Merge branch 'main' into email

compsci-adl · Jul 9, 2024 · b99ab83 · b99ab83
2 parents 9a49680 + 138e62e
commit b99ab83
Show file tree

Hide file tree

Showing 56 changed files with 6,448 additions and 7,067 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,6 @@
+**/.env
+**/.next
+**/.vercel
+**/node_modules
+.git
+.github
diff --git a/.env.local.example b/.env.local.example
@@ -1,8 +1,13 @@
 # Clerk. See https://clerk.com
 NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=
 CLERK_SECRET_KEY=
+# DO NOT modify
+NEXT_PUBLIC_CLERK_SIGN_IN_URL=/signin
+NEXT_PUBLIC_CLERK_SIGN_UP_URL=/join
+NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=/
+NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=/
 
-# Database. Do not modify in development.
+# Database (DO NOT modify in development)
 DATABASE_URL=file:dev.sqlite
 DATABASE_AUTH_TOKEN=
 

diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
diff --git a/.github/workflows/ci-dev-pr.yml b/.github/workflows/ci-dev-pr.yml
@@ -0,0 +1,33 @@
+name: Development - Pull Request
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  lint-format:
+    name: Linting and Formatting Checks
+    uses: ./.github/workflows/lint-and-format.yml
+
+  build:
+    needs: lint-format
+    name: Build
+    runs-on: ubuntu-latest
+    environment: Development
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build Docker container
+        env:
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+          REDIS_URI: ${{ secrets.REDIS_URI }}
+          NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
+          NEXT_PUBLIC_DRIVE_LINK: ${{ secrets.NEXT_PUBLIC_DRIVE_LINK }}
+        run: |
+          docker buildx build \
+            --secret id=DATABASE_URL \
+            --secret id=REDIS_URI \
+            --secret id=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
+            --secret id=NEXT_PUBLIC_DRIVE_LINK \
+            --file=Dockerfile -t csclub-website .
diff --git a/.github/workflows/ci-dev.yml b/.github/workflows/ci-dev.yml
@@ -0,0 +1,11 @@
+name: Development
+on:
+  push:
+    branches:
+      - '**'
+      - '!main'
+
+jobs:
+  lint-format:
+    name: Linting and Formatting Checks
+    uses: ./.github/workflows/lint-and-format.yml
diff --git a/.github/workflows/lint.yml → .github/workflows/lint-and-format.yml b/.github/workflows/lint.yml → .github/workflows/lint-and-format.yml
@@ -1,21 +1,17 @@
-name: Lint
+name: Linting and Formatting Checks
 on:
-  pull_request:
-    branches:
-      - '*'
-  push:
-    branches: [main, ci]
+  workflow_call:
 
 jobs:
   es-lint:
     name: ESLint
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: pnpm/action-setup@v2
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
         with:
-          version: 8
+          version: 9
       - run: pnpm install
       - run: pnpm run lint
 
