feat: add backend API (Hono/Bun) for metadata proxying + fullstack K8s deploy

2026-04-13 11:24:40 +02:00 · 2026-04-13 11:24:40 +02:00 · 1ae040cdd3
commit 1ae040cdd3
parent 569b5a5846
6 changed files with 87 additions and 6 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@ -6,7 +6,8 @@ on:

 env:
  REGISTRY: git.arthurbarre.fr
-  IMAGE: ordinarthur/wetalk
+  IMAGE_FRONT: ordinarthur/wetalk
+  IMAGE_API: ordinarthur/wetalk-api
  NAMESPACE: wetalk

 jobs:
@ -23,17 +24,27 @@ jobs:
          username: ordinarthur
          password: ${{ secrets.REGISTRY_PASSWORD }}

-      - name: Build and push image
+      - name: Build and push frontend
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
-            ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_FRONT }}:latest
+            ${{ env.REGISTRY }}/${{ env.IMAGE_FRONT }}:${{ github.sha }}
          build-args: |
            VITE_SUPABASE_URL=${{ secrets.VITE_SUPABASE_URL }}
            VITE_SUPABASE_ANON_KEY=${{ secrets.VITE_SUPABASE_ANON_KEY }}
+            VITE_API_URL=
+
+      - name: Build and push API
+        uses: docker/build-push-action@v5
+        with:
+          context: ./api
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_API }}:latest
+            ${{ env.REGISTRY }}/${{ env.IMAGE_API }}:${{ github.sha }}

      - name: Install kubectl
        run: |
@ -57,13 +68,21 @@ jobs:
            --docker-password=${{ secrets.REGISTRY_PASSWORD }} \
            --dry-run=client -o yaml | kubectl apply -f -

+          # Create API secrets
+          kubectl -n $NAMESPACE create secret generic wetalk-api-secrets \
+            --from-literal=SPOTIFY_CLIENT_ID=${{ secrets.SPOTIFY_CLIENT_ID }} \
+            --from-literal=SPOTIFY_CLIENT_SECRET=${{ secrets.SPOTIFY_CLIENT_SECRET }} \
+            --from-literal=YOUTUBE_API_KEY=${{ secrets.YOUTUBE_API_KEY }} \
+            --dry-run=client -o yaml | kubectl apply -f -
+
          # Apply manifests
          kubectl apply -f k8s/service.yml
          kubectl apply -f k8s/deployment.yml

-          # Force rollout with new image
+          # Force rollout with new images
          kubectl -n $NAMESPACE set image deployment/wetalk \
-            wetalk=$REGISTRY/$IMAGE:${{ github.sha }}
+            wetalk=$REGISTRY/$IMAGE_FRONT:${{ github.sha }} \
+            wetalk-api=$REGISTRY/$IMAGE_API:${{ github.sha }}

          # Wait for rollout
          kubectl -n $NAMESPACE rollout status deployment/wetalk --timeout=120s
--- a/1
+++ b/1
@ -5,6 +5,7 @@ RUN npm ci
 COPY . .
 ARG VITE_SUPABASE_URL
 ARG VITE_SUPABASE_ANON_KEY
+ARG VITE_API_URL
 RUN ./node_modules/.bin/vite build

 FROM nginx:alpine
--- a/api/.dockerignore
+++ b/api/.dockerignore
@ -0,0 +1,2 @@
+node_modules
+.env
--- a/api/Dockerfile
+++ b/api/Dockerfile
@ -0,0 +1,8 @@
+FROM oven/bun:1-alpine
+WORKDIR /app
+COPY package.json bun.lock* ./
+RUN bun install --frozen-lockfile || bun install
+COPY . .
+EXPOSE 3001
+HEALTHCHECK --interval=30s --timeout=3s CMD wget -q --spider http://localhost:3001/health || exit 1
+CMD ["bun", "run", "src/index.ts"]
--- a/k8s/deployment.yml
+++ b/k8s/deployment.yml
@ -37,5 +37,48 @@ spec:
            limits:
              memory: "64Mi"
              cpu: "100m"
+
+        - name: wetalk-api
+          image: git.arthurbarre.fr/ordinarthur/wetalk-api:latest
+          ports:
+            - containerPort: 3001
+          env:
+            - name: SPOTIFY_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: wetalk-api-secrets
+                  key: SPOTIFY_CLIENT_ID
+            - name: SPOTIFY_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: wetalk-api-secrets
+                  key: SPOTIFY_CLIENT_SECRET
+            - name: YOUTUBE_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: wetalk-api-secrets
+                  key: YOUTUBE_API_KEY
+            - name: PORT
+              value: "3001"
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 3001
+            initialDelaySeconds: 5
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 3001
+            initialDelaySeconds: 3
+            periodSeconds: 10
+          resources:
+            requests:
+              memory: "32Mi"
+              cpu: "10m"
+            limits:
+              memory: "128Mi"
+              cpu: "200m"
+
      imagePullSecrets:
        - name: gitea-registry
--- a/nginx.conf
+++ b/nginx.conf
@ -3,6 +3,14 @@ server {
    root /usr/share/nginx/html;
    index index.html;

+    location /api/ {
+        proxy_pass http://localhost:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
    location / {
        try_files $uri $uri/ /index.html;
    }