import * as pulumi from '@pulumi/pulumi'; import { ServiceSecret } from '../utils/secrets'; import { ServiceDeployment } from '../utils/service-deployment'; import { Docker } from './docker'; import { Environment } from './environment'; import { Observability } from './observability'; import { Postgres } from './postgres'; import { Sentry } from './sentry'; export class PostmarkSecret extends ServiceSecret<{ token: pulumi.Output | string; from: string; messageStream: string; }> {} export function deployWorkflows({ environment, heartbeat, image, docker, sentry, postgres, observability, postmarkSecret, }: { postgres: Postgres; observability: Observability; environment: Environment; image: string; docker: Docker; heartbeat?: string; sentry: Sentry; postmarkSecret: PostmarkSecret; }) { return ( new ServiceDeployment( 'workflow-service', { imagePullSecret: docker.secret, env: { ...environment.envVars, SENTRY: sentry.enabled ? '1' : '0', EMAIL_PROVIDER: 'postmark', HEARTBEAT_ENDPOINT: heartbeat ?? '', OPENTELEMETRY_COLLECTOR_ENDPOINT: observability.enabled && observability.tracingEndpoint ? observability.tracingEndpoint : '', LOG_JSON: '1', }, readinessProbe: '/_readiness', livenessProbe: '/_health', startupProbe: '/_health', exposesMetrics: true, image, replicas: environment.podsConfig.general.replicas, }, [], ) // PG .withSecret('POSTGRES_HOST', postgres.pgBouncerSecret, 'host') .withSecret('POSTGRES_PORT', postgres.pgBouncerSecret, 'port') .withSecret('POSTGRES_USER', postgres.pgBouncerSecret, 'user') .withSecret('POSTGRES_PASSWORD', postgres.pgBouncerSecret, 'password') .withSecret('POSTGRES_DB', postgres.pgBouncerSecret, 'database') .withSecret('POSTGRES_SSL', postgres.pgBouncerSecret, 'ssl') .withSecret('EMAIL_FROM', postmarkSecret, 'from') .withSecret('EMAIL_PROVIDER_POSTMARK_TOKEN', postmarkSecret, 'token') .withSecret('EMAIL_PROVIDER_POSTMARK_MESSAGE_STREAM', postmarkSecret, 'messageStream') .withConditionalSecret(sentry.enabled, 'SENTRY_DSN', sentry.secret, 'dsn') .deploy() ); }