Commit a6875696 authored by Jacob Priddy's avatar Jacob Priddy 👌
Browse files

overhaul deloy system

parent 09ffc971
Pipeline #13201 passed with stages
in 4 minutes and 3 seconds
......@@ -2,10 +2,13 @@ image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:latest
services:
- postgres:13-alpine
variables:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
DOORCODE_IMAGE_NAME: doorcode/app:$CI_COMMIT_REF_SLUG
NGINX_IMAGE_NAME: doorcode/web:$CI_COMMIT_REF_SLUG
stages:
- build
......@@ -81,50 +84,87 @@ generate_code_coverage:
- src/backend/cov
expire_in: 30 days
deploy_backend_production:
deploy application:
image: tiangolo/docker-with-compose
tags:
- elock
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- SSH_COMMAND_STRING="cd doorcode"
# get newest changes
- SSH_COMMAND_STRING+=" && git pull"
- SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)"
# the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
- SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
- echo "$SSH_COMMAND_STRING"
# Execute the deploy
- ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
- docker-compose -f docker-compose.prod.yml build
- docker build -t $DOORCODE_IMAGE_NAME -f prod.Dockerfile .
- docker build -t $NGINX_IMAGE_NAME -f nginx.Dockerfile .
- docker-compose -f docker-compose.prod.yml down
- sed -i "s/\(^DB_PASSWORD=\).*/\1$(< POSTGRES_PASSWORD)/" $PROJ_DIR/.env
- docker-compose -f docker-compose.prod.yml up -d
# Give it some time to spin up...
- sleep 10
# Make sure app is running
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api"
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api/docs"
environment:
name: production_api
name: production
url: https://elock.cs.wallawalla.edu/api
on_stop: stop-prod
when: manual
only:
- master
deploy_api_docs:
stop-prod:
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
# Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
- "rsync -a --delete src/backend/public/docs $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/backend/public/"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api/docs/ | grep \"Welcome to the generated API reference.\""
environment:
name: production_api_docs
url: https://elock.cs.wallawalla.edu/api/docs/
when: manual
- docker-compose -f docker-compose.prod.yml down
only:
- master
when: manual
environment:
name: production
action: stop
#deploy_backend_production:
# stage: deploy
# before_script:
# - eval $(ssh-agent -s)
# - ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# script:
# - SSH_COMMAND_STRING="cd doorcode"
# # get newest changes
# - SSH_COMMAND_STRING+=" && git pull"
# - SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)"
# # the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
# - SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
# - echo "$SSH_COMMAND_STRING"
# # Execute the deploy
# - ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# # Make sure it is running
# - "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
# environment:
# name: production_api
# url: https://elock.cs.wallawalla.edu/api
# when: manual
# only:
# - master
#
#deploy_api_docs:
# stage: deploy
# before_script:
# - eval $(ssh-agent -s)
# - ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# script:
# # Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
# - "rsync -a --delete src/backend/public/docs $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/backend/public/"
# # Make sure it is running
# - "curl --insecure --location https://${SSH_HOST}/api/docs/ | grep \"Welcome to the generated API reference.\""
# environment:
# name: production_api_docs
# url: https://elock.cs.wallawalla.edu/api/docs/
# when: manual
# only:
# - master
#deploy_frontend_production:
# stage: deploy
......
......@@ -19,10 +19,8 @@ RUN apk update && apk add --no-cache \
bash-completion \
vim \
curl \
openssh-client \
coreutils \
rsync \
npm\
npm \
&& apk add --no-cache $PHPIZE_DEPS
# && npm install -g @vue/cli \
# && pecl install xdebug \
......@@ -51,6 +49,5 @@ COPY php/dev.ini /usr/local/etc/php/conf.d/local.ini
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
# Start php-fpm server
CMD ["php-fpm"]
#!/usr/bin/env sh
set -e
cd ${PROJECT_DIR}/backend || exit 1
# Apply new migrations
php artisan migrate --force
php-fpm
version: '3.7'
version: '3.8'
networks:
doorcode:
......@@ -6,19 +6,19 @@ networks:
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
file: $WEBSERVER_CERT
webserver_key:
file: ./secrets/certs/webserver.key
file: $WEBSERVER_KEY
root_cert:
file: ./secrets/certs/root.cert
file: $ROOT_CERT
wwu_webserver_cert:
file: ./secrets/certs/wwu-granted-elock-cert.cer
file: $WWU_WEBSERVER_CERT
wwu_webserver_key:
file: ./secrets/certs/wwu-webserver-request-root.key
file: $WWU_WEBSERVER_KEY
wwu_root_cert:
file: ./secrets/certs/wwu-webserver-intermediate.pem
file: $WWU_ROOT_CERT
postgres_password:
file: ./secrets/passwords/postgres
file: $POSTGRES_PASSWORD
volumes:
db-data:
......@@ -26,8 +26,7 @@ volumes:
services:
webserver:
image: nginx:1.17.10-alpine
container_name: webserver
image: $NGINX_IMAGE_NAME
restart: always
secrets:
- webserver_cert
......@@ -41,16 +40,12 @@ services:
- "443:443"
- "80:80"
volumes:
- ./src:/var/www
- ./nginx/conf.d/prod.conf:/etc/nginx/conf.d/prod.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml-prod/cert:/var/simplesamlphp/cert
- ./simple-saml-prod/config:/var/simplesamlphp/config
- ./simple-saml-prod/metadata:/var/simplesamlphp/metadata
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
- $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
depends_on:
- dbadmin
- api
logging:
options:
max-size: "10m"
......@@ -59,7 +54,6 @@ services:
- doorcode
postgres:
image: postgres:13-alpine
container_name: postgres
restart: always
secrets:
- postgres_password
......@@ -79,7 +73,6 @@ services:
- doorcode
dbadmin:
image: dpage/pgadmin4:4.24
container_name: dbadmin
restart: always
depends_on:
- postgres
......@@ -95,17 +88,14 @@ services:
networks:
- doorcode
api:
image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:prod
container_name: api
image: $DOORCODE_IMAGE_NAME
restart: always
volumes:
- ./src:/var/www
- ./php/prod.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml-prod/cert:/var/simplesamlphp/cert
- ./simple-saml-prod/config:/var/simplesamlphp/config
- ./simple-saml-prod/metadata:/var/simplesamlphp/metadata
- $PROJ_DIR/.env:/var/www/backend/.env:ro
- $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
- $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
logging:
options:
max-size: "10m"
......
