From 1dc03b0c3cfe66bf06b17982d1eb8ee8c495ce57 Mon Sep 17 00:00:00 2001 From: Phoenix Isaac Pereira Date: Wed, 5 Jun 2024 17:13:38 +0930 Subject: [PATCH] feat(ci): Add Dockerfile and workflows --- .dockerignore | 3 ++ .github/workflows/ci-dev-pr.yml | 33 ++++++++++++++ .github/workflows/ci-dev.yml | 11 +++++ .github/workflows/lint.yml | 12 +---- .github/workflows/production.yml | 77 ++++++++++++++++++++++++++++++++ Dockerfile | 22 +++++++++ docker-compose.yml | 18 ++++++++ 7 files changed, 166 insertions(+), 10 deletions(-) create mode 100644 .dockerignore create mode 100644 .github/workflows/ci-dev-pr.yml create mode 100644 .github/workflows/ci-dev.yml create mode 100644 .github/workflows/production.yml create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..dd1c0b0 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +**/.env +.git +.github diff --git a/.github/workflows/ci-dev-pr.yml b/.github/workflows/ci-dev-pr.yml new file mode 100644 index 0000000..2fb1a17 --- /dev/null +++ b/.github/workflows/ci-dev-pr.yml @@ -0,0 +1,33 @@ +name: Development - Pull Request +on: + pull_request: + branches: + - '**' + +jobs: + lint-format: + name: Linting Checks + uses: ./.github/workflows/lint.yml + + build: + needs: lint-format + name: Build + runs-on: ubuntu-latest + environment: Development + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Build Docker container + env: + DATABASE_URL: ${{ secrets.DATABASE_URL }} + REDIS_URI: ${{ secrets.REDIS_URI }} + NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} + NEXT_PUBLIC_DRIVE_LINK: ${{ secrets.NEXT_PUBLIC_DRIVE_LINK }} + run: | + docker buildx build \ + --secret id=DATABASE_URL \ + --secret id=REDIS_URI \ + --secret id=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \ + --secret id=NEXT_PUBLIC_DRIVE_LINK \ + --file=Dockerfile -t csclub-website . diff --git a/.github/workflows/ci-dev.yml b/.github/workflows/ci-dev.yml new file mode 100644 index 0000000..72f3f8f --- /dev/null +++ b/.github/workflows/ci-dev.yml @@ -0,0 +1,11 @@ +name: Development +on: + push: + branches: + - '**' + - '!main' + +jobs: + lint-format: + name: Linting Checks + uses: ./.github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index db07ea8..ce9b4c1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,11 +1,6 @@ -name: Format Code - +name: Linting Checks on: - pull_request: - branches: - - '*' - push: - branches: [main] + workflow_call: jobs: black: @@ -29,6 +24,3 @@ jobs: - name: Format code with Black run: poetry run black . - - - name: Check for changes - run: git diff --exit-code diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml new file mode 100644 index 0000000..92a8c88 --- /dev/null +++ b/.github/workflows/production.yml @@ -0,0 +1,77 @@ +name: Production + +on: + push: + branches: [main] + +env: + AWS_REGION: ap-southeast-2 + +jobs: + lint-format: + name: Linting Checks + uses: ./.github/workflows/lint.yml + + build: + needs: lint-format + name: Build + runs-on: [self-hosted, ARM64] # Since deployment is on arm64 + environment: Production + permissions: + id-token: write + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + role-session-name: ${{ secrets.AWS_ROLE_SESSION_NAME }} + aws-region: ${{ env.AWS_REGION }} + + # - name: Install arm64 support for Docker + # run: docker run --privileged --rm tonistiigi/binfmt --install arm64 + + - name: Build Docker container + env: + DATABASE_URL: ${{ secrets.DATABASE_URL }} + REDIS_URI: ${{ secrets.REDIS_URI }} + NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} + NEXT_PUBLIC_DRIVE_LINK: ${{ secrets.NEXT_PUBLIC_DRIVE_LINK }} + run: | + docker buildx build \ + --secret id=DATABASE_URL \ + --secret id=REDIS_URI \ + --secret id=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \ + --secret id=NEXT_PUBLIC_DRIVE_LINK \ + --platform=linux/arm64 --file=Dockerfile -t csclub-website . + docker image save website | gzip > csclub-website.tar.gz + + - name: Copy image and compose file to S3 + run: | + aws s3 cp ./csclub-website.tar.gz s3://${{ secrets.AWS_S3_BUCKET }}/website/ + aws s3 cp ./docker-compose.yml s3://${{ secrets.AWS_S3_BUCKET }}/website/ + + deploy: + needs: build + name: Deploy + runs-on: ubuntu-latest + environment: Production + steps: + - name: Deploy on EC2 + env: + KEY: ${{ secrets.SSH_EC2_KEY }} + HOSTNAME: ${{ secrets.SSH_EC2_HOSTNAME }} + USER: ${{ secrets.SSH_EC2_USER }} + run: | + echo "$KEY" > private_key && chmod 600 private_key + ssh -v -o StrictHostKeyChecking=no -i private_key ${USER}@${HOSTNAME} ' + cd ~/website + aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/website/csclub-website.tar.gz . + aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/website/docker-compose.yml . + docker load -i csclub-website.tar.gz + docker compose up -d + docker restart csclub-website + ' diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..24efb0f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +# Base image +FROM python:3.11-slim as base + +WORKDIR /app + +# Install dependencies +COPY pyproject.toml poetry.lock ./ + +RUN pip install --upgrade pip \ + && pip install poetry \ + && poetry config virtualenvs.create false \ + && poetry install --no-dev + +# Copy the rest of the application code +COPY . . + +# Environment variables +ENV GUILD_ID=GUILD_ID +ENV BOT_TOKEN=BOT_TOKEN + +# Run the bot +CMD ["poetry", "run", "python", "src/main.py"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..0c21ec1 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,18 @@ +services: + duckbot: + image: duckbot:latest + container_name: duckbot + env_file: + - .env + environment: + - PUID=1000 + - PGID=1000 + - PORT=3000 + ports: + - 3000:3000 + networks: + - csclub + +networks: + csclub: + external: true