Commit a6875696 authored by Jacob Priddy's avatar Jacob Priddy 👌
Browse files

overhaul deloy system

parent 09ffc971
Pipeline #13201 passed with stages
in 4 minutes and 3 seconds
......@@ -2,10 +2,13 @@ image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:latest
services:
- postgres:13-alpine
variables:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
DOORCODE_IMAGE_NAME: doorcode/app:$CI_COMMIT_REF_SLUG
NGINX_IMAGE_NAME: doorcode/web:$CI_COMMIT_REF_SLUG
stages:
- build
......@@ -81,50 +84,87 @@ generate_code_coverage:
- src/backend/cov
expire_in: 30 days
deploy_backend_production:
deploy application:
image: tiangolo/docker-with-compose
tags:
- elock
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- SSH_COMMAND_STRING="cd doorcode"
# get newest changes
- SSH_COMMAND_STRING+=" && git pull"
- SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)"
# the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
- SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
- echo "$SSH_COMMAND_STRING"
# Execute the deploy
- ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
- docker-compose -f docker-compose.prod.yml build
- docker build -t $DOORCODE_IMAGE_NAME -f prod.Dockerfile .
- docker build -t $NGINX_IMAGE_NAME -f nginx.Dockerfile .
- docker-compose -f docker-compose.prod.yml down
- sed -i "s/\(^DB_PASSWORD=\).*/\1$(< POSTGRES_PASSWORD)/" $PROJ_DIR/.env
- docker-compose -f docker-compose.prod.yml up -d
# Give it some time to spin up...
- sleep 10
# Make sure app is running
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api"
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api/docs"
environment:
name: production_api
name: production
url: https://elock.cs.wallawalla.edu/api
on_stop: stop-prod
when: manual
only:
- master
deploy_api_docs:
stop-prod:
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
# Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
- "rsync -a --delete src/backend/public/docs $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/backend/public/"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api/docs/ | grep \"Welcome to the generated API reference.\""
environment:
name: production_api_docs
url: https://elock.cs.wallawalla.edu/api/docs/
when: manual
- docker-compose -f docker-compose.prod.yml down
only:
- master
when: manual
environment:
name: production
action: stop
#deploy_backend_production:
# stage: deploy
# before_script:
# - eval $(ssh-agent -s)
# - ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# script:
# - SSH_COMMAND_STRING="cd doorcode"
# # get newest changes
# - SSH_COMMAND_STRING+=" && git pull"
# - SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)"
# # the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
# - SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
# - echo "$SSH_COMMAND_STRING"
# # Execute the deploy
# - ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# # Make sure it is running
# - "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
# environment:
# name: production_api
# url: https://elock.cs.wallawalla.edu/api
# when: manual
# only:
# - master
#
#deploy_api_docs:
# stage: deploy
# before_script:
# - eval $(ssh-agent -s)
# - ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# script:
# # Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
# - "rsync -a --delete src/backend/public/docs $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/backend/public/"
# # Make sure it is running
# - "curl --insecure --location https://${SSH_HOST}/api/docs/ | grep \"Welcome to the generated API reference.\""
# environment:
# name: production_api_docs
# url: https://elock.cs.wallawalla.edu/api/docs/
# when: manual
# only:
# - master
#deploy_frontend_production:
# stage: deploy
......
......@@ -19,10 +19,8 @@ RUN apk update && apk add --no-cache \
bash-completion \
vim \
curl \
openssh-client \
coreutils \
rsync \
npm\
npm \
&& apk add --no-cache $PHPIZE_DEPS
# && npm install -g @vue/cli \
# && pecl install xdebug \
......@@ -51,6 +49,5 @@ COPY php/dev.ini /usr/local/etc/php/conf.d/local.ini
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
# Start php-fpm server
CMD ["php-fpm"]
#!/usr/bin/env sh
set -e
cd ${PROJECT_DIR}/backend || exit 1
# Apply new migrations
php artisan migrate --force
php-fpm
version: '3.7'
version: '3.8'
networks:
doorcode:
......@@ -6,19 +6,19 @@ networks:
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
file: $WEBSERVER_CERT
webserver_key:
file: ./secrets/certs/webserver.key
file: $WEBSERVER_KEY
root_cert:
file: ./secrets/certs/root.cert
file: $ROOT_CERT
wwu_webserver_cert:
file: ./secrets/certs/wwu-granted-elock-cert.cer
file: $WWU_WEBSERVER_CERT
wwu_webserver_key:
file: ./secrets/certs/wwu-webserver-request-root.key
file: $WWU_WEBSERVER_KEY
wwu_root_cert:
file: ./secrets/certs/wwu-webserver-intermediate.pem
file: $WWU_ROOT_CERT
postgres_password:
file: ./secrets/passwords/postgres
file: $POSTGRES_PASSWORD
volumes:
db-data:
......@@ -26,8 +26,7 @@ volumes:
services:
webserver:
image: nginx:1.17.10-alpine
container_name: webserver
image: $NGINX_IMAGE_NAME
restart: always
secrets:
- webserver_cert
......@@ -41,16 +40,12 @@ services:
- "443:443"
- "80:80"
volumes:
- ./src:/var/www
- ./nginx/conf.d/prod.conf:/etc/nginx/conf.d/prod.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml-prod/cert:/var/simplesamlphp/cert
- ./simple-saml-prod/config:/var/simplesamlphp/config
- ./simple-saml-prod/metadata:/var/simplesamlphp/metadata
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
- $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
depends_on:
- dbadmin
- api
logging:
options:
max-size: "10m"
......@@ -59,7 +54,6 @@ services:
- doorcode
postgres:
image: postgres:13-alpine
container_name: postgres
restart: always
secrets:
- postgres_password
......@@ -79,7 +73,6 @@ services:
- doorcode
dbadmin:
image: dpage/pgadmin4:4.24
container_name: dbadmin
restart: always
depends_on:
- postgres
......@@ -95,17 +88,14 @@ services:
networks:
- doorcode
api:
image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:prod
container_name: api
image: $DOORCODE_IMAGE_NAME
restart: always
volumes:
- ./src:/var/www
- ./php/prod.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml-prod/cert:/var/simplesamlphp/cert
- ./simple-saml-prod/config:/var/simplesamlphp/config
- ./simple-saml-prod/metadata:/var/simplesamlphp/metadata
- $PROJ_DIR/.env:/var/www/backend/.env:ro
- $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
- $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
logging:
options:
max-size: "10m"
......
