Skip to content

Commit

Permalink
Merge pull request #1454 from openworld-community/feature/1142-fronte…
Browse files Browse the repository at this point in the history 
…nd_build_optimization

Add workflows and new docker-compose files for prod and demo environm…
  • Loading branch information
@il12
il12 authored Nov 4, 2024
2 parents 9a7d7e9 + 0d67a47 commit 8d477ac
Show file tree
Hide file tree
Showing 5 changed files with 430 additions and 2 deletions.
96 changes: 96 additions & 0 deletions .github/workflows/build-and-push-demo.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: Build docker images and push to GHCR

on:
workflow_dispatch:
push:
branches:
- demo

concurrency: build-and-deploy

permissions:
contents: read
packages: write

env:
env_var: ${{ vars.ENV_CONTEXT_VAR }}
REGISTRY: ghcr.io
TAG_NAME: demo
FRONTEND_CACHE_IMAGE_NAME: frontend_buildcache
BACKEND_CACHE_IMAGE_NAME: backend_buildcache

jobs:
build-and-push:
name: Build demo image and push it to registry
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Export lowercase image names
shell: bash
run: |
: "${{ env.REGISTRY }}/${{ github.repository }}_frontend:demo"
echo "FRONTEND_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
: "${{ env.REGISTRY }}/${{ github.repository }}_backend:demo"
echo "BACKEND_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.FRONTEND_CACHE_IMAGE_NAME }}:demo"
echo "FRONTEND_CACHE_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.BACKEND_CACHE_IMAGE_NAME }}:demo"
echo "BACKEND_CACHE_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2

- name: Build and push frontend docker image
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./
file: ./frontend/Dockerfile
tags: "${{ env.FRONTEND_IMAGE_TAG }}"
push: true
cache-from: type=registry,ref=${{ env.FRONTEND_CACHE_IMAGE_TAG }}
cache-to: type=registry,ref=${{ env.FRONTEND_CACHE_IMAGE_TAG }},mode=max

- name: Build and push backend docker image
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./
file: ./backend/Dockerfile
tags: "${{ env.BACKEND_IMAGE_TAG }}"
push: true
cache-from: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }}
cache-to: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }},mode=max

deploy-demo:
name: Connect to server, pull latest demo images and deploy it
needs: build-and-push
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: install ssh keys
# check this thread to understand why its needed:
# https://stackoverflow.com/a/70447517
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: connect and pull
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ vars.DEMO_DIR }} && git checkout ${{ vars.DEMO_BRANCH }} && git pull"
- name: connect and update traefik
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ vars.DEMO_DIR }} && docker compose --compatibility -p ows-events -f docker-compose.traefik.yml up -d --build && exit"
- name: connect and services
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin && export NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID=${{ secrets.DEMO_GOOGLE_OAUTH_KEY }} && export PEREDELANOCONF_GOOGLEDOC=${{ secrets.PEREDELANOCONF_GOOGLEDOC_ID }} && export GITHUB_PARSING_TOKEN=${{ secrets.PARSING_TOKEN }} && export SECRET_KEY=${{ secrets.BACKEND_SECRET_KEY }} && export NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME=${{ vars.DEMO_AUTH_TELEGRAM_BOT_NAME }} && cd ${{ vars.DEMO_DIR }} && docker compose --compatibility -p ows-events_demo -f docker-compose.demo.new.yml up --pull always -d --force-recreate && exit"
- name: cleanup
run: rm -rf ~/.ssh

96 changes: 96 additions & 0 deletions .github/workflows/build-and-push-prod.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: Build docker images and push to GHCR

on:
workflow_dispatch:
push:
branches:
- prod

concurrency: build-and-deploy

permissions:
contents: read
packages: write

env:
env_var: ${{ vars.ENV_CONTEXT_VAR }}
REGISTRY: ghcr.io
TAG_NAME: prod
FRONTEND_CACHE_IMAGE_NAME: frontend_buildcache
BACKEND_CACHE_IMAGE_NAME: backend_buildcache

jobs:
build-and-push:
name: Build prod image and push it to registry
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Export lowercase image names
shell: bash
run: |
: "${{ env.REGISTRY }}/${{ github.repository }}_frontend:prod"
echo "FRONTEND_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
: "${{ env.REGISTRY }}/${{ github.repository }}_backend:prod"
echo "BACKEND_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.FRONTEND_CACHE_IMAGE_NAME }}:prod"
echo "FRONTEND_CACHE_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.BACKEND_CACHE_IMAGE_NAME }}:prod"
echo "BACKEND_CACHE_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2

- name: Build and push frontend docker image
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./
file: ./frontend/Dockerfile
tags: "${{ env.FRONTEND_IMAGE_TAG }}"
push: true
cache-from: type=registry,ref=${{ env.FRONTEND_CACHE_IMAGE_TAG }}
cache-to: type=registry,ref=${{ env.FRONTEND_CACHE_IMAGE_TAG }},mode=max

