From 1e4b4d21c509091e70781b24285096613de9f6e9 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 17:07:09 -0600 Subject: [PATCH 01/17] testing deploy --- .github/workflows/deploy.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/deploy.yaml diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 0000000..2271871 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,23 @@ +name: Deploy to Server + +on: + push: + branches: + - deploytest + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup SSH + uses: webfactory/ssh-agent@v0.5.3 + with: + ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + + - name: Deploy code via SSH + run: | + ssh deploytest@zenful.cloud "cd /home/elliott/guestbook && docker compose up -d" From f8d49256de0d18c582532658ccc1e05edf7f1be1 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 17:09:26 -0600 Subject: [PATCH 02/17] testing deploy 2 --- .github/workflows/deploy.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 2271871..8d16632 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -20,4 +20,5 @@ jobs: - name: Deploy code via SSH run: | - ssh deploytest@zenful.cloud "cd /home/elliott/guestbook && docker compose up -d" + DOCKER_HOST="ssh://deploytest@zenful.cloud" docker-compose up -d + #ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" From 6592dca3fcded00ff42895607016875513ee1042 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 17:19:39 -0600 Subject: [PATCH 03/17] add in scp --- .github/workflows/deploy.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 8d16632..13a77fe 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -18,7 +18,9 @@ jobs: with: ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + - name: Copy over the docker compose file + run: | + scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml - name: Deploy code via SSH run: | - DOCKER_HOST="ssh://deploytest@zenful.cloud" docker-compose up -d - #ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" + ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" From f92b90e09a8dac91301ce17c6004f1bba4561ac7 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 17:42:02 -0600 Subject: [PATCH 04/17] Add in the deployment --- .github/workflows/deploy.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 13a77fe..9a5ea13 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -18,6 +18,12 @@ jobs: with: ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + - name: Set up Docker Compose + run: | + # Install Docker Compose + curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose + - name: Copy over the docker compose file run: | scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml From 412d86e64a59c7b2bfd372443f7a94f4e625342a Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 17:54:34 -0600 Subject: [PATCH 05/17] More compose --- .github/workflows/deploy.yaml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 9a5ea13..1f90f7e 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -18,15 +18,24 @@ jobs: with: ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + - name: Add host + run: | + ssh-keyscan zenful.cloud > ~/.ssh/known_hosts + - name: Set up Docker Compose run: | # Install Docker Compose curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose - - name: Copy over the docker compose file + - name: Run Docker Compose run: | - scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml - - name: Deploy code via SSH - run: | - ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" + export DB_PASSWORD=${{ secrets.DB_PASSWORD }} + DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d + + # - name: Copy over the docker compose file + # run: | + # scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml + # - name: Deploy code via SSH + # run: | + # ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" From c2ef982bf0e574107a50c3436139269ccf4edd3b Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 18:19:44 -0600 Subject: [PATCH 06/17] More deploy --- .github/workflows/deploy.yaml | 2 +- compose.prod.yaml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 1f90f7e..b432662 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -30,7 +30,7 @@ jobs: - name: Run Docker Compose run: | - export