version: '3.7'
networks:
doorcode:
driver: bridge
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
webserver_key:
file: ./secrets/certs/webserver.key
root_cert:
file: ./secrets/certs/root.cert
volumes:
db-data:
pgadmin-data:
services:
webserver:
image: nginx:1-alpine
container_name: webserver
restart: unless-stopped
tty: true
secrets:
- webserver_cert
- webserver_key
- root_cert
ports:
- "8080:443"
volumes:
- ./src:/var/www
- ./nginx/conf.d/app.conf:/etc/nginx/conf.d/app.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
depends_on:
- dbadmin
- api
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
postgres:
image: postgres:13-alpine
container_name: postgres
restart: unless-stopped
tty: true
ports:
- "5432:5432"
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
dbadmin:
image: dpage/pgadmin4:latest
container_name: dbadmin
restart: unless-stopped
tty: true
ports:
- "8081:80"
depends_on:
- postgres
volumes:
- pgadmin-data:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: admin@elock
PGADMIN_DEFAULT_PASSWORD: secret
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
api:
build:
context: .
dockerfile: Dockerfile
container_name: api
environment:
XDEBUG_MODE: debug
volumes:
- ./src:/var/www
- ./php/dev.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
ports:
# For xdebug
- "9003:9003"
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
FROM nginx:1.19.5-alpine
WORKDIR /var/www
COPY src/ ${WORKDIR}
COPY simplesamlphp-1.19.0-rc1/ ${WORKDIR}../simplesamlphp
COPY simple-saml/ ${WORKDIR}../simplesamlphp
COPY nginx/conf.d/prod.conf:/etc/nginx/conf.d/prod.conf
COPY nginx/dhparam/ /run/dhparam
CMD ["/docker-entrypoint.sh"]
FROM node:15.4-alpine as frontend_assets
WORKDIR /app
COPY --chown=www:www src/backend .
RUN npm install && npm run prod
FROM php:8.0-fpm-alpine
ENV PROJECT_DIR /var/www
......@@ -11,10 +19,7 @@ RUN apk update && apk add --no-cache \
postgresql-dev \
zlib-dev \
libpng-dev \
shadow \
bash \
bash-completion \
vim
shadow
# Install PHP Extensions
RUN docker-php-ext-install pdo \
......@@ -31,12 +36,24 @@ RUN groupadd -g 1000 www && \
useradd -u 1000 -ms /bin/bash -g www www
# Copy existing application directory permissions
COPY --chown=root:www src/ ${WORKDIR}
COPY bin/docker-entrypoint.sh /
COPY --chown=www:www src/ ${WORKDIR}
COPY --chown=www:www simplesamlphp-1.19.0-rc1/ ${WORKDIR}../simplesamlphp
COPY --chown=www:www --from=frontend_assets /app/public ${WORKDIR}/backend/
COPY php/prod.ini /usr/local/etc/php/conf.d/local.ini
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
CMD ["php-fpm"]
# exampleauth is not used for production
RUN rm -rf backend/cov backend/vendor ../simplesamlphp/modules/exampleauth/enable backend/tests frontend install-dev.sh \
&& cd backend \
&& composer.phar install --no-ansi --no-dev --no-interaction --no-plugins --no-progress --no-scripts --optimize-autoloader \
&& chmod 0755 /docker-entrypoint.sh \
&& php artisan apidoc:generate \
&& php artisan optimize \
&& php artisan config:cache \
&& php artisan route:cache \
&& php artisan view:cache
CMD ["/docker-entrypoint.sh"]
This diff is collapsed.
This diff is collapsed.
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd "${DIR}" || exit 255
# Clear cache
rm bootstrap/cache/*.php
# Update php dependencies
composer install
# Apply any new migrations
php artisan migrate --force
# Regenerate cache
php artisan clear-compiled
php artisan optimize
php artisan config:cache
php artisan route:cache
php artisan view:cache
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
"${DIR}/backend/update-prod.sh"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment