Merge pull request #7 from IT4Change/hetzner

Hetzner
IT4Change · Dec 4, 2024 · 94ca214 · 94ca214
2 parents e7bc308 + da24654
commit 94ca214
Show file tree

Hide file tree

Showing 10 changed files with 73 additions and 60 deletions.
diff --git a/.env b/.env
@@ -0,0 +1 @@
+OCELOT_VERSION=sha-9e68997
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,16 +1,6 @@
 name: publish
 
-on:
-  workflow_dispatch:
-    inputs:
-      ocelot_version:
-        description: Ocelot build image version
-        required: true
-        type: string
-      deploy:
-        description: Deploy to cluster
-        required: true
-        type: boolean
+on: push
 
 jobs:
   build-and-push-images:
@@ -42,19 +32,23 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Read $OCELOT_VERSION from file
+        run: cat .env >> $GITHUB_ENV
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=schedule,prefix=ocelot-${{ inputs.ocelot_version }}--branded-
-            type=semver,pattern={{version}},prefix=ocelot-${{ inputs.ocelot_version }}--branded-
-            type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ inputs.ocelot_version }}--branded-
-            type=semver,pattern={{major}},prefix=ocelot-${{ inputs.ocelot_version }}--branded-
-            type=ref,event=branch,prefix=ocelot-${{ inputs.ocelot_version }}--branded-
-            type=ref,event=pr,prefix=ocelot-${{ inputs.ocelot_version }}--branded-
-            type=sha,prefix=ocelot-${{ inputs.ocelot_version }}--branded-sha-
+            type=schedule
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+          labels: |
+            ocelot-version=${{ env.OCELOT_VERSION }}
       - name: Build and push Docker images
         id: push
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
@@ -63,13 +57,13 @@ jobs:
           context: .
           push: true
           build-args: |
-              OCELOT_VERSION=${{ inputs.ocelot_version }}
+              OCELOT_VERSION=${{ env.OCELOT_VERSION }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
   deploy-to-kubernetes:
     runs-on: ubuntu-latest
-    if: ${{ inputs.deploy }}
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
     needs: build-and-push-images
     steps:
       - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0
@@ -84,8 +78,6 @@ jobs:
           sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config
           chmod 600 ~/.kube/config
       - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2
-        env:
-          OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }}
         with:
           helmfile-args: apply
           helmfile-workdirectory: ./helmfile

diff --git a/.gitignore b/.gitignore
diff --git a/branding/assets/styles/imports/_branding.scss b/branding/assets/styles/imports/_branding.scss
@@ -97,7 +97,7 @@ a:hover.ds-menu-item-link {
   background-color: $color-tertiary;
 }
 #footer a {
-  color: $color-primary;
+  color: $color-primary-inverse;
 }
 
 .avatar-menu .profile-avatar {
@@ -120,12 +120,12 @@ a:hover.ds-menu-item-link {
 //   text-transform: none;
 // }
 
-// .ds-footer {
-//   font-family: 'Overpass', Helvetica, Arial, Lucida, sans-serif;
-//   text-transform: uppercase;
-//   font-size: 16px;
-//   font-weight: 300;
-// }
+.ds-footer {
+  // font-family: 'Overpass', Helvetica, Arial, Lucida, sans-serif;
+  // text-transform: uppercase;
+  // font-size: 16px;
+  font-weight: 600;
+}
 
 /* chips on group teaser */
 // a.group-teaser footer .ds-chip-primary {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,38 +1,44 @@
 services:
   webapp:
-    image: ghcr.io/it4change/reformer.network/webapp:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master}
+    image: ghcr.io/it4change/reformer.network/webapp
     build:
       context: .
-      dockerfile: ./docker/backend.Dockerfile
+      dockerfile: ./docker/webapp.Dockerfile
       target: branded
       args:
         OCELOT_VERSION: ${OCELOT_VERSION:-master}
     environment:
-      GRAPHQL_URI: http://backend:4000
+      HOST: 0.0.0.0
+      WEBSOCKETS_URI: ws://localhost:3000/api/graphql
+      GRAPHQL_URI: http://backend:4000/
+      MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g"
     ports:
       - 3000:3000
     depends_on:
       - backend
 
   backend:
-    image: ghcr.io/it4change/reformer.network/backend:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master}
+    image: ghcr.io/it4change/reformer.network/backend
     build:
       context: .
-      dockerfile: ./docker/webapp.Dockerfile
+      dockerfile: ./docker/backend.Dockerfile
       target: branded
       args:
         OCELOT_VERSION: ${OCELOT_VERSION:-master}
     environment:
       CLIENT_URI: http://localhost:3000
       GRAPHQL_URI: http://backend:4000
       NEO4J_URI: bolt://neo4j:7687
+      MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g"
+      JWT_SECRET: "b/&&7b78BF&fv/Vd"
+      PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78"
     ports:
       - 4000:4000
     depends_on:
       - neo4j
 
   maintenance:
-    image: ghcr.io/it4change/reformer.network/maintenance:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master}
+    image: ghcr.io/it4change/reformer.network/maintenance
     build:
       context: .
       dockerfile: ./docker/maintenance.Dockerfile
@@ -43,7 +49,7 @@ services:
       - 3001:80
 
   neo4j:
-    image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:${OCELOT_VERSION:-master}
+    image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master
     environment:
       NEO4J_AUTH: none
       NEO4J_dbms_allow__format__migration: "true"

diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl
@@ -1,6 +1,6 @@
-{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }}
-{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default "master" }}
+{{ $image_tag := env "IMAGE_TAG" | default  (exec "../scripts/image_tag.sh" (list) | trim) }}
 
-domain: staging.reformer-network.roschaefer.de
-namespace: reformer-network-staging
-image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }}
+domain: reformer-network-staging.ocelot-social.it4c.org
+namespace: reformer-network
+image_tag: {{ $image_tag }}
+github_repository: it4change/reformer.network
diff --git a/helmfile/environments/production.yaml.gotmpl b/helmfile/environments/production.yaml.gotmpl
@@ -1,3 +1,7 @@
-domain: reformer-network.roschaefer.de
-namespace: reformer-network-production
-image_tag: {{ requiredEnv "IMAGE_TAG" }}
+{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }}
+{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default  (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }}
+
+domain: reformer-network.ocelot-social.it4c.org
+namespace: reformer-network
+image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }}
+github_repository: it4change/reformer.network
diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl
@@ -9,7 +9,7 @@ environments:
 ---
 repositories:
   - name: ocelot-social
-    url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner
+    url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts?ref=hetzner
 
 releases:
   - name: reformer-ocelot
@@ -19,3 +19,11 @@ releases:
     - ./values/ocelot.yaml.gotmpl
     secrets:
       - ./secrets/ocelot.yaml
+
+  - name: ocelot-neo4j
+    namespace: {{ .StateValues.namespace }}
+    chart: ocelot-social/ocelot-neo4j
+    values:
+    - ./values/ocelot.yaml.gotmpl
+    secrets:
+      - ./secrets/ocelot.yaml
diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml
@@ -1,6 +1,5 @@
 secrets:
     acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str]
-    jwt_secret: ENC[AES256_GCM,data:KkTXkAo3Gl75ywq8ZDNQKA==,iv:nvHqdXhH5/+Ggt8CRZcq+1K25vo6cIiY4D1aoqdTpiI=,tag:eZOSl6Il1Ecl0sj/SjcvSw==,type:str]
     webapp:
         env:
             MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str]
@@ -88,8 +87,8 @@ sops:
             Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY
             pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-26T18:24:06Z"
-    mac: ENC[AES256_GCM,data:plyDU/49y+NQbHbvhRcZzLH7z+XPHzgRc3yyFPLFJBkP5DCenZkKmRxvHx9RZDqEFeaUybZedD+k3eL8xGMATEiMMip8Kb1fsczkEOnkbarKp03x+fdB8SOQi7qOUQGlamSK3wEgmBOEodV09e5zyDY54dOibRepb2+yMuB73WI=,iv:6DGvJlMk4BQPjBEtf6wrkHvc/VP+g3PpkwSQ6dIo8lQ=,tag:G9Fpp0ZmANU7C+HDRSmHpw==,type:str]
+    lastmodified: "2024-10-29T16:47:57Z"
+    mac: ENC[AES256_GCM,data:B2pL1MTivRMN0nxhcCNU4QEQYPGESDhRTeAnTStptSOehFM/cveP0RO3eQr+WVieb78I0xPBAMnqgo+u5k1WkwT4Vd+D0JgbOgAlX2RlDAYhTkeRD+XmtIKFJKeKVFo/Q4mVSit3opb4EYqfp1hy9EulVrN6VTNSVoV6MgkYjuU=,iv:lxXOa1nSYA6CxGQ9eq9NEFkInf7ksVre2jB/Vna/xdU=,tag:US/gRLMDHv2gp6v9DnAYag==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1
diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl
@@ -1,41 +1,45 @@
 domain: {{ .StateValues.domain }}
 
-cert_manager:
-  issuer: reformer-network-letsencrypt-prod
-
 cert_manager:
   issuer: {{ .Release.Name }}-letsencrypt-prod
 
 underMaintenance: false
 
 global:
   image:
+    tag: {{ .StateValues.image_tag }}
     pullPolicy: Always
 
 backend:
   image:
-    repository: ghcr.io/it4change/reformer.network/backend
-    tag: {{ .StateValues.image_tag }}
+    repository:  ghcr.io/{{ .StateValues.github_repository | lower }}/backend
   storage: "10Gi"
   env:
-    PRODUCTION_DB_CLEAN_ALLOW: "true"
+    NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687"
     PUBLIC_REGISTRATION: "true"
     INVITE_REGISTRATION: "true"
-    CATEGORIES_ACTIVE:
+    CATEGORIES_ACTIVE: "true"
 
 webapp:
   image:
-    repository: ghcr.io/it4change/reformer.network/webapp
-    tag: {{ .StateValues.image_tag }}
+    repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp
+  env:
+    PUBLIC_REGISTRATION: "true"
+    INVITE_REGISTRATION: "true"
+    CATEGORIES_ACTIVE: "true"
 
 maintenance:
   image:
-    repository: ghcr.io/it4change/reformer.network/maintenance
-    tag: {{ .StateValues.image_tag }}
+    repository: ghcr.io/{{ .StateValues.github_repository | lower }}/maintenance
 
 neo4j:
   image:
     repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j
     tag: hetzner
   storage: "5Gi"
   storageBackups: "10Gi"
+  resources:
+    requests:
+      memory: "2Gi"
+    limits:
+      memory: "4Gi"