From 3667420892df697f327715901b802529caed62d1 Mon Sep 17 00:00:00 2001 From: malteish Date: Fri, 21 Jun 2024 10:04:00 +0200 Subject: [PATCH 1/5] remove duplicate nginx.conf --- docker/prod/nginx.conf | 125 ----------------------------------------- 1 file changed, 125 deletions(-) delete mode 100644 docker/prod/nginx.conf diff --git a/docker/prod/nginx.conf b/docker/prod/nginx.conf deleted file mode 100644 index 71f68bd4c..000000000 --- a/docker/prod/nginx.conf +++ /dev/null @@ -1,125 +0,0 @@ -events { - worker_connections 1024; -} - -http { - keepalive_timeout 65; - gzip on; - gzip_types text/plain application/xml text/css application/javascript; - - limit_req_zone $binary_remote_addr zone=standardlimit:10m rate=20r/s; - limit_req_zone $binary_remote_addr zone=legacylimit:10m rate=20r/s; - - server { - listen 80; - server_name ${TARGET_HOST}; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/html; - } - - location / { - return 301 https://$server_name$request_uri; - } - - } - - server { - listen 80; - server_name ${TARGET_IP}; - - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/html; - } - - location / { - return 301 https://${TARGET_HOST}$request_uri; - } - } - - server { - listen 443 ssl; - server_name ${TARGET_HOST}; - - ssl_certificate /etc/letsencrypt/live/${TARGET_HOST}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${TARGET_HOST}/privkey.pem; - - location / { - limit_req zone=standardlimit burst=50; - proxy_pass http://web:8080; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_ssl_verify off; - proxy_redirect off; - } - - location /resolver { - rewrite ^/resolver(.*)$ $1 break; - limit_req zone=standardlimit burst=50; - proxy_pass http://ccip-resolver:8181; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_ssl_verify off; - proxy_redirect off; - } - - location /resolver-handler { - rewrite ^/resolver-handler(.*)$ $1 break; - limit_req zone=standardlimit burst=50; - proxy_pass http://offchain-resolver:8082; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_ssl_verify off; - proxy_redirect off; - } - - location /api { - rewrite ^/api(.*)$ $1 break; - limit_req zone=standardlimit burst=50; - proxy_pass http://backend:8081; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_ssl_verify off; - proxy_redirect off; - } - location /ds { - rewrite ^/ds(.*)$ $1 break; - limit_req zone=standardlimit burst=50; - proxy_pass http://delivery-service:8083; proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_ssl_verify off; - proxy_redirect off; - } - - location /socket.io { - proxy_pass http://delivery-service:8083/socket.io; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect off; - proxy_ssl_verify off; - proxy_set_header Host $host; - } - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/html; - } - } -} \ No newline at end of file From f0198b3c25f08624bbf612de6974e5763e584a0c Mon Sep 17 00:00:00 2001 From: malteish Date: Fri, 21 Jun 2024 10:25:13 +0200 Subject: [PATCH 2/5] remove duplicate docker-compose --- docker/{prod => }/docker-compose.yml | 6 +- docker/staging/docker-compose.yml | 145 --------------------------- 2 files changed, 3 insertions(+), 148 deletions(-) rename docker/{prod => }/docker-compose.yml (97%) delete mode 100644 docker/staging/docker-compose.yml diff --git a/docker/prod/docker-compose.yml b/docker/docker-compose.yml similarity index 97% rename from docker/prod/docker-compose.yml rename to docker/docker-compose.yml index 812e08cc7..300ddb49d 100644 --- a/docker/prod/docker-compose.yml +++ b/docker/docker-compose.yml @@ -8,6 +8,7 @@ services: - web - backend - ccip-resolver + - delivery-service volumes: - ./nginx.conf:/etc/nginx/nginx.conf - web-root:/var/www/html @@ -96,8 +97,6 @@ services: RPC: ${RPC} REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN} LOG_LEVEL: 'debug' - stdin_open: true # docker run -i - tty: true # docker run -t web: image: dm3-messenger-web @@ -136,12 +135,13 @@ services: LOG_LEVEL: debug CONFIG: | { - "0xc9bf092673b3a066df088a2a911e23e9b69b82f2": { + "${ERC3668_RESOLVER_ADDRESS}": { "type": "signing", "handlerUrl": "http://offchain-resolver:8082" } } PORT: 