Skip to content

Commit

Permalink
Merge branch 'development' of github.com:jahrulnr/bangunsite into dev…
Browse files Browse the repository at this point in the history 
…elopment
  • Loading branch information
Jahrulnr committed May 25, 2024
2 parents 566dabd + a952e3e commit 0088d5b
Show file tree
Hide file tree
Showing 30 changed files with 367 additions and 166 deletions.
2 changes: 1 addition & 1 deletion .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@
/web/vendor
/web/.env
/template
/web/storage/webconfig/active.d
/.github
/prod
24 changes: 17 additions & 7 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,28 @@ name: BangunSite Build Action

env:
IMAGE_NAME: bangunsite:latest
BASIC_AUTH: admin:yourstrongpassword

on: push

jobs:
build:
name: build image
hadolin:
name: hadolint
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/master'

steps:
- uses: actions/checkout@main
- uses: hadolint/[email protected]
with:
dockerfile: Dockerfile-prod

healty:
needs: hadolin
name: Healty check
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/main' && success()

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@main
- name: Build
run: docker build -f Dockerfile-prod --tag ${{ env.IMAGE_NAME }} .
- name: Test run
Expand All @@ -23,8 +33,8 @@ jobs:
- name: Check healty
run: |
docker exec -i bangunsite curl localhost/healty.php -s --connect-timeout 10
docker exec -i bangunsite artisan key:generate > /dev/null
docker exec -i bangunsite artisan key:generate > /dev/null && sleep 5
docker exec -i bangunsite curl localhost:8000/healty -sf --connect-timeout 10
docker stop bangunsite > /dev/null
docker rm bangunsite > /dev/null
docker rmi ${{ env.IMAGE_NAME }} > /dev/null
docker rmi ${{ env.IMAGE_NAME }} > /dev/null
85 changes: 68 additions & 17 deletions .github/workflows/deploy.yml.example
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,90 @@
name: BangunSite Deploy Action
name: BangunSite Build Action

env:
REGISTRY: ${{ secrets.HOST }}
IMAGE_NAME: bangunsite:latest

on: push

jobs:
build:
name: build image
hadolin:
name: hadolint
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@main
- uses: hadolint/[email protected]
with:
dockerfile: Dockerfile-prod

healty:
needs: hadolin
name: Healty check
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/main'
if: github.ref != 'refs/heads/main' && success()

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@main
- name: Build
run: docker build -f Dockerfile-prod --tag ${{ env.IMAGE_NAME }} .
- name: Test run
run: docker run -d --name bangunsite ${{ env.IMAGE_NAME }}
- name: Wait for docker to finish building
run: sleep 5
- name: Check healty
run: |
docker build -f Dockerfile-prod --tag ${{ env.IMAGE_NAME }} .
docker exec -i bangunsite curl localhost/healty.php -s --connect-timeout 10
docker exec -i bangunsite artisan key:generate > /dev/null && sleep 5
docker exec -i bangunsite curl localhost:8000/healty -sf --connect-timeout 10
docker stop bangunsite > /dev/null
docker rm bangunsite > /dev/null
docker rmi ${{ env.IMAGE_NAME }} > /dev/null

build:
needs: hadolin
name: build image
runs-on: ubuntu-latest
if: success() && github.ref == 'refs/heads/main'

steps:
- uses: actions/checkout@main
- name: Build container image
run: docker build -f Dockerfile-prod --tag ${{ env.IMAGE_NAME }} .
- name: Export image
run: |
mkdir -p images
docker save ${{ env.IMAGE_NAME }} | gzip > images/bangunsite.tar.gz
- uses: actions/upload-artifact@main
with:
name: bangunsite.tar.gz
path: images

push:
name: build and push image
needs: build
name: push image
runs-on: ubuntu-latest
if: success() && github.ref == 'refs/heads/main'

steps:
- uses: actions/checkout@v3
- name: Login
- uses: actions/checkout@main
- uses: actions/download-artifact@main
with:
name: bangunsite.tar.gz
path: images
- name: install ssh keys
run: |
docker login ${{ secrets.HOST }} -u ${{ secrets.USER }} -p ${{ secrets.PASS }}
docker build -f Dockerfile-prod --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} .
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: push image
run: |
scp images/bangunsite.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/tmp/bangunsite.tar.gz
ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cat /tmp/bangunsite.tar.gz | docker load && rm -f /tmp/bangunsite.tar.gz && exit"
- name: cleanup
run: rm -rf ~/.ssh images

deploy:
needs: push
name: deploy image
name: deploy
runs-on: ubuntu-latest

steps:
Expand All @@ -43,6 +94,6 @@ jobs:
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: connect and pull
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && exit"
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose up -d && sleep 1 && service containerlog restart && exit"
- name: cleanup
run: rm -rf ~/.ssh
run: rm -rf ~/.ssh
3 changes: 1 addition & 2 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,4 @@
/web/composer.lock
/web/.env
/web/public/storage
/template
/production.zip
/template
21 changes: 14 additions & 7 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
FROM alpine:3.19

ENV PS1="\[\e]0;\u@\h: \w\a\]${whoami}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ "
RUN apk update && apk add --no-cache curl bash bash-completion shadow \
&& apk add --no-cache nginx \

ENV PATH="/opt/venv/bin:/app:/app/vendor/bin:$PATH"
ENV TZ="Asia/Jakarta"
RUN echo "apps:x:0:0:root:/root:/bin/bash" >> /etc/passwd && \
echo "alias ll='ls -l'" >> /root/.bashrc \
&& apk update && apk add --no-cache curl bash bash-completion shadow tzdata \
&& apk add --no-cache docker \
&& apk add --no-cache nginx nginx-mod-stream \
&& apk add --no-cache git python3 \
&& python3 -m venv /opt/venv \
&& export PATH="/opt/venv/bin:$PATH" \
&& mkdir -p /run/php \
&& pip install wheel \
&& pip install supervisor \
Expand All @@ -14,7 +19,8 @@ RUN apk update && apk add --no-cache curl bash bash-completion shadow \
php82-gd php82-xml php82-zip php82-curl php82-opcache \
php82-fileinfo php82-session php82-dom php82-tokenizer php82-exif \
php82-xmlreader php82-simplexml php82-xmlwriter \
php82-sqlite3 php82-pdo_sqlite php82-openssl php82-redis \
php82-sqlite3 php82-pdo_sqlite php82-openssl php82-redis php82-mysqli php82-pdo_mysql \
&& ln -s /usr/sbin/php-fpm82 /usr/sbin/php-fpm \
\
&& groupmod -og 1000 nginx \
&& usermod -ou 1000 -g 1000 nginx \
Expand All @@ -29,9 +35,10 @@ RUN apk update && apk add --no-cache curl bash bash-completion shadow \
COPY ./infra/cron.txt /tmp/
RUN cat /tmp/cron.txt >> /etc/crontabs/root && rm /tmp/cron.txt

ENV PATH="/opt/venv/bin:/app:/app/vendor/bin:$PATH"
COPY ./infra/nginx/nginx.conf /etc/nginx/
COPY ./infra/nginx/default.conf /etc/nginx/http.d/
COPY ./infra/nginx/stream.d /etc/nginx/stream.d
COPY ./infra/nginx/custom.d /etc/nginx/custom.d
COPY ./infra/php/php.ini /etc/php82/
COPY ./infra/php/php-fpm.conf /etc/php82/
COPY ./infra/php/www.conf /etc/php82/php-fpm.d/
Expand All @@ -48,10 +55,10 @@ WORKDIR /app
USER nginx
RUN composer update --no-cache --optimize-autoloader
RUN if [ ! -f /app/public/storage ] && [ ! -d /app/public/storage ]; then php artisan storage:link; fi
USER root
USER apps

EXPOSE 80
EXPOSE 8000

CMD [ "/run/start.sh" ]
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "--fail", "localhost/healt" ]
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "--fail", "localhost:10001/ping" ]
83 changes: 59 additions & 24 deletions Dockerfile-prod
View file
Original file line number Diff line number Diff line change
@@ -1,54 +1,89 @@
FROM alpine:3.19

ENV PS1="\[\e]0;\u@\h: \w\a\]${whoami}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ "
RUN apk update && apk add --no-cache curl bash bash-completion shadow \
&& apk add --no-cache nginx \
&& apk add --no-cache git python3 \

