update: ci/cd

2024-12-29 14:00:57 +01:00 · 2024-12-29 14:00:57 +01:00 · a73c5d0ecb
commit a73c5d0ecb
parent 58b84c2451
5 changed files with 141 additions and 15 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,5 +1,5 @@
-*
-!target/*-runner
-!target/*-runner.jar
-!target/lib/*
-!target/quarkus-app/*
+postgres-data/
+ffsaf-media/
+docker-compose.yml
+ffsaf_cle_prive.jks
+prod.env
--- a/.gitea/workflows/deploy_in_prod.yml
+++ b/.gitea/workflows/deploy_in_prod.yml
@ -1,12 +1,19 @@
 name: Deploy Production Server

 # Only run the workflow when a PR is merged on main and closed
-on: [push]
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - 'master'

 # Here we check that the PR was correctly merged to main
 jobs:
  if_merged:
+    if: github.event.pull_request.merged == true
    runs-on: ubuntu-latest
+
    steps:
      - uses: actions/checkout@v4

@ -17,19 +24,66 @@ jobs:
          distribution: 'graalvm'
          cache: 'maven'

-      - name: Build site
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+          cache-dependency-path: src/main/webapp/package-lock.json
+
+      - name: Build frontend
        run: |
-          cp vite.env src/main/webapp/.env
+          echo "${{ vars.VITE_ENV }}" > src/main/webapp/.env
          cd src/main/webapp
          npm install
          npm run build
          cd ../../..
+
+      - name: Inject frontend in backend
+        run: |
          rm -rf src/main/resources/META-INF/resources
          mkdir -p src/main/resources/META-INF/
-          mv dist src/main/resources/META-INF/resources
+          mv src/main/webapp/dist src/main/resources/META-INF/resources

-      - name: Build application
+      - name: Build backend
        run: |
-          cp ../vite.env src/main/webapp/.env
          chmod 740 mvnw
-          ./mvnw package -Pnative -DskipTests
+          ./mvnw package -Pnative -DskipTests
+
+      - name: Copy runner to vps via scp
+        uses: appleboy/scp-action@v0.1.7 # Latest in date when creating the workflow
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.SSH_USER }}
+          port: ${{ secrets.SSH_PORT }}
+          key: ${{ secrets.SSH_KEY }}
+          source: "target/*-runner,src/main/resources/cacerts,src/main/docker/Dockerfile.native,docker-compose.yml,.dockerignore"
+          target: ${{ secrets.TARGET_DIR }} # Need to create it first on the VPS
+
+      - name: Re-start ffsaf container
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.SSH_USER }}
+          port: ${{ secrets.SSH_PORT }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            cd ${{ secrets.TARGET_DIR }}
+            docker stop ffsaf
+            docker rm ffsaf
+            docker compose up --build -d ffsaf
+
+      - name: Check ffsaf container
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.SSH_USER }}
+          port: ${{ secrets.SSH_PORT }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            if docker ps | grep ffsaf; then
+              echo 'Container is running'
+            else
+              echo 'Container is not running'
+              exit 1 # This mark the pipeline as failed
+            fi
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,67 @@
+services:
+  ffsaf:
+    container_name: ffsaf
+    hostname: ffsaf
+    restart: always
+    build:
+      context: .
+      dockerfile: src/main/docker/Dockerfile.native
+    volumes:
+      - ${PWD}/ffsaf.properties:/work/config/application.properties
+      - ${PWD}/ffsaf_cle_prive.jks:/work/cle_prive.jks
+      - ${PWD}/ffsaf-media:/work/media
+    depends_on:
+      ffsaf-db:
+        condition: service_healthy
+        restart: true
+    networks:
+      - intra
+      - nginx
+
+  ffsaf-db:
+    image: public.ecr.aws/docker/library/postgres:17.2
+    hostname: ffsaf-db
+    container_name: ffsaf-db
+    user: postgres
+    restart: always
+    networks:
+      - pgadmin
+      - intra
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready" ]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+    volumes:
+      - ${PWD}/postgres-data:/var/lib/postgresql/data
+    env_file: prod.env
+
+#  ftpd:
+#    build:
+#      context: ./pure_ftpd
+#      dockerfile: Dockerfile2
+#    container_name: ftpd
+#    ports:
+#      - "10042:21"
+#      - "30000-30009:30000-30009"
+#    volumes:
+#      - /data/git_data:/home/data/
+#      - ${PWD}/pure_ftpd/passwd:/etc/pure-ftpd/passwd
+#      - ${PWD}/pure_ftpd/ssl:/etc/ssl/private/:ro
+#    environment:
+#      PUBLICHOST: 0.0.0.0
+#      FTP_USER_NAME: test
+#      FTP_USER_PASS: test
+#      FTP_USER_HOME: /home/data
+#      ADDED_FLAGS: --tls=1
+#    restart: no
+
+networks:
+  intra:
+    driver: bridge
+  pgadmin:
+    name: pgadmin
+    external: true
+  nginx:
+    name: ${NETWORK_NAME:-gateway}
+    external: true
--- a/pom.xml
+++ b/pom.xml
@ -135,6 +135,11 @@
            <artifactId>openpdf</artifactId>
            <version>2.0.3</version>
        </dependency>
+        <dependency>
+            <groupId>org.apache.xmlgraphics</groupId>
+            <artifactId>fop</artifactId>
+            <version>2.6</version>
+        </dependency>
    </dependencies>
    <build>
        <plugins>
@ -205,7 +210,7 @@
                <skipITs>false</skipITs>
                <quarkus.package.type>native</quarkus.package.type>
                <quarkus.native.additional-build-args>
-                    -H:+UnlockExperimentalVMOptions
+                    --initialize-at-run-time=com.fasterxml.jackson.databind.ext.DOMDeserializer
                </quarkus.native.additional-build-args>
            </properties>
        </profile>
--- a/src/main/docker/Dockerfile.native
+++ b/src/main/docker/Dockerfile.native
@ -19,8 +19,8 @@ WORKDIR /work/
 RUN chown 1001 /work \
    && chmod "g+rwX" /work \
    && chown 1001:root /work
-COPY --chown=1001:root ffsaf/target/*-runner /work/application
-COPY --chown=1001:root ffsaf/src/main/resources/cacerts /work/cacerts
+COPY --chown=1001:root target/*-runner /work/application
+COPY --chown=1001:root src/main/resources/cacerts /work/cacerts
 RUN mkdir /work/media && chown -R 1001:root /work/media

 EXPOSE 8080