8181 + volumes: certbot-etc: certbot-var: diff --git a/docker/staging/docker-compose.yml b/docker/staging/docker-compose.yml deleted file mode 100644 index 6ac5f2f03..000000000 --- a/docker/staging/docker-compose.yml +++ /dev/null @@ -1,145 +0,0 @@ -version: '3.1' -services: - nginx: - container_name: nginx - image: nginx:latest - restart: always - depends_on: - - web - - backend - - ccip-resolver - - delivery-service - volumes: - - ./nginx.conf:/etc/nginx/nginx.conf - - web-root:/var/www/html - - certbot-etc:/etc/letsencrypt - - certbot-var:/var/lib/letsencrypt - ports: - - '80:80' - - '443:443' - - backend: - image: dm3-backend - restart: always - depends_on: - - db - - dm3-storage - environment: - REDIS_URL: redis://db:6379 - SIGNING_PUBLIC_KEY: ${SIGNING_PUBLIC_KEY} - SIGNING_PRIVATE_KEY: ${SIGNING_PRIVATE_KEY} - ENCRYPTION_PUBLIC_KEY: ${ENCRYPTION_PUBLIC_KEY} - ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY} - DISABLE_SESSION_CHECK: ${DISABLE_SESSION_CHECK} - RPC: ${RPC} - PORT: 8081 - LOG_LEVEL: 'debug' - DATABASE_URL: ${DATABASE_URL} - - db: - image: redis - restart: always - - dm3-storage: - image: postgres:13 - restart: always - container_name: dm3-storage - environment: - POSTGRES_USER: prisma - POSTGRES_PASSWORD: prisma - POSTGRES_DB: dm3 - - delivery-service: - image: dm3-delivery-service - restart: always - depends_on: - - db-delivery-service - environment: - REDIS_URL: redis://db-delivery-service:6379 - SIGNING_PUBLIC_KEY: ${SIGNING_PUBLIC_KEY} - SIGNING_PRIVATE_KEY: ${SIGNING_PRIVATE_KEY} - ENCRYPTION_PUBLIC_KEY: ${ENCRYPTION_PUBLIC_KEY} - ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY} - RPC: ${RPC} - PORT: 8083 - LOG_LEVEL: 'debug' - volumes: - - /home/app/dm3/config.yml:/app/dist/config.yml - - db-delivery-service: - image: redis - restart: always - container_name: redis-delivery-service - - offchain-resolver-db: - image: postgres - restart: always - container_name: offchain_resolver_db - environment: - POSTGRES_PASSWORD: example - - offchain-resolver: - image: dm3-offchain-resolver - restart: always - depends_on: - - offchain-resolver-db - environment: - DATABASE_URL: postgresql://postgres:example@offchain-resolver-db:5432 - PORT: 8082 - RPC: ${RPC} - REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN} - LOG_LEVEL: 'debug' - - web: - image: dm3-messenger-web - restart: always - environment: - REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN} - REACT_APP_BACKEND: ${REACT_APP_BACKEND} - REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE} - REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE} - REACT_APP_MAINNET_PROVIDER_RPC: ${REACT_APP_MAINNET_PROVIDER_RPC} - REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL} - REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND} - REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN} - REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID} - REACT_APP_GENOME_REGISTRY_ADDRESS: ${REACT_APP_GENOME_REGISTRY_ADDRESS} - RESOLVER_ADDR: ${RESOLVER_ADDR} - - certbot: - image: certbot/certbot - container_name: certbot - volumes: - - certbot-etc:/etc/letsencrypt - - certbot-var:/var/lib/letsencrypt - - web-root:/var/www/html - depends_on: - - nginx - command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_MAIL} --agree-tos --no-eff-email -d ${URL} - - ccip-resolver: - image: dm3org/ccip-resolver:v0.2.7 - restart: always - depends_on: - - offchain-resolver - environment: - SIGNER_PRIVATE_KEY: ${SIGNER_PRIVATE_KEY} - LOG_LEVEL: debug - CONFIG: | - { - "0x88c8cc822095cde6f92c8d20311c8e7de6a98694": { - "type": "signing", - "handlerUrl": "http://offchain-resolver:8082" - } - } - PORT: 8181 - -volumes: - certbot-etc: - certbot-var: - web-root: - driver: local - driver_opts: - type: none - device: /mnt/dm3_prod_volume/webroot - o: bind From 6293c0f94d784c389f09a58ea97c1b7f471a2182 Mon Sep 17 00:00:00 2001 From: malteish Date: Fri, 21 Jun 2024 11:11:48 +0200 Subject: [PATCH 3/5] update deploy action --- .github/workflows/deploy.yml | 43 ++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2a3445d95..b9ee623e9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,13 +4,14 @@ on: branches: - testing - develop + - main jobs: messenger-web-deploy: - environment: ${{ github.ref == 'refs/heads/develop' && 'staging' || 'testing' }} + environment: ${{ github.ref_name == 'main' && 'prod' || (github.ref == 'develop' && 'staging' || 'testing') }} runs-on: ubuntu-latest env: - environment_name: ${{ github.ref == 'refs/heads/develop' && 'staging' || 'testing' }} + environment_name: ${{ github.ref_name == 'main' && 'prod' || (github.ref == 'develop' && 'staging' || 'testing') }} steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v3 @@ -35,16 +36,16 @@ jobs: chmod 600 ./ssh-key - name: Create .env file env: - TARGET_HOST: ${{ vars.HOST_DOMAIN}} + TARGET_HOST: ${{ vars.HOST_DOMAIN }} run: | - echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ secrets.ADDR_ENS_SUBDOMAIN}}" >> ./.env.react - echo "REACT_APP_BACKEND=https://${{ vars.HOST_DOMAIN}}/api" >> ./.env.react - echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=${{ secrets.DEFAULT_DELIVERY_SERVICE}}" >> ./.env.react - echo "REACT_APP_DEFAULT_SERVICE=https://${{ vars.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ vars.ADDR_ENS_SUBDOMAIN }}" >> ./.env.react + echo "REACT_APP_BACKEND=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react + echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=${{ vars.DEFAULT_DELIVERY_SERVICE}}" >> ./.env.react + echo "REACT_APP_DEFAULT_SERVICE=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.RPC }}" >> ./.env.react - echo "REACT_APP_PROFILE_BASE_URL=https://${{ vars.HOST_DOMAIN}}/api" >> ./.env.react - echo "REACT_APP_RESOLVER_BACKEND=https://${{ vars.HOST_DOMAIN}}/resolver-handler" >> ./.env.react - echo "REACT_APP_USER_ENS_SUBDOMAIN=${{ secrets.USER_ENS_SUBDOMAIN}}" >> ./.env.react + echo "REACT_APP_PROFILE_BASE_URL=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react + echo "REACT_APP_RESOLVER_BACKEND=https://${{ vars.HOST_DOMAIN }}/resolver-handler" >> ./.env.react + echo "REACT_APP_USER_ENS_SUBDOMAIN=${{ vars.USER_ENS_SUBDOMAIN }}" >> ./.env.react echo "REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY}}" >> ./.env.react echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react @@ -63,7 +64,7 @@ jobs: echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env echo "RPC=${{ secrets.RPC }}" >> ./.env - echo "URL=${{ vars.HOST_DOMAIN}}" >> ./.env + echo "URL=${{ vars.HOST_DOMAIN }}" >> ./.env echo "CERT_MAIL=${{ vars.CERT_MAIL }}" >> ./.env echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./.env envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/nginx.conf > ./nginx.conf @@ -123,30 +124,30 @@ jobs: docker save -o ./dm3-messenger-web.tar dm3-messenger-web:latest - name: Send files to server run: | - ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN}} "\ + ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ rm /home/app/*.tar || true" - rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ vars.HOST_DOMAIN}}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ vars.HOST_DOMAIN}}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ vars.HOST_DOMAIN}}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./docker/staging/docker-compose.yml app@${{ vars.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./docker/staging/docker-compose.yml app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 - name: Stop docker on server run: | - ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN}} "\ + ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ cd dm3 && docker compose down" - ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN}} "\ + ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ systemctl restart docker.service" - name: Load docker images run: | - ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN}} "\ + ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ cd dm3 && ls |grep -E 'dm3-.