From 926744e7775514eb0f7d133dbcc67ec2c589f953 Mon Sep 17 00:00:00 2001
From: Roland Schlaefli <rolandschlaefli@gmail.com>
Date: Wed, 20 Sep 2023 12:45:00 +0200
Subject: [PATCH] prep config for stage deployment

---
 .gitlab-ci.yml                             | 74 ----------------------
 deploy/chart/templates/cm.yaml             |  7 +-
 deploy/chart/templates/deployment.yaml     |  4 --
 deploy/chart/templates/registry-secret.yml |  7 --
 deploy/chart/templates/secret.yaml         |  5 +-
 deploy/chart/values.yaml                   | 26 ++++----
 deploy/helmfile.yaml                       | 31 +++++----
 7 files changed, 37 insertions(+), 117 deletions(-)
 delete mode 100644 .gitlab-ci.yml
 delete mode 100644 deploy/chart/templates/registry-secret.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index a6c3c3f..0000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,74 +0,0 @@
-stages:
-  - test
-  - build
-  - deploy
-
-sast:
-  stage: test
-
-include:
-  - template: Security/SAST.gitlab-ci.yml
-  - template: Security/Container-Scanning.gitlab-ci.yml
-  - template: Security/Secret-Detection.gitlab-ci.yml
-
-# variables:
-#   DOCKER_TLS_CERTDIR: "/certs"
-
-build-dev:
-  image: docker:20.10.16
-  stage: build
-  services:
-    - docker:20.10.16-dind
-  before_script:
-    - docker info
-  script:
-    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
-    - docker pull $CI_REGISTRY_IMAGE:latest || true
-    - >
-      docker build . -t $CI_REGISTRY_IMAGE:latest
-      --cache-from $CI_REGISTRY_IMAGE:latest
-    - docker push $CI_REGISTRY_IMAGE
-  only:
-    - dev
-
-build-stable:
-  image: docker:20.10.16
-  stage: build
-  services:
-    - docker:20.10.16-dind
-  before_script:
-    - docker info
-  script:
-    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
-    - docker pull $CI_REGISTRY_IMAGE:latest || true
-    - >
-      docker build . -t $CI_REGISTRY_IMAGE:stable
-      --cache-from $CI_REGISTRY_IMAGE:latest
-    - docker push $CI_REGISTRY_IMAGE:stable
-  only:
-    - main
-
-deploy-dev:
-  stage: deploy
-  image: registry.gitlab.com/static-web-apps/azure-static-web-apps-deploy
-  script:
-    - echo "App deployed successfully."
-  variables:
-    API_TOKEN: f5c5d675c404b72649e01305d91ee398964e7307fcdadeac28a5d54233c664a43-798dca5f-0ded-4f00-ba3d-0e28e961690b003227035
-    APP_PATH: $CI_PROJECT_DIR
-  environment:
-    name: dev
-  only:
-    - dev
-# deploy-prod:
-#   stage: deploy
-#   image: registry.gitlab.com/static-web-apps/azure-static-web-apps-deploy
-#   script:
-#     - echo "App deployed successfully."
-#   variables:
-#     API_TOKEN: abcd
-#     APP_PATH: $CI_PROJECT_DIR
-#   environment:
-#     name: prod
-#   only:
-#     - master
diff --git a/deploy/chart/templates/cm.yaml b/deploy/chart/templates/cm.yaml
index 0eb5db7..1d1737d 100644
--- a/deploy/chart/templates/cm.yaml
+++ b/deploy/chart/templates/cm.yaml
@@ -5,10 +5,9 @@ metadata:
   labels:
     {{- include "thesis-platform.labels" . | nindent 4 }}
 data:
+  AUTH0_CLIENT_ID: {{ .Values.auth0.clientId | quote }}
+  AUTH0_ISSUER: {{ .Values.auth0.issuer | quote }}
   AZURE_AD_CLIENT_ID: {{ .Values.azureAd.clientId | quote }}
   AZURE_AD_TENANT_ID: {{ .Values.azureAd.tenantId | quote }}
-  EMAIL_SERVER_USER: {{ .Values.email.user | quote }}
-  EMAIL_SERVER_HOST: {{ .Values.email.host | quote }}
-  EMAIL_SERVER_PORT: {{ .Values.email.port | quote }}
-  EMAIL_FROM: {{ .Values.email.from | quote }}
   NEXTAUTH_URL: {{ .Values.appUrl | quote }}
+  NODE_ENV: {{ .Values.env | quote }}
diff --git a/deploy/chart/templates/deployment.yaml b/deploy/chart/templates/deployment.yaml
index 22e131d..e944854 100644
--- a/deploy/chart/templates/deployment.yaml
+++ b/deploy/chart/templates/deployment.yaml
@@ -23,10 +23,6 @@ spec:
       labels:
         {{- include "thesis-platform.selectorLabels" . | nindent 8 }}
     spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
diff --git a/deploy/chart/templates/registry-secret.yml b/deploy/chart/templates/registry-secret.yml
deleted file mode 100644
index d193f49..0000000
--- a/deploy/chart/templates/registry-secret.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitlab-uzh-thesis-platform-registry
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
diff --git a/deploy/chart/templates/secret.yaml b/deploy/chart/templates/secret.yaml
index e72616f..8cc8455 100644
--- a/deploy/chart/templates/secret.yaml
+++ b/deploy/chart/templates/secret.yaml
@@ -6,7 +6,8 @@ metadata:
     {{- include "thesis-platform.labels" . | nindent 4 }}
 type: Opaque
 stringData:
-  NEXTAUTH_SECRET: {{ .Values.appSecret | quote }}
+  AUTH0_CLIENT_SECRET: {{ .Values.auth0.clientSecret | quote }}
   AZURE_AD_CLIENT_SECRET: {{ .Values.azureAd.clientSecret | quote }}
-  EMAIL_SERVER_PASSWORD: {{ .Values.email.password | quote }}
+  AZURE_STORAGE_ACCOUNT_ACCESS_KEY: {{ .Values.azureBlob.accessKey | quote }}
   DATABASE_URL: {{ .Values.database.url | quote }}
+  NEXTAUTH_SECRET: {{ .Values.appSecret | quote }}
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
index d8b69b0..e1e2d13 100644
--- a/deploy/chart/values.yaml
+++ b/deploy/chart/values.yaml
@@ -1,32 +1,28 @@
+env: ""
+
 azureAd:
   clientId: ""
   clientSecret: ""
   tenantId: ""
 
