT} ([click here for a full report](${REPORT_WEB_URL}))" >> comment.txt
-          echo "Application URL: ${APP_WEB_URL}" >> comment.txt
-          echo "" >> comment.txt
-          echo "---" >> comment.txt
-          echo "" >> comment.txt
-          cat ./report/custom-summary.txt >> comment.txt
-          
-          if [[ -z "${PR}" ]]; then
-            gh api --method POST \
-                    -H "Accept: application/vnd.github+json" \
-                    -H "X-GitHub-Api-Version: 2022-11-28" \
-                    "/repos/${REPOSITORY}/commits/${SHA}/comments" \
-                    -F 'body=@comment.txt'
-          else
-            # Purpose for the "||" expression is the "edit-last" does not work if this is the first comment
-            gh pr comment --repo "${REPOSITORY}" "${PR}" --body-file comment.txt --edit-last \
-              || gh pr comment --repo "${REPOSITORY}" "${PR}" --body-file comment.txt
-          fi
-        env:
-          ENV_NAME: ${{ steps.env.outputs.name }}
-          GH_TOKEN: ${{ github.token }}
-          PR: ${{ github.event.pull_request.number || github.event.issue.number }}
-          REPOSITORY: ${{ github.repository }}
-          RESULT: ${{ needs.e2e-tests.result }}
-          SHA: ${{ needs.get-ref.outputs.sha }}
+#  wait-for-env:
+#    name: Wait for environment
+#    needs: get-ref
+#    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
+#    runs-on: ubuntu-22.04
+#    timeout-minutes: 30
+#    steps:
+#      - uses: fountainhead/action-wait-for-check@v1.1.0
+#        id: wait-for-build
+#        with:
+#          token: ${{ secrets.GITHUB_TOKEN }}
+#          checkName: build
+#          ref: ${{ needs.get-ref.outputs.sha }}
+#          timeoutSeconds: 600
+#      - run: |
+#          echo "FluxCD sync status: ${CONCLUSION}"
+#          [[ "${CONCLUSION}" == "success" ]] || exit 1
+#        env:
+#          CONCLUSION: ${{ steps.wait-for-build.outputs.conclusion }}
+
+#  deploy:
+#    name: Deploy
+#    needs: get-ref
+#    uses: arikkfir/delivery/.github/workflows/deploy-to-environment.yml@main
+#    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
+#    with:
+#      branch: ${{ needs.get-ref.outputs.ref }}
+#      images: |-
+#        ghcr.io/${{ github.repository }}/backend: ${{ needs.get-ref.outputs.sha }}
+#        ghcr.io/${{ github.repository }}/frontend: ${{ needs.get-ref.outputs.sha }}
+#        ghcr.io/${{ github.repository }}/migrations: ${{ needs.get-ref.outputs.sha }}
+#        ghcr.io/${{ github.repository }}/neo4j: ${{ needs.get-ref.outputs.sha }}
+#    secrets: inherit
+#
+#  e2e-tests:
+#    name: End-to-end Tests
+#    needs: [ get-ref, deploy ]
+#    runs-on: ubuntu-22.04
+#    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha
+#    container:
+#      image: mcr.microsoft.com/playwright:v1.37.1-jammy
+#    steps:
+#      - run: apt-get update && apt-get install -y patch
+#      - uses: actions/checkout@v4
+#        with:
+#          ref: ${{ needs.get-ref.outputs.sha }}
+#      - uses: arikkfir/delivery-env-name@v1
+#        id: env
+#        with:
+#          branch: ${{ needs.get-ref.outputs.ref }}
+#      - uses: actions/setup-node@v3
+#        with:
+#          node-version: 20.x
+#          cache: npm
+#          cache-dependency-path: e2e/package-lock.json
+#      - run: npm ci
+#        working-directory: e2e
+#      - run: ./apply-patches.sh
+#        working-directory: e2e
+#      - id: test
+#        run: npx playwright test
+#        working-directory: e2e
+#        env:
+#          DESCOPE_PROJECT_ID: ${{ secrets.DESCOPE_PROJECT_ID }}
+#          DESCOPE_MANAGEMENT_KEY: ${{ secrets.DESCOPE_MANAGEMENT_KEY }}
+#          DESCOPE_TENANT_ADMIN_ACCESS_KEY: ${{ secrets.DESCOPE_TENANT_ADMIN_ACCESS_KEY }}
+#          ENV_NAME: ${{ steps.env.outputs.name }}
+#      - uses: actions/upload-artifact@v3
+#        if: success() || (failure() && steps.test.conclusion == 'failure')
+#        with:
+#          name: playwright-report
+#          path: |
+#            e2e/playwright-report
+#            e2e/custom-summary.txt
+#          if-no-files-found: error
+#          retention-days: 1
+#
+#  e2e-report:
+#    name: End-to-end Report
+#    needs: [ get-ref, deploy, e2e-tests ]
+#    if: needs.get-ref.outputs.ref && needs.get-ref.outputs.sha && (success() || (failure() && needs.e2e-tests.result == 'failure'))
+#    runs-on: ubuntu-22.04
+#    permissions:
+#      contents: write
+#      pull-requests: write
+#      id-token: write
+#    env:
+#      BUCKET_NAME: arikkfir-playwright-reports
+#      BUCKET_PATH: ${{ github.repository }}/actions/${{ github.run_number }}/${{ github.run_attempt }}
+#    steps:
+#      - uses: arikkfir/delivery-env-name@v1
+#        id: env
+#        with:
+#          branch: ${{ needs.get-ref.outputs.ref }}
+#      - uses: actions/download-artifact@v3
+#        with:
+#          name: playwright-report
+#          path: report
+#      - uses: google-github-actions/auth@v1
+#        with:
+#          workload_identity_provider: projects/8909046976/locations/global/workloadIdentityPools/github-actions/providers/github-oidc
+#          service_account: playwright-uploader@arikkfir.iam.gserviceaccount.com
+#      - uses: google-github-actions/setup-gcloud@v1
+#        with:
+#          skip_install: true
+#      - run: gcloud storage cp -r -P ./report/playwright-report/* "gs://${BUCKET_NAME}/${BUCKET_PATH}/"
+#      - run: |
+#          APP_WEB_URL="https://acme.${ENV_NAME}.greenstar.kfirs.com"
+#          REPORT_WEB_URL="https://playwright.kfirs.com/${BUCKET_PATH}/index.html"
+#
+#          touch comment.txt
+#          echo "End to end tests result: ${RESULT} ([click here for a full report](${REPORT_WEB_URL}))" >> comment.txt
+#          echo "Application URL: ${APP_WEB_URL}" >> comment.txt
+#          echo "" >> comment.txt
+#          echo "---" >> comment.txt
+#          echo "" >> comment.txt
+#          cat ./report/custom-summary.txt >> comment.txt
+#
+#          if [[ -z "${PR}" ]]; then
+#            gh api --method POST \
+#                    -H "Accept: application/vnd.github+json" \
+#                    -H "X-GitHub-Api-Version: 2022-11-28" \
+#                    "/repos/${REPOSITORY}/commits/${SHA}/comments" \
+#                    -F 'body=@comment.txt'
+#          else
+#            # Purpose for the "||" expression is the "edit-last" does not work if this is the first comment
+#            gh pr comment --repo "${REPOSITORY}" "${PR}" --body-file comment.txt --edit-last \
+#              || gh pr comment --repo "${REPOSITORY}" "${PR}" --body-file comment.txt
+#          fi
+#        env:
+#          ENV_NAME: ${{ steps.env.outputs.name }}
+#          GH_TOKEN: ${{ github.token }}
+#          PR: ${{ github.event.pull_request.number || github.event.issue.number }}
+#          REPOSITORY: ${{ github.repository }}
+#          RESULT: ${{ needs.e2e-tests.result }}
+#          SHA: ${{ needs.get-ref.outputs.sha }}

