feat: ci\cd settings and multy stage build dockerfile

.gitlab-ci.yaml

@@ -0,0 +1,47 @@
+include:
+  - project: "devops/pena-continuous-integration"
+    file: "/templates/docker/build-template.gitlab-ci.yml"
+  - project: "devops/pena-continuous-integration"
+    file: "/templates/docker/clean-template.gitlab-ci.yml"
+  - project: "devops/pena-continuous-integration"
+    file: "/templates/docker/deploy-template.gitlab-ci.yml"
+stages:
+  - clean
+  - build
+  - deploy
+
+clear-old-images:
+  extends: .clean_template
+  variables:
+    STAGING_BRANCH: "main"
+    PRODUCTION_BRANCH: "main"
+  image: 
+    name: docker/compose:1.28.0
+    entrypoint: [""]
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - docker images
+  script:
+    - docker system prune -af
+
+build-app:
+  extends: .build_template
+  variables:
+    DOCKER_BUILD_PATH: "./Dockerfile"
+    STAGING_BRANCH: "main"
+    PRODUCTION_BRANCH: "main"
+  script:
+    - echo $YA_CERT > ./private.key
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
+    - |
+      /kaniko/executor --context $CI_PROJECT_DIR \
+      --cache=true --cache-repo=$CI_REGISTRY_IMAGE \
+      --dockerfile $CI_PROJECT_DIR/$DOCKER_BUILD_PATH --use-new-run --snapshotMode=redo \
+      --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID
+
+deploy-to-staging:
+  extends: .deploy_template
+  variables:
+    DEPLOY_TO: "staging"
+    BRANCH: "main"

Dockerfile

@@ -0,0 +1,15 @@
+FROM golang:alpine as build
+WORKDIR /app
+RUN apk add git
+COPY . .
+ARG GITLAB_TOKEN
+ENV GOPRIVATE=penahub.gitlab.yandexcloud.net/backend/penahub_common
+RUN git config --global url."https://forgomod:${GITLAB_TOKEN}@penahub.gitlab.yandexcloud.net/".insteadOf "https://penahub.gitlab.yandexcloud.net/"
+RUN go mod download
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app
+
+FROM scratch as prod
+COPY --from=build /app/app .
+COPY private.key .
+EXPOSE 80
+CMD ["app"]

README.md

@@ -2,11 +2,16 @@
 
 
 
-## Getting started
+## Переменные окружения
 
-To make it easy for you to get started with GitLab, here's a list of recommended next steps.
+*DOMAIN* - доменное имя используется только для определения папки, в которой лежат сертификаты для ssl
-
+*MINIO_ENDPOINT* - путь до s3 c админскими правами
-Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
+*LOG_FILE* - наверное, путь до файла, куда складывать логи, но не нашел места использования
+*MINIO_ACCESS_KEY_ID* - ключ от s3 с админскими правами
+*MINIO_SECRET_KEY* - секрет s3 с админскими правами
+*JWT_SECRET* - секретный ключ для декодирования авторизационного токена
+*YA_KEY_ID* -  ключ от s3
+*YA_SERVICE_ACC_ID* - аккаунт от s3
 
 ## Add your files
 

deployments/staging/docker-compose.yaml

@@ -0,0 +1,23 @@
+services:
+  penadisk:
+    container_name: penadisk
+    restart: unless-stopped
+    tty: true
+    hostname: penadisk
+    networks: 
+      - default
+      - backend_external
+    image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID
+    expose:
+      - 8001:80
+    environment:
+      - YA_KEY_ID=$YA_KEY_ID
+      - YA_SERVICE_ACC_ID=$YA_SERVICE_ACC_ID
+      - MINIO_ENDPOINT=$MINIO_ENDPOINT
+      - MINIO_ACCESS_KEY_ID=$MINIO_ACCESS_KEY_ID
+      - MINIO_SECRET_KEY=$MINIO_SECRET_KEY
+networks:
+  backend_external:
+    driver: bridge
+    attachable: true
+    internal: true

main.go

@@ -1,18 +1,18 @@
 package main
 
 import (
-	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+
 	"github.com/gofiber/fiber/v2"
 	mwLogger "github.com/gofiber/fiber/v2/middleware/logger"
 	"github.com/gofiber/fiber/v2/middleware/recover"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
-	"os"
-	"os/signal"
 	"penahub.gitlab.yandexcloud.net/backend/penahub_disk/api"
 	"penahub.gitlab.yandexcloud.net/backend/penahub_disk/dal"
 	"penahub.gitlab.yandexcloud.net/backend/penahub_disk/middleware"
-	"syscall"
 )
 
 type Env struct {
@@ -97,26 +97,26 @@ func main() {
 			logger.Fatal("CanNotServe", zap.Error(err))
 		}
 	}()
+	/*
+		fullCert := fmt.Sprintf("./cert/%v/fullchain.pem", opts.Domain)
+		privCert := fmt.Sprintf("./cert/%v/privkey.pem", opts.Domain)
 
-	fullCert := fmt.Sprintf("./cert/%v/fullchain.pem", opts.Domain)
+		go func() {
-	privCert := fmt.Sprintf("./cert/%v/privkey.pem", opts.Domain)
+			err := srv.ListenTLS(":443", fullCert, privCert)
-
+			if err != nil {
-	go func() {
+				logger.Fatal("CanNotServe", zap.Error(err))
-		err := srv.ListenTLS(":443", fullCert, privCert)
+			}
-		if err != nil {
+		}()
-			logger.Fatal("CanNotServe", zap.Error(err))
+	*/
-		}
-	}()
-
 	// Graceful shutdown
 	interrupt := make(chan os.Signal, 1)
 	signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM)
 	killSignal := <-interrupt
 	switch killSignal {
 	case os.Interrupt:
-		logger.Fatal("AppInterrupted")
+		logger.Info("AppInterrupted")
 	case syscall.SIGTERM:
-		logger.Fatal("AppTerminated")
+		logger.Info("AppTerminated")
 	}
 
 	err = srv.Shutdown()