Skip to content

Commit

Permalink
feat: gcp image and geo proxy (#281)
Browse files Browse the repository at this point in the history
* feat: gcp image and geo proxy

* fix: remove workflow config

* fix: sha

* fix: nginx config

* feat: refactor

* fix:build error

* fix:build error

* fix:build error

* feat:ci

---------

Co-authored-by: kevin-222 <[email protected]>
  • Loading branch information
CHN1807 and kevin-222 authored Jan 3, 2025
1 parent 2f85220 commit 652cd27
Show file tree
Hide file tree
Showing 151 changed files with 19,347 additions and 44,601 deletions.
17 changes: 0 additions & 17 deletions .github/workflows/build.yml

This file was deleted.

32 changes: 0 additions & 32 deletions .github/workflows/deploy-alpha.yml

This file was deleted.

100 changes: 89 additions & 11 deletions .github/workflows/deploy-prd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,96 @@ jobs:

- uses: actions/setup-node@v2
with:
node-version: '16'
node-version: '18'
- run: yarn install
- run: yarn run build

- name: Deploy
uses: reggionick/s3-deploy@v3
- name: Get short SHA
id: slug
run: echo "::set-output name=sha7::$(echo ${GITHUB_SHA} | cut -c1-7)"

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.ECR_DEPLOYER_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.ECR_DEPLOYER_AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: sid-app
IMAGE_TAG_0: ${{ github.sha }}
IMAGE_TAG_1: sha-${{ steps.slug.outputs.sha7 }}
run: |
docker build --build-arg LICENSE_KEY=${{ secrets.LICENSE_KEY }} -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_0 -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_1 .
docker push $ECR_REGISTRY/$ECR_REPOSITORY --all-tags
- id: auth
name: 'GCP Auth'
uses: 'google-github-actions/auth@v1'
with:
token_format: 'access_token'
credentials_json: ${{ secrets.GCS_INTERNAL_ARTIFACTS_SA_JSON }}

- name: Login to Artifact Registry
uses: docker/login-action@v2
with:
registry: us-west1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Build, tag, and push image to GCP Artifact Repository
env:
GAR_REGISTRY: us-west1-docker.pkg.dev/spaceid-internal-artifacts/spaceid-app
GAR_REPOSITORY: sid-app
IMAGE_TAG_0: ${{ github.sha }}
IMAGE_TAG_1: sha-${{ steps.slug.outputs.sha7 }}
run: |
docker build --build-arg LICENSE_KEY=${{ secrets.LICENSE_KEY }} -f Dockerfile -t $GAR_REGISTRY/$GAR_REPOSITORY:$IMAGE_TAG_0 -t $GAR_REGISTRY/$GAR_REPOSITORY:$IMAGE_TAG_1 .
docker push $GAR_REGISTRY/$GAR_REPOSITORY --all-tags
deploy:
name: Deploy with GitOps
runs-on: ubuntu-latest
needs: build-and-deploy
env:
GITOPS_REPO: Space-ID/spaceid-infra-bootstrap

steps:
- name: Get short SHA
id: slug
run: echo "::set-output name=sha7::$(echo ${GITHUB_SHA} | cut -c1-7)"

- name: Checkout Gitops code
# https://github.com/actions/checkout/issues/417
uses: actions/[email protected]
with:
repository: ${{ env.GITOPS_REPO }}
fetch-depth: 1 # use 0 if later pushing to different branch
token: ${{ secrets.INFRA_GITOPS }}

- name: Update prd image tag - Mainnet
uses: docker://ryanlime/kyriosctl:latest
with:
args: gitops updateTag -t sha-${{ steps.slug.outputs.sha7 }} -d app/prd/sid-app

- name: Commit files - Mainnet
run: |
git config --local user.email "[email protected]"
git config --local user.name "SpaceID Bot"
git commit -a -m "[release][prd][sid-app] ${{ steps.slug.outputs.sha7 }}" -m "https://github.com/${{ github.repository }}/commit/${{ github.sha }}"
- name: Push changes
uses: ad-m/github-push-action@master
with:
folder: 'build'
bucket: 'prd-app-space-id'
bucket-region: 'us-west-2'
dist-id: 'E2WEVVPV40MG9V'
invalidation: /
delete-removed: true
no-cache: false
private: true
repository: ${{ env.GITOPS_REPO }}
branch: main
github_token: ${{ secrets.INFRA_GITOPS }}
40 changes: 0 additions & 40 deletions .github/workflows/deploy-stg.yml

This file was deleted.

