cd/cd: add deployment

scify · Oct 3, 2024 · eff4b56 · eff4b56
1 parent 4dc9105
commit eff4b56
Show file tree

Hide file tree

Showing 3 changed files with 211 additions and 0 deletions.
diff --git a/.github/templates/.env.j2 b/.github/templates/.env.j2
@@ -0,0 +1,92 @@
+APP_NAME="Crowdsourcing platform | Let's crowdsource our future"
+APP_ENV=production
+APP_KEY={{ APP_KEY }}
+APP_DEBUG=true
+DEBUGBAR_ENABLED=false
+APP_LOG_LEVEL=debug
+APP_URL=http://localhost
+APP_VERSION=v5.0
+GOOGLE_MAPS_KEY=
+
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE={{ DB_NAME }}
+DB_USERNAME={{ DB_USER }}
+DB_PASSWORD={{ DB_PASSWORD }}
+
+BROADCAST_DRIVER=redis
+CACHE_DRIVER=file
+QUEUE_CONNECTION=redis
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+REDIS_CLIENT=predis
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+REDIS_PREFIX=crowdsourcing_
+
+[email protected]
+MAIL_FROM_NAME=Crowdsourcing_Platform
+MAIL_MAILER=smtp
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=
+MAIL_PASSWORD=
+MAIL_ENCRYPTION=null
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+PUSHER_APP_CLUSTER=mt1
+
+PERSONAL_CLIENT_ID=1
+PERSONAL_CLIENT_SECRET=
+PASSWORD_CLIENT_ID=2
+PASSWORD_CLIENT_SECRET=
+
+FACEBOOK_CLIENT_ID=
+FACEBOOK_CLIENT_SECRET=
+
+TWITTER_CLIENT_ID=
+TWITTER_CLIENT_SECRET=
+
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+
+MICROSOFT_CLIENT_ID=
+MICROSOFT_CLIENT_SECRET=
+
+LINKEDIN_CLIENT_ID=
+LINKEDIN_CLIENT_SECRET=
+
+DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED=12345678
+
+GOOGLE_TRANSLATE_KEY=
+
+# MAILCHIMP INTEGRATION
+MAILCHIMP_API_KEY=
+
+# SENTRY DSN
+SENTRY_LARAVEL_DSN=
+SENTRY_TRACES_SAMPLE_RATE=1.0
+VITE_SENTRY_DSN_PUBLIC="${SENTRY_LARAVEL_DSN}"
+
+# GOOGLE ANALYTICS ID
+GA_ID=YOUR_ANALYTICS_ID
+GOOGLE_TAG_MANAGER_ID=GTM-123
+
+VITE_APP_URL="${APP_URL}"
+USERWAY_ID=
+
+# Installation variables
+INSTALLATION_RESOURCES_DIR=together
+INSTALLATION_COMPANY_NAME="company name here"
+INSTALLATION_COMPANY_ADDRESS="address"
+INSTALLATION_COMPANY_PHONE="+123"
+INSTALLATION_COMPANY_EMAIL="info(at)company.org"
+
+# Newsletter variables
+NEWSLETTER_LIST_ID_NEWSLETTER=# this should come from the mailchimp_lists DB table
+NEWSLETTER_LIST_ID_NEWSLETTER_REGISTERED_USERS=# this should come from the mailchimp_lists DB table
diff --git a/.github/templates/wg0.j2 b/.github/templates/wg0.j2
@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.10.0.19/32
+ListenPort = 48123
+PrivateKey = {{ WIREGUARD_PRIVATE_KEY }}
+
+[Peer]
+PublicKey = {{ VPN_SERVER_PUBLIC_KEY }}
+AllowedIPs = 10.10.0.0/24
+Endpoint = pegasus.scify.org:1194
+PersistentKeepalive = 25
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,109 @@
+name: Deploy to Production
+
+on:
+  workflow_dispatch:
+  push:
+
+    branches:
+
+      - staging_sec_data
+
+env:
+  PHP_VERSION: '8.2'
+  SERVER_HOSTNAME: 'staging.scify.org'
+  REMOTE_USER: 'project_crowdsourcing_sec_data'
+  PROJECT_URL: 'crowcrowdsourcing-ecas.staging.scify.org'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/[email protected]
+
+      - name: Install wireguard
+        run: sudo apt install wireguard
+
+      - name: Create wg0 file
+        uses: cuchi/[email protected]
+        with:
+          template: .github/templates/wg0.j2
+          output_file: wg0.conf
+          variables: |
+            WIREGUARD_PRIVATE_KEY=${{ secrets.WIREGUARD_PRIVATE_KEY }}
+            VPN_SERVER_PUBLIC_KEY=${{ secrets.VPN_SERVER_PUBLIC_KEY }}
+      
+
+
+      - name: Move wg0.conf to /etc/wireguard
+        run: sudo mv wg0.conf /etc/wireguard/wg0.conf
+
+      - name: Start wireguard
+        run: sudo wg-quick up wg0
+
+      - name: Checkout repo
+        uses: actions/[email protected]
+
+      - name: Add frodo to etc hosts
+        run: echo "10.10.0.100 frodo.scify.org" | sudo tee -a /etc/hosts
+
+      - name: read password from vault
+        uses: hashicorp/vault-action@v2
+        with:
+          url: https://frodo.scify.org:8200
+          caCertificate: ${{ secrets.VAULT_CA_CERT }}
+          method: userpass
+          username: ${{ secrets.VAULT_USER }}
+          password: ${{ secrets.VAULT_PASSWORD }}
+          secrets: |
+            Projects/crowdsourcing/scify-installation-together/staging_sec_data/database db_name | DB_NAME ;
+            Projects/crowdsourcing/scify-installation-together/staging_sec_data/database db_user | DB_USER ;
+            Projects/crowdsourcing/scify-installation-together/staging_sec_data/database password | DB_PASSWORD ;
+      
+
+
+
+    - name: Create .env file
+      uses: cuchi/[email protected]
+      with:
+        template: .github/templates/.env.j2
+        output_file: .env
+        variables: |
+          DB_NAME=${{ secrets.DB_NAME }}
+          DB_USER=${{ secrets.DB_USER }}
+          DB_PASSWORD=${{ secrets.DB_PASSWORD }}
+  
+
+    - name: Setup node
+      uses: actions/setup-node@v4
+      with:
+        node-version-file: '.nvmrc'
+
+    - name: Install node dependencies
+      run: npm install
+
+    - name: Build assets
+      run: npm run build
+
+
+    - name: SCP files to staging server
+      uses: easingthemes/[email protected]
+      env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY_STAGING_SERVER }}
+          REMOTE_PORT: 222
+          SOURCE: "./"
+          REMOTE_HOST: ${{ env.SERVER_HOSTNAME }}
+          REMOTE_USER: ${{ env.REMOTE_USER }}
+          TARGET: "/home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}"
+
+
+    - name: Run composer install on remote server
+      uses: appleboy/[email protected]
+      with:
+        host: ${{ env.PRODUCTION_SERVER_HOSTNAME }}
+        username: ${{ env.REMOTE_USER }}
+        key: ${{ secrets.SSH_KEY_STAGING_SERVER }}
+        script: |
+          cd /home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}
+          composer install --no-dev --no-interaction --no-progress --optimize-autoloader