DB_PASSWORD=${{ secrets.DB_PASSWORD }} + echo DB_PASSWORD=${{ secrets.DB_PASSWORD }} DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d # - name: Copy over the docker compose file diff --git a/compose.prod.yaml b/compose.prod.yaml index 0cce347..71366cc 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -60,7 +60,8 @@ services: - db-data:/var/lib/postgresql/data environment: - POSTGRES_DB=guestbook - - POSTGRES_PASSWORD_FILE=/run/secrets/db-password + #- POSTGRES_PASSWORD_FILE=/run/secrets/db-password + - POSTGRES_PASSWORD=${DB_PASSWORD} expose: - 5432 healthcheck: @@ -73,4 +74,4 @@ volumes: letsencrypt: secrets: db-password: - file: db/password.txt + environment: DB_PASSWORD From efe1dc0c029b0cf6425dc9814f6551a489cbfa4e Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 18:33:47 -0600 Subject: [PATCH 07/17] remove secret replace with env --- .github/workflows/deploy.yaml | 5 +++-- compose.prod.yaml | 6 +----- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index b432662..24d99c0 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -30,8 +30,9 @@ jobs: - name: Run Docker Compose run: | - echo DB_PASSWORD=${{ secrets.DB_PASSWORD }} - DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d + export DB_PASSWORD=${{ secrets.DB_PASSWORD }} + export DOCKER_HOST=ssh://deploytest@zenful.cloud + docker-compose -f ./compose.prod.yaml up -d # - name: Copy over the docker compose file # run: | diff --git a/compose.prod.yaml b/compose.prod.yaml index 71366cc..4e5aa41 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -34,11 +34,9 @@ services: - "traefik.http.routers.guestbook.entrypoints=websecure" - "traefik.http.routers.guestbook.tls.certresolver=myresolver" - "com.centurylinklabs.watchtower.enable=true" - secrets: - - db-password environment: - POSTGRES_HOST=db - - POSTGRES_PASSWORD_FILE=/run/secrets/db-password + - POSTGRES_PASSWORD=$DB_PASSWORD - POSTGRES_USER=postgres - POSTGRES_DB=guestbook - POSTGRES_PORT=5432 @@ -54,8 +52,6 @@ services: image: postgres restart: always user: postgres - secrets: - - db-password volumes: - db-data:/var/lib/postgresql/data environment: From d8ef610d50941ac1337de9691156cf19a808de8a Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 18:37:53 -0600 Subject: [PATCH 08/17] Rate limiting to the compose prod --- compose.prod.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/compose.prod.yaml b/compose.prod.yaml index 4e5aa41..6b45dee 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -30,9 +30,23 @@ services: image: ghcr.io/dreamsofcode-io/guestbook:prod labels: - "traefik.enable=true" - - "traefik.http.routers.guestbook.rule=Host(`zenful.cloud`)" + - "traefik.http.middlewares.guestbook-ratelimit.ratelimit.average=20" + - "traefik.http.routers.guestbook.rule=Host(`zenful.cloud`) && !Method(`POST`)" - "traefik.http.routers.guestbook.entrypoints=websecure" - "traefik.http.routers.guestbook.tls.certresolver=myresolver" + - "traefik.http.routers.guestbook.middlewares=guestbook-ratelimit" + # Define separate router for POST methods + - "traefik.http.middlewares.guestbook-ratelimit-post.ratelimit.average=1" + - "traefik.http.middlewares.guestbook-ratelimit-post.ratelimit.period=1m" + - "traefik.http.routers.guestbook-post.rule=Host(`zenful.cloud`) && Method(`POST`)" + - "traefik.http.routers.guestbook-post.middlewares=guestbook-ratelimit-post" + - "traefik.http.routers.guestbook-post.entrypoints=websecure" + - "traefik.http.routers.guestbook-post.tls.certresolver=myresolver" + # Proxy + - "traefik.http.routers.proxy.rule=Host(`proxy.dreamsofcode.io`)" + - "traefik.http.routers.proxy.entrypoints=websecure" + - "traefik.http.routers.proxy.tls.certresolver=myresolver" + # Enable watchtower - "com.centurylinklabs.watchtower.enable=true" environment: - POSTGRES_HOST=db From 11f7dc93c1dacef98be3be9fa5ad9b49cfe4e26d Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 20:11:47 -0600 Subject: [PATCH 09/17] Remove env var and replace with secret --- .github/workflows/deploy.yaml | 12 ++++-------- compose.prod.yaml | 12 ++++++++---- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 24d99c0..e4933f5 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -28,15 +28,11 @@ jobs: curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose + - name: Copy over password + run: | + ssh deploytest@zenful.cloud "echo ${{ secrets.DB_PASSWORD }}" > /home/deploytest/db-password.txt + - name: Run Docker Compose run: | - export DB_PASSWORD=${{ secrets.DB_PASSWORD }} export DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d - - # - name: Copy over the docker compose file - # run: | - # scp -o StrictHostKeyChecking=no compose.prod.yaml deploytest@zenful.cloud:guestbook/compose.yaml - # - name: Deploy code via SSH - # run: | - # ssh -o StrictHostKeyChecking=no deploytest@zenful.cloud "cd guestbook && docker compose up -d" diff --git a/compose.prod.yaml b/compose.prod.yaml index 6b45dee..54c0420 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -48,9 +48,11 @@ services: - "traefik.http.routers.proxy.tls.certresolver=myresolver" # Enable watchtower - "com.centurylinklabs.watchtower.enable=true" + secrets: + - db-password environment: - POSTGRES_HOST=db - - POSTGRES_PASSWORD=$DB_PASSWORD + - POSTGRES_PASSWORD_FILE=/run/secrets/db-password - POSTGRES_USER=postgres - POSTGRES_DB=guestbook - POSTGRES_PORT=5432 @@ -68,10 +70,12 @@ services: user: postgres volumes: - db-data:/var/lib/postgresql/data + secrets: + - db-password environment: - POSTGRES_DB=guestbook - #- POSTGRES_PASSWORD_FILE=/run/secrets/db-password - - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_PASSWORD_FILE=/run/secrets/db-password + #- POSTGRES_PASSWORD=${DB_PASSWORD} expose: - 5432 healthcheck: @@ -84,4 +88,4 @@ volumes: letsencrypt: secrets: db-password: - environment: DB_PASSWORD + file: ${DB_PASSWORD_PATH:-./db-password.txt} From 896a1747f21b3d25030d5ae43b64e532eb13bb8f Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 20:59:00 -0600 Subject: [PATCH 10/17] fix the deployments --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index e4933f5..bd6665b 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -30,7 +30,7 @@ jobs: - name: Copy over password run: | - ssh deploytest@zenful.cloud "echo ${{ secrets.DB_PASSWORD }}" > /home/deploytest/db-password.txt + ssh deploytest@zenful.cloud "echo ${{ secrets.DB_PASSWORD }} > /home/deploytest/db-password.txt" - name: Run Docker Compose run: | From 0b1e0f012e90865bfeb3b6173052a3592043186b Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 21:02:45 -0600 Subject: [PATCH 11/17] fix the deployments --- .github/workflows/deploy.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index bd6665b..b1f8997 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -34,5 +34,6 @@ jobs: - name: Run Docker Compose run: | + export DB_PASSWORD_PATH="/home/deploytest/db-password.txt" export DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d From ed045110292c854e0bf85c72b61d21dcd293282a Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 21:07:56 -0600 Subject: [PATCH 12/17] fix the deployments --- .github/workflows/deploy.yaml | 59 +++++++++++++++++++++++++++++++++++ compose.prod.yaml | 12 +------ 2 files changed, 60 insertions(+), 11 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index b1f8997..24b9760 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -5,9 +5,67 @@ on: branches: - deploytest +permissions: + packages: write + jobs: + commit-hash: + runs-on: ubuntu-latest + outputs: + commit_hash: ${{ steps.get_commit.outputs.commit_hash }} + steps: + - name: Get commit hash + id: get_commit + run: echo "::set-output name=commit_hash::$(git rev-parse HEAD)" + + build-and-test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '1.22.x' + - name: Install dependencies + run: go get . + - name: Build + run: go build -v ./... + - name: Test with the Go CLI + run: go test + + build-and-push-image: + needs: + - build-and-test + - commit-hash + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set short git commit SHA + id: vars + run: | + calculatedSha=$(git rev-parse --short ${{ github.sha }}) + echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: https://ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: true + tags: ghcr.io/dreamsofcode-io/guestbook:${{ needs.commit-hash.outputs.commit_hash }} + deploy: runs-on: ubuntu-latest + needs: build-and-push-image steps: - name: Checkout