Skip to content

Commit

Permalink
Merge pull request #1050 from dm3-org/feature/unifyCIforProd
Browse files Browse the repository at this point in the history 
Feature/unify c ifor prod
  • Loading branch information
@malteish
malteish authored Jun 26, 2024
2 parents 32bda9a + b050ba1 commit 79727b1
Show file tree
Hide file tree
Showing 24 changed files with 811 additions and 505 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/README
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Some notes on handling certain stuff

# Host key verification failed

Before connecting to the server from the deployment pipeline, we make sure the server's host key is in the known_hosts file. This is the command used:

`echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts`

If the server's host key changes, the pipeline will fail with the error message "Host key verification failed". To fix this, log in to the server with ssh from your local machine, and accept the new host key. Then, copy the last line from the known_hosts file on your local machine to the secret HOST_SSH_PUBLIC_KEY in the repository.

If you already logged in to the server from your local machine before, you can find the proper line to copy by running this command:

`ssh-keygen -H -F app.dm3.network`
109 changes: 72 additions & 37 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@ on:
branches:
- testing
- develop
- main

jobs:
messenger-web-deploy:
environment: ${{ github.ref == 'refs/heads/develop' && 'staging' || 'testing' }}
environment: ${{ github.ref_name == 'main' && 'prod' || (github.ref == 'develop' && 'staging' || 'testing') }}
runs-on: ubuntu-latest
env:
environment_name: ${{ github.ref == 'refs/heads/develop' && 'staging' || 'testing' }}
environment_name: ${{ github.ref_name == 'main' && 'prod' || (github.ref == 'develop' && 'staging' || 'testing') }}
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
Expand All @@ -26,6 +27,7 @@ jobs:
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV"
echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
echo "unix_now=$(date +%s)" >> "$GITHUB_ENV"
- name: Prepare SSH
run: |
mkdir ~/.ssh
Expand All @@ -34,34 +36,39 @@ jobs:
chmod 600 ./ssh-key
- name: Create .env file
env:
TARGET_HOST: ${{ secrets.HOST_DOMAIN}}
TARGET_HOST: ${{ vars.HOST_DOMAIN }}
TARGET_IP: ${{ vars.HOST_IP }}
run: |
echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ secrets.ADDR_ENS_SUBDOMAIN}}" >> ./.env.react
echo "REACT_APP_BACKEND=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=${{ secrets.DEFAULT_DELIVERY_SERVICE}}" >> ./.env.react
echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ vars.ADDR_ENS_SUBDOMAIN }}" >> ./.env.react
echo "REACT_APP_BACKEND=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react
echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=${{ vars.DEFAULT_DELIVERY_SERVICE}}" >> ./.env.react
echo "REACT_APP_DEFAULT_SERVICE=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react
echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.RPC }}" >> ./.env.react
echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react
echo "REACT_APP_USER_ENS_SUBDOMAIN=${{ secrets.USER_ENS_SUBDOMAIN}}" >> ./.env.react
echo "REACT_APP_PROFILE_BASE_URL=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react
echo "REACT_APP_RESOLVER_BACKEND=https://${{ vars.HOST_DOMAIN }}/resolver-handler" >> ./.env.react
echo "REACT_APP_USER_ENS_SUBDOMAIN=${{ vars.USER_ENS_SUBDOMAIN }}" >> ./.env.react
echo "REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY}}" >> ./.env.react
echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react
echo "REACT_APP_BUILD_TIME=${{ env.now }}" >> ./.env.react
echo "REACT_APP_ENVIRONMENT_NAME=${{ env.environment_name }}" >> ./.env.react
echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.MAINNET_PROVIDER_URL}}" >> ./.env.react
echo "REACT_APP_CHAIN_ID=${{ vars.CHAIN_ID }}" >> ./.env.react
echo "REACT_APP_GENOME_REGISTRY_ADDRESS=${{ vars.GENOME_REGISTRY_ADDRESS }}" >> ./.env.react
cat ./.env.react >> ./.env
echo "RESOLVER_ADDR=0x88c8cC822095cdE6F92c8d20311C8e7dE6A98694" >> ./.env
echo "RESOLVER_ADDR=${{ vars.ERC3668_RESOLVER_ADDRESS }}" >> ./.env
echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env
echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env
echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env
echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env
echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env
echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env
echo "RPC=${{ secrets.RPC }}" >> ./.env
echo "URL=${{ vars.HOST_DOMAIN }}" >> ./.env
echo "CERT_MAIL=${{ vars.CERT_MAIL }}" >> ./.env
echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./.env
envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/nginx.conf > ./nginx.conf
envsubst '${TARGET_HOST} ${TARGET_IP}' < ./docker/nginx.conf > ./nginx.conf
cat ./.env
- name: Prepare docker build environment
shell: bash
Expand All @@ -70,50 +77,78 @@ jobs:
cp ./.env.react packages/messenger-web/.env
docker build --progress=plain -t build -f ./docker/DockerfileBuild .
docker build --progress=plain -t base -f ./docker/DockerfileBase .
- name: Build offchain-resolver docker image
docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} -p ${{ secrets.DOCKER_HUB_PAT }}
# production images will have no special suffix -> they are the real deal
if [ $environment_name != "prod" ]; then
echo "docker_suffix=.$environment_name" >> "$GITHUB_ENV"
fi
- name: Build and publish backend docker image
shell: bash
run: |
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-offchain-resolver:latest --build-arg="PACKAGE=offchain-resolver" .
docker save -o ./dm3-offchain-resolver.tar dm3-offchain-resolver:latest
- name: Build messenger-web docker image
version=$(NODE_PATH=packages/backend node -p "require('package.json').version")
image_name=dm3-backend
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=backend" \
--tag $image_name:latest \
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} .
docker save -o ./$image_name.tar $image_name:latest
docker push --all-tags dm3org/$image_name
- name: Build and publish delivery-service docker image
shell: bash
run: |
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-messenger-web:latest --build-arg="PACKAGE=messenger-web" .
docker save -o ./dm3-messenger-web.tar dm3-messenger-web:latest
- name: Build backend docker image
version=$(NODE_PATH=packages/delivery-service node -p "require('package.json').version")
image_name=dm3-delivery-service
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=delivery-service" \
--tag $image_name:latest \
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} .
docker save -o ./$image_name.tar $image_name:latest
docker push --all-tags dm3org/$image_name
- name: Build offchain-resolver docker image
shell: bash
run: |
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-backend:latest --build-arg="PACKAGE=backend" .
docker save -o ./dm3-backend.tar dm3-backend:latest
- name: Build delivery-service docker image
version=$(NODE_PATH=packages/delivery-service node -p "require('package.json').version")
image_name=dm3-offchain-resolver
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=offchain-resolver" \
--tag $image_name:latest \
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} .
docker save -o ./$image_name.tar $image_name:latest
docker push --all-tags dm3org/$image_name
- name: Build messenger-web docker image
shell: bash
run: |
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-delivery-service:latest --build-arg="PACKAGE=delivery-service" .
docker save -o ./dm3-delivery-service.tar dm3-delivery-service:latest
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-messenger-web:latest --build-arg="PACKAGE=messenger-web" .
docker save -o ./dm3-messenger-web.tar dm3-messenger-web:latest
- name: Send files to server
run: |
ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
rm /home/app/*.tar || true"
rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./docker/staging/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3p
rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
- name: Stop docker on server
run: |
ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
cd dm3 && docker compose down && docker system prune -af"
ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\
cd dm3 && docker compose down"
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
systemctl restart docker.service"
- name: Load docker images
run: |
ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\
cd dm3 && ls |grep -E 'dm3-.*tar' | xargs --no-run-if-empty -L 1 docker load -i; \
rm dm3-*.tar || true"
- name: Configure Firewall
run: |
ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.HOST_DOMAIN}} port 80"
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
ufw allow from 172.18.0.1/16 proto tcp to ${{ vars.HOST_IP}} port 80;
ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 443;
ufw enable"
- name: Start docker on server
run: |
ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
cd dm3 && docker compose --env-file .env up -d"
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\
cd dm3 && docker compose --env-file .env up -d && docker system prune -af"
Loading

0 comments on commit 79727b1

Please sign in to comment.