adding turkey gitops

.github/workflows/hubs-RetPageOrigin.yml

@@ -0,0 +1,78 @@
+name: hubs
+on:
+  push:
+    paths-ignore: ["README.md"]
+  workflow_dispatch:
+
+env:
+  registryName: mozillareality
+  containerName: hubs
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout-hubs
+        uses: actions/checkout@v2
+        with:
+          path: "./hubs"
+      - name: docker setup buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          install: true
+      - name: docker login
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.registryName }}
+          password: ${{ secrets.DOCKER_HUB_PWD }}
+      - name: docker build(x) push
+        uses: docker/build-push-action@v2
+        with:
+          context: hubs/
+          file: hubs/RetPageOriginDockerfile
+          tags: ${{ env.registryName }}/${{ env.containerName }}:${{ github.run_number  }}
+          cache-from: type=registry,ref=${{ env.registryName }}/${{ env.containerName }}:buildcache
+          cache-to: type=registry,ref=${{ env.registryName }}/${{ env.containerName }}:buildcache,mode=max
+          push: true
+
+  # turkeyGitops:
+  #   needs: build
+  #   uses: mozilla/hubs-ops/.github/workflows/turkeyGitops.yml@feature/gha-template
+  #   with:
+  #     promoteFrom: mozillareality/hubs:${{ github.run_number }}
+  #     promoteTo: mozillareality/hubs:${GITHUB_REF/'refs/heads/'/}
+  #     # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows#limitations
+  #     #   Any environment variables set in an env context defined at the workflow level in the caller workflow are not propagated to the called workflow.
+  #     # promoteFrom: ${{ env.registryName }}/${{ env.containerName }}:${{ github.run_number }}
+  #     # promoteTo: ${{ env.registryName }}/${{ env.containerName }}:${GITHUB_REF/'refs/heads/'/}
+
+  promote:
+    if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/prod'
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: promote artifact
+        run: |
+          fromTag=${{ env.registryName }}/${{ env.containerName }}:${{ github.run_number }}
+          toTag=${{ env.registryName }}/${{ env.containerName }}:${GITHUB_REF/'refs/heads/'/}
+          echo ${{ secrets.DOCKER_HUB_PWD }} | sudo docker login --username $registryName --password-stdin
+          docker pull $fromTag && docker tag $fromTag $toTag && sudo docker push $toTag
+          echo "promoted :$fromTag to :$toTag"
+
+  staging_pr_to_prod:
+    if: github.ref == 'refs/heads/staging'
+    runs-on: ubuntu-latest
+    needs: promote
+    steps:
+      - name: create pr for staging -> prod
+        run: |
+          gh pr create -H staging -B prod
+
+  prod_cut_release_branch:
+    if: github.ref == 'refs/heads/prod'
+    runs-on: ubuntu-latest
+    needs: promote
+    steps:
+      - name: cut release branch for prod
+        run: |
+          git checkout -b releases/$(date '+%y%m%d').$GITHUB_RUN_NUMBER

RetPageOriginDockerfile

@@ -0,0 +1,32 @@
+###
+# this dockerfile produces image/container that serves customly packaged hubs and admin static files
+# the result container should serve reticulum as "hubs_page_origin" and "admin_page_origin" on (path) "/hubs/pages"
+###
+from node:16.13 as builder
+run mkdir -p /hubs/admin/ && cd /hubs
+copy package.json ./
+copy package-lock.json ./
+run npm ci
+copy admin/package.json admin/
+copy admin/package-lock.json admin/
+run cd admin && npm ci && cd ..
+copy . .
+env BASE_ASSETS_PATH="{{rawhubs-base-assets-path}}"
+run npm run build 1> /dev/null
+run cd admin && npm run build 1> /dev/null && cp -R dist/* ../dist && cd ..
+run mkdir -p dist/pages && mv dist/*.html dist/pages && mv dist/hub.service.js dist/pages && mv dist/schema.toml dist/pages          
+run mkdir /hubs/rawhubs && mv dist/pages /hubs/rawhubs && mv dist/assets /hubs/rawhubs && mv dist/react-components /hubs/rawhubs/pages && mv dist/favicon.ico /hubs/rawhubs/pages
+
+from alpine/openssl as ssl
+run mkdir /ssl && openssl req -x509 -newkey rsa:2048 -sha256 -days 36500 -nodes -keyout /ssl/key -out /ssl/cert -subj '/CN=hubs'
+
+from nginx:alpine
+run apk add bash
+run mkdir /ssl && mkdir -p /www/hubs && mkdir -p /www/hubs/pages && mkdir -p /www/hubs/assets
+copy --from=ssl /ssl /ssl
+copy --from=builder /hubs/rawhubs/pages /www/hubs/pages
+copy --from=builder /hubs/rawhubs/assets /www/hubs/assets
+copy scripts/docker/nginx.config /etc/nginx/conf.d/default.conf
+copy scripts/docker/run.sh /run.sh
+run chmod +x /run.sh && cat /run.sh
+cmd bash /run.sh

scripts/docker/nginx.config

@@ -0,0 +1,10 @@
+server {
+    listen 8080 ssl;
+    ssl_certificate /ssl/cert;
+    ssl_certificate_key /ssl/key; 
+    location / {
+        root /www;
+        autoindex off;
+        add_header 'Access-Control-Allow-Origin' '*';
+    }
+}

scripts/docker/run.sh

@@ -0,0 +1,19 @@
+
+# TODO: need a better one
+healthcheck(){
+    while true; do (echo -e 'HTTP/1.1 200 OK\r\n\r\n 1') | nc -lp 1111 > /dev/null; done
+}
+
+find /www/hubs/ -type f -name *.html -exec sed -i "s/{{rawhubs-base-assets-path}}\//https:\/\/${SUB_DOMAIN}-assets.${DOMAIN}\/hubs\//g" {} \;           
+find /www/hubs/ -type f -name *.html -exec sed -i "s/{{rawhubs-base-assets-path}}/https:\/\/${SUB_DOMAIN}-assets.${DOMAIN}\/hubs\//g" {} \; 
+find /www/hubs/ -type f -name *.css -exec sed -i "s/{{rawhubs-base-assets-path}}\//https:\/\/${SUB_DOMAIN}-assets.${DOMAIN}\/hubs\//g" {} \; 
+find /www/hubs/ -type f -name *.css -exec sed -i "s/{{rawhubs-base-assets-path}}/https:\/\/${SUB_DOMAIN}-assets.${DOMAIN}\/hubs\//g" {} \;             
+anchor="<!-- DO NOT REMOVE\/EDIT THIS COMMENT - META_TAGS -->" 
+for f in /www/hubs/pages/*.html; do 
+    for var in $(printenv); do 
+    var=$(echo $var | cut -d"=" -f1 ); prefix="turkeyCfg_"; 
+    [[ $var == $prefix* ]] && sed -i "s/$anchor/ <meta name=\"env:${var#$prefix}\" content=\"${!var//\//\\\/}\"\/> $anchor/" $f; 
+    done 
+done 
+healthcheck &
+nginx -g "daemon off;"