Upload docker image to GHCR & deploy to kubernetes cluster

.drone.yml

@@ -1,53 +1,130 @@
 ---
 kind: pipeline
 type: docker
-name: Lint and build project
+name: Build
 
 platform:
   os: linux
   arch: amd64
 
 steps:
-  - name: Build project
-    image: node:18
+  - name: Install dependencies
+    image: node:21-alpine3.17
     commands:
       - yarn
-      - yarn build
 
   - name: Lint project
-    image: node:18
+    image: node:21-alpine3.17
     commands:
-      - yarn
       - yarn lint
 
+  - name: Build
+    image: node:21-alpine3.17
+    commands:
+      - yarn build
+
 ---
 kind: pipeline
 type: docker
-name: Compile docker image
+name: Publish
 
 platform:
   os: linux
   arch: amd64
 
 steps:
-  - name: Build
-    image: node:18
-    commands:
-      - yarn
-      - yarn build
-
-depends_on:
-  - Lint and build project
+  - name: Publish to ghcr
+    image: plugins/docker
+    settings:
+      registry: ghcr.io
+      repo: ghcr.io/kevinmidboe/${DRONE_REPO_NAME}
+      dockerfile: Dockerfile
+      username:
+        from_secret: GITHUB_USERNAME
+      password:
+        from_secret: GHCR_UPLOAD_TOKEN
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA}
 
 trigger:
-  branch:
-    - main
   event:
+    include:
+      - push
     exclude:
       - pull_request
+  branch:
+    - main
+
+depends_on:
+  - Build
+
+---
+
+kind: pipeline
+type: docker
+name: Deploy
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: Prepare kubernetes environment
+    image: alpine/k8s:1.25.15
+    environment:
+      VAULT_TOKEN:
+        from_secret: VAULT_TOKEN
+      VAULT_HOST:
+        from_secret: VAULT_HOST
+    commands:
+      - mkdir -p /root/.kube
+      - echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env
+      - echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env
+      - 'curl -s
+        -H "X-Vault-Token: $VAULT_TOKEN"
+        $VAULT_HOST/v1/schleppe/data/kazan/_infra
+        | jq -r ".data.data.KUBE_CONFIG" > /root/.kube/config'
+      - 'curl -s
+        -H "X-Vault-Token: $VAULT_TOKEN"
+        $VAULT_HOST/v1/schleppe/data/kazan/_infra
+        | jq -cr ".data.data | .[\"ghcr-login-secret\"] | @base64" > /root/.kube/dockerconfig.json'
+      - echo "DOCKER_CONFIG=$(cat /root/.kube/dockerconfig.json)" >> /root/.kube/.env
+      - sed -i '/^$/!s/^/export /' /root/.kube/.env
+    volumes:
+      - name: kube-config
+        path: /root/.kube
+
+  - name: Deploy to kubernetes
+    image: alpine/k8s:1.25.15
+    commands:
+      - source /root/.kube/.env > /dev/null 2>&1
+      - cat .kubernetes/*.yml
+        | envsubst
+        | kubectl --kubeconfig=/root/.kube/config apply -f -
+    volumes:
+      - name: kube-config
+        path: /root/.kube
+
+trigger:
+  event:
+    include:
+      - push
+    exclude:
+      - pull_request
+  branch:
+    - main
+
+depends_on:
+  - Build
+  - Publish
+
+volumes:
+  - name: kube-config
+    temp: {}
 
 ---
 kind: signature
-hmac: 84765f19d995d66f1d3409c4eddd1f68d1f2d297d65cd9e2612e6bb13e8ecb94
+hmac: 1e803c7610cc5d3b586af3f10228a4a3477d877538813dee6c366c952771e3e0
 
 ...

.kubernetes/0-Namespace.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: planet
+  labels:
+    name: planet

.kubernetes/deployment.yml

@@ -0,0 +1,41 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: planet-frontend
+  name: planet-frontend
+  namespace: planet
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 2
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: planet-frontend
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: planet-frontend
+    spec:
+      containers:
+      - image: ${IMAGE}
+        imagePullPolicy: Always
+        name: planet-frontend
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      imagePullSecrets:
+        - name: ghcr-login-secret
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+

.kubernetes/ingress.yml

@@ -0,0 +1,19 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: planet-frontend-ingress
+  namespace: planet
+spec:
+  ingressClassName: traefik
+  rules:
+  - host: planet.kazan.schleppe.cloud
+    http:
+      paths:
+      - backend:
+          service:
+            name: planet-frontend-service
+            port:
+              number: 80
+        path: /
+        pathType: Prefix

.kubernetes/service.yml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: planet-frontend
+  name: planet-frontend-service
+  namespace: planet
+spec:
+  selector:
+    app: planet-frontend
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3000
+  sessionAffinity: None
+

Dockerfile

@@ -0,0 +1,18 @@
+# Build the project
+FROM node:18-alpine AS builder
+WORKDIR /app
+COPY . .
+RUN yarn
+RUN yarn build
+
+FROM node:18-alpine
+WORKDIR /app
+
+COPY --from=builder /app/build build/
+COPY --from=builder /app/node_modules node_modules/
+COPY package.json .
+
+EXPOSE 3000
+ENV NODE_ENV=production
+
+CMD [ "node", "build" ]

package.json

@@ -12,6 +12,7 @@
 		"format": "prettier --plugin-search-dir . --write src"
 	},
 	"devDependencies": {
+		"@sveltejs/adapter-node": "^4.0.1",
 		"@sveltejs/adapter-static": "1.0.0",
 		"@sveltejs/kit": "1.0.1",
 		"@types/cookie": "0.5.1",

svelte.config.js

@@ -1,3 +1,4 @@
+import adapter from '@sveltejs/adapter-node';
 import preprocess from 'svelte-preprocess';
 
 /** @type {import('@sveltejs/kit').Config} */
@@ -7,6 +8,7 @@ const config = {
 	preprocess: preprocess(),
 
 	kit: {
+		adapter: adapter(),
 		csrf: {
 			checkOrigin: false
 		}