Merge pull request #172 from interledger/stephan/intorg-200

feat(ci): workflow to also build to gcs bucket

Author: bosbaber

.github/workflows/deploy_gcs.yml

@@ -0,0 +1,67 @@
+name: Deploy to GCS
+
+on:
+  # Trigger the workflow every time you push to the `main` branch
+  # Using a different branch name? Replace `main` with your branch's name
+  push:
+    branches: [main]
+  # Allows you to run this workflow manually from the Actions tab on GitHub.
+  workflow_dispatch:
+
+# Allow this job to clone the repo and create a page deployment
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout your repository using git
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GSA_JSON }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - uses: oven-sh/setup-bun@v1
+      - name: Install dependencies
+        run: bun install
+      - name: Test build website
+        run: bun run build
+
+      - name: Deploy to GCS
+        run: gsutil -m rsync -r -d ./dist/ gs://${{ secrets.GCS_BUCKET }}/developers
+
+      - name: Build nginx container
+        run: |
+          cd ci/nginx-rewrite
+          gcloud builds submit --tag gcr.io/interledger-websites/nginx-rewrite:latest .
+
+      - name: Deploy to Cloud Run
+        run: |
+          gcloud run deploy nginx-rewrite \
+            --image gcr.io/interledger-websites/nginx-rewrite:latest \
+            --platform managed \
+            --region us-central1 \
+            --allow-unauthenticated \
+            --port 8080 \
+            --memory 512Mi \
+            --cpu 1 \
+            --min-instances 0 \
+            --max-instances 10 \
+            --quiet
+
+      - name: Invalidate CDN cache
+        run: |
+          gcloud compute url-maps invalidate-cdn-cache interledger-org \
+            --path "/developers/*" \
+            --async

ci/nginx-rewrite/Dockerfile

@@ -0,0 +1,26 @@
+FROM google/cloud-sdk:alpine AS fetcher
+
+# Fetch the developers content from GCS
+RUN mkdir -p /content/developers && \
+    gsutil -m rsync -r gs://interledger-org-developers-portal/developers/ /content/developers/
+
+FROM nginx:alpine
+
+# Copy the fetched content
+COPY --from=fetcher /content /usr/share/nginx/html
+
+# Copy custom nginx configuration
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Ensure nginx runs as non-root (Cloud Run requirement)
+RUN touch /var/run/nginx.pid && \
+    chown -R nginx:nginx /var/run/nginx.pid && \
+    chown -R nginx:nginx /var/cache/nginx && \
+    chown -R nginx:nginx /var/log/nginx && \
+    chown -R nginx:nginx /usr/share/nginx/html
+
+USER nginx
+
+EXPOSE 8080
+
+CMD ["nginx", "-g", "daemon off;"]

ci/nginx-rewrite/README.md

@@ -0,0 +1,82 @@
+# Nginx Rewrite Service
+
+Simple nginx-based static file server for the developers portal under the `/developers` path.
+
+## Background
+
+Previously, this content was served from an AWS S3 bucket through AWS CloudFront CDN. After migrating to GCS, we encountered a significant limitation: the GCS CDN lacks CloudFront's intelligent URL rewriting capabilities, and automatic `index.html` serving doesn't come out of the box. The simplest solution was to host the content through nginx and handle all rewrite rules at the server level.
+
+## What it does
+
+- Serves static files from the GCS bucket `gs://interledger-org-developers-portal/developers`
+- Content is baked into the container image at build time (multi-stage Docker build)
+- Handles index.html fallback for pretty URLs using `try_files`
+- Redirects paths without trailing slash to the slash version for clean URLs
+- Serves all content under `/developers/` path
+
+## Building and deploying
+
+Deployment happens automatically via GitHub Actions when changes are merged to `main`:
+
+1. Site is built with Astro
+2. Files are synced to `gs://interledger-org-developers-portal/developers`
+3. Container is built (fetches content from GCS at build time)
+4. New revision is deployed to Cloud Run
+
+Manual deployment:
+
+```bash
+cd ci/nginx-rewrite
+
+# Build the container (fetches from GCS during build)
+gcloud builds submit --tag gcr.io/interledger-websites/nginx-rewrite:latest .
+
+# Deploy to Cloud Run
+gcloud run deploy nginx-rewrite \
+  --image gcr.io/interledger-websites/nginx-rewrite:latest \
+  --platform managed \
+  --region us-central1 \
+  --allow-unauthenticated \
+  --port 8080 \
+  --memory 512Mi \
+  --cpu 1 \
+  --min-instances 0 \
+  --max-instances 10
+```
+
+## How it works
+
+### Multi-stage Docker build
+
+1. **Stage 1 (fetcher)**: Uses `google/cloud-sdk:alpine` to fetch content from GCS
+   - Runs `gsutil rsync` to download `gs://interledger-org-developers-portal/developers/` to `/content/developers/`
+2. **Stage 2 (nginx)**: Uses `nginx:alpine` to serve the content
+   - Copies content from stage 1
+   - Copies custom `nginx.conf`
+   - Runs as non-root user (Cloud Run requirement)
+
+### Nginx configuration
+
+Simple configuration in `nginx.conf`:
+
+- **Root**: `/usr/share/nginx/html` (contains the `developers/` folder)
+- **Location `/developers/`**: Uses `try_files $uri $uri/ $uri/index.html =404` for index fallback
+- **Location `= /developers`**: 301 redirect to `/developers/` for consistency
+- **absolute_redirect off**: Ensures redirects use relative paths (important for load balancer)
+
+## Architecture
+
+```
+GitHub Actions (on push to main)
+  ↓
+  1. Build Astro site
+  2. Sync to GCS bucket
+  3. Build container (fetches from GCS)
+  4. Deploy to Cloud Run
+  ↓
+Load Balancer (staging.interledger.org)
+  ↓
+  /developers → nginx-rewrite Cloud Run service
+  ↓
+  Serves baked-in static files
+```

ci/nginx-rewrite/nginx.conf

@@ -0,0 +1,58 @@
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    gzip on;
+
+    # Use relative redirects
+    absolute_redirect off;
+
+    server {
+        listen 8080;
+        server_name _;
+
+        # Root directory containing the developers folder
+        root /usr/share/nginx/html;
+
+        # Health check endpoint for Cloud Run
+        location /health {
+            access_log off;
+            return 200 "healthy\n";
+            add_header Content-Type text/plain;
+        }
+
+        # Serve files under /developers/
+        location /developers/ {
+            # This will:
+            # /developers/                -> /developers/index.html
+            # /developers/foo             -> /developers/foo/index.html
+            # /developers/foo/            -> /developers/foo/index.html
+            # /developers/foo/bar/        -> /developers/foo/bar/index.html
+            try_files $uri $uri/ $uri/index.html =404;
+        }
+
+        # If someone hits /developers (no slash), redirect to /developers/
+        location = /developers {
+            return 301 /developers/;
+        }
+    }
+}