code @@ -34,6 +92,7 @@ jobs: - name: Run Docker Compose run: | + export GIT_COMMIT_HASH=${{ needs.commit-hash.outputs.commit_hash }} export DB_PASSWORD_PATH="/home/deploytest/db-password.txt" export DOCKER_HOST=ssh://deploytest@zenful.cloud docker-compose -f ./compose.prod.yaml up -d diff --git a/compose.prod.yaml b/compose.prod.yaml index 54c0420..9cfd990 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -1,13 +1,4 @@ services: - watchtower: - image: containrrr/watchtower - command: - - "--label-enable" - - "--interval" - - "30" - - "--rolling-restart" - volumes: - - /var/run/docker.sock:/var/run/docker.sock reverse-proxy: image: traefik:v3.1 command: @@ -27,7 +18,7 @@ services: - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock guestbook: - image: ghcr.io/dreamsofcode-io/guestbook:prod + image: ghcr.io/dreamsofcode-io/guestbook:${GIT_COMMIT_HASH:-prod} labels: - "traefik.enable=true" - "traefik.http.middlewares.guestbook-ratelimit.ratelimit.average=20" @@ -75,7 +66,6 @@ services: environment: - POSTGRES_DB=guestbook - POSTGRES_PASSWORD_FILE=/run/secrets/db-password - #- POSTGRES_PASSWORD=${DB_PASSWORD} expose: - 5432 healthcheck: From d20e70437ba49eea64be3353a838ca445c058529 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Mon, 11 Nov 2024 21:18:15 -0600 Subject: [PATCH 13/17] Fix commit hash --- .github/workflows/deploy.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 24b9760..79f7c81 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -14,6 +14,7 @@ jobs: outputs: commit_hash: ${{ steps.get_commit.outputs.commit_hash }} steps: + - uses: actions/checkout@v4 - name: Get commit hash id: get_commit run: echo "::set-output name=commit_hash::$(git rev-parse HEAD)" @@ -65,7 +66,9 @@ jobs: deploy: runs-on: ubuntu-latest - needs: build-and-push-image + needs: + - build-and-push-image + - commit-hash steps: - name: Checkout code From 03b4e91d074aca8cb5b741edff074e90fcce5806 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Wed, 13 Nov 2024 21:55:14 -0600 Subject: [PATCH 14/17] fix for docker stack --- compose.prod.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose.prod.yaml b/compose.prod.yaml index 9cfd990..d029a2a 100644 --- a/compose.prod.yaml +++ b/compose.prod.yaml @@ -23,6 +23,7 @@ services: - "traefik.enable=true" - "traefik.http.middlewares.guestbook-ratelimit.ratelimit.average=20" - "traefik.http.routers.guestbook.rule=Host(`zenful.cloud`) && !Method(`POST`)" + - "traefik.http.services.guestbook.loadbalancer.server.port=8080" - "traefik.http.routers.guestbook.entrypoints=websecure" - "traefik.http.routers.guestbook.tls.certresolver=myresolver" - "traefik.http.routers.guestbook.middlewares=guestbook-ratelimit" @@ -53,10 +54,9 @@ services: replicas: 3 restart: always depends_on: - db: - condition: service_healthy + - db db: - image: postgres + image: postgres:16 restart: always user: postgres volumes: @@ -78,4 +78,4 @@ volumes: letsencrypt: secrets: db-password: - file: ${DB_PASSWORD_PATH:-./db-password.txt} + external: true From 42de520b688a49f1c5ccf9b7b23881f79413ecd1 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Thu, 14 Nov 2024 22:21:18 -0600 Subject: [PATCH 15/17] Update the deploy test --- .github/workflows/deploy.yaml | 36 +++++---------- docker-stack.yaml | 87 +++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 25 deletions(-) create mode 100644 docker-stack.yaml diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 79f7c81..4a6d343 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -73,29 +73,15 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v2 - - - name: Setup SSH - uses: webfactory/ssh-agent@v0.5.3 - with: - ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} - - - name: Add host - run: | - ssh-keyscan zenful.cloud > ~/.ssh/known_hosts - - - name: Set up Docker Compose + - name: create env file run: | - # Install Docker Compose - curl -L "https://github.com/docker/compose/releases/download/v2.19.