From 07a86eb765f59a8859cb341d0a53295e3b2b5de6 Mon Sep 17 00:00:00 2001 From: skeris Date: Fri, 28 Feb 2025 00:05:42 +0300 Subject: [PATCH] ci prod deployment --- .gitea/workflows/deployProd.yml | 26 +++++++++++++++++++ .gitea/workflows/deployStaging.yml | 26 +++++++++++++++++++ .gitea/workflows/lint.yml | 14 ++++++++++ .gitlab-ci.yml | 38 ---------------------------- Dockerfile | 12 ++------- deployments/main/docker-compose.yaml | 27 +++++++++----------- 6 files changed, 80 insertions(+), 63 deletions(-) create mode 100644 .gitea/workflows/deployProd.yml create mode 100644 .gitea/workflows/deployStaging.yml create mode 100644 .gitea/workflows/lint.yml delete mode 100644 .gitlab-ci.yml diff --git a/.gitea/workflows/deployProd.yml b/.gitea/workflows/deployProd.yml new file mode 100644 index 0000000..d2d57e8 --- /dev/null +++ b/.gitea/workflows/deployProd.yml @@ -0,0 +1,26 @@ +name: Deploy +run-name: ${{ gitea.actor }} build image and push to container registry + +on: + push: + branches: + - 'main' + +jobs: + CreateImage: + runs-on: [squizstaging] + uses: https://gitea.pena/PenaDevops/actions.git/.gitea/workflows/build-image.yml@v1.1.6-p + with: + runner: hubstaging + secrets: + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + DeployService: + runs-on: [squizprod] + needs: CreateImage + uses: https://gitea.pena/PenaDevops/actions.git/.gitea/workflows/deploy.yml@v1.1.4-p7 + with: + runner: hubprod + actionid: ${{ gitea.run_id }} + + diff --git a/.gitea/workflows/deployStaging.yml b/.gitea/workflows/deployStaging.yml new file mode 100644 index 0000000..a9c04e4 --- /dev/null +++ b/.gitea/workflows/deployStaging.yml @@ -0,0 +1,26 @@ +name: Deploy +run-name: ${{ gitea.actor }} build image and push to container registry + +on: + push: + branches: + - 'staging' + +jobs: + CreateImage: + runs-on: [hubstaging] + uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/build-image.yml@v1.1.6-p + with: + runner: hubstaging + secrets: + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + DeployService: + runs-on: [hubstaging] + needs: CreateImage + uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/deploy.yml@v1.1.4-p7 + with: + runner: hubstaging + actionid: ${{ gitea.run_id }} + + diff --git a/.gitea/workflows/lint.yml b/.gitea/workflows/lint.yml new file mode 100644 index 0000000..20e6298 --- /dev/null +++ b/.gitea/workflows/lint.yml @@ -0,0 +1,14 @@ +name: Lint +run-name: ${{ gitea.actor }} produce linting + +on: + push: + branches: + - 'dev' + +jobs: + Lint: + runs-on: [hubstaging] + uses: http://gitea.pena/PenaDevops/actions.git/.gitea/workflows/lint.yml@v1.1.0 + with: + runner: hubstaging diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 43734c2..