Compare commits
15 Commits
7108aff54d
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| b3f6d0ef17 | |||
| 6606c27323 | |||
| 2c5c299aaa | |||
| 167cfdb742 | |||
| b7274c4b6d | |||
| 5499a8a585 | |||
| 1c4a35eea8 | |||
| 363bfcb135 | |||
| eaf588f7d5 | |||
| 621bb1773c | |||
| 942da74778 | |||
| 52ea621145 | |||
| f6d37bb1f2 | |||
| 2e2e75fe87 | |||
| 8f508034d5 |
@@ -27,12 +27,7 @@ jobs:
|
||||
run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
|
||||
|
||||
- name: Build all-in-one image
|
||||
run: docker build -t condado-newsletter:latest -f Dockerfile.allinone .
|
||||
|
||||
- name: Tag
|
||||
run: |
|
||||
docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:latest
|
||||
docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
|
||||
run: docker build -t sancho41/condado-newsletter:latest -f Dockerfile.allinone .
|
||||
|
||||
- name: Deploy stack via Portainer API
|
||||
env:
|
||||
|
||||
@@ -29,14 +29,10 @@ ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
RUN apt-get update && apt-get install -y \
|
||||
nginx \
|
||||
postgresql \
|
||||
supervisor \
|
||||
openjdk-21-jre-headless \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# PostgreSQL data directory
|
||||
RUN mkdir -p /var/lib/postgresql/data && chown -R postgres:postgres /var/lib/postgresql
|
||||
|
||||
# Copy frontend static files
|
||||
COPY --from=frontend-build /app/frontend/dist /usr/share/nginx/html
|
||||
|
||||
|
||||
@@ -14,8 +14,10 @@ import java.util.Date
|
||||
@Service
|
||||
class JwtService(
|
||||
@Value("\${app.jwt.secret}") val secret: String,
|
||||
@Value("\${app.jwt.expiration-ms}") val expirationMs: Long
|
||||
@Value("\${app.jwt.expiration-ms:86400000}") expirationMsRaw: String
|
||||
) {
|
||||
private val expirationMs: Long = expirationMsRaw.toLongOrNull() ?: 86400000L
|
||||
|
||||
private val signingKey by lazy {
|
||||
Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8))
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ spring:
|
||||
|
||||
jpa:
|
||||
hibernate:
|
||||
ddl-auto: validate
|
||||
ddl-auto: ${SPRING_JPA_HIBERNATE_DDL_AUTO:validate}
|
||||
show-sql: false
|
||||
properties:
|
||||
hibernate:
|
||||
|
||||
@@ -40,7 +40,7 @@ class AuthServiceTest {
|
||||
fun should_returnValidClaims_when_jwtTokenParsed() {
|
||||
val realJwtService = JwtService(
|
||||
secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
|
||||
expirationMs = 86400000L
|
||||
expirationMsRaw = "86400000"
|
||||
)
|
||||
val token = realJwtService.generateToken()
|
||||
|
||||
@@ -51,7 +51,7 @@ class AuthServiceTest {
|
||||
fun should_returnFalse_when_expiredTokenValidated() {
|
||||
val realJwtService = JwtService(
|
||||
secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
|
||||
expirationMs = 1L
|
||||
expirationMsRaw = "1"
|
||||
)
|
||||
val token = realJwtService.generateToken()
|
||||
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
package com.condado.newsletter.service
|
||||
|
||||
import io.jsonwebtoken.Jwts
|
||||
import io.jsonwebtoken.security.Keys
|
||||
import org.junit.jupiter.api.Assertions.assertTrue
|
||||
import org.junit.jupiter.api.Test
|
||||
|
||||
class JwtServiceTest {
|
||||
|
||||
private val secret = "12345678901234567890123456789012"
|
||||
|
||||
@Test
|
||||
fun should_generate_token_when_expiration_is_empty() {
|
||||
val jwtService = JwtService(secret, "")
|
||||
|
||||
val token = jwtService.generateToken()
|
||||
|
||||
val claims = Jwts.parser()
|
||||
.verifyWith(Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8)))
|
||||
.build()
|
||||
.parseSignedClaims(token)
|
||||
.payload
|
||||
|
||||
assertTrue(claims.expiration.after(claims.issuedAt))
|
||||
}
|
||||
}
|
||||
@@ -1,15 +1,41 @@
|
||||
services:
|
||||
condado-newsletter-postgres:
|
||||
image: postgres:16
|
||||
container_name: condado-newsletter-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: ${APP_DB_NAME:-condado}
|
||||
POSTGRES_USER: ${POSTGRES_USER:-condado}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-condado}
|
||||
volumes:
|
||||
- postgres-data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- default
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -h localhost -U $${POSTGRES_USER:-postgres}"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
start_period: 10s
|
||||
|
||||
condado-newsletter:
|
||||
image: sancho41/condado-newsletter:latest
|
||||
container_name: condado-newsletter
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
condado-newsletter-postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- external
|
||||
- default
|
||||
environment:
|
||||
SPRING_PROFILES_ACTIVE: prod
|
||||
SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME}
|
||||
SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
|
||||
APP_PASSWORD: ${APP_PASSWORD}
|
||||
