diff --git a/.env.sample b/.env.sample index 5d6bcde..d2eabac 100644 --- a/.env.sample +++ b/.env.sample @@ -1,3 +1,4 @@ +DB_USER=postgres DB_HOST=localhost DB_PORT=5432 DB_NAME=phinvads diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml index 5cce8a7..d10d91b 100644 --- a/.github/workflows/deployment.yaml +++ b/.github/workflows/deployment.yaml @@ -45,23 +45,33 @@ jobs: --description "Allow SSH from GitHub Actions" sleep 3 - - name: Deploy phinvads-go to VM + - name: Write SSH key to file env: - AZURE_VM_IP: ${{ secrets.AZURE_VM_IP }} AZURE_VM_SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }} run: | install -m 600 -D /dev/null ~/.ssh/phinvads-go echo "${{ secrets.AZURE_VM_SSH_KEY }}" > ~/.ssh/phinvads-go + echo "IdentityFile /home/azureuser/.ssh/phinvads-go" >> ~/.ssh/config + + - name: Build phinvads-go + run: | go install github.com/a-h/templ/cmd/templ@latest templ generate go build -o phinvads-go ./cmd/phinvads-go - scp -i ~/.ssh/phinvads-go -o StrictHostKeyChecking=no ./phinvads-go azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go + + - name: Deploy phinvads-go to VM + env: + AZURE_VM_IP: ${{ secrets.AZURE_VM_IP }} + run: | + scp -o StrictHostKeyChecking=accept-new ./phinvads-go azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go + scp ./remote/production/phinvads-go.service azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go.service + ssh azureuser@${AZURE_VM_IP} "sudo mv phinvads-go.service /etc/systemd/system/phinvads-go.service && sudo systemctl enable phinvads-go && sudo systemctl restart phinvads-go" - name: Disallow GitHub Runner IP run: | set -eu agentIP=$(curl -s https://api.ipify.org/) - az network nsg rule remove \ + az network nsg rule delete \ --resource-group phinvads-go \ --nsg-name phinvads-go-nsg \ --name AllowSSHFromGitHubActions diff --git a/go.mod b/go.mod index e3f23b3..6060a02 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/skylight-hq/phinvads-go go 1.23.0 require ( - github.com/a-h/templ v0.2.747 + github.com/a-h/templ v0.2.771 github.com/jackc/pgx/v5 v5.6.0 github.com/joho/godotenv v1.5.1 github.com/justinas/alice v1.2.0 @@ -16,6 +16,6 @@ require ( github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect github.com/jackc/puddle/v2 v2.2.1 // indirect golang.org/x/crypto v0.17.0 // indirect - golang.org/x/sync v0.3.0 // indirect + golang.org/x/sync v0.8.0 // indirect golang.org/x/text v0.14.0 // indirect ) diff --git a/go.sum b/go.sum index acd20c3..85f7f44 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/a-h/templ v0.2.747 h1:D0dQ2lxC3W7Dxl6fxQ/1zZHBQslSkTSvl5FxP/CfdKg= github.com/a-h/templ v0.2.747/go.mod h1:69ObQIbrcuwPCU32ohNaWce3Cb7qM5GMiqN1K+2yop4= +github.com/a-h/templ v0.2.771 h1:4KH5ykNigYGGpCe0fRJ7/hzwz72k3qFqIiiLLJskbSo= +github.com/a-h/templ v0.2.771/go.mod h1:lq48JXoUvuQrU0VThrK31yFwdRjTCnIE5bcPCM9IP1w= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/bool64/dev v0.2.28 h1:6ayDfrB/jnNr2iQAZHI+uT3Qi6rErSbJYQs1y8rSrwM= @@ -34,6 +36,7 @@ golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/config/main.go b/internal/config/main.go index cb25f12..78f5600 100644 --- a/internal/config/main.go +++ b/internal/config/main.go @@ -23,10 +23,11 @@ func init() { } func LoadConfig() *Config { + dbUser := os.Getenv("DB_USER") dbHost := os.Getenv("DB_HOST") dbPort := os.Getenv("DB_PORT") dbName := os.Getenv("DB_NAME") - dbString := fmt.Sprintf(`postgresql://%s:%s/%s`, dbHost, dbPort, dbName) + dbString := fmt.Sprintf(`postgresql://%s@%s:%s/%s`, dbUser, dbHost, dbPort, dbName) host := os.Getenv("HOST") port := os.Getenv("PORT") diff --git a/remote/production/phinvads-go.service b/remote/production/phinvads-go.service new file mode 100644 index 0000000..28ae95c --- /dev/null +++ b/remote/production/phinvads-go.service @@ -0,0 +1,33 @@ +[Unit] +Description=PHIN VADS in Go + +# Wait until PostgreSQL is running and the network is "up" before starting the service. +After=postgresql.service +After=network-online.target +Wants=network-online.target + +# Configure service start rate limiting. If the service is (re)started more than 5 times +# in 600 seconds then don't permit it to start anymore. +StartLimitIntervalSec=600 +StartLimitBurst=5 + +[Service] +# Execute the API binary as the azureuser user, loading the environment variables from +# /etc/environment and using the working directory /home/azureuser. +Type=exec +User=azureuser +Group=azureuser +EnvironmentFile=/etc/environment +WorkingDirectory=/home/azureuser +ExecStart=/home/azureuser/phinvads-go + +# Automatically restart the service after a 5-second wait if it exits with a non-zero +# exit code. If it restarts more than 5 times in 600 seconds, then the rate limit we +# configured above will be hit and it won't be restarted anymore. +Restart=on-failure +RestartSec=5 + +[Install] +# Start the service automatically at boot time (the 'multi-user.target' describes a boot +# state when the system will accept logins). +WantedBy=multi-user.target