-email:
-  user: ""
-  password: ""
-  host: ""
-  port: ""
-  from: ""
+auth0:
+  clientId: ""
+  clientSecret: ""
+  issuer: ""
+
+azureBlob:
+  accessKey: ""
 
 database:
   url: ""
 
 appSecret: ""
 
-imageCredentials:
-  registry: cr.gitlab.uzh.ch
-  username: gitlab+deploy-token
-
-imagePullSecrets:
-  - name: gitlab-uzh-thesis-platform-registry
-
 replicaCount: 1
 
 image:
-  repository: cr.gitlab.uzh.ch/uzh-bf/thesis-platform
-  tag: latest
+  repository: ghcr.io/uzh-bf/thesis-platform
+  tag: main
   pullPolicy: Always
 
 service:
diff --git a/deploy/helmfile.yaml b/deploy/helmfile.yaml
index 535977b..566389a 100644
--- a/deploy/helmfile.yaml
+++ b/deploy/helmfile.yaml
@@ -1,29 +1,38 @@
 releases:
   - name: thesis-platform
-    namespace: thesis-platform
+    namespace: '{{ env "NAMESPACE" | default "thesis-platform-stage" }}'
     createNamespace: true
     chart: ./chart
     version: '{{ env "CHART_VERSION" | default "0.1.0" }}'
     installed: true
     kubeContext: bf-k8s463ba113
     values:
-      - imageCredentials:
-          password: '{{ env "REGISTRY_PASSWORD" }}'
+      - appSecret: '{{ env "NEXTAUTH_SECRET" }}'
+        appUrl: '{{ env "NEXT_PUBLIC_APP_URL" }}'
+        env: '{{ env "NODE_ENV" }}'
 
         azureAd:
           clientId: '{{ env "AZURE_AD_CLIENT_ID" }}'
           clientSecret: '{{ env "AZURE_AD_CLIENT_SECRET" }}'
           tenantId: '{{ env "AZURE_AD_TENANT_ID" }}'
 
-        email:
-          host: '{{ env "EMAIL_SERVER_HOST" }}'
-          password: '{{ env "EMAIL_SERVER_PASSWORD" }}'
-          user: '{{ env "EMAIL_SERVER_USER" }}'
-          port: '{{ env "EMAIL_SERVER_PORT" }}'
-          from: '{{ env "EMAIL_FROM" }}'
+        auth0:
+          clientId: '{{ env "AUTH0_CLIENT_ID" }}'
+          clientSecret: '{{ env "AUTH0_CLIENT_SECRET" }}'
+          issuer: '{{ env "AUTH0_ISSUER" }}'
+
+        azureBlob:
+          accessKey: '{{ env "AZURE_STORAGE_ACCOUNT_ACCESS_KEY" }}'
 
         database:
           url: '{{ env "DATABASE_URL" }}'
 
-        appSecret: '{{ env "NEXTAUTH_SECRET" }}'
-        appUrl: '{{ env "NEXT_PUBLIC_APP_URL" }}'
+        ingress:
+          hosts:
+            - host: '{{ env "APP_DOMAIN" }}'
+              paths:
+                - /
+          tls:
+            - secretName: thesis-platform-tls
+              hosts:
+                - '{{ env "APP_DOMAIN" }}'