74 changes: 74 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# Use an official Nginx image as a parent image
FROM debian:bullseye-slim
#WORKDIR /app

RUN apt-get update && apt-get install -y wget curl git build-essential autoconf libtool libpcre3 libpcre3-dev libssl-dev zlib1g-dev gettext-base

# Install C library for reading MaxMind DB files
RUN apt-get install -y libmaxminddb0 libmaxminddb-dev mmdb-bin

# Install nginx
ENV nginx_version 1.21.1
RUN curl http://nginx.org/download/nginx-$nginx_version.tar.gz | tar xz
RUN git clone https://github.com/leev/ngx_http_geoip2_module.git
WORKDIR /nginx-$nginx_version

ARG LICENSE_KEY

# Download and set up the GeoIP database
RUN mkdir -p /etc/geoip
RUN wget -O city.tar.gz "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${LICENSE_KEY}&suffix=tar.gz"
RUN tar -xvzf city.tar.gz
RUN mv GeoLite2-City_*/GeoLite2-City.mmdb /etc/geoip/
RUN rm -rf GeoLite2-City*
RUN wget -O country.tar.gz "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${LICENSE_KEY}&suffix=tar.gz"
RUN tar -xvzf country.tar.gz
RUN mv GeoLite2-Country_*/GeoLite2-Country.mmdb /etc/geoip/
RUN rm -rf GeoLite2-Country*

# Compile nginx
RUN ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-threads \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-z,relro -Wl,--as-needed' \
--add-dynamic-module=../ngx_http_geoip2_module
RUN make
RUN make install

RUN adduser --system --no-create-home --shell /bin/false --group nginx
RUN mkdir -p /var/cache/nginx/client_temp
RUN mkdir -p /var/cache/nginx/proxy_temp
RUN mkdir -p /var/cache/nginx/fastcgi_temp
RUN mkdir -p /var/cache/nginx/uwsgi_temp
RUN mkdir -p /var/cache/nginx/scgi_temp
RUN mkdir /app

COPY ./nginx.conf /etc/nginx/
COPY ./default.conf /etc/nginx/conf.d/default.conf
COPY ./build /app/

# Expose ports
EXPOSE 8080
ENV PORT 8080

# Start Nginx when the container launches
CMD nginx -g 'daemon off;'
72 changes: 72 additions & 0 deletions default.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
server {
listen 8080;
server_name localhost *.space.id *.stg.space.id;

#access_log /var/log/nginx/host.access.log main;

location /api/health/alive {
return 200 '{"status":"success","result":"ok"}';
}

location /api/health/ready {
return 200 '{"status":"success","result":"ok"}';
}

# Country-wide blocking
# China, North Korea, Iran, Syria, Cuba
if ($geoip2_data_country_code ~ (KP|IR|SY|CU|CN)) {
rewrite ^ /unsupportedregion;
}

# City-wide blocking
# Crimea (703883), Sevastopol (694423), Luhansk (702657) and Donetsk (12189531)
if ($geoip2_data_city_geoname_id ~ (703883|694423|702657|12189531)) {
rewrite ^ /unsupportedregion;
}

location /unsupportedregion {
internal;
default_type text/html;
return 200 '<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>SPACE ID</title><link href="https://fonts.googleapis.com/css?family=Plus Jakarta Sans" rel="stylesheet"><style>body{background:#000;font-family:"Plus Jakarta Sans",serif;text-align:center}.error{position:absolute;top:50%;left:50%;display:flex;width:80vw;flex-direction:column;align-items:center;transform:translate(-50%,-50%)}@media (width:768px){.error{width:100vw}.t1{font-size:24px}.t2{font-size:14px}}.t1{font-size:24px;font-weight:700;color:#becfcd;margin:24px 0 12px 0}.t2{font-size:14px;color:#8a9b9e;margin:0}</style></head><body><div class="error"><svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M40.0002 76.6666C60.2506 76.6666 76.6668 60.2504 76.6668 40C76.6668 19.7495 60.2506 3.33331 40.0002 3.33331C19.7497 3.33331 3.3335 19.7495 3.3335 40C3.3335 60.2504 19.7497 76.6666 40.0002 76.6666ZM40.0002 20C38.1592 20 36.6668 21.4924 36.6668 23.3333V43.3333C36.6668 45.1743 38.1592 46.6666 40.0002 46.6666C41.8411 46.6666 43.3335 45.1743 43.3335 43.3333V23.3333C43.3335 21.4924 41.8411 20 40.0002 20ZM40.0002 51.6666C37.699 51.6666 35.8335 53.5321 35.8335 55.8333C35.8335 58.1345 37.699 60 40.0002 60C42.3013 60 44.1668 58.1345 44.1668 55.8333C44.1668 53.5321 42.3013 51.6666 40.0002 51.6666Z" fill="white"/></svg><p class="t1">Region not supported</p><p class="t2">Unfortunately, we are not currently supporting your region or country.</p></div></body></html>';
}

root /app/;

index index.html;

location / {
try_files $uri $uri/ =404;
}

# error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/share/nginx/html;
# }

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Loading

0 comments on commit 652cd27

Please sign in to comment.