*tar' | xargs --no-run-if-empty -L 1 docker load -i; \ rm dm3-*.tar || true" - name: Configure Firewall run: | - ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN}} "\ + ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ ufw allow from 172.18.0.1/16 proto tcp to ${{ vars.HOST_IP}} port 80; ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 443; ufw enable" - name: Start docker on server run: | - ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN}} "\ + ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ cd dm3 && docker compose --env-file .env up -d && docker system prune -af" From b6274ef1af059989c2a71c4356430a130144e757 Mon Sep 17 00:00:00 2001 From: malteish Date: Fri, 21 Jun 2024 11:23:12 +0200 Subject: [PATCH 4/5] unify deploy action and docker-compose --- .github/workflows/deploy.yml | 7 ++++--- docker/docker-compose.yml | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b9ee623e9..9ba9f1f78 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -37,6 +37,7 @@ jobs: - name: Create .env file env: TARGET_HOST: ${{ vars.HOST_DOMAIN }} + TARGET_IP: ${{ vars.HOST_IP }} run: | echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ vars.ADDR_ENS_SUBDOMAIN }}" >> ./.env.react echo "REACT_APP_BACKEND=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react @@ -56,7 +57,7 @@ jobs: echo "REACT_APP_CHAIN_ID=${{ vars.CHAIN_ID }}" >> ./.env.react echo "REACT_APP_GENOME_REGISTRY_ADDRESS=${{ vars.GENOME_REGISTRY_ADDRESS }}" >> ./.env.react cat ./.env.react >> ./.env - echo "RESOLVER_ADDR=0x88c8cC822095cdE6F92c8d20311C8e7dE6A98694" >> ./.env + echo "RESOLVER_ADDR=${{ vars.ERC3668_RESOLVER_ADDRESS }}" >> ./.env echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env @@ -67,7 +68,7 @@ jobs: echo "URL=${{ vars.HOST_DOMAIN }}" >> ./.env echo "CERT_MAIL=${{ vars.CERT_MAIL }}" >> ./.env echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./.env - envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/nginx.conf > ./nginx.conf + envsubst '${TARGET_HOST} ${TARGET_IP}' < ./docker/nginx.conf > ./nginx.conf cat ./.env - name: Prepare docker build environment shell: bash @@ -129,7 +130,7 @@ jobs: rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./docker/staging/docker-compose.yml app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 - name: Stop docker on server run: | ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 300ddb49d..b0a9c565d 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -135,7 +135,7 @@ services: LOG_LEVEL: debug CONFIG: | { - "${ERC3668_RESOLVER_ADDRESS}": { + "${RESOLVER_ADDRESS}": { "type": "signing", "handlerUrl": "http://offchain-resolver:8082" } From 8b016922ee2540ccbd5f01045ebe904d16bafa46 Mon Sep 17 00:00:00 2001 From: malteish Date: Fri, 21 Jun 2024 11:23:54 +0200 Subject: [PATCH 5/5] remove production deploy action --- .github/workflows/production-deploy.yml | 118 ------------------------ 1 file changed, 118 deletions(-) delete mode 100644 .github/workflows/production-deploy.yml diff --git a/.github/workflows/production-deploy.yml b/.github/workflows/production-deploy.yml deleted file mode 100644 index bfe2a08f3..000000000 --- a/.github/workflows/production-deploy.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: Prod deploy -on: - push: - branches: - - main - -jobs: - messenger-web-deploy: - environment: prod - runs-on: ubuntu-latest - env: - environment_name: ${{ github.ref == 'refs/heads/develop' && 'staging' || 'testing' }} - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v3 - with: - registry-url: 'https://npm.pkg.github.com' - node-version: 22.0.0 - cache: 'yarn' - - name: Print environment name - run: echo $environment_name - - name: Declare some variables - shell: bash - run: | - echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" - echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV" - echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV - - name: Prepare SSH - run: | - mkdir ~/.ssh - echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts - echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key - chmod 600 ./ssh-key - - name: Create .env file - env: - TARGET_HOST: ${{ secrets.HOST_DOMAIN}} - TARGET_IP: ${{ secrets.IP_ADDRESS }} - run: | - echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.addr.dm3.eth" >> ./.env.react - echo "REACT_APP_BACKEND=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react - echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=ds.dm3.eth" >> ./.env.react - echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react - echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.RPC }}" >> ./.env.react - echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react - echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react - echo "REACT_APP_USER_ENS_SUBDOMAIN=.user.dm3.eth" >> ./.env.react - echo "REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY}}" >> ./.env.react - echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react - echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.MAINNET_PROVIDER_URL}}" >> ./.env.react - echo "REACT_APP_CHAIN_ID=${{ vars.CHAIN_ID }}" >> ./.env.react - cat ./.env.react >> ./.env - echo "RESOLVER_ADDR=0xae6646c22D8eE6479eE0a39Bf63B9bD9e57bAD9d" >> ./.env - echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env - echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env - echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env - echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env - echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env - echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env - echo "RPC=${{ secrets.RPC }}" >> ./.env - echo "URL=${{ secrets.HOST_DOMAIN}}" >> ./.env - echo "CERT_MAIL=${{ secrets.CERT_MAIL }}" >> ./.env - echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./.env - envsubst '${TARGET_HOST}' < ./docker/prod/nginx.conf > ./nginx.conf - cat ./.env - - name: Prepare docker build environment - shell: bash - run: | - cp ./.env.react packages/messenger-demo/.env - cp ./.env.react packages/messenger-web/.env - docker build --progress=plain -t build -f ./docker/DockerfileBuild . - docker build --progress=plain -t base -f ./docker/DockerfileBase . - - name: Build offchain-resolver docker image - shell: bash - run: | - docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-offchain-resolver:latest --build-arg="PACKAGE=offchain-resolver" . - docker save -o ./dm3-offchain-resolver.tar dm3-offchain-resolver:latest - - name: Build messenger-web docker image - shell: bash - run: | - docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-messenger-web:latest --build-arg="PACKAGE=messenger-web" . - docker save -o ./dm3-messenger-web.tar dm3-messenger-web:latest - - name: Build backend docker image - shell: bash - run: | - docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-backend:latest --build-arg="PACKAGE=backend" . - docker save -o ./dm3-backend.tar dm3-backend:latest - - name: Build delivery-service docker image - shell: bash - run: | - docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-delivery-service:latest --build-arg="PACKAGE=delivery-service" . - docker save -o ./dm3-delivery-service.tar dm3-delivery-service:latest - - name: Send files to server - run: | - ssh -i ./ssh-key root@${{ secrets.IP_ADDRESS }} "\ - rm /home/app/*.tar || true" - rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.IP_ADDRESS }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ secrets.IP_ADDRESS }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.IP_ADDRESS }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./docker/prod/docker-compose.yml app@${{ secrets.IP_ADDRESS }}:/home/app/dm3 - - name: Stop docker on server - run: | - ssh -i ./ssh-key app@${{ secrets.IP_ADDRESS }} "\ - cd dm3 && docker compose down && docker system prune -af" - ssh -i ./ssh-key root@${{ secrets.IP_ADDRESS }} "\ - systemctl restart docker.service" - - name: Load docker images - run: | - ssh -i ./ssh-key app@${{ secrets.IP_ADDRESS }} "\ - cd dm3 && ls |grep -E 'dm3-.*tar' | xargs --no-run-if-empty -L 1 docker load -i; \ - rm dm3-*.tar || true" - - name: Configure Firewall - run: | - ssh -i ./ssh-key root@${{ secrets.IP_ADDRESS }} "\ - ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 80" - - name: Start docker on server - run: | - ssh -i ./ssh-key app@${{ secrets.IP_ADDRESS }} "\ - cd dm3 && docker compose --env-file .env up -d"