ENV PATH="/opt/venv/bin:/app:$PATH"
ENV TZ="Asia/Jakarta"
RUN echo "apps:x:0:0:root:/root:/bin/bash" >> /etc/passwd && \
echo "alias ll='ls -l'" >> /root/.bashrc \
&& apk update && apk add --no-cache curl=8.5.0-r0 \
shadow=4.14.2-r0 \
bash=5.2.21-r0 \
bash-completion=2.11-r6 \
tzdata=2024a-r0 \
nginx=1.24.0-r15 \
nginx-mod-stream=1.24.0-r15 \
docker=25.0.3-r1 \
python3=3.11.8-r0 \
git=2.43.0-r0 \
php82=8.2.16-r0 \
php82-phar=8.2.16-r0 \
php82-fpm=8.2.16-r0 \
php82-iconv=8.2.16-r0 \
php82-mbstring=8.2.16-r0 \
php82-gd=8.2.16-r0 \
php82-xml=8.2.16-r0 \
php82-zip=8.2.16-r0 \
php82-curl=8.2.16-r0 \
php82-opcache=8.2.16-r0 \
php82-fileinfo=8.2.16-r0 \
php82-session=8.2.16-r0 \
php82-dom=8.2.16-r0 \
php82-tokenizer=8.2.16-r0 \
php82-exif=8.2.16-r0 \
php82-xmlreader=8.2.16-r0 \
php82-simplexml=8.2.16-r0 \
php82-xmlwriter=8.2.16-r0 \
php82-sqlite3=8.2.16-r0 \
php82-pdo_sqlite=8.2.16-r0 \
php82-openssl=8.2.16-r0 \
php82-pecl-redis=6.0.2-r0 \
php82-mysqli=8.2.16-r0 \
php82-pdo_mysql=8.2.16-r0 \
certbot=2.7.4-r0 \
certbot-nginx=2.7.4-r0 \
&& python3 -m venv /opt/venv \
&& export PATH="/opt/venv/bin:$PATH" \
&& mkdir -p /run/php \
&& pip install wheel \
&& pip install supervisor \
&& pip install git+https://github.com/coderanger/supervisor-stdout \
&& apk add --no-cache php82 php82-fpm php82-cli php82-phar php82-iconv php82-mbstring \
php82-gd php82-xml php82-zip php82-curl php82-opcache \
php82-fileinfo php82-session php82-dom php82-tokenizer php82-exif \
php82-xmlreader php82-simplexml php82-xmlwriter \
php82-sqlite3 php82-pdo_sqlite php82-openssl php82-redis \
# bypass hadolint
&& echo "wheel==0.42.0" >> /tmp/pip.txt \
&& echo "supervisor==4.2.5" >> /tmp/pip.txt \
&& echo "git+https://github.com/coderanger/supervisor-stdout" >> /tmp/pip.txt \
&& pip install --no-cache-dir -r /tmp/pip.txt \
&& ln -s /usr/sbin/php-fpm82 /usr/sbin/php-fpm \
\
&& groupmod -og 1000 nginx \
&& usermod -ou 1000 -g 1000 nginx \
\
&& apk add certbot certbot-nginx --no-cache \
\
&& apk del shadow git \
&& curl -o /tmp/composer-setup.php https://getcomposer.org/installer \
&& php /tmp/composer-setup.php --no-ansi --install-dir=/usr/local/bin --filename=composer \
&& rm -rf /tmp/* /var/cache/apk/* /lib/apk/* ~/.cache

ENV PATH="/opt/venv/bin:/app:$PATH"
COPY ./infra/nginx/nginx.conf /etc/nginx/
COPY ./infra/nginx/default.conf /etc/nginx/http.d/
COPY ./infra/nginx/stream.d /etc/nginx/stream.d
COPY ./infra/nginx/custom.d /etc/nginx/custom.d
COPY ./infra/php/php.ini /etc/php82/
COPY ./infra/php/php-fpm.conf /etc/php82/
COPY ./infra/php/www.conf /etc/php82/php-fpm.d/
COPY ./infra/supervisord.conf /etc/supervisord.conf
COPY ./infra/start.sh /run/
RUN chmod +x /run/start.sh

ADD --chown=nginx:nginx ./web /app
ADD ./infra/db.sqlite /app/database/
COPY --chown=nginx:nginx ./web /app
COPY --chown=nginx:nginx ./infra/.env-prod /app/.env
RUN chmod +x /app/artisan
COPY ./infra/db.sqlite /app/database/
COPY ./infra/cron.txt /tmp/
RUN cat /tmp/cron.txt >> /etc/crontabs/root && rm /tmp/cron.txt \
&& chmod +x /app/artisan && chmod +x /run/start.sh

WORKDIR /app
USER nginx
RUN composer update --no-dev --no-cache --optimize-autoloader
RUN if [ ! -f /app/public/storage ] && [ ! -d /app/public/storage ]; then php artisan storage:link; fi
USER root
RUN composer update --no-dev --no-cache --optimize-autoloader && \
if [ ! -f /app/public/storage ] && [ ! -d /app/public/storage ]; then php artisan storage:link; fi
USER apps

EXPOSE 80
EXPOSE 443
EXPOSE 8000

CMD [ "/run/start.sh" ]
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "--fail", "localhost/healt" ]
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "--fail", "localhost:10001/ping" ]
Loading

0 comments on commit 0088d5b

Please sign in to comment.