From 48cdb02b8b0caa7224ac28264d298f58283d60f2 Mon Sep 17 00:00:00 2001 From: iknowright Date: Tue, 7 Mar 2023 22:29:12 +0800 Subject: [PATCH] update staging files --- .github/workflows/cd.yml | 25 +++++++++++++++----- deploy.yml | 16 ++++++------- docker-compose-staging.yml | 47 ++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 3 +-- 4 files changed, 75 insertions(+), 16 deletions(-) create mode 100644 docker-compose-staging.yml diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index de0bf5585..2364273f0 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,21 +1,33 @@ name: CD -on: [workflow_dispatch, pull_request, push] +on: + workflow_dispatch: + push: + branches: + - 'master' jobs: cd: + # the secret for pipeline only + env: + project_admins: ${{ secrets.PROJECT_ADMINS }} + if: | + github.event_name == 'push' || ( + github.event_name == 'workflow_dispatch' && + contains(fromJSON(vars.PROJECT_ADMINS), github.actor) + ) runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - - - name: Decode private key file + - name: Generate .env for staging vm from github secrets run: | echo "${{secrets.PRODUCTION_DOT_ENV_FILE}}" > .env + - name: Decode private key file for OpenSSH access over Ansible + run: | echo "${{secrets.SSH_PRIVATE_KEY}}" | base64 --decode > "private.pem" chmod 400 private.pem - - - name: Run CD playbook + - name: Run playbook for deployment uses: dawidd6/action-ansible-playbook@v2 with: playbook: deploy.yml @@ -24,6 +36,7 @@ jobs: hosts: staging: ansible_host: staging.pycon.tw - ansible_user: changchaishi + ansible_user: "${{secrets.GCE_USERNAME}}" + # secret file generated from previous step ansible_ssh_private_key_file: private.pem ansible_python_interpreter: /home/dev/.pyenv/shims/python diff --git a/deploy.yml b/deploy.yml index 1401fa704..f1cb9faed 100644 --- a/deploy.yml +++ b/deploy.yml @@ -1,25 +1,26 @@ --- -- name: Check services +- name: Deploy project to staging machine hosts: staging - # need to use become since I'm connecting using personal private key + # escalate privilege become: true - # switch user as dev become_user: dev vars: project_dir: /home/dev/web-projects/pycontw-2023-ansible tasks: - - name: Ensure that Docker for python is present (docker in pip) + - name: Dependencies check dor docker and docker-compose in remote server community.general.python_requirements_info: dependencies: - docker + - docker-compose - - name: Create a directory if it does not exist + - name: Create project directory (if not exist) ansible.builtin.file: path: "{{ project_dir }}" state: directory - - name: Copy entire project files to remote server + # Copy project files to remote server (.env is included) + - name: Copy project files to remote server ansible.posix.synchronize: src: ./ dest: "{{ project_dir }}" @@ -33,5 +34,4 @@ community.docker.docker_compose: project_src: "{{ project_dir }}" build: true - # try to build first, without up the service - state: absent + state: present diff --git a/docker-compose-staging.yml b/docker-compose-staging.yml new file mode 100644 index 000000000..11448720b --- /dev/null +++ b/docker-compose-staging.yml @@ -0,0 +1,47 @@ +version: "3.5" +services: + web: + build: . + container_name: pycontw-2023-ansible + image: pycontw-2023_web-ansible + hostname: pycontw-2023 + entrypoint: "" + command: + # Hacky script for quick demonstration purpose + - bash + - -c + - | + set -o errexit -o nounset -o pipefail + python3 manage.py compilemessages + python3 manage.py migrate + python3 manage.py collectstatic --no-input + + exec uwsgi --http-socket :8000 \ + --master \ + --hook-master-start "unix_signal:15 gracefully_kill_them_all" \ + --static-map /static=assets \ + --static-map /media=media \ + --mount /prs=pycontw2016/wsgi.py \ + --manage-script-name \ + --offload-threads 2 + restart: always + environment: + # Save us from having to type `--setting=pycontw2016.settings.production` + DJANGO_SETTINGS_MODULE: pycontw2016.settings.production.pycontw2023 + SCRIPT_NAME: /prs + SECRET_KEY: ${SECRET_KEY} + DATABASE_URL: ${DATABASE_URL} + EMAIL_URL: ${EMAIL_URL} + DSN_URL: ${DSN_URL} + GTM_TRACK_ID: ${GTM_TRACK_ID} + SLACK_WEBHOOK_URL: ${SLACK_WEBHOOK_URL} + + volumes: + - ${MEDIA_ROOT}:/usr/local/app/src/media + networks: + - network + +networks: + network: + external: true + name: network-2023 diff --git a/docker-compose.yml b/docker-compose.yml index 11448720b..7752e978e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,8 +2,7 @@ version: "3.5" services: web: build: . - container_name: pycontw-2023-ansible - image: pycontw-2023_web-ansible + container_name: pycontw-2023 hostname: pycontw-2023 entrypoint: "" command: