From 4fa6135279dfa312f098c86f1a8a0d9d6bc26bd2 Mon Sep 17 00:00:00 2001 From: Keijo Raamat <49017291+keijoraamat@users.noreply.github.com> Date: Thu, 29 Jul 2021 14:59:00 +0300 Subject: [PATCH] build staging image (#2042) * build image * envs for dockerfile * precompiling assets on image build * App server gem to core group --- .github/workflows/build_deploy_staging.yml | 138 +++++++++++++++++++++ .github/workflows/remove_st_after_pr.yml | 97 +++++++++++++++ .gitignore | 2 +- Dockerfile.generic | 20 +++ Gemfile | 4 +- Gemfile.lock | 2 +- 6 files changed, 259 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/build_deploy_staging.yml create mode 100644 .github/workflows/remove_st_after_pr.yml create mode 100644 Dockerfile.generic diff --git a/.github/workflows/build_deploy_staging.yml b/.github/workflows/build_deploy_staging.yml new file mode 100644 index 000000000..434979e7e --- /dev/null +++ b/.github/workflows/build_deploy_staging.yml @@ -0,0 +1,138 @@ +name: build and deploy staging + +on: + + pull_request: + paths-ignore: + - 'CHANGELOG.md' + - 'README.md' + - 'yarn.lock' + - 'package.json' + branches: [master] + types: + - opened + - reopened + - synchronize + - ready_for_review + - unlocked + +jobs: + + build: + if: github.event.pull_request.draft == false + + runs-on: ubuntu-20.04 + + steps: + + - uses: actions/checkout@v2 + + - name: Set image tag + run: | + SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state + echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV + echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV + + - name: Set config files for build + env: + ST_APP: ${{ secrets.ST_APPLICATION_YML}} + run: | + mkdir log + echo $ST_APP | base64 -di > config/application.yml + cp config/database.yml.sample config/database.yml + ls -l config/ + + - name: Build image + env: + KEY_BASE: ${{ secrets.KEY_BASE}} + run: | + docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f Dockerfile.generic . + + - name: Push Docker image to gh container registry + env: + PASSWORD: ${{ secrets.GHCR }} + run: | + echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin + docker push $TAG + + - name: Get pull request reference number + run: | + echo "$GITHUB_REF" + echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV + echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') + + - name: Get repo name + run: | + OIFS=$IFS + IFS='/' + read -a parts <<< "$GITHUB_REPOSITORY" + IFS=OIFS + echo "REPO=${parts[1]}" >> $GITHUB_ENV + + - name: Set deploy config + env: + OVPN: ${{ secrets.OVPN }} + VPN_PWD: ${{ secrets.VPN_PWD }} + P12: ${{ secrets.P12 }} + K_CONFIG: ${{ secrets.KUBE_CONFIG }} + SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} + run: | + echo $VPN_PWD | base64 -di > client.pwd + chmod 0600 client.pwd + echo $OVPN | base64 -di > config.ovpn + echo $P12 | base64 -di > cert.p12 + mkdir -p ~/.ssh + echo $SSH_KEY | base64 -di > ~/.ssh/key + chmod 0600 ~/.ssh/key + mkdir -p $REPO/$PR_REF + cd $REPO/$PR_REF + echo "$SHORT_SHA" > TAG + echo $K_CONFIG | base64 -di > kubeconfig + chmod 0600 kubeconfig + + - name: Install Open VPN + run: sudo apt-get install openvpn + + - name: Deploy from remote server + timeout-minutes: 5 + run: | + sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& + sleep 15 + ping -c 1 192.168.99.12 + eval `ssh-agent` + touch ~/.ssh/known_hosts + ssh-add ~/.ssh/key + ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts + rsync -av "$REPO" runner@192.168.99.12:/home/runner/ + ssh -T runner@192.168.99.12 << EOSSH + bash + cd "$REPO"/"$PR_REF" + export KUBECONFIG=./kubeconfig + helm repo add eisrepo https://internetee.github.io/helm-charts/ + helm repo update + helm upgrade --install registry-st-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry -n registry-staging + rm kubeconfig + echo "server obs.tld.ee + zone pilv.tld.ee + update add registry-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. + send + " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key + if [ "$?" -eq "0" ]; then + echo "CNAME update success" + else + echo "CNAME update failed" + fi + EOSSH + + - name: Notify developers + timeout-minutes: 1 + env: + NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} + run: | + curl -i -X POST --data-urlencode 'payload={ + "text": "##### Build and deploy from pull request has been succesful :tada:\n + | Project | Branch | :net: | + |:-----------|:----------------------:|:--------------------------------------:| + | **'$REPO'**|'${{ github.head_ref }}'| https://registry-'$PR_REF'.pilv.tld.ee | + " + }' $NOTIFICATION_URL \ No newline at end of file diff --git a/.github/workflows/remove_st_after_pr.yml b/.github/workflows/remove_st_after_pr.yml new file mode 100644 index 000000000..9815c9b1c --- /dev/null +++ b/.github/workflows/remove_st_after_pr.yml @@ -0,0 +1,97 @@ +name: remove-staging-after-pull-request + +on: + pull_request: + types: [closed] + paths-ignore: + - 'CHANGELOG.md' + - 'README.md' + - 'yarn.lock' + +jobs: + delete: + if: github.event.pull_request.draft == false + runs-on: ubuntu-20.04 + + steps: + + - uses: actions/checkout@v2 + + - name: Get pull request reference number + run: | + echo "$GITHUB_REF" + echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV + echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') + + - name: Get repo name + run: | + OIFS=$IFS + IFS='/' + read -a parts <<< "$GITHUB_REPOSITORY" + IFS=OIFS + echo "REPO=${parts[1]}" >> $GITHUB_ENV + + - name: Set vpn config + env: + OVPN: ${{ secrets.OVPN }} + VPN_PWD: ${{ secrets.VPN_PWD }} + P12: ${{ secrets.P12 }} + K_CONFIG: ${{ secrets.KUBE_CONFIG }} + SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} + run: | + echo $VPN_PWD | base64 -di > client.pwd + chmod 0600 client.pwd + echo $OVPN | base64 -di > config.ovpn + echo $P12 | base64 -di > cert.p12 + mkdir -p ~/.ssh + echo $SSH_KEY | base64 -di > ~/.ssh/key + chmod 0600 ~/.ssh/key + mkdir -p $REPO/$PR_REF + cd $REPO/$PR_REF + echo "$SHORT_SHA" > TAG + echo $K_CONFIG | base64 -di > kubeconfig + chmod 0600 kubeconfig + + - name: Install Open VPN + run: sudo apt-get install openvpn + + - name: Delete k8s + timeout-minutes: 2 + run: | + sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& + sleep 25 + ping -c 2 192.168.99.12 + eval `ssh-agent` + touch ~/.ssh/known_hosts + ssh-add ~/.ssh/key + ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts + rsync -av "$REPO" runner@192.168.99.12:/home/runner/ + ssh -T runner@192.168.99.12 << EOSSH + bash + cd "$REPO"/"$PR_REF" + export KUBECONFIG=./kubeconfig + helm delete registry-st-"$PR_REF" -n registry-staging + rm kubeconfig + echo "server obs.tld.ee + zone pilv.tld.ee + update delete registry-"$PR_REF".pilv.tld.ee. + send + " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key + if [ "$?" -eq "0" ]; then + echo "CNAME update success" + else + echo "CNAME update failed" + fi + EOSSH + - name: Notify developers + timeout-minutes: 1 + env: + NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} + run: | + curl -i -X POST --data-urlencode 'payload={ + "text": "##### Pull request was succesful, it has been merged :bowtie:\n + | Project | Branch | :net: | + |:-----------|:----------------------:|:------------------------------------------:| + | **'$REPO'**|'${{ github.head_ref }}'| ~~https://registry-'$PR_REF'.pilv.tld.ee~~ | + " + }' $NOTIFICATION_URL \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8ed155caa..f09a003dc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -/log +/log/*.log /tmp /public/system /public/assets diff --git a/Dockerfile.generic b/Dockerfile.generic new file mode 100644 index 000000000..bdd493aea --- /dev/null +++ b/Dockerfile.generic @@ -0,0 +1,20 @@ +FROM internetee/ruby:2.7 +LABEL org.opencontainers.image.source=https://github.com/internetee/registry +ARG YARN_VER='1.22.10' +ARG RAILS_ENV +ARG SECRET_KEY_BASE + +ENV RAILS_ENV "$RAILS_ENV" +ENV SECRET_KEY_BASE "$SECRET_KEY_BASE" + +RUN npm install -g yarn@"$YARN_VER" + +RUN mkdir -p /opt/webapps/app/tmp/pids +WORKDIR /opt/webapps/app +COPY Gemfile Gemfile.lock ./ +RUN gem install bundler && bundle config set without 'development test' && bundle install --jobs 20 --retry 5 +COPY . . + +RUN bundle exec rails assets:precompile + +EXPOSE 3000 \ No newline at end of file diff --git a/Gemfile b/Gemfile index 7954e3426..a75becd76 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,8 @@ gem 'bootsnap', '>= 1.1.0', require: false gem 'iso8601', '0.13.0' # for dates and times gem 'mime-types-data' gem 'mimemagic', '0.4.3' -gem 'rails', '~> 6.1.4' +gem 'puma' +gem 'rails', '~> 6.1.4' gem 'rest-client' gem 'uglifier' @@ -84,7 +85,6 @@ gem 'directo', github: 'internetee/directo', branch: 'master' group :development, :test do gem 'pry', '0.14.1' - gem 'puma' end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index 078dd697a..059a1e035 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -577,4 +577,4 @@ DEPENDENCIES wkhtmltopdf-binary (~> 0.12.5.1) BUNDLED WITH - 2.2.20 + 2.2.24