From 1ae040cdd33f68f4c508aa9eab367b9f908ee6b8 Mon Sep 17 00:00:00 2001 From: ordinarthur <@arthurbarre.js@gmail.com> Date: Mon, 13 Apr 2026 11:24:40 +0200 Subject: [PATCH] feat: add backend API (Hono/Bun) for metadata proxying + fullstack K8s deploy --- .gitea/workflows/deploy.yml | 31 ++++++++++++++++++++------ Dockerfile | 1 + api/.dockerignore | 2 ++ api/Dockerfile | 8 +++++++ k8s/deployment.yml | 43 +++++++++++++++++++++++++++++++++++++ nginx.conf | 8 +++++++ 6 files changed, 87 insertions(+), 6 deletions(-) create mode 100644 api/.dockerignore create mode 100644 api/Dockerfile diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 920c77e..4e2d40f 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -6,7 +6,8 @@ on: env: REGISTRY: git.arthurbarre.fr - IMAGE: ordinarthur/wetalk + IMAGE_FRONT: ordinarthur/wetalk + IMAGE_API: ordinarthur/wetalk-api NAMESPACE: wetalk jobs: @@ -23,17 +24,27 @@ jobs: username: ordinarthur password: ${{ secrets.REGISTRY_PASSWORD }} - - name: Build and push image + - name: Build and push frontend uses: docker/build-push-action@v5 with: context: . push: true tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest - ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }} + ${{ env.REGISTRY }}/${{ env.IMAGE_FRONT }}:latest + ${{ env.REGISTRY }}/${{ env.IMAGE_FRONT }}:${{ github.sha }} build-args: | VITE_SUPABASE_URL=${{ secrets.VITE_SUPABASE_URL }} VITE_SUPABASE_ANON_KEY=${{ secrets.VITE_SUPABASE_ANON_KEY }} + VITE_API_URL= + + - name: Build and push API + uses: docker/build-push-action@v5 + with: + context: ./api + push: true + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_API }}:latest + ${{ env.REGISTRY }}/${{ env.IMAGE_API }}:${{ github.sha }} - name: Install kubectl run: | @@ -57,13 +68,21 @@ jobs: --docker-password=${{ secrets.REGISTRY_PASSWORD }} \ --dry-run=client -o yaml | kubectl apply -f - + # Create API secrets + kubectl -n $NAMESPACE create secret generic wetalk-api-secrets \ + --from-literal=SPOTIFY_CLIENT_ID=${{ secrets.SPOTIFY_CLIENT_ID }} \ + --from-literal=SPOTIFY_CLIENT_SECRET=${{ secrets.SPOTIFY_CLIENT_SECRET }} \ + --from-literal=YOUTUBE_API_KEY=${{ secrets.YOUTUBE_API_KEY }} \ + --dry-run=client -o yaml | kubectl apply -f - + # Apply manifests kubectl apply -f k8s/service.yml kubectl apply -f k8s/deployment.yml - # Force rollout with new image + # Force rollout with new images kubectl -n $NAMESPACE set image deployment/wetalk \ - wetalk=$REGISTRY/$IMAGE:${{ github.sha }} + wetalk=$REGISTRY/$IMAGE_FRONT:${{ github.sha }} \ + wetalk-api=$REGISTRY/$IMAGE_API:${{ github.sha }} # Wait for rollout kubectl -n $NAMESPACE rollout status deployment/wetalk --timeout=120s diff --git a/Dockerfile b/Dockerfile index 8adda28..393fd36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,7 @@ RUN npm ci COPY . . ARG VITE_SUPABASE_URL ARG VITE_SUPABASE_ANON_KEY +ARG VITE_API_URL RUN ./node_modules/.bin/vite build FROM nginx:alpine diff --git a/api/.dockerignore b/api/.dockerignore new file mode 100644 index 0000000..37d7e73 --- /dev/null +++ b/api/.dockerignore @@ -0,0 +1,2 @@ +node_modules +.env diff --git a/api/Dockerfile b/api/Dockerfile new file mode 100644 index 0000000..cd4ffb1 --- /dev/null +++ b/api/Dockerfile @@ -0,0 +1,8 @@ +FROM oven/bun:1-alpine +WORKDIR /app +COPY package.json bun.lock* ./ +RUN bun install --frozen-lockfile || bun install +COPY . . +EXPOSE 3001 +HEALTHCHECK --interval=30s --timeout=3s CMD wget -q --spider http://localhost:3001/health || exit 1 +CMD ["bun", "run", "src/index.ts"] diff --git a/k8s/deployment.yml b/k8s/deployment.yml index 97611cc..8fa714d 100644 --- a/k8s/deployment.yml +++ b/k8s/deployment.yml @@ -37,5 +37,48 @@ spec: limits: memory: "64Mi" cpu: "100m" + + - name: wetalk-api + image: git.arthurbarre.fr/ordinarthur/wetalk-api:latest + ports: + - containerPort: 3001 + env: + - name: SPOTIFY_CLIENT_ID + valueFrom: + secretKeyRef: + name: wetalk-api-secrets + key: SPOTIFY_CLIENT_ID + - name: SPOTIFY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: wetalk-api-secrets + key: SPOTIFY_CLIENT_SECRET + - name: YOUTUBE_API_KEY + valueFrom: + secretKeyRef: + name: wetalk-api-secrets + key: YOUTUBE_API_KEY + - name: PORT + value: "3001" + livenessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: 5 + periodSeconds: 30 + readinessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: 3 + periodSeconds: 10 + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + cpu: "200m" + imagePullSecrets: - name: gitea-registry diff --git a/nginx.conf b/nginx.conf index aafea7f..473e30e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -3,6 +3,14 @@ server { root /usr/share/nginx/html; index index.html; + location /api/ { + proxy_pass http://localhost:3001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + location / { try_files $uri $uri/ /index.html; }