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - chmod +x /usr/local/bin/docker-compose - - - name: Copy over password - run: | - ssh deploytest@zenful.cloud "echo ${{ secrets.DB_PASSWORD }} > /home/deploytest/db-password.txt" - - - name: Run Docker Compose - run: | - export GIT_COMMIT_HASH=${{ needs.commit-hash.outputs.commit_hash }} - export DB_PASSWORD_PATH="/home/deploytest/db-password.txt" - export DOCKER_HOST=ssh://deploytest@zenful.cloud - docker-compose -f ./compose.prod.yaml up -d + echo "GIT_COMMIT_HASH=${{ github.sha }}" >> env + - name: 'Docker Stack Deploy' + uses: cssnr/stack-deploy-action@v1 + with: + name: 'guestbook' + file: 'stack.yaml' + host: zenful.cloud + user: deploy + ssh_key: ${{ secrets.DEPLOY_SSH_KEY }} + env_file: './env' diff --git a/docker-stack.yaml b/docker-stack.yaml new file mode 100644 index 0000000..34e4ce0 --- /dev/null +++ b/docker-stack.yaml @@ -0,0 +1,87 @@ +services: + reverse-proxy: + image: traefik:v3.1 + command: + - "--providers.docker" + - "--providers.docker.exposedbydefault=false" + - "--entryPoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + - "--certificatesresolvers.myresolver.acme.email=elliott@zenful.cloud" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + ports: + - mode: host + protocol: tcp + published: 80 + target: 80 + - mode: host + protocol: tcp + published: 443 + target: 443 + volumes: + - letsencrypt:/letsencrypt + - /var/run/docker.sock:/var/run/docker.sock + guestbook: + image: ghcr.io/dreamsofcode-io/guestbook:${GIT_COMMIT_HASH:-prod} + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.guestbook-ratelimit.ratelimit.average=20" + - "traefik.http.routers.guestbook.rule=Host(`zenful.cloud`) && !Method(`POST`)" + - "traefik.http.services.guestbook.loadbalancer.server.port=8080" + - "traefik.http.routers.guestbook.entrypoints=websecure" + - "traefik.http.routers.guestbook.tls.certresolver=myresolver" + - "traefik.http.routers.guestbook.middlewares=guestbook-ratelimit" + # Define separate router for POST methods + - "traefik.http.middlewares.guestbook-ratelimit-post.ratelimit.average=1" + - "traefik.http.middlewares.guestbook-ratelimit-post.ratelimit.period=1m" + - "traefik.http.routers.guestbook-post.rule=Host(`zenful.cloud`) && Method(`POST`)" + - "traefik.http.routers.guestbook-post.middlewares=guestbook-ratelimit-post" + - "traefik.http.routers.guestbook-post.entrypoints=websecure" + - "traefik.http.routers.guestbook-post.tls.certresolver=myresolver" + # Proxy + - "traefik.http.routers.proxy.rule=Host(`proxy.dreamsofcode.io`)" + - "traefik.http.routers.proxy.entrypoints=websecure" + - "traefik.http.routers.proxy.tls.certresolver=myresolver" + # Enable watchtower + - "com.centurylinklabs.watchtower.enable=true" + secrets: + - db-password + environment: + - POSTGRES_HOST=db + - POSTGRES_PASSWORD_FILE=/run/secrets/db-password + - POSTGRES_USER=postgres + - POSTGRES_DB=guestbook + - POSTGRES_PORT=5432 + - POSTGRES_SSLMODE=disable + deploy: + mode: replicated + replicas: 3 + restart: always + depends_on: + - db + db: + image: postgres:16 + restart: always + user: postgres + volumes: + - db-data:/var/lib/postgresql/data + secrets: + - db-password + environment: + - POSTGRES_DB=guestbook + - POSTGRES_PASSWORD_FILE=/run/secrets/db-password + expose: + - 5432 + healthcheck: + test: [ "CMD", "pg_isready" ] + interval: 10s + timeout: 5s + retries: 5 +volumes: + db-data: + letsencrypt: +secrets: + db-password: + external: true From ef88e2c3ce5e9d79c0a1d0f075c67c5d16e62b10 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Thu, 14 Nov 2024 22:24:20 -0600 Subject: [PATCH 16/17] Change username to deploytest --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 4a6d343..87ac9bd 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -82,6 +82,6 @@ jobs: name: 'guestbook' file: 'stack.yaml' host: zenful.cloud - user: deploy + user: deploytest ssh_key: ${{ secrets.DEPLOY_SSH_KEY }} env_file: './env' From 7c6b4a663de916d992b2752017f9b2245543e260 Mon Sep 17 00:00:00 2001 From: Elliott Minns Date: Thu, 14 Nov 2024 22:29:28 -0600 Subject: [PATCH 17/17] Update to use docker-stack.yaml --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 87ac9bd..d637216 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -80,7 +80,7 @@ jobs: uses: cssnr/stack-deploy-action@v1 with: name: 'guestbook' - file: 'stack.yaml' + file: 'docker-stack.yaml' host: zenful.cloud user: deploytest ssh_key: ${{ secrets.DEPLOY_SSH_KEY }}