Deploy to new environments

.github/workflows/actions-gcp.yaml

@@ -0,0 +1,188 @@
+name: CI-GCP
+
+on:
+ pull_request:
+ push:
+ branches:
+ - master
+ - develop
+ - cppal-dev
+
+env:
+ DOCKER_BUILDKIT: "1"
+ DOCKER_IMAGE: "us-central1-docker.pkg.dev/boostorg-project1/website/website"
+ DOCKER_REGISTRY: "us-central1-docker.pkg.dev"
+ PROJECT_ID: boostorg-project1
+ GKE_CLUSTER: boostorg-cluster1
+ GKE_REGION: us-central1
+ GKE_ZONE: us-central1-c
+ DEPLOYMENT_NAME: boost
+ # more environment variables are set in the build step
+
+jobs:
+ test:
+ runs-on: ubuntu-latest
+
+ services:
+ postgres:
+ image: postgres:12
+ env:
+ POSTGRES_USER: postgres
+ POSTGRES_PASSWORD: postgres
+ POSTGRES_DB: postgres
+ ports: ["5432:5432"]
+ # options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
+ redis:
+ image: redis
+ ports:
+ - 6379:6379
+
+ steps:
+ - name: Git - Get Sources
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Set up Python 3.11
+ uses: actions/setup-python@v4
+ with:
+ python-version: 3.11
+
+ - uses: actions/cache@v3
+ with:
+ path: ~/.cache/pip
+ key: ${{ runner.os }}-pip-${{ hashFiles('**/base.txt') }}
+ restore-keys: |
+ ${{ runner.os }}-pip-
+ ${{ runner.os }}-
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ python -m pip install -r requirements.txt
+ sudo apt-get install -y ruby ruby-dev build-essential
+ sudo gem install asciidoctor
+ if: steps.cache.outputs.cache-hit != 'true'
+
+ - name: Test with pytest
+ env:
+ DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres"
+ SECRET_KEY: "for-testing-only"
+ REDIS_HOST: "localhost"
+ run: |
+ python -m pytest
+
+ - name: Lints with pre-commit
+ run: |
+ pre-commit run -a
+
+ build:
+ needs: [test]
+ name: Build and Publish Docker image
+ runs-on: ubuntu-latest
+ if: ( github.repository == 'cppalliance/temp-site' && github.event_name == 'push' && ( github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' )) || ( github.repository == 'sdarwin/temp-site' && github.event_name == 'push' && github.ref == 'refs/heads/cppal-dev' )
+
+ steps:
+ - name: Set environment for branches
+ run: |
+ if [[ $GITHUB_REF == 'refs/heads/master' ]]; then
+ echo "K8S_NAMESPACE=production" >> "$GITHUB_ENV"
+ echo "HELM_RELEASE_NAME=boost-production" >> "$GITHUB_ENV"
+ elif [[ $GITHUB_REF == 'refs/heads/develop' ]]; then
+ echo "K8S_NAMESPACE=stage" >> "$GITHUB_ENV"
+ echo "HELM_RELEASE_NAME=boost-stage" >> "$GITHUB_ENV"
+ elif [[ $GITHUB_REF == 'refs/heads/cppal-dev' ]]; then
+ # cppal-dev is a test branch in another fork. Doesn't need to be created in the main repo.
+ echo "K8S_NAMESPACE=cppal-dev" >> "$GITHUB_ENV"
+ echo "HELM_RELEASE_NAME=boost-cppal-dev" >> "$GITHUB_ENV"
+ fi
+
+ - name: Git - Get Sources
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Fetch Git Tags
+ run: |
+ git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true
+
+ - name: Set up Python 3.11
+ uses: actions/setup-python@v4
+ with:
+ python-version: 3.11
+
+ - name: Install Python dependencies
+ run: |
+ python -m pip install --upgrade pip
+ python -m pip install vinnie
+
+ #
+ # To avoid conflicting with the develop branch version tags,
+ # use SHORT_SHA instead.
+ #
+ # - name: Bump and Tag our version
+ # run: |
+ # git config --local user.email "[email protected]"
+ # git config --local user.name "GitHub Action"
+ # vinnie patch
+ # export VINNIE_VERSION=`vinnie version`
+ # git push --tags
+
+ - name: Set short git commit SHA
+ run: |
+ echo "SHORT_SHA=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_ENV
+
+ - name: Display SHORT_SHA tag
+ run: echo $SHORT_SHA
+ env:
+ SHORT_SHA: ${{ env.SHORT_SHA }}
+
+ - name: Login to Container Registry
+ uses: docker/login-action@v2
+ with:
+ registry: ${{ env.DOCKER_REGISTRY }}
+ username: ${{ secrets.GKE_DOCKER_REGISTRY_USERNAME }}
+ password: ${{ secrets.GKE_DOCKER_REGISTRY_PASSWORD }}
+
+ - name: Build Docker image
+ run: |
+ # TAG=`vinnie version`
+ TAG=${{ env.SHORT_SHA }}
+
+ docker build --file ./docker/Dockerfile \
+ --build-arg TAG=${TAG} \
+ --cache-from=${DOCKER_IMAGE}:latest \
+ --tag ${DOCKER_IMAGE} .
+
+ - name: Docker - Tag and Push
+ run: |
+ # TAG=`vinnie version`
+ TAG=${{ env.SHORT_SHA }}
+ docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE}:latest
+ docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE}:${TAG}
+
+ docker push ${DOCKER_IMAGE}:latest
+ docker push ${DOCKER_IMAGE}:${TAG}
+
+ - name: Deploy to cluster - google auth
+ id: 'auth'
+ uses: 'google-github-actions/auth@v1'
+ with:
+ credentials_json: '${{ secrets.GKE_SA_KEY }}'
+
+ - name: Deploy to cluster - get credentials
+ id: 'get-credentials'
+ uses: 'google-github-actions/get-gke-credentials@v1'
+ with:
+ cluster_name: ${{ env.GKE_CLUSTER }}
+ location: ${{ env.GKE_REGION }}
+
+ - name: Deploy to cluster - helm
+ run: |-
+ set -xe
+ TAG=${{ env.SHORT_SHA }}
+ cd kube/boost
+ helm upgrade --install --create-namespace -n ${{ env.K8S_NAMESPACE }} -f values-${{ env.K8S_NAMESPACE }}-gke.yaml --timeout=3600s --set=Image=${DOCKER_IMAGE} --set=ImageTag="${TAG}" ${{ env.HELM_RELEASE_NAME }} .
+ kubectl rollout status deployment/$DEPLOYMENT_NAME -n ${{ env.K8S_NAMESPACE }}
+ kubectl get services -o wide -n ${{ env.K8S_NAMESPACE }}