@@ -24,9 +20,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: pnpm/action-setup@v2
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
         with:
-          version: 8
+          version: 9
       - run: pnpm install
       - run: pnpm run format:check
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -0,0 +1,77 @@
+name: Production
+
+on:
+  push:
+    branches: [main]
+
+env:
+  AWS_REGION: ap-southeast-2
+
+jobs:
+  lint-format:
+    name: Linting and Formatting Checks
+    uses: ./.github/workflows/lint-and-format.yml
+
+  build:
+    needs: lint-format
+    name: Build
+    runs-on: [self-hosted, ARM64] # Since deployment is on arm64
+    environment: Production
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-session-name: ${{ secrets.AWS_ROLE_SESSION_NAME }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      # - name: Install arm64 support for Docker
+      #   run: docker run --privileged --rm tonistiigi/binfmt --install arm64
+
+      - name: Build Docker container
+        env:
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+          REDIS_URI: ${{ secrets.REDIS_URI }}
+          NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
+          NEXT_PUBLIC_DRIVE_LINK: ${{ secrets.NEXT_PUBLIC_DRIVE_LINK }}
+        run: |
+          docker buildx build \
+            --secret id=DATABASE_URL \
+            --secret id=REDIS_URI \
+            --secret id=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
+            --secret id=NEXT_PUBLIC_DRIVE_LINK \
+            --platform=linux/arm64 --file=Dockerfile -t csclub-website .
+          docker image save csclub-website | gzip > csclub-website.tar.gz
+
+      - name: Copy image and compose file to S3
+        run: |
+          aws s3 cp ./csclub-website.tar.gz s3://${{ secrets.AWS_S3_BUCKET }}/website/
+          aws s3 cp ./docker-compose.yml s3://${{ secrets.AWS_S3_BUCKET }}/website/
+
+  deploy:
+    needs: build
+    name: Deploy
+    runs-on: ubuntu-latest
+    environment: Production
+    steps:
+      - name: Deploy on EC2
+        env:
+          KEY: ${{ secrets.SSH_EC2_KEY }}
+          HOSTNAME: ${{ secrets.SSH_EC2_HOSTNAME }}
+          USER: ${{ secrets.SSH_EC2_USER }}
+        run: |
+          echo "$KEY" > private_key && chmod 600 private_key
+          ssh -v -o StrictHostKeyChecking=no -i private_key ${USER}@${HOSTNAME} '
+            cd ~/website
+            aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/website/csclub-website.tar.gz .
+            aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/website/docker-compose.yml .
+            docker load -i csclub-website.tar.gz
+            docker compose up -d
+            docker restart csclub-website
+          '
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,58 @@
+# Cache package.json
+FROM node:18-bookworm-slim AS deps
+
+WORKDIR /tmp
+
+COPY package.json ./
+
+# Build
+FROM node:18-bookworm-slim AS builder
+
+ENV PNPM_HOME="/root/.local/share/pnpm"
+ENV PATH="${PATH}:${PNPM_HOME}"
+ENV SKIP_ENV_VALIDATION=true
+
+WORKDIR /app
+
+COPY --from=deps /tmp ./
+COPY pnpm-lock.yaml ./
+
+RUN npm install -g pnpm \
+    && pnpm install
+
+COPY . .
+
+# Needed for build
+ENV NEXT_PUBLIC_CLERK_SIGN_IN_URL=/signin
+ENV NEXT_PUBLIC_CLERK_SIGN_UP_URL=/join
+ENV NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=/
+ENV NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=/
+
+RUN --mount=type=secret,id=DATABASE_URL,target=/run/secrets/DATABASE_URL \
+    --mount=type=secret,id=REDIS_URI,target=/run/secrets/REDIS_URI \
+    --mount=type=secret,id=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY,target=/run/secrets/NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
+    --mount=type=secret,id=NEXT_PUBLIC_DRIVE_LINK,target=/run/secrets/NEXT_PUBLIC_DRIVE_LINK \
+    DATABASE_URL=$(cat /run/secrets/DATABASE_URL) \
+    REDIS_URI=$(cat /run/secrets/REDIS_URI) \
+    NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$(cat /run/secrets/NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY) \
+    NEXT_PUBLIC_DRIVE_LINK=$(cat /run/secrets/NEXT_PUBLIC_DRIVE_LINK) \
+    pnpm run build
+
+# Final deployment image
+FROM node:18-bookworm-slim AS runner
+
+ENV PNPM_HOME="/root/.local/share/pnpm"
+ENV PATH="${PATH}:${PNPM_HOME}"
+ENV NODE_ENV production
+ENV NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL=/
+ENV NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL=/
+
+RUN npm install -g pnpm
+
+WORKDIR /app
+
+COPY --from=builder /app /app
+
+EXPOSE $PORT
+
+CMD [ "pnpm", "run", "start" ]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,18 @@
+services:
+  csclub-website:
+    image: csclub-website:latest
+    container_name: csclub-website
+    env_file:
+      - .env.local
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - PORT=3000
+    ports:
+      - 3000:3000
+    networks:
+      - csclub
+
+networks:
+  csclub:
+    external: true