rest-api: deploy with bazel

15 files changed, 49 insertions, 169 deletions

diff --git a/.bazelrc b/.bazelrc
index b3a24e8..00dcbce 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -1 +1,3 @@
 common --experimental_enable_bzlmod
+
+build --workspace_status_command="echo STABLE_GIT_SHA $(git rev-parse --short HEAD)"
diff --git a/MODULE.bazel b/MODULE.bazel
index da57d72..b4180be 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -2,6 +2,8 @@ bazel_dep(name = "rules_go", version = "0.47.0", repo_name = "io_bazel_rules_go"
 bazel_dep(name = "gazelle", version = "0.36.0", repo_name = "bazel_gazelle")
 bazel_dep(name = "rules_oci", version = "1.7.5")
 bazel_dep(name = "rules_pkg", version = "0.9.1")
+bazel_dep(name = "rules_helm", version = "0.4.0")
+bazel_dep(name = "aspect_bazel_lib", version = "2.7.3")
 
 # This is needed so that rules_oci supports arm64
 # See: https://github.com/bazel-contrib/rules_oci/issues/253
diff --git a/TODO b/TODO
index 980b2e1..07f3a1d 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,4 @@
+maybe we can remove helmsman with bazel
 better managing of secrets (maybe we shouldnt have environment variables)
 add db migrations
 nixos-k3s repo
diff --git a/deploy.sh b/deploy.sh
index d66667e..bd4b573 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -1,8 +1,6 @@
 #!/bin/sh
 
-bazel run //src/rest-api/cmd:push -- --tag "rest-api-$(git rev-parse --short HEAD)"
-helm upgrade rest-api --set image.tag="rest-api-$(git rev-parse --short HEAD)" k8s/rest-api
+bazel run //k8s/rest-api:chart.upgrade
 
 bazel run //src/payload-processor/cmd:push -- --tag "payload-processor-$(git rev-parse --short HEAD)"
-
 helm upgrade payload-processor --set image.tag="payload-processor-$(git rev-parse --short HEAD)" --set db.password=$DB_PASSWORD k8s/payload-processor
diff --git a/k8s/rest-api/BUILD.bazel b/k8s/rest-api/BUILD.bazel
new file mode 100644
index 0000000..9ebdaf9
--- /dev/null
+++ b/k8s/rest-api/BUILD.bazel
@@ -0,0 +1,11 @@
+load("@rules_helm//helm:defs.bzl", "helm_chart")
+
+helm_chart(
+    name = "chart",
+    chart = "Chart.yaml",
+    images = ["//src/rest-api/cmd:push"],
+    install_name = "rest-api",
+    stamp = 1,
+    substitutions = {"IMAGE_TAG": "rest-api-{STABLE_GIT_SHA}"},
+    values = "values.yaml",
+)
diff --git a/k8s/rest-api/templates/NOTES.txt b/k8s/rest-api/templates/NOTES.txt
index 343c764..fa5e840 100644
--- a/k8s/rest-api/templates/NOTES.txt
+++ b/k8s/rest-api/templates/NOTES.txt
@@ -1,11 +1,5 @@
 1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
+{{- if contains "NodePort" .Values.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rest-api.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
diff --git a/k8s/rest-api/templates/deployment.yaml b/k8s/rest-api/templates/deployment.yaml
index 5951f59..f2b15d8 100644
--- a/k8s/rest-api/templates/deployment.yaml
+++ b/k8s/rest-api/templates/deployment.yaml
@@ -5,9 +5,7 @@ metadata:
   labels:
     {{- include "rest-api.labels" . | nindent 4 }}
 spec:
-  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
-  {{- end }}
   selector:
     matchLabels:
       {{- include "rest-api.selectorLabels" . | nindent 6 }}
@@ -24,14 +22,13 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "rest-api.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
diff --git a/k8s/rest-api/templates/ingress.yaml b/k8s/rest-api/templates/ingress.yaml
deleted file mode 100644
index 63c77d2..0000000
--- a/k8s/rest-api/templates/ingress.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "rest-api.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
-  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
-  {{- end }}
-{{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "rest-api.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.className }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
-            pathType: {{ .pathType }}
-            {{- end }}
-            backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-              service:
-                name: {{ $fullName }}
-                port:
-                  number: {{ $svcPort }}
-              {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-              {{- end }}
-          {{- end }}
-    {{- end }}
-{{- end }}
diff --git a/k8s/rest-api/templates/serviceaccount.yaml b/k8s/rest-api/templates/serviceaccount.yaml
deleted file mode 100644
index 84dd6dd..0000000
--- a/k8s/rest-api/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "rest-api.serviceAccountName" . }}
-  labels:
-    {{- include "rest-api.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
diff --git a/k8s/rest-api/values.yaml b/k8s/rest-api/values.yaml
index 550eb82..f79e04f 100644
--- a/k8s/rest-api/values.yaml
+++ b/k8s/rest-api/values.yaml
@@ -2,81 +2,17 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+# NOTE: This string "@@//src/rest-api/cmd:push" needs to be present
+# in order to limtations of the helm_rules bazel package
+
 replicaCount: 1
 
 image:
   repository: docker.io/baitinq/fs-tracer
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+  tag: "{IMAGE_TAG}"
 
