From d5818293b81ec06f68a3b822431a426c98bd2413 Mon Sep 17 00:00:00 2001 From: Simon Dalvai Date: Tue, 12 Mar 2024 13:58:10 +0100 Subject: [PATCH] start creation of infra and github actions --- .env.sample | 4 +- .github/workflows/mian.yml | 85 +++++++++++++++++++ .github/workflows/reuse.yml | 12 +++ .reuse/dep5 | 2 +- docker-compose.yaml | 7 +- infrastructure/ansible/ansible.cfg | 4 + infrastructure/ansible/deploy.yml | 19 +++++ infrastructure/ansible/hosts | 5 ++ infrastructure/ansible/requirements.yml | 2 + infrastructure/ansible/roles/.gitignore | 2 + infrastructure/docker-compose.build.yml | 8 ++ infrastructure/docker-compose.run.yml | 8 ++ .../docker/Dockerfile.conferences | 0 .../docker/Dockerfile.push_notifications | 0 .../docker/Dockerfile.telegram | 0 infrastructure/docker/dockerfile-static-nginx | 4 + infrastructure/nginx/default.conf | 32 +++++++ 17 files changed, 187 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/mian.yml create mode 100644 .github/workflows/reuse.yml create mode 100644 infrastructure/ansible/ansible.cfg create mode 100644 infrastructure/ansible/deploy.yml create mode 100644 infrastructure/ansible/hosts create mode 100644 infrastructure/ansible/requirements.yml create mode 100644 infrastructure/ansible/roles/.gitignore create mode 100644 infrastructure/docker-compose.build.yml create mode 100644 infrastructure/docker-compose.run.yml rename {src => infrastructure}/docker/Dockerfile.conferences (100%) rename {src => infrastructure}/docker/Dockerfile.push_notifications (100%) rename {src => infrastructure}/docker/Dockerfile.telegram (100%) create mode 100644 infrastructure/docker/dockerfile-static-nginx create mode 100644 infrastructure/nginx/default.conf diff --git a/.env.sample b/.env.sample index 47ee011..cce5299 100644 --- a/.env.sample +++ b/.env.sample @@ -26,9 +26,9 @@ CHECKIN_LANES='{"LANE1":"__PLACE_YOUR_LANE1_UUID__", "LANE3":"__PLACE_YOUR_LANE3_UUID__", "LANE4":"__PLACE_YOUR_LANE4_UUID__"}' -LANE2PORT={"LANE1":"__PORT__", +LANE2PORT='{"LANE1":"__PORT__", "LANE2":"__PORT__", - "LANE3":"__PORT__"} + "LANE3":"__PORT__"}' ADMIN_USERNAME=__ADMIN_USERNAME__ ADMIN_PASSWORD=__ADMIN_PLAINTEXT_PASSWORD__ \ No newline at end of file diff --git a/.github/workflows/mian.yml b/.github/workflows/mian.yml new file mode 100644 index 0000000..118c5d2 --- /dev/null +++ b/.github/workflows/mian.yml @@ -0,0 +1,85 @@ +name: CI/CD + +on: + push: + pull_request: + +env: + PROJECT_NAME: sfscon-backend + DOCKER_IMAGE: ghcr.io/${{ github.repository }}/sfscon-backend + +jobs: + deploy-test: + runs-on: ubuntu-22.04 + if: github.ref == 'refs/heads/main' + concurrency: deploy-test + env: + SERVER_PORT: 1005 + DOCKER_TAG: ${{ github.sha }}-test + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Create .env file + uses: noi-techpark/github-actions/env-file@v2 + with: + working-directory: ${{ env.WORKING_DIRECTORY }} + env: + X_SERVER_PORT: ${{ env.SERVER_PORT }} + X_DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }} + X_DOCKER_TAG: ${{ env.DOCKER_TAG }} + + - name: Build and push images + uses: noi-techpark/github-actions/docker-build-and-push@v2 + with: + working-directory: infrastructure + docker-username: ${{ github.actor }} + docker-password: ${{ secrets.GITHUB_TOKEN }} + + - name: Deploy application + uses: noi-techpark/github-actions/docker-deploy@v2 + with: + working-directory: infrastructure/ansible + hosts: "test" + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + docker-username: "noi-techpark-bot" + docker-password: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + project-name: ${{ env.PROJECT_NAME }} + + deploy-prod: + runs-on: ubuntu-22.04 + if: github.ref == 'refs/heads/prod' + # needs: test + concurrency: deploy-prod + env: + SERVER_PORT: 1006 + DOCKER_TAG: ${{ github.sha }} + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Create .env file + uses: noi-techpark/github-actions/env-file@v2 + with: + working-directory: ${{ env.WORKING_DIRECTORY }} + env: + X_SERVER_PORT: ${{ env.SERVER_PORT }} + X_DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }} + X_DOCKER_TAG: ${{ env.DOCKER_TAG }} + + - name: Build and push images + uses: noi-techpark/github-actions/docker-build-and-push@v2 + with: + working-directory: infrastructure + docker-username: ${{ github.actor }} + docker-password: ${{ secrets.GITHUB_TOKEN }} + + - name: Deploy application + uses: noi-techpark/github-actions/docker-deploy@v2 + with: + working-directory: infrastructure/ansible + hosts: "test" + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + docker-username: "noi-techpark-bot" + docker-password: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} + project-name: ${{ env.PROJECT_NAME }} \ No newline at end of file diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml new file mode 100644 index 0000000..409a9e1 --- /dev/null +++ b/.github/workflows/reuse.yml @@ -0,0 +1,12 @@ +name: REUSE Compliance Check + +on: push + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout source code + uses: actions/checkout@v2 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@v3 \ No newline at end of file diff --git a/.reuse/dep5 b/.reuse/dep5 index 93f78a4..2ff2a7d 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -3,7 +3,7 @@ Upstream-Name: OpenCON Upstream-Contact: DigitalCUBE Source: https://m.opencon.dev/ -Files: .gitignore *.sample .env.sample docker-compose.yaml src/*.py src/*.yaml src/*.xml src/docker/* README.md requirements.txt src/pyproject.toml src/tests/assets/fake_attendees.json src/tests/pytest.ini +Files: .gitignore *.sample .env.sample docker-compose.yaml src/*.py src/*.yaml src/*.xml infrastructure/docker/* README.md requirements.txt src/pyproject.toml src/tests/assets/fake_attendees.json src/tests/pytest.ini Copyright: 2023 DigitalCUBE License: GPL-3.0-or-later diff --git a/docker-compose.yaml b/docker-compose.yaml index 8c480a8..dd4c4d7 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,7 +1,6 @@ services: redis: - command: redis-server hostname: redis image: redis:alpine @@ -11,7 +10,7 @@ services: conferences: build: context: . - dockerfile: src/docker/Dockerfile.conferences + dockerfile: ../infrastructure/docker/Dockerfile.conferences command: uvicorn main:app --host 0.0.0.0 --reload # sleep 9999999999 depends_on: - redis @@ -28,7 +27,7 @@ services: telegram: build: context: . - dockerfile: src/docker/Dockerfile.telegram + dockerfile: ../infrastructure/docker/Dockerfile.telegram command: python workers/telegram.py # sleep 99999 depends_on: @@ -45,7 +44,7 @@ services: push_notifications: build: context: . - dockerfile: src/docker/Dockerfile.push_notifications + dockerfile: ../infrastructure/docker/Dockerfile.push_notifications command: python workers/push_notifications.py # sleep 99999 depends_on: diff --git a/infrastructure/ansible/ansible.cfg b/infrastructure/ansible/ansible.cfg new file mode 100644 index 0000000..bec5ce0 --- /dev/null +++ b/infrastructure/ansible/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +inventory = ./hosts +roles_path = ./roles +retry_files_enabled = False diff --git a/infrastructure/ansible/deploy.yml b/infrastructure/ansible/deploy.yml new file mode 100644 index 0000000..c01d4fe --- /dev/null +++ b/infrastructure/ansible/deploy.yml @@ -0,0 +1,19 @@ +--- +- hosts: all + vars: + ansible_python_interpreter: /usr/bin/python3 + tasks: + - name: Login to GitHub Container Registry + ansible.builtin.shell: + cmd: echo "{{ docker_password }}" | docker login "{{ docker_host }}" --username "{{ docker_username }}" --password-stdin + - name: Execute Docker deployment + ansible.builtin.include_role: + name: ansible-docker-deployment + vars: + docker_deployment_project_name: '{{ project_name }}' + docker_deployment_release_name: '{{ release_name }}' + docker_deployment_release_files: + - local: ../docker-compose.run.yml + remote: docker-compose.yml + - local: ../../.env + remote: .env diff --git a/infrastructure/ansible/hosts b/infrastructure/ansible/hosts new file mode 100644 index 0000000..94e8d78 --- /dev/null +++ b/infrastructure/ansible/hosts @@ -0,0 +1,5 @@ +[test] +docker03.testingmachine.eu ansible_user='noi-techpark-bot' ansible_ssh_common_args='-o StrictHostKeyChecking=no' + +[prod] +docker03.opendatahub.com ansible_user='noi-techpark-bot' ansible_ssh_common_args='-o StrictHostKeyChecking=no' diff --git a/infrastructure/ansible/requirements.yml b/infrastructure/ansible/requirements.yml new file mode 100644 index 0000000..cb9e81b --- /dev/null +++ b/infrastructure/ansible/requirements.yml @@ -0,0 +1,2 @@ +- src: git+https://github.com/noi-techpark/ansible-docker-deployment.git + version: "2.0" diff --git a/infrastructure/ansible/roles/.gitignore b/infrastructure/ansible/roles/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/infrastructure/ansible/roles/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/infrastructure/docker-compose.build.yml b/infrastructure/docker-compose.build.yml new file mode 100644 index 0000000..8e02b75 --- /dev/null +++ b/infrastructure/docker-compose.build.yml @@ -0,0 +1,8 @@ +version: "3.4" + +services: + app: + image: ${DOCKER_IMAGE}:${DOCKER_TAG} + build: + context: ../ + dockerfile: infrastructure/docker/dockerfile-static-nginx diff --git a/infrastructure/docker-compose.run.yml b/infrastructure/docker-compose.run.yml new file mode 100644 index 0000000..59e1920 --- /dev/null +++ b/infrastructure/docker-compose.run.yml @@ -0,0 +1,8 @@ +version: "3.4" + +services: + app: + image: ${DOCKER_IMAGE}:${DOCKER_TAG} + restart: unless-stopped + ports: + - ${SERVER_PORT}:80 \ No newline at end of file diff --git a/src/docker/Dockerfile.conferences b/infrastructure/docker/Dockerfile.conferences similarity index 100% rename from src/docker/Dockerfile.conferences rename to infrastructure/docker/Dockerfile.conferences diff --git a/src/docker/Dockerfile.push_notifications b/infrastructure/docker/Dockerfile.push_notifications similarity index 100% rename from src/docker/Dockerfile.push_notifications rename to infrastructure/docker/Dockerfile.push_notifications diff --git a/src/docker/Dockerfile.telegram b/infrastructure/docker/Dockerfile.telegram similarity index 100% rename from src/docker/Dockerfile.telegram rename to infrastructure/docker/Dockerfile.telegram diff --git a/infrastructure/docker/dockerfile-static-nginx b/infrastructure/docker/dockerfile-static-nginx new file mode 100644 index 0000000..b203162 --- /dev/null +++ b/infrastructure/docker/dockerfile-static-nginx @@ -0,0 +1,4 @@ +FROM nginx:1.23.4-alpine-slim + +COPY ./databrowser/dist /usr/share/nginx/html +COPY ./infrastructure/nginx/default.conf /etc/nginx/conf.d/default.conf \ No newline at end of file diff --git a/infrastructure/nginx/default.conf b/infrastructure/nginx/default.conf new file mode 100644 index 0000000..4bfd54a --- /dev/null +++ b/infrastructure/nginx/default.conf @@ -0,0 +1,32 @@ +server { + listen 80; + listen [::]:80; + server_name localhost; + + include mime.types; + types { + font/ttf ttf; + } + + access_log off; + + gzip on; + gzip_types text/html application/javascript application/json text/css font/ttf application/x-font-ttf; + + root /usr/share/nginx/html; + index index.html index.htm; + + location / { + try_files $uri $uri/ $uri.html /index.html; + } + + location ~* \.(?:css|js|jpg|svg|ttf)$ { + expires 30d; + add_header Cache-Control "public"; + } + + location ~* \.(?:json)$ { + expires 1d; + add_header Cache-Control "public"; + } +} \ No newline at end of file