deploy/ingress/dns.yaml

@@ -0,0 +1,26 @@
+apiVersion: dns.cnrm.cloud.google.com/v1beta1
+kind: DNSRecordSet
+metadata:
+  name: wildcard-cname-record
+spec:
+  name: "*.${deploy_environment}.greenstar.kfirs.com."
+  type: CNAME
+  ttl: 300
+  managedZoneRef:
+    name: kfirs-com
+    namespace: dns
+  # noinspection KubernetesDeprecatedKeys
+  rrdatas:
+    - traefik.kfirs.com.
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard
+spec:
+  dnsNames:
+    - "*.${deploy_environment}.greenstar.kfirs.com"
+  issuerRef:
+    kind: ClusterIssuer
+    name: google-clouddns
+  secretName: greenstar-wildcard-tls

deploy/ingress/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app.kubernetes.io/name: ingress
+resources:
+  - dns.yaml

deploy/kustomization.yaml

@@ -0,0 +1,29 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app.kubernetes.io/part-of: greenstar
+namePrefix: greenstar-
+resources:
+  - secrets
+  - ingress
+  - redis
+  - neo4j
+configurations:
+  - kustomizeconfig.yaml
+patches:
+  - patch: |-
+      - op: add
+        path: /spec/template/spec/nodeSelector
+        value:
+          node.kfirs.com/role: work
+      - op: add
+        path: /spec/template/spec/tolerations
+        value:
+          - effect: NoExecute
+            key: node.kfirs.com/role
+            operator: Equal
+            value: work
+    target:
+      group: apps
+      version: v1
+      kind: Deployment

deploy/kustomizeconfig.yaml

@@ -0,0 +1 @@
+nameReference: [ ]