 service:
   type: LoadBalancer
   port: 8080
-
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
diff --git a/src/payload-processor/cmd/BUILD.bazel b/src/payload-processor/cmd/BUILD.bazel
index 61b6d50..7c89231 100644
--- a/src/payload-processor/cmd/BUILD.bazel
+++ b/src/payload-processor/cmd/BUILD.bazel
@@ -9,10 +9,10 @@ go_library(
     visibility = ["//visibility:private"],
     deps = [
         "//src/payload-processor/processor",
-        "//vendor/github.com/jmoiron/sqlx",
-        "//vendor/github.com/lib/pq",
-        "//vendor/github.com/segmentio/kafka-go",
-        "//vendor/github.com/segmentio/kafka-go/sasl/plain",
+        "@com_github_jmoiron_sqlx//:sqlx",
+        "@com_github_lib_pq//:pq",
+        "@com_github_segmentio_kafka_go//:kafka-go",
+        "@com_github_segmentio_kafka_go//sasl/plain",
     ],
 )
 
diff --git a/src/payload-processor/processor/BUILD.bazel b/src/payload-processor/processor/BUILD.bazel
index b01383a..9761c58 100644
--- a/src/payload-processor/processor/BUILD.bazel
+++ b/src/payload-processor/processor/BUILD.bazel
@@ -10,9 +10,9 @@ go_library(
     importpath = "github.com/Baitinq/fs-tracer-backend/src/payload-processor/processor",
     visibility = ["//visibility:public"],
     deps = [
-        "//vendor/github.com/jmoiron/sqlx",
-        "//vendor/github.com/segmentio/kafka-go",
-        "//vendor/go.uber.org/mock/gomock",
+        "@com_github_jmoiron_sqlx//:sqlx",
+        "@com_github_segmentio_kafka_go//:kafka-go",
+        "@org_uber_go_mock//gomock",
     ],
 )
 
@@ -21,8 +21,8 @@ go_test(
     srcs = ["processor_test.go"],
     embed = [":processor"],
     deps = [
-        "//vendor/github.com/segmentio/kafka-go",
-        "//vendor/github.com/stretchr/testify/require",
-        "//vendor/go.uber.org/mock/gomock",
+        "@com_github_segmentio_kafka_go//:kafka-go",
+        "@com_github_stretchr_testify//require",
+        "@org_uber_go_mock//gomock",
     ],
 )
diff --git a/src/rest-api/cmd/BUILD.bazel b/src/rest-api/cmd/BUILD.bazel
index 10554e8..4ecded7 100644
--- a/src/rest-api/cmd/BUILD.bazel
+++ b/src/rest-api/cmd/BUILD.bazel
@@ -1,4 +1,6 @@
+load("@aspect_bazel_lib//lib:expand_template.bzl", "expand_template")
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_cross_binary", "go_library")
+load("@rules_helm//helm:defs.bzl", "helm_chart")
 load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push", "oci_tarball")
 load("@rules_pkg//:pkg.bzl", "pkg_tar")
 
@@ -9,8 +11,8 @@ go_library(
     visibility = ["//visibility:private"],
     deps = [
         "//src/rest-api/handler",
-        "//vendor/github.com/segmentio/kafka-go",
-        "//vendor/github.com/segmentio/kafka-go/sasl/plain",
+        "@com_github_segmentio_kafka_go//:kafka-go",
+        "@com_github_segmentio_kafka_go//sasl/plain",
     ],
 )
 
@@ -47,8 +49,18 @@ oci_tarball(
     repo_tags = [],
 )
 
+expand_template(
+    name = "stamped",
+    out = "_stamped.tags.txt",
+    stamp = 1,
+    stamp_substitutions = {"tag": "rest-api-{{STABLE_GIT_SHA}}"},
+    template = ["tag"],
+)
+
 oci_push(
     name = "push",
     image = ":image",
+    remote_tags = ":stamped",
     repository = "docker.io/baitinq/fs-tracer",
+    visibility = ["//visibility:public"],
 )
diff --git a/src/rest-api/handler/BUILD.bazel b/src/rest-api/handler/BUILD.bazel
index 13e9a5d..89adc69 100644
--- a/src/rest-api/handler/BUILD.bazel
+++ b/src/rest-api/handler/BUILD.bazel
@@ -5,5 +5,5 @@ go_library(
     srcs = ["handler.go"],
     importpath = "github.com/Baitinq/fs-tracer-backend/src/rest-api/handler",
     visibility = ["//visibility:public"],
-    deps = ["//vendor/github.com/segmentio/kafka-go"],
+    deps = ["@com_github_segmentio_kafka_go//:kafka-go"],
 )
diff --git a/src/rest-api/handler/handler.go b/src/rest-api/handler/handler.go
index 3fdd3f8..3454486 100644
--- a/src/rest-api/handler/handler.go
+++ b/src/rest-api/handler/handler.go
@@ -33,7 +33,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	defer cancel()
 
 	err = h.kafka_writer.WriteMessages(ctx, kafka.Message{
-		Key:   []byte("key-A"), //TODO: This routes to a partition. We should probably route by agent UUID
+		Key:   []byte("key"), //TODO:This routes to a partition. We should probably route by agent UUID TODO: wont this negate having multiple topics
 		Value: []byte(body),
 	})
 	if err != nil {