SPRING_JPA_HIBERNATE_DDL_AUTO: ${SPRING_JPA_HIBERNATE_DDL_AUTO:-update}
|
||||
SPRING_DATASOURCE_URL: jdbc:postgresql://condado-newsletter-postgres:5432/${APP_DB_NAME:-condado}
|
||||
SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME:-condado}
|
||||
SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD:-condado}
|
||||
JWT_SECRET: ${JWT_SECRET}
|
||||
JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS}
|
||||
JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS:-86400000}
|
||||
MAIL_HOST: ${MAIL_HOST}
|
||||
MAIL_PORT: ${MAIL_PORT}
|
||||
MAIL_USERNAME: ${MAIL_USERNAME}
|
||||
@@ -25,12 +51,11 @@ services:
|
||||
extra_hosts:
|
||||
- "celtinha.desktop:host-gateway"
|
||||
- "host.docker.internal:host-gateway"
|
||||
volumes:
|
||||
- postgres-data:/var/lib/postgresql/data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.condado.rule=Host(`condado-newsletter.lab`)"
|
||||
- "traefik.http.services.condado.loadbalancer.server.port=80"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "homepage.group=Hyperlink"
|
||||
- "homepage.name=Condado Newsletter"
|
||||
- "homepage.description=Automated newsletter generator using AI"
|
||||
@@ -42,5 +67,8 @@ volumes:
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
|
||||
external:
|
||||
name: traefik
|
||||
external: true
|
||||
|
||||
@@ -5,28 +5,29 @@ APP_DB_NAME=${APP_DB_NAME:-condado}
|
||||
APP_DB_USER=${SPRING_DATASOURCE_USERNAME:-condado}
|
||||
APP_DB_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-condado}
|
||||
|
||||
# ── Initialise PostgreSQL data directory on first run ─────────────────────────
|
||||
if [ ! -f /var/lib/postgresql/data/PG_VERSION ]; then
|
||||
echo "Initialising PostgreSQL data directory..."
|
||||
su -c "/usr/lib/postgresql/16/bin/initdb -D /var/lib/postgresql/data --encoding=UTF8 --locale=C" postgres
|
||||
|
||||
# Start postgres temporarily to create the app database and user
|
||||
su -c "/usr/lib/postgresql/16/bin/pg_ctl -D /var/lib/postgresql/data -w start" postgres
|
||||
|
||||
su -c "psql -v ON_ERROR_STOP=1 -c \"CREATE USER ${APP_DB_USER} WITH PASSWORD '${APP_DB_PASSWORD}';\"" postgres
|
||||
su -c "psql -v ON_ERROR_STOP=1 -c \"CREATE DATABASE ${APP_DB_NAME} OWNER ${APP_DB_USER};\"" postgres
|
||||
|
||||
su -c "/usr/lib/postgresql/16/bin/pg_ctl -D /var/lib/postgresql/data -w stop" postgres
|
||||
echo "PostgreSQL initialised."
|
||||
fi
|
||||
|
||||
# ── Ensure supervisor log directory exists ────────────────────────────────────
|
||||
mkdir -p /var/log/supervisor
|
||||
|
||||
# ── Defaults for all-in-one local PostgreSQL ─────────────────────────────────
|
||||
export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://localhost:5432/${APP_DB_NAME}}
|
||||
# ── Defaults for external PostgreSQL service in production compose ───────────
|
||||
export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://condado-newsletter-postgres:5432/${APP_DB_NAME}}
|
||||
export SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME:-${APP_DB_USER}}
|
||||
export SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-${APP_DB_PASSWORD}}
|
||||
export JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS:-86400000}
|
||||
|
||||
# ── Log all Spring Boot environment variables for debugging ──────────────────
|
||||
echo "========================================"
|
||||
echo "Spring Boot Configuration:"
|
||||
echo "========================================"
|
||||
echo "SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL}"
|
||||
echo "SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME}"
|
||||
echo "SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD}"
|
||||
echo "JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS}"
|
||||
echo "JAVA_OPTS=${JAVA_OPTS:-not set}"
|
||||
echo "OPENAI_API_KEY=${OPENAI_API_KEY:-not set}"
|
||||
echo "========================================"
|
||||
|
||||
# ── Start all services via supervisord ───────────────────────────────────────
|
||||
# Export unbuffered output for both Python and Java
|
||||
export PYTHONUNBUFFERED=1
|
||||
export JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8 -Djava.awt.headless=true"
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
@@ -1,21 +1,13 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
silent=false
|
||||
logfile=/dev/stdout
|
||||
logfile_maxbytes=0
|
||||
pidfile=/var/run/supervisord.pid
|
||||
|
||||
[program:postgres]
|
||||
command=/usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
|
||||
user=postgres
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
loglevel=info
|
||||
|
||||
[program:backend]
|
||||
command=java -jar /app/app.jar
|
||||
command=java -Dspring.output.ansi.enabled=always -Dlogging.level.root=DEBUG -jar /app/app.jar
|
||||
autostart=true
|
||||
autorestart=true
|
||||
startsecs=15
|
||||
|
||||
Reference in New Issue
Block a user