version: '3.7'
networks:
doorcode:
driver: bridge
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
webserver_key:
file: ./secrets/certs/webserver.key
root_cert:
file: ./secrets/certs/root.cert
volumes:
db-data:
pgadmin-data:
services:
webserver:
image: nginx:1-alpine
container_name: webserver
restart: unless-stopped
tty: true
secrets:
- webserver_cert
- webserver_key
- root_cert
ports:
- "8080:443"
volumes:
- ./src:/var/www
- ./nginx/conf.d/app.conf:/etc/nginx/conf.d/app.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
depends_on:
- dbadmin
- api
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
postgres:
image: postgres:13-alpine
container_name: postgres
restart: unless-stopped
tty: true
ports:
- "5432:5432"
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
dbadmin:
image: dpage/pgadmin4:latest
container_name: dbadmin
restart: unless-stopped
tty: true
ports:
- "8081:80"
depends_on:
- postgres
volumes:
- pgadmin-data:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: admin@elock
PGADMIN_DEFAULT_PASSWORD: secret
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
api:
build:
context: .
dockerfile: Dockerfile
container_name: api
environment:
XDEBUG_MODE: debug
volumes:
- ./src:/var/www
- ./php/dev.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
ports:
# For xdebug
- "9003:9003"
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
FROM nginx:1.19.5-alpine
WORKDIR /var/www
COPY src/ ${WORKDIR}
COPY simplesamlphp-1.19.0-rc1/ ${WORKDIR}../simplesamlphp
COPY simple-saml/ ${WORKDIR}../simplesamlphp
COPY nginx/conf.d/prod.conf:/etc/nginx/conf.d/prod.conf
COPY nginx/dhparam/ /run/dhparam
CMD ["/docker-entrypoint.sh"]
FROM node:15.4-alpine as frontend_assets
WORKDIR /app
COPY --chown=www:www src/backend .
RUN npm install && npm run prod
FROM php:8.0-fpm-alpine
ENV PROJECT_DIR /var/www
......@@ -11,10 +19,7 @@ RUN apk update && apk add --no-cache \
postgresql-dev \
zlib-dev \
libpng-dev \
shadow \
bash \
bash-completion \
vim
shadow
# Install PHP Extensions
RUN docker-php-ext-install pdo \
......@@ -31,12 +36,24 @@ RUN groupadd -g 1000 www && \
useradd -u 1000 -ms /bin/bash -g www www
# Copy existing application directory permissions
COPY --chown=root:www src/ ${WORKDIR}
COPY bin/docker-entrypoint.sh /
COPY --chown=www:www src/ ${WORKDIR}
COPY --chown=www:www simplesamlphp-1.19.0-rc1/ ${WORKDIR}../simplesamlphp
COPY --chown=www:www --from=frontend_assets /app/public ${WORKDIR}/backend/
COPY php/prod.ini /usr/local/etc/php/conf.d/local.ini
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
CMD ["php-fpm"]
# exampleauth is not used for production
RUN rm -rf backend/cov backend/vendor ../simplesamlphp/modules/exampleauth/enable backend/tests frontend install-dev.sh \
&& cd backend \
&& composer.phar install --no-ansi --no-dev --no-interaction --no-plugins --no-progress --no-scripts --optimize-autoloader \
&& chmod 0755 /docker-entrypoint.sh \
&& php artisan apidoc:generate \
&& php artisan optimize \
&& php artisan config:cache \
&& php artisan route:cache \
&& php artisan view:cache
CMD ["/docker-entrypoint.sh"]
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd "${DIR}" || exit 255
# Clear cache
rm bootstrap/cache/*.php
# Update php dependencies
composer install
# Apply any new migrations
php artisan migrate --force
# Regenerate cache
php artisan clear-compiled
php artisan optimize
php artisan config:cache
php artisan route:cache
php artisan view:cache
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
"${DIR}/backend/update-prod.sh"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment