feat: add new dev workflow

Author: vieiraricardo

.github/workflows/dev-release.yml

@@ -1,80 +1,94 @@
-# This workflow will build and push a new container image to Amazon ECR,
-# and then will deploy a new task definition to Amazon ECS, when a release is created
-#
-# To use this workflow, you will need to complete the following set-up steps:
-#
-# 1. Create an ECR repository to store your images.
-#    For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
-#    Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
-#    Replace the value of `aws-region` in the workflow below with your repository's region.
-#
-# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
-#    For example, follow the Getting Started guide on the ECS console:
-#      https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
-#    Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
-#
-# 3. Store your ECS task definition as a JSON file in your repository.
-#    The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
-#    Replace the value of `task-definition` in the workflow below with your JSON file's name.
-#    Replace the value of `container-name` in the workflow below with the name of the container
-#    in the `containerDefinitions` section of the task definition.
-#
-# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
-#    See the documentation for each action used below for the recommended IAM policies for this IAM user,
-#    and best practices on handling the access key credentials.
+name: Deploy App
 
 on:
   push:
-    branches:
-      - dev-release
-
-name: Deploy to Amazon ECS
+    branches: [ dev-release ]
 
 jobs:
-  deploy:
-    name: Deploy
-    runs-on: [self-hosted, linux, dev, prod]
-
+  build-and-deploy:
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Configure Docker Buildx to allow efficient caching
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Cache Docker layers to speed up future builds
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
+      - name: Build and Export Image
+        uses: docker/build-push-action@v5
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-central-1
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          tags: superdapp-python-api-dev:latest
+          outputs: type=docker,dest=/tmp/image.tar
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
 
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
+      # Compress the image for faster upload and move to root folder
+      - name: Gzip Image and Move
+        run: |
+          gzip -9 /tmp/image.tar
+          mv /tmp/image.tar.gz ./
+
+      # Install AWS CLI (For local act runner)
+      - name: Install AWS CLI (For local act runner)
+        run: |
+          if ! command -v aws &> /dev/null; then
+            sudo apt-get update && sudo apt-get install -y awscli
+          fi
 
-      - name: Build, tag, and push image to Amazon ECR
-        id: build-image
+      # Download the environment variables from Hetzner Object Storage
+      - name: Download .env from Hetzner S3
         env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: superdapp-python-dev
-          IMAGE_TAG: latest
+          AWS_ACCESS_KEY_ID: ${{ secrets.HETZNER_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.HETZNER_SECRET_KEY }}
+          AWS_REGION: eu-central-1 # Change to your preferred Hetzner region (e.g., fsn1, nbg1)
         run: |
-          # Build a docker container and
-          # push it to ECR so that it can
-          # be deployed to ECS.
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
-      - name: Fill in the new image ID in the Amazon ECS task definition
-        id: task-def
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
+          aws s3 cp s3://superdapp-env-files/superdapp-python-dev.env .env \
+            --endpoint-url https://hel1.your-objectstorage.com
+
+      - name: Transfer Files to VPS
+        uses: appleboy/scp-action@v0.1.7
         with:
-          task-definition: ecs-dev-release-task-definition.json
-          container-name: superdapp-python-dev
-          image: ${{ steps.build-image.outputs.image }}
+          host: ${{ secrets.DEV_HOST }}
+          username: ${{ secrets.USER }}
+          key: ${{ secrets.SSH_DEV_PRIVATE_KEY }}
+          # Send the image, the updated docker-compose.dev.yml AND the downloaded .env file
+          source: "image.tar.gz,docker-compose.dev.yml,.env"
+          target: "~/superdapp-python-api-dev"
 
-      - name: Deploy Amazon ECS task definition
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+      - name: Remote Deploy
+        uses: appleboy/ssh-action@v1.0.3
         with:
-          task-definition: ${{ steps.task-def.outputs.task-definition }}
-          service: superdapp-python-dev
-          cluster: dev
-          wait-for-service-stability: true
+          host: ${{ secrets.DEV_HOST }}
+          username: ${{ secrets.USER }}
+          key: ${{ secrets.SSH_DEV_PRIVATE_KEY }}
+          script: |
+            cd ~/superdapp-python-api-dev
+            
+            # Load the new image
+            gunzip -c image.tar.gz | docker load
+            
+            # Restart the service leveraging the custom file name
+            docker compose -f docker-compose.dev.yml up -d
+            
+            # Cleanup: Remove the tar file and old/dangling images
+            rm image.tar.gz
+            docker image prune -f
+            
+      # Buildx cache management (cleanup required for GitHub Actions)
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

docker-compose.dev.yml

@@ -0,0 +1,30 @@
+services:
+  api:
+    image: superdapp-python-api-dev:latest
+    container_name: python-api-dev
+    restart: unless-stopped
+    env_file:
+      - .env
+    networks:
+      - traefik-net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.python-api.rule=Host(`python-api.superdapp.dev`)"
+      - "traefik.http.routers.python-api.entrypoints=websecure"
+      - "traefik.http.routers.python-api.tls=true"
+      - "traefik.http.routers.python-api.tls.certresolver=letsencrypt"
+      - "traefik.http.services.python-api.loadbalancer.server.port=80"
+      - "traefik.docker.network=traefik-net"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 2048M
+        reservations:
+          cpus: '0.25'
+          memory: 512M
+
+networks:
+  traefik-net:
+    external: true
+    name: traefik-net

main.py

@@ -32,6 +32,11 @@
 ]
 
 app = FastAPI()
+
+@app.get("/")
+async def root():
+    return {"status": "ok", "message": "SuperDapp Python API is running"}
+    
 # Initialize logging
 LOGFILE_PATH = os.path.join(os.path.dirname(
     os.path.abspath(__file__)), 'app.log')