- name: Build and push backend docker image
uses: docker/build-push-action@v3
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./
file: ./backend/Dockerfile
tags: "${{ env.BACKEND_IMAGE_TAG }}"
push: true
cache-from: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }}
cache-to: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }},mode=max

deploy-prod:
name: Connect to server, pull latest prod images and deploy it
needs: build-and-push
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: install ssh keys
# check this thread to understand why its needed:
# https://stackoverflow.com/a/70447517
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: connect and pull
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ vars.PROD_DIR }} && git checkout ${{ vars.PROD_BRANCH }} && git pull"
- name: connect and update traefik
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ vars.PROD_DIR }} && docker compose --compatibility -p ows-events -f docker-compose.traefik.yml up -d --build && exit"
- name: connect and services
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin && export NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID=${{ secrets.PROD_GOOGLE_OAUTH_KEY }} && export PEREDELANOCONF_GOOGLEDOC=${{ secrets.PEREDELANOCONF_GOOGLEDOC_ID }} && export NUXT_PUBLIC_GTAG_ID=${{ secrets.PROD_GTAG_ID }} && export GITHUB_PARSING_TOKEN=${{ secrets.PARSING_TOKEN }} && export SECRET_KEY=${{ secrets.BACKEND_SECRET_KEY }} && export NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME=${{ vars.PROD_AUTH_TELEGRAM_BOT_NAME }} && cd ${{ vars.PROD_DIR }} && docker compose --compatibility -p ows-events_prod -f docker-compose.prod.new.yml up --pull always -d --force-recreate && exit"
- name: cleanup
run: rm -rf ~/.ssh

4 changes: 2 additions & 2 deletions .github/workflows/build-and-push-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ env:

jobs:
build-and-push:
name: Build image and push it to registry
name: Build test image and push it to registry
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -73,7 +73,7 @@ jobs:
cache-to: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }},mode=max

deploy-test:
name: Connect to server, pull latest image and deploy it
name: Connect to server, pull latest test images and deploy it
needs: build-and-push
runs-on: ubuntu-latest
timeout-minutes: 10
Expand Down
118 changes: 118 additions & 0 deletions docker-compose.demo.new.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
version: '3.7'

x-logging: &default-logging
driver: json-file
options:
max-size: '10m'
max-file: '5'

networks:
traefikpublic:
external:
name: ows-events_traefikpublic

services:
frontend:
image: ghcr.io/openworld-community/ows-events_frontend:demo
logging: *default-logging
restart: always
labels:
- 'traefik.enable=true'
- 'traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https'
- 'traefik.http.middlewares.compressor.compress=true'
- 'traefik.http.middlewares.redirect-https.redirectscheme.scheme=https'
- 'traefik.http.routers.demo_frontend_https.rule=Host(`demo.afisha.peredelano.com`)'
- 'traefik.http.routers.demo_frontend_https.middlewares=sslheader@docker'
- 'traefik.http.routers.demo_frontend_https.middlewares=compressor@docker'
- 'traefik.http.routers.demo_frontend_https.entrypoints=http, https'
- 'traefik.http.routers.demo_frontend_https.tls.certresolver=myresolver'
- 'traefik.http.routers.demo_frontend_http.rule=Host(`demo.afisha.peredelano.com`)'
- 'traefik.http.routers.demo_frontend_http.middlewares=redirect-to-https@docker'
- 'traefik.http.routers.demo_frontend_http.entrypoints=http'
networks:
- traefikpublic
ports:
- '3001:3000'
environment:
- NUXT_PUBLIC_API_URL=https://api-test.afisha.peredelano.com/api
- NUXT_PUBLIC_BASE_URL=https://api-test.afisha.peredelano.com
- NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME
- NUXT_PUBLIC_DOMAIN=test.afisha.peredelano.com
- NUXT_PUBLIC_GTAG_ID
- NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
deploy:
resources:
limits:
cpus: '0.22'
memory: 300M
reservations:
cpus: '0.1'
memory: 150M

backend:
image: ghcr.io/openworld-community/ows-events_backend:demo
logging: *default-logging
restart: always
depends_on:
- mongo
links:
- mongo
labels:
- 'traefik.enable=true'
- 'traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https'
- 'traefik.http.middlewares.redirect-https.redirectscheme.scheme=https'
- 'traefik.http.routers.demo_backend_https.rule=Host(`api-demo.afisha.peredelano.com`)'
- 'traefik.http.routers.demo_backend_https.middlewares=sslheader@docker'
- 'traefik.http.routers.demo_backend_https.entrypoints=http, https'
- 'traefik.http.routers.demo_backend_https.tls.certresolver=myresolver'
- 'traefik.http.routers.demo_backend_http.rule=Host(`api-demo.afisha.peredelano.com`)'
- 'traefik.http.routers.demo_backend_http.middlewares=redirect-https@docker'
- 'traefik.http.routers.demo_backend_http.entrypoints=http'
environment:
- MODE=prod
- MONGO_URI=mongodb://mongo:27017/demo
- FRONTEND_URL=https://demo.afisha.peredelano.com
- SECRET_KEY
- LOCALIZATION_API_KEY
- GITHUB_PARSING_TOKEN
- PEREDELANOCONF_GOOGLEDOC
- NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
- GA_API_SECRET
- GA_MEASUREMENT_ID
networks:
- traefikpublic
ports:
- '7081:7080'
volumes:
- /root/ows-events_demo/assets/img:/app/assets/img
deploy:
resources:
limits:
cpus: '0.22'
memory: 300M
reservations:
cpus: '0.1'
memory: 150M

mongo:
image: mongo:6.0
restart: unless-stopped
command: ['--bind_ip_all']
ports:
- '127.0.0.1:27001:27017'
networks:
- traefikpublic
healthcheck:
test: test $$(echo "rs.initiate().ok || rs.status().ok" | mongo --quiet) -eq 1
interval: 10s
start_period: 30s
volumes:
- /root/db/demo:/data/db
deploy:
resources:
limits:
cpus: '0.4'
memory: 400M
reservations:
cpus: '0.2'
memory: 200M
Loading

0 comments on commit 8d477ac

Please sign in to comment.