Commit d0ad5659 authored by Jacob Priddy's avatar Jacob Priddy 👌
Browse files

Merge branch '55-create-deploy-server' into 'master'

Resolve "Create Deploy Server"

Closes #55

See merge request !60
parents 42f65df0 dff82b4e
Pipeline #9841 passed with stages
in 3 minutes and 32 seconds
......@@ -10,6 +10,7 @@ variables:
stages:
- build
- test
- deploy
build_web_backend:
stage: build
......@@ -21,12 +22,18 @@ build_web_backend:
- src/backend/.env
- src/backend/composer.lock
# Currently set to build timeout
expire_in: 1 hour
expire_in: 1 day
build_web_frontend:
stage: build
script:
- src/frontend/install-dev.sh
- cd src/frontend
- npm install
- npm run build --mode=production --dest=dist
artifacts:
paths:
- src/frontend/dist
expire_in: 1 day
test_php_styles:
stage: test
......@@ -51,3 +58,49 @@ test_web_backend_database:
script:
- cd src/backend
- vendor/bin/phpunit --testsuite Database
deploy_backend_production:
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- SSH_COMMAND_STRING="cd doorcode"
# get newest changes
- SSH_COMMAND_STRING+=" && git pull
# restart containers for any changes to docker compose
- SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)
# the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
- SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
- echo "$SSH_COMMAND_STRING"
# Execute the deploy
- ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
environment:
name: production
url: https://elock.cs.wallawalla.edu/api
when: manual
only:
- master
deploy_frontend_production:
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
# Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
- "rsync -a --delete src/frontend/dist $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/frontend/"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST} | grep \"work properly without JavaScript enabled.\""
environment:
name: production
url: https://elock.cs.wallawalla.edu
when: manual
only:
- master
......@@ -15,6 +15,10 @@ RUN apk update && apk add --no-cache \
bash \
bash-completion \
vim \
curl \
openssh-client \
coreutils \
rsync \
npm\
&& apk add --no-cache $PHPIZE_DEPS \
&& npm install -g @vue/cli \
......
version: '3.7'
networks:
doorcode:
driver: bridge
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
webserver_key:
file: ./secrets/certs/webserver.key
root_cert:
file: ./secrets/certs/root.cert
postgres_password:
file: ./secrets/passwords/postgres
volumes:
db-data:
services:
webserver:
image: nginx:1.17.10-alpine
container_name: webserver
restart: always
secrets:
- webserver_cert
- webserver_key
- root_cert
ports:
- "443:443"
- "80:80"
volumes:
- ./src:/var/www
- ./nginx/conf.d/:/etc/nginx/conf.d
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.18.5:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.18.5:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
networks:
- doorcode
postgres:
image: postgres:11.8-alpine
container_name: postgres
restart: always
secrets:
- postgres_password
ports:
- "127.0.0.1:5432:5432"
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_DB: doorcode
networks:
- doorcode
dbadmin:
image: dockage/phppgadmin:latest
container_name: dbadmin
restart: always
ports:
- "127.0.0.1:5431:80"
depends_on:
- postgres
environment:
PHP_PG_ADMIN_SERVER_HOST: postgres
PHP_PG_ADMIN_SERVER_DEFAULT_DB: doorcode
PHP_PG_ADMIN_SERVER_PORT: 5432
networks:
- doorcode
api:
image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:prod
container_name: api
restart: always
volumes:
- ./src:/var/www
- ./php/prod.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.18.5:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.18.5:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
networks:
- doorcode
......@@ -5,6 +5,11 @@ upstream localhost.api {
server 127.0.0.1:443;
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
server_name localhost;
listen 443 ssl;
......
......@@ -10,3 +10,5 @@ xdebug.remote_autostart=1
xdebug.remote.host=host.docker.internal
xdebug.remote.mode=req
xdebug.remote.handler=dbgp
date.timezone = "America/Los_Angeles"
date.timezone = "America/Los_Angeles"
FROM php:7.4-fpm-alpine
ENV PROJECT_DIR /var/www
# Set working directory
WORKDIR ${PROJECT_DIR}
# Install dependencies
RUN apk update && apk add --no-cache \
alpine-sdk \
postgresql-dev \
zlib-dev \
libpng-dev \
shadow \
bash \
bash-completion \
vim
# Install PHP Extensions
RUN docker-php-ext-install pdo \
pdo_pgsql \
bcmath \
fileinfo \
gd
# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Add user for application and create source directories
RUN groupadd -g 1000 www && \
useradd -u 1000 -ms /bin/bash -g www www
# Copy existing application directory permissions
COPY --chown=root:www src/ ${WORKDIR}
COPY php/prod.ini /usr/local/etc/php/conf.d/local.ini
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
CMD ["php-fpm"]
......@@ -16,20 +16,8 @@ openssl x509 -signkey "${DIR}/certs/root.key" -days 18250 -req -in \
rm "${DIR}/certs/root.csr"
echo "Root certificate generated."
echo "Generating webserver private key and certificate request..."
# Now generate a webserver certificate in the chain of the root
openssl ecparam -out "${DIR}/certs/webserver.key" -name secp256r1 -genkey
"${DIR}/gen-webserver.sh" $1 || (echo "Generating webserver certificate failed" && exit 1)
openssl req -new -key "${DIR}/certs/webserver.key" -nodes \
-subj "/C=US/ST=Washington/L=College Place/O=WWU/CN=$1" \
-out "${DIR}/certs/webserver.csr"
echo "Private key and certificate request generated. Signing certificate request with the CA cert..."
# Sign the certificate with the root ca
openssl x509 -req -days 365 -in "${DIR}/certs/webserver.csr" -CA "${DIR}/certs/root.cert" \
-CAkey "${DIR}/certs/root.key" -set_serial 01 -out "${DIR}/certs/webserver.cert"
rm "${DIR}/certs/webserver.csr"
echo "Request signed, you must copy the public certificate to the root directory of the door controller project when flashing a new board with then name \"doorcode_root_cert.pem\""
echo "Request signed, you must copy the public certificate to the root/main directory of the door controller project when flashing a new board with then name \"doorcode_root_cert.cert\""
echo "Done!"
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
echo "Generating webserver private key and certificate request..."
# Now generate a webserver certificate in the chain of the root
openssl ecparam -out "${DIR}/certs/webserver.key" -name secp256r1 -genkey
openssl req -new -key "${DIR}/certs/webserver.key" -nodes \
-subj "/C=US/ST=Washington/L=College Place/O=WWU/CN=$1" \
-out "${DIR}/certs/webserver.csr"
echo "Private key and certificate request generated. Signing certificate request with the CA cert..."
# Sign the certificate with the root ca
openssl x509 -req -days 18250 -in "${DIR}/certs/webserver.csr" -CA "${DIR}/certs/root.cert" \
-CAkey "${DIR}/certs/root.key" -set_serial 01 -out "${DIR}/certs/webserver.cert"
rm "${DIR}/certs/webserver.csr"
*
!.gitignore
\ No newline at end of file
File mode changed from 100644 to 100755
<?php
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
......@@ -14,12 +15,9 @@ use App\Http\Controllers\AuthController;
|
*/
Route::get(
'/',
static function () {
return ['api endpoint'];
}
);
Route::get('/', static function () {
return new JsonResponse(['welcome' => 'Welcome to the elock API.']);
});
Route::get('login', [AuthController::class, 'samlLogin']);
......
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd "${DIR}" || exit 255
# Update php dependencies
composer install
# Apply any new migrations
php artisan migrate --force
#!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
"${DIR}/backend/update-prod.sh"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment