From a73c5d0ecb6231770c3dbd6f8dfb9dadba5be233 Mon Sep 17 00:00:00 2001
From: Thibaut Valentin <thibaut.valentin@epita.fr>
Date: Sun, 29 Dec 2024 14:00:57 +0100
Subject: [PATCH] update: ci/cd

---
 .dockerignore                       | 10 ++---
 .gitea/workflows/deploy_in_prod.yml | 68 ++++++++++++++++++++++++++---
 docker-compose.yml                  | 67 ++++++++++++++++++++++++++++
 pom.xml                             |  7 ++-
 src/main/docker/Dockerfile.native   |  4 +-
 5 files changed, 141 insertions(+), 15 deletions(-)
 create mode 100644 docker-compose.yml

diff --git a/.dockerignore b/.dockerignore
index 94810d0..e68d6be 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,5 +1,5 @@
-*
-!target/*-runner
-!target/*-runner.jar
-!target/lib/*
-!target/quarkus-app/*
\ No newline at end of file
+postgres-data/
+ffsaf-media/
+docker-compose.yml
+ffsaf_cle_prive.jks
+prod.env
\ No newline at end of file
diff --git a/.gitea/workflows/deploy_in_prod.yml b/.gitea/workflows/deploy_in_prod.yml
index 6d2b51f..9e706ea 100644
--- a/.gitea/workflows/deploy_in_prod.yml
+++ b/.gitea/workflows/deploy_in_prod.yml
@@ -1,12 +1,19 @@
 name: Deploy Production Server
 
 # Only run the workflow when a PR is merged on main and closed
-on: [push]
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - 'master'
 
 # Here we check that the PR was correctly merged to main
 jobs:
   if_merged:
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
+
     steps:
       - uses: actions/checkout@v4
 
@@ -17,19 +24,66 @@ jobs:
           distribution: 'graalvm'
           cache: 'maven'
 
-      - name: Build site
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+          cache-dependency-path: src/main/webapp/package-lock.json
+
+      - name: Build frontend
         run: |
-          cp vite.env src/main/webapp/.env
+          echo "${{ vars.VITE_ENV }}" > src/main/webapp/.env
           cd src/main/webapp
           npm install
           npm run build
           cd ../../..
+
+      - name: Inject frontend in backend
+        run: |
           rm -rf src/main/resources/META-INF/resources
           mkdir -p src/main/resources/META-INF/
-          mv dist src/main/resources/META-INF/resources
+          mv src/main/webapp/dist src/main/resources/META-INF/resources
 
-      - name: Build application
+      - name: Build backend
         run: |
-          cp ../vite.env src/main/webapp/.env
           chmod 740 mvnw
-          ./mvnw package -Pnative -DskipTests
\ No newline at end of file
+          ./mvnw package -Pnative -DskipTests
+
+      - name: Copy runner to vps via scp
+        uses: appleboy/scp-action@v0.1.7 # Latest in date when creating the workflow
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.SSH_USER }}
+          port: ${{ secrets.SSH_PORT }}
+          key: ${{ secrets.SSH_KEY }}
+          source: "target/*-runner,src/main/resources/cacerts,src/main/docker/Dockerfile.native,docker-compose.yml,.dockerignore"
+          target: ${{ secrets.TARGET_DIR }} # Need to create it first on the VPS
+
+      - name: Re-start ffsaf container
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.SSH_USER }}
+          port: ${{ secrets.SSH_PORT }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            cd ${{ secrets.TARGET_DIR }}
+            docker stop ffsaf
+            docker rm ffsaf
+            docker compose up --build -d ffsaf
+
+      - name: Check ffsaf container
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.SSH_USER }}
+          port: ${{ secrets.SSH_PORT }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            if docker ps | grep ffsaf; then
+              echo 'Container is running'
+            else
+              echo 'Container is not running'
+              exit 1 # This mark the pipeline as failed
+            fi
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..37f8190
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,67 @@
+services:
+  ffsaf:
+    container_name: ffsaf
+    hostname: ffsaf
+    restart: always
+    build:
+      context: .
+      dockerfile: src/main/docker/Dockerfile.native
+    volumes:
+      - ${PWD}/ffsaf.properties:/work/config/application.properties
+      - ${PWD}/ffsaf_cle_prive.jks:/work/cle_prive.jks
+      - ${PWD}/ffsaf-media:/work/media
+    depends_on:
+      ffsaf-db:
+        condition: service_healthy
+        restart: true
+    networks:
+      - intra
+      - nginx
+
+  ffsaf-db:
+    image: public.ecr.aws/docker/library/postgres:17.2
+    hostname: ffsaf-db
+    container_name: ffsaf-db
+    user: postgres
+    restart: always
+    networks:
+      - pgadmin
+      - intra
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready" ]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+    volumes:
+      - ${PWD}/postgres-data:/var/lib/postgresql/data
+    env_file: prod.env
+
+#  ftpd:
+#    build:
+#      context: ./pure_ftpd
+#      dockerfile: Dockerfile2
+#    container_name: ftpd
+#    ports:
+#      - "10042:21"
+#      - "30000-30009:30000-30009"
+#    volumes:
+#      - /data/git_data:/home/data/
+#      - ${PWD}/pure_ftpd/passwd:/etc/pure-ftpd/passwd
+#      - ${PWD}/pure_ftpd/ssl:/etc/ssl/private/:ro
+#    environment:
+#      PUBLICHOST: 0.0.0.0
+#      FTP_USER_NAME: test
+#      FTP_USER_PASS: test
+#      FTP_USER_HOME: /home/data
+#      ADDED_FLAGS: --tls=1
+#    restart: no
+
+networks:
+  intra:
+    driver: bridge
+  pgadmin:
+    name: pgadmin
+    external: true
+  nginx:
+    name: ${NETWORK_NAME:-gateway}
+    external: true
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 609c526..9dd54e8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,6 +135,11 @@
             <artifactId>openpdf</artifactId>
             <version>2.0.3</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.xmlgraphics</groupId>
+            <artifactId>fop</artifactId>
+            <version>2.6</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>
@@ -205,7 +210,7 @@
                 <skipITs>false</skipITs>
                 <quarkus.package.type>native</quarkus.package.type>
                 <quarkus.native.additional-build-args>
-                    -H:+UnlockExperimentalVMOptions
+                    --initialize-at-run-time=com.fasterxml.jackson.databind.ext.DOMDeserializer
                 </quarkus.native.additional-build-args>
             </properties>
         </profile>
diff --git a/src/main/docker/Dockerfile.native b/src/main/docker/Dockerfile.native
index f30745c..06f4983 100644
--- a/src/main/docker/Dockerfile.native
+++ b/src/main/docker/Dockerfile.native
@@ -19,8 +19,8 @@ WORKDIR /work/
 RUN chown 1001 /work \
     && chmod "g+rwX" /work \
     && chown 1001:root /work
-COPY --chown=1001:root ffsaf/target/*-runner /work/application
-COPY --chown=1001:root ffsaf/src/main/resources/cacerts /work/cacerts
+COPY --chown=1001:root target/*-runner /work/application
+COPY --chown=1001:root src/main/resources/cacerts /work/cacerts
 RUN mkdir /work/media && chown -R 1001:root /work/media
 
 EXPOSE 8080