.github/workflows/actions.yml

@@ -71,7 +71,7 @@ jobs:
  needs: [test]
  name: Build and Publish Docker image
  runs-on: ubuntu-latest
- if: github.event_name == 'push' && github.ref == 'refs/heads/develop'
+ if: github.event_name == 'push' && github.ref == 'refs/heads/develop' && github.repository == 'cppalliance/temp-site'
 
  steps:
  - name: Git - Get Sources

config/settings.py

@@ -103,12 +103,10 @@
 AUTH_USER_MODEL = "users.User"
 CSRF_COOKIE_HTTPONLY = True
 # See https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
-CSRF_TRUSTED_ORIGINS = [
- "http://0.0.0.0",
- "http://localhost",
- "https://boost.revsys.dev",
- "https://www.boost.revsys.dev",
-]
+csrf_trusted_origins = env.list(
+ "CSRF_TRUSTED_ORIGINS", default="http://0.0.0.0, http://localhost"
+)
+CSRF_TRUSTED_ORIGINS = [el.strip() for el in csrf_trusted_origins]
 
 MIDDLEWARE = [
  "tracer.middleware.RequestID",

kube/boost/templates/celery.yaml

@@ -0,0 +1,82 @@
+{{- if .Values.celeryInstall }}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: celery-worker
+ labels:
+ app: celery-worker
+ env: {{.Values.deploymentEnvironment}}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: celery-worker
+ env: {{.Values.deploymentEnvironment}}
+ template:
+ metadata:
+ labels:
+ app: celery-worker
+ env: {{.Values.deploymentEnvironment}}
+ imageTag: {{.Values.ImageTag}}
+ spec:
+ imagePullSecrets:
+ - name: revsys-docker-registry
+ containers:
+ -
+ name: celery-worker
+ image: {{.Values.Image}}:{{.Values.ImageTag}}
+ command: ["celery", "-A", "config", "worker", "--concurrency=5", "--loglevel=debug"]
+ resources:
+ limits:
+ cpu: 250m
+ ephemeral-storage: 1Gi
+ memory: 1Gi
+ requests:
+ cpu: 250m
+ ephemeral-storage: 1Gi
+ memory: 1Gi
+ env:
+{{ toYaml .Values.Env | indent 12 }}
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: celery-beat
+ labels:
+ app: celery-beat
+ env: {{.Values.deploymentEnvironment}}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: celery-beat
+ env: {{.Values.deploymentEnvironment}}
+ template:
+ metadata:
+ labels:
+ app: celery-beat
+ env: {{.Values.deploymentEnvironment}}
+ imageTag: {{.Values.ImageTag}}
+ spec:
+ imagePullSecrets:
+ - name: revsys-docker-registry
+ containers:
+ -
+ name: celery-beat
+ image: {{.Values.Image}}:{{.Values.ImageTag}}
+ command: ["celery", "-A", "config", "beat", "--loglevel=debug"]
+ resources:
+ limits:
+ cpu: 250m
+ ephemeral-storage: 1Gi
+ memory: 512Mi
+ requests:
+ cpu: 250m
+ ephemeral-storage: 1Gi
+ memory: 512Mi
+ env:
+{{ toYaml .Values.Env | indent 12 }}
+{{ end }}

kube/boost/templates/configmap-nginx.yaml

@@ -31,6 +31,11 @@ data:
 
  proxy_redirect off;
 
+ location /lbcheck {
+ return 200 'OK';
+ add_header Content-Type text/plain;
+ }
+
  location / {
  proxy_pass http://unix:/run/gunicorn.sock;
  }

kube/boost/templates/deployment.yaml

@@ -43,6 +43,10 @@ spec:
  -
  name: nginx
  image: nginx:{{ .Values.nginxImageTag }}
+ readinessProbe:
+ httpGet:
+ path: /lbcheck
+ port: 80
  volumeMounts:
  -
  name: ngx

kube/boost/templates/ingress.yaml

@@ -1,5 +1,7 @@
 # vim: ft=sls nolist
 
+{{- if eq .Values.ingressType "nginx" }}
+
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -40,3 +42,59 @@ spec:
  name: boost
  port:
  number: 80
+
+{{- else if eq .Values.ingressType "gce" }}
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: www-boost-{{.Values.deploymentEnvironment}}
+ namespace: {{ .Values.namespace }}
+ labels:
+ env: {{ .Values.deploymentEnvironment }}
+ app: boost
+ annotations:
+ # cert-manager.io/cluster-issuer: letsencrypt-staging
+ kubernetes.io/ingress.class: "gce"
+ networking.gke.io/managed-certificates: {{ .Values.managedCertName }}
+ networking.gke.io/v1beta1.FrontendConfig: frontend-{{ .Values.deploymentEnvironment }}
+ nginx.ingress.kubernetes.io/proxy-body-size:
+ {{ .Values.clientMaxBodySize|quote }}
+ kubernetes.io/ingress.global-static-ip-name: {{ .Values.ingressStaticIp }}
+spec:
+ # managed cert. see above.
+ # tls:
+ # - hosts:
+ # - www.{{.Values.publicFqdn}}
+ # - {{ .Values.publicFqdn }}
+ # secretName: www.{{.Values.publicFqdn}}-tls-staging
+ rules:
+ - host: www.{{.Values.publicFqdn}}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: boost
+ port:
+ number: 80
+ - host: {{ .Values.publicFqdn }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: boost
+ port:
+ number: 80
+---
+apiVersion: networking.gke.io/v1beta1
+kind: FrontendConfig
+metadata:
+ name: frontend-{{ .Values.deploymentEnvironment }}
+spec:
+ redirectToHttps:
+ enabled: true
+{{ end }}