Sort out all deployment & images

.github/workflows/main.yml

@@ -56,26 +56,6 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-  copy-repo:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Run a one-line script
-        run: echo Hello from Octo Organization
-
-      - name: rsync deployment
-        # You may pin to the exact commit or the version.
-        # uses: Burnett01/rsync-deployments@45d84ad5f6c174f3e0ffc50e9060a9666d09c16e
-        uses: Burnett01/[email protected]
-        with:
-          switches: -avzr --delete
-          # path: src/
-          remote_path: ${{ secrets.DEPLOY_PATH }}
-          remote_host: ${{ secrets.DEPLOY_HOST }}
-          remote_port: ${{ secrets.DEPLOY_PORT }}
-          remote_user: ${{ secrets.DEPLOY_USER }}
-          remote_key: ${{ secrets.DEPLOY_KEY }}
-
   deploy:
     runs-on: ubuntu-latest
     steps:
@@ -84,9 +64,9 @@ jobs:
         env:
           NAME: "Root"
         with:
-          hosts: '[email protected] [email protected]:2222'
-          privateKey: ${{ secrets.PRIVATE_KEY }}
+          hosts: '[email protected]'
+          privateKey: ${{ secrets.CI_PRIVATE_KEY }}
           debug: false
           command: |
-            ls -lah
+            /usr/bin/systemctl start deploy-princetonpy.service
             echo "I am $NAME"

app/Dockerfile-cron.prod

@@ -42,8 +42,11 @@ RUN apt-get install -y netcat
 # create directory for the app user
 RUN mkdir -p /home/app
 
+ENV UID="${UID}:-1001"
+ENV GID="${GID}:-1001"
+
 # create the app user
-RUN groupadd -r app && useradd --no-log-init -r -g app app
+RUN groupadd -r -g $GID app && useradd app --no-log-init -r -u $UID -g $GID
 
 # create the appropriate directories
 ENV HOME=/home/app
@@ -63,12 +66,12 @@ COPY . $APP_HOME
 
 # chown all the files to the app user
 RUN mkdir -p ./static
-RUN chown -R app:app $APP_HOME
+RUN chown -R $UID:$GID $APP_HOME
 RUN mkdir -p /prod_backup
-RUN chown -R app:app /prod_backup
+RUN chown -R $UID:$GID /prod_backup
 
 # change to the app user
-USER app
+USER $UID:$GID
 
 # run entrypoint.prod.sh
 ENTRYPOINT ["/home/app/web/entrypoint-cron.prod.sh"]

app/Dockerfile.prod

@@ -42,8 +42,10 @@ RUN apt-get install -y netcat
 # create directory for the app user
 RUN mkdir -p /home/app
 
+ENV UID="${UID}:-1001"
+ENV GID="${GID}:-1001"
 # create the app user
-RUN groupadd -r -g 1001 app && useradd app --no-log-init -r -u 1001 -g 1001
+RUN groupadd -r -g $GID app && useradd app --no-log-init -r -u $UID -g $GID
 
 # create the appropriate directories
 ENV HOME=/home/app
@@ -67,10 +69,10 @@ COPY . $APP_HOME
 
 # chown all the files to the app user
 RUN mkdir -p ./static
-RUN chown -R 1001:1001 $APP_HOME
+RUN chown -R $UID:$GID $APP_HOME
 
 # change to the app user
-USER 1001:1001
+USER $UID:$GID
 
 # run entrypoint.prod.sh
 ENTRYPOINT ["/home/app/web/entrypoint.prod.sh"]

app/entrypoint-cron.prod.sh

@@ -1,3 +1,9 @@
 #!/bin/sh
 
+if [ -n "$UID" ] && [ -n "$GID" ]; then
+    usermod -u "$UID" app
+    groupmod -g "$GID" app
+    chown -R "$UID":"$GID" "$HOME"
+fi
+
 exec "$@"

app/entrypoint.prod.sh

@@ -15,4 +15,10 @@ python manage.py collectstatic -c --noinput
 python manage.py makemigrations
 python manage.py migrate
 
+if [ -n "$UID" ] && [ -n "$GID" ]; then
+    usermod -u "$UID" app
+    groupmod -g "$GID" app
+    chown -R "$UID":"$GID" "$HOME"
+fi
+
 exec "$@"

devops/install_scripts.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+install -v -m 550 -o princeton -g princeton ./scripts/pull-image.sh /usr/local/sbin/

devops/install_systemd_units.sh

@@ -3,12 +3,10 @@
 cp ./systemd/*.{service,path} /etc/systemd/system/
 
 systemctl enable deploy-caddy.{path,service}
-systemctl enable deploy-project.{path,service}
-systemctl enable project.path
+systemctl enable deploy-princetonpy.{path,service}
 systemctl enable princetonpy-cron.service
 systemctl enable princetonpy-web.service
 systemctl start deploy-caddy.{path,service}
-systemctl start deploy-project.{path,service}
-systemctl start project.path
+systemctl start deploy-princetonpy.{path,service}
 systemctl start princetonpy-cron.service
 systemctl start princetonpy-web.service

devops/scripts/pull-image.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+</home/princeton/ghtoken docker login ghcr.io --username mhadam --password-stdin
+/usr/bin/docker pull ghcr.io/pugip/princetonpy.org:release

devops/systemd/deploy-project.service → devops/systemd/deploy-princetonpy.service

@@ -6,9 +6,7 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=120
 Type=oneshot
-ExecStartPre=/usr/bin/docker compose \
-    -f /home/princetonpy/repos/princetonpy/docker-compose.prod.yml \
-    build web cron
+ExecStartPre=/usr/local/sbin/pull-image.sh
 ExecStart=/usr/bin/systemctl restart princetonpy-cron.service
 ExecStart=/usr/bin/systemctl restart princetonpy-web.service
 

devops/uninstall_systemd_units.sh

@@ -1,8 +1,7 @@
 #!/usr/bin/env bash
 
 systemctl disable deploy-caddy.{path,service}
-systemctl disable deploy-project.{path,service}
-systemctl disable project.path
+systemctl disable deploy-princetonpy.{path,service}
 systemctl disable princetonpy-cron.service
 systemctl disable princetonpy-web.service
 # rm ./systemd/deploy-caddy.{path,service}

docker-compose.prod.yml

@@ -8,14 +8,15 @@ services:
     env_file:
       - .env.prod.db
   web:
-    build:
-      context: ./app
-      dockerfile: Dockerfile.prod
+    image: ghcr.io/pugip/princetonpy.org:release
     command: hypercorn princetonpy.asgi:application --bind 0.0.0.0:8000
     volumes:
       - princetonpy_prod_backup:/prod_backup
     expose:
       - 8000
+    environment:
+      - UID=1001
+      - GID=1001
     env_file:
       - .env.prod.web
       - .env.prod.aws
@@ -29,6 +30,9 @@ services:
     volumes:
       - $PWD/app:/home/app/web
       - princetonpy_prod_backup:/prod_backup
+    environment:
+      - UID=1001
+      - GID=1001
     env_file:
       - .env.prod.web
       - .env.prod.aws