Fix everything (#411)

* Upgrade workspace

* Moving backend to Fly.io + Caddy

* disabling failing shit

* work ?

* On-demand TLS

* `chmod +x`

* x86_64

* Cloud mode

* Use cloud mode

* no updater for cloud

* fix code

* enable cloud mode properly

* Fix Caddy path

* Delete `apps/android`

* Restructure Rust

* fix build

* fix config existence check for cloud

* Migrate from deprecated Caddy directive

* Get rid of SST cause it's too broken

* Drop flat routing + more npm updates

* reintroduce flat routing

* Parallel Routing in stable

* make happy

* bring CI back

* fix docs & wip fixing web

* a

Author: oscartbeaumont

.github/workflows/cd.yaml

@@ -44,58 +44,58 @@ jobs:
       - name: Setup Rust toolchain
         run: rustup toolchain install stable --profile minimal
 
-      - name: Install Rust target for 'aarch64-unknown-linux-musl'
-        run: rustup target add aarch64-unknown-linux-musl
+      - name: Install Rust target for 'x86_64-unknown-linux-musl'
+        run: rustup target add x86_64-unknown-linux-musl
 
       - name: Build & upload binary
         run: |
           pnpm i -g wrangler
           export HASH=$(git rev-parse HEAD)
 
-          cargo zigbuild --release --target aarch64-unknown-linux-musl -p mattrax
+          cargo zigbuild --release --target x86_64-unknown-linux-musl -p mattrax
 
-          wrangler r2 object put "static/mattrax/$HASH/aarch64-unknown-linux" --file=target/aarch64-unknown-linux-musl/release/mattrax --cache-control "public, max-age=31536000, immutable"
+          wrangler r2 object put "static/mattrax/$HASH/x86_64-unknown-linux" --file=target/x86_64-unknown-linux-musl/release/mattrax --cache-control "public, max-age=31536000, immutable"
           echo "$HASH" | wrangler r2 object put "static/nightly" --pipe
 
-  sst:
-    name: SST
-    runs-on: ubuntu-latest
-    # This is required to workaround the lack of wildcard for OIDC scope
-    # https://github.com/Azure/azure-workload-identity/issues/373
-    #
-    # I swear to god Microsoft have never tried anything they have built.
-    environment: production
-    concurrency:
-      group: production
-    if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
-    steps:
-      - name: Git clone the repository
-        uses: actions/checkout@v4
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: "arn:aws:iam::101829795063:role/mattrax-gh-actions"
-          aws-region: us-east-1
-          role-session-name: mattrax-sst-workflow
-
-      - uses: pnpm/action-setup@v4
-        with:
-          version: latest
-
-      - name: Install SST
-        run: curl -fsSL https://ion.sst.dev/install | bash
-
-      - run: cd infra && sst deploy --stage brendonovich
-        env:
-          ARM_USE_OIDC: true
-          ARM_CLIENT_ID: a17b56f1-0b10-4029-9a89-7f703d3573f8
-          ARM_TENANT_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
-          AZURE_SUBSCRIPTION_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
-          OAUTH_CLIENT_ID: kXdvzkEgiN11CNTRL
-          OAUTH_CLIENT_SECRET: ${{ secrets.TAILSCALE_OAUTH_SECRET }}
-
-  build-web:
+  # sst:
+  #   name: SST
+  #   runs-on: ubuntu-latest
+  #   # This is required to workaround the lack of wildcard for OIDC scope
+  #   # https://github.com/Azure/azure-workload-identity/issues/373
+  #   #
+  #   # I swear to god Microsoft have never tried anything they have built.
+  #   environment: production
+  #   concurrency:
+  #     group: production
+  #   if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+  #   steps:
+  #     - name: Git clone the repository
+  #       uses: actions/checkout@v4
+
+  #     - name: Configure AWS credentials
+  #       uses: aws-actions/configure-aws-credentials@v4
+  #       with:
+  #         role-to-assume: "arn:aws:iam::101829795063:role/mattrax-gh-actions"
+  #         aws-region: us-east-1
+  #         role-session-name: mattrax-sst-workflow
+
+  #     - uses: pnpm/action-setup@v4
+  #       with:
+  #         version: latest
+
+  #     - name: Install SST
+  #       run: curl -fsSL https://ion.sst.dev/install | bash
+
+  #     - run: cd infra && sst deploy --stage brendonovich
+  #       env:
+  #         ARM_USE_OIDC: true
+  #         ARM_CLIENT_ID: a17b56f1-0b10-4029-9a89-7f703d3573f8
+  #         ARM_TENANT_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
+  #         AZURE_SUBSCRIPTION_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
+  #         OAUTH_CLIENT_ID: kXdvzkEgiN11CNTRL
+  #         OAUTH_CLIENT_SECRET: ${{ secrets.TAILSCALE_OAUTH_SECRET }}
+
+  build-js:
     strategy:
       matrix:
         projects:
@@ -131,7 +131,7 @@ jobs:
   deploy-mattrax:
     name: Deploy Mattrax
     runs-on: ubuntu-latest
-    needs: [build-mattrax, sst]
+    needs: [build-mattrax] # TODO: sst
     concurrency:
       group: mattrax
     environment:
@@ -141,36 +141,22 @@ jobs:
       - name: Git clone the repository
         uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v4
-        with:
-          version: latest
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: "arn:aws:iam::101829795063:role/mattrax-gh-actions"
-          aws-region: us-east-1
-          role-session-name: mattrax-sst-workflow
-
-      - name: Install SST
-        run: curl -fsSL https://ion.sst.dev/install | bash
-
-      - name: Set SST envs
+      - name: Install Flyctl
+        uses: superfly/flyctl-actions/[email protected]
+      
+      - name: Download binary
+        working-directory: ./infra/cloud
         run: |
-          cd infra && sst secret list --stage brendonovich | grep "MDM_INTERNAL_SECRET" >> $GITHUB_ENV
+          wget -O mattrax "https://static.mattrax.app/mattrax/$(git rev-parse HEAD)/x86_64-unknown-linux"
+          chmod +x mattrax
+      
+      - name: Deploy to Fly
+        run: flyctl deploy --wait-timeout 2m
+        working-directory: ./infra/cloud
         env:
-          ARM_USE_OIDC: true
-          ARM_CLIENT_ID: a17b56f1-0b10-4029-9a89-7f703d3573f8
-          ARM_TENANT_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
-          AZURE_SUBSCRIPTION_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
-          OAUTH_CLIENT_ID: kXdvzkEgiN11CNTRL
-          OAUTH_CLIENT_SECRET: ${{ secrets.TAILSCALE_OAUTH_SECRET }}
-
-      - name: Deploy Mattrax
-        run: |
-          curl -v "https://mdm.mattrax.app/internal/redeploy?secret=${{ env.MDM_INTERNAL_SECRET }}"
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
 
-  deploy-web:
+  deploy-js:
     strategy:
       matrix:
         projects:
@@ -180,11 +166,11 @@ jobs:
     name: Deploy ${{ matrix.projects.name }}
     runs-on: ubuntu-latest
     needs:
-      - sst
+      # - sst # TODO
       # This will wait for *all* projects to build, not just the one we care about.
       # GitHub don't provide a better solution :(
-      - build-web
-      - deploy-mattrax
+      - build-js
+      # - deploy-mattrax # TODO
     # Run regardless of if previous steps were skipped
     if: ${{ !failure() && !cancelled() }}
     environment:

.gitignore

@@ -58,4 +58,4 @@ Thumbs.db
 /TODO
 
 # Nx
-.nx/cache
+.nx