Commit d9f6ca73 authored by Jacob Priddy's avatar Jacob Priddy 👌

zero downtime deployment?

parent 46bccbcc
Pipeline #13211 failed with stages
in 3 minutes and 31 seconds
......@@ -7,8 +7,8 @@ variables:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
DOORCODE_IMAGE_NAME: doorcode/app:$CI_COMMIT_REF_SLUG
NGINX_IMAGE_NAME: doorcode/web:$CI_COMMIT_REF_SLUG
DOORCODE_IMAGE_NAME: doorcode/app:$CI_PIPELINE_ID
NGINX_IMAGE_NAME: doorcode/web:$CI_PIPELINE_ID
stages:
- build
......@@ -101,15 +101,13 @@ deploy application:
- docker-compose -f docker-compose.prod.yml build
- docker build -t $DOORCODE_IMAGE_NAME -f prod.Dockerfile .
- docker build -t $NGINX_IMAGE_NAME -f nginx.Dockerfile .
- docker-compose -f docker-compose.prod.yml down
- sed -i "s/\(^DB_PASSWORD=\).*/\1$(cat $POSTGRES_PASSWORD)/" $PROJ_DIR/.env
- docker-compose -f docker-compose.prod.yml up -d
- docker stack deploy -c docker-compose.prod.yml doorcode --prune
# Give it some time to spin up...
- sleep 10
# Make sure app is running
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api"
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api/docs"
- exit 1
environment:
name: production
url: https://elock.cs.wallawalla.edu/api
......@@ -121,7 +119,7 @@ deploy application:
stop-prod:
stage: deploy
script:
- docker-compose -f docker-compose.prod.yml down
- docker stack rm doorcode
only:
- master
when: manual
......
......@@ -4,29 +4,48 @@ networks:
doorcode:
attachable: true
configs:
laravel_env:
name: laravel_env-${CI_JOB_ID}
file: $PROJ_DIR/.env
secrets:
webserver_cert:
name: webserver_cert-${CI_JOB_ID}
file: $WEBSERVER_CERT
webserver_key:
name: webserver_key-${CI_JOB_ID}
file: $WEBSERVER_KEY
root_cert:
name: root_cert-${CI_JOB_ID}
file: $ROOT_CERT
wwu_webserver_cert:
name: wwu_webserver_cert-${CI_JOB_ID}
file: $WWU_WEBSERVER_CERT
wwu_webserver_key:
name: wwu_webserver_key-${CI_JOB_ID}
file: $WWU_WEBSERVER_KEY
wwu_root_cert:
name: wwu_root_cert-${CI_JOB_ID}
file: $WWU_ROOT_CERT
postgres_password:
name: postgres_password-${CI_JOB_ID}
file: $POSTGRES_PASSWORD
volumes:
db-data:
pgadmin-data:
doorcode_db-data:
external: true
doorcode_pgadmin-data:
external: true
services:
webserver:
image: $NGINX_IMAGE_NAME
healthcheck:
test: [ "CMD", "curl", "--fail", "http://localhost/health" ]
interval: 30s
timeout: 3s
retries: 3
secrets:
- webserver_cert
- webserver_key
......@@ -35,14 +54,14 @@ services:
- wwu_webserver_key
- wwu_root_cert
ports:
- target: "4433"
published: "4433"
- target: 4433
published: 4433
mode: host
- target: "443"
published: "443"
- target: 443
published: 443
mode: host
- target: "80"
published: "80"
- target: 80
published: 80
mode: host
volumes:
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
......@@ -54,20 +73,25 @@ services:
max-file: "3"
networks:
- doorcode
deploy:
update_config:
order: start-first
failure_action: rollback
delay: 5s
rollback_config:
parallelism: 0
order: stop-first
postgres:
image: postgres:13-alpine
secrets:
- postgres_password
ports:
- target: "5432"
published: "127.0.0.1:5432"
mode: host
volumes:
- db-data:/var/lib/postgresql/data
- doorcode_db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_DB: doorcode
TZ: America/Los_Angeles
logging:
options:
max-size: "10m"
......@@ -77,7 +101,7 @@ services:
dbadmin:
image: dpage/pgadmin4:4.24
volumes:
- pgadmin-data:/var/lib/pgadmin
- doorcode_pgadmin-data:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: admin@elock
PGADMIN_DEFAULT_PASSWORD: Please change the default password.
......@@ -89,8 +113,17 @@ services:
- doorcode
api:
image: $DOORCODE_IMAGE_NAME
environment:
TZ: America/Los_Angeles
configs:
- source: laravel_env
target: /var/www/backend/.env
healthcheck:
test: [ "CMD", "/healthcheck.sh" ]
interval: 30s
timeout: 3s
retries: 3
volumes:
- $PROJ_DIR/.env:/var/www/backend/.env:ro
- $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
......@@ -101,3 +134,11 @@ services:
max-file: "3"
networks:
- doorcode
deploy:
update_config:
order: start-first
failure_action: rollback
delay: 5s
rollback_config:
parallelism: 0
order: stop-first
......@@ -45,6 +45,11 @@ server {
# Comment the following change to the JS frontend
root /var/www/backend/public;
location /health {
access_log off;
return 200 "healthy";
}
location ^~ /simplesaml {
alias /var/simplesamlphp/www;
......
......@@ -45,6 +45,11 @@ server {
# Comment the following change to the JS frontend
root /var/www/backend/public;
location /health {
access_log off;
return 200 "healthy";
}
location ^~ /saml {
alias /var/simplesamlphp/www;
......
......@@ -45,7 +45,10 @@ RUN rm -rf backend/cov backend/vendor backend/public \
../simplesamlphp/modules/exampleauth/enable \
backend/tests frontend backend/install-dev.sh install-dev.sh \
backend/node_modules \
&& chmod 0755 /docker-entrypoint.sh
&& chmod 0755 /docker-entrypoint.sh \
&& wget -O /healthcheck.sh \
https://raw.githubusercontent.com/renatomefi/php-fpm-healthcheck/master/php-fpm-healthcheck \
&& chmod +x /healthcheck.sh
COPY --chown=www:www --from=frontend_assets /app/public backend/public
# Change current user to www
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment