Merge pull request #124 from RA341/ci-cd

Adds CI/CD to devU

.github/workflows/beta.yml

@@ -0,0 +1,59 @@
+# Builds DevU images on develop
+# tagged as beta
+
+name: Build DevU beta
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      packages: write # to be able to publish docker image packages
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      # todo run tests
+
+      # docker image build
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Convert image name to lowercase
+        run: |
+          original_string=${{ github.repository }}
+          echo "repo_url=$(echo $original_string | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      # beta tags
+      - name: API beta image
+        run: |
+          docker build . -f api.Dockerfile -t ghcr.io/${{ env.repo_url }}-api:beta
+          docker push ghcr.io/${{ env.repo_url }}-api:beta
+
+      - name: client beta image
+        run: |
+          docker build . -f client.Dockerfile -t ghcr.io/${{ env.repo_url }}-client:beta
+          docker push ghcr.io/${{ env.repo_url }}-client:beta
+
+      - name: nginx beta image
+        run: |
+          docker build . -f nginx.Dockerfile -t ghcr.io/${{ env.repo_url }}-nginx:beta
+          docker push ghcr.io/${{ env.repo_url }}-nginx:beta
+
+      - name: build tango image
+        run: |
+          docker build ./tango -f ./tango/Dockerfile -t ghcr.io/${{ env.repo_url }}-tango:beta
+          docker push ghcr.io/${{ env.repo_url }}-tango:beta
+      

.github/workflows/release.yml

@@ -0,0 +1,97 @@
+# Builds DevU images for release
+# tagged as latest and version number
+
+name: Release
+on:
+  push:
+    branches:
+      - release
+
+jobs:
+  tag-release:
+    name: tag-release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      packages: write # to be able to publish docker image packages
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "lts/*"
+      - name: install plugins
+        run: npm install --no-save @semantic-release/git @semantic-release/changelog -D
+
+      - name: tag version number release based on commits
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npx semantic-release
+
+  build-docker:
+    needs:
+      - tag-release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      packages: write # to be able to publish docker images
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Get version tag from git history
+        id: tagName
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+
+      # todo run tests
+      - name: Convert image name to lowercase
+        run: |
+          original_string=${{ github.repository }}
+          echo "repo_url=$(echo $original_string | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      # docker image build
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: API latest and version image
+        run: |
+          docker build . -f api.Dockerfile -t ghcr.io/${{ env.repo_url }}-api:${{ steps.tagName.outputs.tag }}
+          docker push ghcr.io/${{ env.repo_url }}-api:${{ steps.tagName.outputs.tag }}
+          
+          docker build . -f api.Dockerfile -t ghcr.io/${{ env.repo_url }}-api:latest
+          docker push ghcr.io/${{ env.repo_url }}-api:latest
+
+      - name: client latest and version image
+        run: |
+          docker build . -f client.Dockerfile -t ghcr.io/${{ env.repo_url }}-client:${{ steps.tagName.outputs.tag }}
+          docker push ghcr.io/${{ env.repo_url }}-client:${{ steps.tagName.outputs.tag }}
+          
+          docker build . -f client.Dockerfile -t ghcr.io/${{ env.repo_url }}-client:latest
+          docker push ghcr.io/${{ env.repo_url }}-client:latest
+
+      - name: nginx latest and version image
+        run: |
+          docker build . -f nginx.Dockerfile -t ghcr.io/${{ env.repo_url }}-nginx:${{ steps.tagName.outputs.tag }}
+          docker push ghcr.io/${{ env.repo_url }}-nginx:${{ steps.tagName.outputs.tag }}
+          
+          docker build . -f nginx.Dockerfile -t ghcr.io/${{ env.repo_url }}-nginx:latest
+          docker push ghcr.io/${{ env.repo_url }}-nginx:latest
+
+      - name: tango latest and version image
+        run: |
+          docker build ./tango -f ./tango/Dockerfile -t ghcr.io/${{ env.repo_url }}-tango:latest
+          docker push ghcr.io/${{ env.repo_url }}-tango:latest

.releaserc.json

@@ -0,0 +1,14 @@
+{
+  "branches": [
+    {
+      "name": "release"
+    }
+  ],
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/changelog",
+    "@semantic-release/github",
+    "@semantic-release/git"
+  ]
+}

api.Dockerfile

@@ -1,13 +1,4 @@
-FROM python:alpine AS config
-
-WORKDIR /stage
-COPY devU-api/config ./config
-COPY devU-api/scripts/generateConfig.sh ./generateConfig.sh
-RUN apk add --no-cache bash jq openssl \
-  && pip install yq
-RUN ./generateConfig.sh ./default.yml
-
-FROM node:20 as module_builder
+FROM node:20 AS module_builder
 
 WORKDIR /tmp
 
@@ -17,6 +8,19 @@ RUN npm install && \
     npm run clean-directory && \
     npm run build-docker
 
+FROM docker.io/python:alpine AS config-builder
+
+WORKDIR /config
+
+RUN apk add --no-cache bash jq openssl \
+  && pip install yq
+
+COPY devU-api/scripts/ .
+
+COPY devU-api/config/ ./config
+
+RUN ./generateConfig.sh default.yml
+
 FROM node:20
 
 WORKDIR /app
@@ -27,9 +31,13 @@ RUN npm install
 
 COPY ./devU-api .
 
-COPY --from=config /stage/default.yml ./config/default.yml
+COPY --from=config-builder /config/default.yml ./config/default.yml
+
 COPY --from=module_builder /tmp/devu-shared-modules ./devu-shared-modules
 
+# Indicate that the api is running in docker; value here is irrelevant
+ENV IS_DOCKER=0
+
 ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.2.1/wait /wait
 RUN chmod +x /wait
 

devU-api/src/environment.ts

@@ -49,7 +49,7 @@ const refreshTokenBuffer = load('auth.jwt.refreshTokenExpirationBufferSeconds')
 
 // if the dev env exists then file is running inside docker
 // if it is undefined it is running on dev machine
-const isDocker = !(process.env.dev === undefined)
+const isDocker = !(process.env.IS_DOCKER === undefined)
 
 if (isDocker && process.env.TANGO_KEY === undefined) {
   throw Error(
@@ -67,7 +67,8 @@ const environment = {
   dbUsername: (load('database.username') || 'typescript_user') as string,
   dbPassword: (load('database.password') || 'password') as string,
   database: (load('database.name') || 'typescript_api') as string,
-
+  // environment info
+  isDocker: isDocker,
   // the below one is for local migration, due to some issues with command will not running load function nor 'localhost'
 
   // dbHost: ('localhost') as string,
@@ -92,7 +93,7 @@ const environment = {
   refreshTokenExpirationBufferSeconds: parseInt(refreshTokenBuffer),
 
   // BE CAREFUL WITH PROVIDERS - THEY'RE NOT TOTALLY TYPE SAFE UNLESS PROPERLY CONFIGURED
-  providers: config.get('auth.providers') as Providers,
+  providers: config.get('auth.providers') as Providers
 }
 
 export default environment

devU-api/src/index.ts

@@ -41,6 +41,8 @@ initializeMinio()
     app.use(morgan('combined'))
     app.use(passport.initialize())
 
+    console.log(`Api: ${environment.isDocker ? '' : 'not'} running in docker`)
+
     // Middleware;
     app.use('/', router)
     app.use(errorHandler)

compose.yml → docker-compose.yml

@@ -20,7 +20,6 @@ services:
     environment:
       TANGO_KEY: devutangokey # TODO: load in from env file. for now this is defined in tango section below
       WAIT_HOSTS: db:5432
-      dev: 0 # value here is irrelevant; just here to make sure dev env exists
     ports:
       - '3001:3001'
     profiles:

prod-docker-compose.yml

@@ -0,0 +1,106 @@
+# example production compose file,
+# remember to copy tango.config.py to the working directory from where the compose file is ran
+
+name: devu
+services:
+  api:
+    # Runs the API
+    container_name: api
+    image: ghcr.io/makeopensource/devu-api:beta
+    environment:
+      TANGO_KEY: devutangokey # TODO: load in from env file. for now this is defined in tango section below
+      WAIT_HOSTS: db:5432
+    depends_on:
+      db:
+        condition: service_started
+#      config:
+#        condition: service_completed_successfully
+    ports:
+      - '3001:3001'
+
+  client:
+    # Builds the front end and exports static files to ./dist
+    image: ghcr.io/makeopensource/devu-client:beta
+    volumes:
+      - ./dist:/out
+
+  nginx:
+    # Hosts the front end static files from ./dist/local thorough a web server
+    image: ghcr.io/makeopensource/devu-nginx:beta
+    volumes:
+      - ./dist/local:/usr/share/nginx/html
+    ports:
+      - '9000:80'
+
+  db:
+    # Runs the PostgreSQL database
+    image: postgres
+    environment:
+      POSTGRES_DB: typescript_api
+      POSTGRES_USER: typescript_user
+      POSTGRES_PASSWORD: password
+    ports:
+      - '5432:5432'
+    expose:
+      - '5432'
+
+  minio:
+    image: minio/minio
+    ports:
+      - '9002:9000'
+      - '9001:9001'
+    expose:
+      - '9000'
+    #    volumes:
+    #      - /tmp/data:/data
+    environment:
+      MINIO_ROOT_USER: typescript_user
+      MINIO_ROOT_PASSWORD: changeMe
+    command: server /data --console-address ":9001"
+
+  # tango stuff
+  redis:
+    container_name: redis
+    image: redis:latest
+    ports:
+      - '127.0.0.1:6379:6379'
+    deploy:
+      replicas: 1
+    restart: unless-stopped
+
+  tango:
+    container_name: tango
+    ports:
+      - '127.0.0.1:3000:3000'
+    image: ghcr.io/makeopensource/devu-tango:beta
+    environment:
+      - DOCKER_REDIS_HOSTNAME=redis
+      - RESTFUL_KEY=devutangokey
+#      - DOCKER_DEPLOYMENT
+      # Path to volumes within the Tango container. Does not need to be modified.
+#      - DOCKER_VOLUME_PATH
+      # TODO remember to modify the below to be the path to the absolute path of tango_files` on your host machine
+      - DOCKER_TANGO_HOST_VOLUME_PATH=/absolute/path/to/tango_files
+
+    depends_on:
+      - redis
+    volumes:
+      - ./tango.config.py:/opt/TangoService/Tango/config.py
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./logs/tango/:/var/log/tango/
+      - ./logs/tangonginx:/var/log/nginx
+      - ./tango_files:/opt/TangoService/Tango/volumes
+    restart: unless-stopped
+
+  # autoupdate containers
+  watchtower:
+    container_name: watchtower
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - TZ=${TZ}
+      - WATCHTOWER_POLL_INTERVAL=30
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_INCLUDE_STOPPED=true
+    restart: unless-stopped