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,38 +0,0 @@ -include: - - project: "devops/pena-continuous-integration" - file: "/templates/docker/build-template.gitlab-ci.yml" - - project: "devops/pena-continuous-integration" - file: "/templates/docker/deploy-template.gitlab-ci.yml" - -stages: - - build - - deploy - -build-app: - stage: build - extends: .build_template - rules: - - if: "$CI_COMMIT_BRANCH == $STAGING_BRANCH || $CI_COMMIT_BRANCH == $PRODUCTION_BRANCH" - script: - - docker build -t $CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH-core:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID --build-arg GITLAB_TOKEN=$GITLAB_TOKEN $CI_PROJECT_DIR - - docker push $CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH-core:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID - -deploy-staging: - stage: deploy - tags: - - staging - extends: .deploy_template - rules: - - if: "$CI_COMMIT_BRANCH == $STAGING_BRANCH" - after_script: - - docker ps -a - -deploy-prod: - stage: deploy - tags: - - prod - extends: .deploy_template - rules: - - if: "$CI_COMMIT_BRANCH == $PRODUCTION_BRANCH" - after_script: - - ls diff --git a/Dockerfile b/Dockerfile index 37a3ca9..5e73187 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,12 @@ -FROM penahub.gitlab.yandexcloud.net:5050/devops/dockerhub-backup/golang as build +FROM gitea.pena/penadevops/container-images/golang:main as build WORKDIR /app RUN apk add git COPY . . -ARG GITLAB_TOKEN -ENV GOPRIVATE=penahub.gitlab.yandexcloud.net/backend/penahub_common -RUN git config --global url."https://buildToken:glpat-axA8ttckx3aPf_xd2Dym@penahub.gitlab.yandexcloud.net/".insteadOf "https://penahub.gitlab.yandexcloud.net/" RUN go mod download RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o core -FROM penahub.gitlab.yandexcloud.net:5050/devops/dockerhub-backup/alpine as prod +FROM gitea.pena/penadevops/container-images/alpine:main as prod COPY --from=build /app/core . COPY --from=build /app/schema /schema -EXPOSE 1488 -ENV IS_PROD_LOG=false -ENV IS_PROD=false -ENV PORT=1488 -ENV PG_CRED="host=postgres port=5432 user=squiz password=Redalert2 dbname=squiz sslmode=disable" RUN apk add tzdata CMD ["/core"] diff --git a/deployments/main/docker-compose.yaml b/deployments/main/docker-compose.yaml index c011345..51162fc 100644 --- a/deployments/main/docker-compose.yaml +++ b/deployments/main/docker-compose.yaml @@ -1,28 +1,25 @@ -version: "3" services: core: - hostname: squiz-core - container_name: squiz-core - image: $CI_REGISTRY_IMAGE/main-core:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + image: gitea.pena/squiz/core/main:$GITHUB_RUN_NUMBER tty: true environment: - HUB_ADMIN_URL: 'http://10.8.0.8:59303' + HUB_ADMIN_URL: 'http://10.8.0.226:59303' IS_PROD_LOG: 'false' IS_PROD: 'false' PORT: 1488 - PUBLIC_ACCESS_SECRET_KEY: $JWT_PUBLIC_KEY - PG_CRED: 'host=10.8.0.9 port=5433 user=squiz password=Redalert2 dbname=squiz sslmode=disable' - AUTH_URL: 'http://10.6.0.9:59300/user' - PUBLIC_KEY: $PEM_PUB_USERID - PRIVATE_KEY: $PEM_PRIV_USERID + PUBLIC_ACCESS_SECRET_KEY: "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLW1tlHyKC9AG0hGpmkksET2DE\nr7ojSPemxFWAgFgcPJWQ7x3uNbsdJ3bIZFoA/FClaWKMCZmjnH9tv0bKZtY/CDhM\nZEyHpMruRSn6IKrxjtQZWy4uv/w6MzUeyBYG0OvNCiYpdvz5SkAGAUHD5ZNFqn2w\nKKFD0I2Dr59BFVSGJwIDAQAB\n-----END PUBLIC KEY-----" + PG_CRED: 'host=10.8.0.226 port=5433 user=squiz password=Redalert2 dbname=squiz sslmode=disable' + AUTH_URL: 'http://10.8.0.226:59300/user' + PUBLIC_KEY: "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAn/Q3CKvaxK4YR3N3Iy8O\nIOs218oDQIwoHpmRh3a9V+vTEqT+rY8/Dkf5cnbTMuEBFP1NYtS+pcSFF7nLlZdm\nVb6rhtjLCV0awogeWxJsXCHBOHF7Fv4iqDa85qMwl7XiVXxKo/9kH9TkPsgFsuYt\nvL4Xc1u6ogoYeVHP7ULDMxgmdLd2N9VIVphxsiGDq304NbgWFVr47/J3x3DU0bw+\nF5QdI7ScU/m4T3S0WlhFaG0hblVbH8x+8U81F9OIyJCX9tGZYb6eR3v1pnWP191L\nkpJPSlj9cPPJhl3d6bCyYzGv6k8KQClSs8lsSklPrcXl0ut3raC+oEFp2JkHQL7R\nUlwPr2ZOt9DTTs7l70gvr8FswO4/N6+t+6spce2s3lwN41BWGWHYcc9PuOHqUQTw\nJ3IQQU6NmAyZOjDiZJw7uoNG2rtCqWQRykTULZvtfxh3lMXI/qKM1em+Qo3AZnKC\nY01xhCr4ahPs9Rb4eReigTJSzq+IRSJa1+xPaR4dNm6tAgMBAAE=\n-----END PUBLIC KEY-----" + PRIVATE_KEY: "-----BEGIN RSA PRIVATE KEY-----\nMIIG4gIBAAKCAYEAn/Q3CKvaxK4YR3N3Iy8OIOs218oDQIwoHpmRh3a9V+vTEqT+\nrY8/Dkf5cnbTMuEBFP1NYtS+pcSFF7nLlZdmVb6rhtjLCV0awogeWxJsXCHBOHF7\nFv4iqDa85qMwl7XiVXxKo/9kH9TkPsgFsuYtvL4Xc1u6ogoYeVHP7ULDMxgmdLd2\nN9VIVphxsiGDq304NbgWFVr47/J3x3DU0bw+F5QdI7ScU/m4T3S0WlhFaG0hblVb\nH8x+8U81F9OIyJCX9tGZYb6eR3v1pnWP191LkpJPSlj9cPPJhl3d6bCyYzGv6k8K\nQClSs8lsSklPrcXl0ut3raC+oEFp2JkHQL7RUlwPr2ZOt9DTTs7l70gvr8FswO4/\nN6+t+6spce2s3lwN41BWGWHYcc9PuOHqUQTwJ3IQQU6NmAyZOjDiZJw7uoNG2rtC\nqWQRykTULZvtfxh3lMXI/qKM1em+Qo3AZnKCY01xhCr4ahPs9Rb4eReigTJSzq+I\nRSJa1+xPaR4dNm6tAgMBAAECggGAAWC0oqX8Tepj+iWT9qEeoYj1IXmzenhalhzj\nhIOw0NOOr1/tc6hCtkhHbUV5vzvx6vDdnEbR15KwRMqMZt71ejKYvqIaaZu8McXD\nYSxw84A07lwH3+RTfxhtmxz3u67M4sidyfjWr3GBf8rwRaC27yPCBvPY0TF+EXlz\nbYtALC3+ks3LvmJfa6OHgy3HuQ/sjoXl5swwTbzMbFLb+myBKmnTsG2LVSvW+xQ5\nw3d0LZiXC6C/lrAHveNdRTXEvVmFehKVGJEUvBde0auREyT9vyBomtB3gdePYB/F\ngpRIccgg9D1xC94t8o92v1urMLDU0gn/XgXSQ9mNPrW1RyHrG9ro6seAcrW/cWF3\nSa6OiFEbgZtDqoBKUKcKVwOt3wA/qQVuaUtrRUl/y3E1vBTQBrQqGiY3NQ9OK4kv\nXVSBmakFYCN/wASUCd85kRebF1Ddbb+b60WB1KA3kNAZn4Hd3yZEi0uiZGngrIke\n1oluLvRY8uzCQZnQbyAqpjThaMlxAoHBANxwg4wQYFPHB2tZQJ4BzLA0p1KtUEF6\nwyfxa8mLpwZXF+U3rdKWMhmT3HB2hD1yK358wDTNmoHTKxiJqkqRbTU1Yb0nNyMl\nfliKJHoGEnt+LPRarTqmUMeqEhcLjWQi/yOqBUiRXlvZCwQXIeX1FEiAGvkXWuKF\nDE0K+FNM6A5zw+aANijna1Ipc1eoW/WRgECtvq9pVzkCWl4ABRcxQ6NAjNktU0RM\nfrFKAB/YO4j4orhx8Sa8eFjdPSefWOomWQKBwQC5wdSwo+bNVqS+512kZlDM+yRa\nDCA76djvef1q1s4cbINx+m8bnaQ8JgDaUJ5hIAYfdKeXH6bgKF0EGyjhrk1QnV9n\nvUnStbFq2+vLCjyNidk2HnGrbTeWtK4eVSMGEqnzFIvlEm5tl3M3ZcyYKeLkhwU9\nMAHVRMguEGsUxQqVVKdjZQxEeedXj/SIUyxxSPPgNTcIgttObU/s3kG5JsU0iUpz\nISjeAPw/z/mjReDJRjPudxo+VnMwjtVRWqk9KHUCgcAvf0rI3ipzQro1hiinIwog\nmWfIJ7HYOgRc0ecAqUeW1SM/72xTqKso2bQww0ihGL2IZobfmcGF4aMyiU8Y/BbE\n1Ti3EgEOYKDFoRZU+IP4+enjyLn0nitfqiR1tLaFcgj5fUPgK/ph3fVCr11NeC4j\npP6q1z5s+m/5FbkF8dc6bfUy8EM7MwnrzSSeKZeO5Qf2Z7ljgFYb4YbpJCX0plfF\nkD4I+XwshjLyLliyg9voGnKtPVfRmeBwfVMU+3+kDBkCgcBLctIryPbG8mlJ7PmY\n+8HX8C3ssT4qd6oYYskuqv7ehqjBE8IrSlVZ5Om1wscBlhtGjYBAnqeOJnbZYxqw\nx7Y5hyIoJbclcY0VZSwZtRexOYtTMvxib6MDgHG0ekoWfmAvDmpf6aOWucwfdSar\nq1+wCLN1DdnAwQY5x4tmzT2mN9MhSPq5mXYAl8Tv1jCX9tSvfY3T1Cq1aSrsf73c\nMUYqN5VYu+A4g9fxJ00zJv/NYMlZE2FCbqSs1WcJezSAVb0CgcAQCIa7cSyN4wet\ni3PZ5i+0kqYUf4/ZDVPQWvNruIo66qBmD3N2UcIJFGwgQxbkMF3fR3ooV1HXOipA\nocqsZSHWowgSPPqU/Hb1pNXHIH2GFxrpXSzVzpiONzhml/Cpkjcq0jrlnN1GuXnw\ndkzVML/YGnNdfnyjtRf+ob2PND6PoWzpXQFgu+4In2PcK/7CWHLjz6GZAyaxZuWm\nHnhOumDhkdCbePfIcRfuE1pBO82RsYc1bCm6kajeHSR0KhCnozE=\n-----END RSA PRIVATE KEY-----" REDIRECT_URL: 'https://quiz.pena.digital' - KAFKA_BROKERS: 10.8.0.6:9092 + KAFKA_BROKERS: 10.8.0.226:9092 KAFKA_TOPIC: "mailnotifier" GRPC_HOST: "0.0.0.0" - TRASH_LOG_HOST: "10.8.0.15:7113" + TRASH_LOG_HOST: "10.8.0.200:7123" MODULE_LOGGER: "quiz-core-main" - CLICK_HOUSE_CRED: "clickhouse://10.8.0.15:9000/default?sslmode=disable" + CLICK_HOUSE_CRED: "clickhouse://10.8.0.200:9000/default?sslmode=disable" S3_PREFIX: "https://s3.timeweb.cloud/3c580be9-cf31f296-d055-49cf-b39e-30c7959dc17b/squizimages/" ports: - - 10.6.0.26:1488:1488 - - 10.6.0.26:9000:9000 + - 10.8.0.12:1488:1488 + - 10.8.0.12:9000:9000