Merge branch 'main' into refactor/ckeditor-migration

Tarhche · Jan 12, 2025 · e2e861f · e2e861f
2 parents c48a8dd + 8bd9466
commit e2e861f
Show file tree

Hide file tree

Showing 34 changed files with 555 additions and 236 deletions.
diff --git a/.env b/.env
@@ -28,9 +28,10 @@ NATS_URL=nats:4222
 
 ## frontend
 INTERNAL_BACKEND_BASE_URL=https://backend.tarhche.com
-NEXT_PUBLIC_FILES_BASE_URL=https://backend.tarhche.com
-NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL=https://tarhche.com
+NEXT_PUBLIC_FILES_PROTOCOL=https
+NEXT_PUBLIC_FILES_HOST=backend.tarhche.com
 
+## frontend local
 # INTERNAL_BACKEND_BASE_URL=http://app
-# NEXT_PUBLIC_FILES_BASE_URL=http://127.0.0.1:8000
-# NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL=http://127.0.0.1:3000
+# NEXT_PUBLIC_FILES_PROTOCOL=http
+# NEXT_PUBLIC_FILES_HOST=127.0.0.1
diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/docker-build/action.yaml
@@ -0,0 +1,74 @@
+name: 'Docker Build Action'
+description: 'Builds a Docker image using a specified Dockerfile and context'
+
+inputs:
+  context:
+    description: 'The Docker build context (path to the directory containing the Dockerfile)'
+    required: true
+    default: '.'
+  dockerfile:
+    description: 'The path to the Dockerfile (relative to the context)'
+    required: true
+    default: 'Dockerfile'
+  target:
+    description: 'The build target'
+    required: false
+  image-name:
+    description: 'The name of the image to build'
+    required: true
+  push:
+    description: 'Determines if the built image should be pushed'
+    required: true
+    default: 'no'
+  container-registry:
+    description: 'container registry address (example: ghcr.io)'
+    required: false
+  container-registry-username:
+    description: 'container registry username'
+    required: false
+  container-registry-password:
+    description: 'container registry password'
+    required: false
+
+runs:
+  using: 'composite'
+
+  steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      if: ${{ inputs.push == 'true' }}
+      with:
+        logout: false
+        registry: ${{ inputs.container-registry }}
+        username: ${{ inputs.container-registry-username }}
+        password: ${{ inputs.container-registry-password }}
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Extract metadata (tags, labels) for Docker image
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ${{ inputs.container-registry }}/${{ github.repository_owner }}/${{ inputs.image-name }}
+        tags: |
+          type=raw,value=latest,priority=200,enable={{is_default_branch}}
+          type=sha,enable=true,priority=100,prefix=,suffix=,format=short
+
+    - name: Build image and push (optional)
+      uses: docker/build-push-action@v6
+      with:
+        platforms: linux/amd64,linux/arm64
+        push: ${{ inputs.push == 'true' }}
+        context: ${{ inputs.context }}
+        file: ${{ inputs.dockerfile }}
+        target: ${{ inputs.target }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/backend.yaml b/.github/workflows/backend.yaml
@@ -1,8 +1,7 @@
 name: Backend CI and CD
+
 on:
   push:
-    branches:
-      - main
     paths:
       - .github/**
       - backend/**
@@ -11,10 +10,17 @@ on:
       - .github/**
       - backend/**
 
+defaults:
+  run:
+    working-directory: ./backend
+
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: backend
 
+  EC2_SSH_ADDRESS: ${{ secrets.EC2_SSH_ADDRESS }}
+  EC2_SSH_ENDPOINT: ${{ secrets.EC2_SSH_USER }}@${{ secrets.EC2_SSH_ADDRESS }}
+
 jobs:
   ci:
     runs-on: ubuntu-latest
@@ -30,24 +36,22 @@ jobs:
 
       - name: Run unit tests
         run: |
-          cd ./backend && go test ./... -v -race -cover
-
-      - name: Provide image name and version
-        run: |
-          IMAGE_ID=$(echo $REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME | tr '[A-Z]' '[a-z]')
-          IMAGE_VERSION=${{ github.sha }}
-          echo "IMAGE_ID=$IMAGE_ID" >> "$GITHUB_ENV"
-          echo "IMAGE_VERSION=$IMAGE_VERSION" >> "$GITHUB_ENV"
+          go test ./... -v -race -cover
 
       - name: Build image
-        run: |
-          cd ./backend && docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
-
-  cd:
+        uses: ./.github/actions/docker-build
+        with:
+          context: ./backend
+          dockerfile: ./backend/Dockerfile
+          image-name: ${{ env.IMAGE_NAME }}
+          target: production
+          push: false
+          container-registry: ${{ env.REGISTRY }}
+
+  build-and-push-images:
     runs-on: ubuntu-latest
 
-    # This job will be invoked only on default branch
-    if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
+    if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
 
     permissions:
       packages: write
@@ -60,33 +64,82 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Provide image name and version
-        run: |
-          IMAGE_ID=$(echo $REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME | tr '[A-Z]' '[a-z]')
-          IMAGE_VERSION=${{ github.sha }}
-          echo "IMAGE_ID=$IMAGE_ID" >> "$GITHUB_ENV"
-          echo "IMAGE_VERSION=$IMAGE_VERSION" >> "$GITHUB_ENV"
+      - name: Build and push image
+        uses: ./.github/actions/docker-build
+        with:
+          context: ./backend
+          dockerfile: ./backend/Dockerfile
+          image-name: ${{ env.IMAGE_NAME }}
+          target: production
+          push: true
+          container-registry: ${{ env.REGISTRY }}
+          container-registry-username: ${{ github.actor }}
+          container-registry-password: ${{ secrets.GITHUB_TOKEN }}
+
+  deploy:
+    runs-on: ubuntu-latest
 
-      - name: Build image
-        run: |
-          cd ./backend && docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest
+    if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
 
-      - name: Log in to registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+    needs:
+      - build-and-push-images
 
-      - name: Push image
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Deploy services
         run: |
-          docker push $IMAGE_ID:$IMAGE_VERSION
-          docker push $IMAGE_ID:latest
+          # Setup ssh key
+          echo '${{ secrets.EC2_SSH_PRIVATE_KEY }}' > ~/ec2-key.pem
+          chmod 400 ~/ec2-key.pem
 
-      - uses: actions/setup-node@v3
-        with:
-          node-version: "18"
+          mkdir -p ~/.ssh
+          ssh-keyscan -H $EC2_SSH_ADDRESS >> ~/.ssh/known_hosts
 
-      - name: deploy to production
-        env:
-          LIARA_TOKEN: ${{ secrets.LIARA_API_TOKEN }}
-          LIARA_BACKEND_APP_NAME: ${{secrets.LIARA_BACKEND_APP_NAME}}
-        run: |
-          npm i -g @liara/cli@7
-          liara deploy --image $IMAGE_ID:$IMAGE_VERSION --platform=docker --port="80" --app="$LIARA_BACKEND_APP_NAME" --api-token="$LIARA_TOKEN" --detach
+          # Ensure remote directory exists
+          ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
+            sudo mkdir -p /tmp/deployment_backend
+            sudo chown ${{ secrets.EC2_SSH_USER }}:${{ secrets.EC2_SSH_USER }} /tmp/deployment_backend
+
+          EOF
+
+          # Copy files
+          scp -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ./compose.app.yaml $EC2_SSH_ENDPOINT:/tmp/deployment_backend/ > /dev/null 2>&1
+
+          # Connect and deploy services
+          ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
+            export MONGO_USERNAME='${{ secrets.MONGO_USERNAME }}'
+            export MONGO_PASSWORD='${{ secrets.MONGO_PASSWORD }}'
+
+            export BACKEND_NATS_URL='${{ secrets.BACKEND_NATS_URL }}'
+            export BACKEND_PRIVATE_KEY='${{ secrets.BACKEND_PRIVATE_KEY }}'
+
+            export BACKEND_MONGO_HOST='mongodb'
+            export BACKEND_MONGO_PORT='27017'
+            export BACKEND_MONGO_SCHEME='mongodb'
+            export BACKEND_MONGO_DATABASE_NAME='${{ secrets.BACKEND_MONGO_DATABASE_NAME }}'
+            export BACKEND_MONGO_USERNAME='${{ secrets.MONGO_USERNAME }}'
+            export BACKEND_MONGO_PASSWORD='${{ secrets.MONGO_PASSWORD }}'
+
+            export BACKEND_MAIL_SMTP_PASSWORD='${{ secrets.BACKEND_MAIL_SMTP_PASSWORD }}'
+            export BACKEND_MAIL_SMTP_HOST='${{ secrets.BACKEND_MAIL_SMTP_HOST }}'
+            export BACKEND_MAIL_SMTP_FROM='${{ secrets.BACKEND_MAIL_SMTP_FROM }}'
+            export BACKEND_MAIL_SMTP_USERNAME='${{ secrets.BACKEND_MAIL_SMTP_USERNAME }}'
+            export BACKEND_MAIL_SMTP_PORT='${{ secrets.BACKEND_MAIL_SMTP_PORT }}'
+
+            export BACKEND_S3_ENDPOINT='${{ secrets.BACKEND_S3_ENDPOINT }}'
+            export BACKEND_S3_SECRET_KEY='${{ secrets.BACKEND_S3_SECRET_KEY }}'
+            export BACKEND_S3_ACCESS_KEY='${{ secrets.BACKEND_S3_ACCESS_KEY }}'
+            export BACKEND_S3_USE_SSL='${{ secrets.BACKEND_S3_USE_SSL }}'
+            export BACKEND_S3_BUCKET_NAME='${{ secrets.BACKEND_S3_BUCKET_NAME }}'
+
+            export APP_IMAGE='${{ secrets.APP_IMAGE }}'
+
+            # Run Docker Compose
+            cd /tmp/deployment_backend/
+
+            docker compose -f compose.app.yaml --project-name app up --pull always --detach
+
+            sudo rm -rf /tmp/deployment_backend
+          EOF