Compare commits
67 Commits
d6de131a9b
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| ea54858165 | |||
| fda6fc77ee | |||
| ff93afd075 | |||
| af5def1e71 | |||
| 0f9d35311f | |||
| dc8f182c56 | |||
| b3f6d0ef17 | |||
| 6606c27323 | |||
| 2c5c299aaa | |||
| 167cfdb742 | |||
| b7274c4b6d | |||
| 5499a8a585 | |||
| 1c4a35eea8 | |||
| 363bfcb135 | |||
| eaf588f7d5 | |||
| 621bb1773c | |||
| 942da74778 | |||
| 52ea621145 | |||
| f6d37bb1f2 | |||
| 2e2e75fe87 | |||
| 8f508034d5 | |||
| 7108aff54d | |||
| b0a4278699 | |||
| 73c51e514c | |||
| 596a17b252 | |||
| 5ff28fa3d4 | |||
| a672c9efed | |||
| bfe8965c06 | |||
| c72595d396 | |||
| 51b596c7a5 | |||
| e4e2ae3479 | |||
| 808c0d0a22 | |||
| e3938d2351 | |||
| 8a04363b11 | |||
| 1038f40721 | |||
| 4fd90b2497 | |||
| cb74fdef7b | |||
| 0ed6f3824a | |||
| 572dc49bc9 | |||
| 29627a0062 | |||
| 776941b323 | |||
| 5f8834d0d4 | |||
| 854fabd874 | |||
| 000bc0cc36 | |||
| 4d27a256d2 | |||
| 08bfced7ce | |||
| c266be0eba | |||
| 837214f41a | |||
| fa4bf360ff | |||
| 2072dd299d | |||
| af391efa89 | |||
| 8893e85d53 | |||
| 14ecd2fa18 | |||
| 0fa3d28c1b | |||
| 924d3eab35 | |||
| c6a3971c15 | |||
| 18dba7f7a2 | |||
| 62306ea6a6 | |||
| 90f63bc6ed | |||
| ac6efceede | |||
| 440a7eade1 | |||
| 1581ddcaea | |||
| 37a9ef22df | |||
| 81d04b63d1 | |||
| 6306073921 | |||
| 5723c74e39 | |||
| 46f78467bb |
@@ -1,38 +1,65 @@
|
||||
name: Build And Publish Production Image
|
||||
|
||||
on:
|
||||
pull_request_review:
|
||||
types: [submitted]
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build And Publish Production Image
|
||||
if: github.event.review.state == 'approved' && github.event.pull_request.base.ref == 'main'
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
REGISTRY: gitea.lab
|
||||
REGISTRY: gitea.lab:80
|
||||
IMAGE_NAME: sancho41/condado-newsletter
|
||||
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
github-server-url: http://gitea.lab
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
|
||||
- name: Build debug context
|
||||
run: |
|
||||
set -eu
|
||||
echo "Build debug"
|
||||
echo "Repository: ${GITEA_REPOSITORY:-unknown}"
|
||||
echo "Ref: ${GITEA_REF:-unknown}"
|
||||
echo "Sha: ${GITEA_SHA:-unknown}"
|
||||
echo "Runner OS: ${RUNNER_OS:-unknown}"
|
||||
echo "Registry: ${REGISTRY}"
|
||||
echo "Image: ${IMAGE_NAME}"
|
||||
echo "Image latest tag: ${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
echo "Image sha tag: ${REGISTRY}/${IMAGE_NAME}:${GITEA_SHA:-unknown}"
|
||||
echo "HTTP_PROXY=${HTTP_PROXY:-<empty>}"
|
||||
echo "HTTPS_PROXY=${HTTPS_PROXY:-<empty>}"
|
||||
echo "NO_PROXY=${NO_PROXY:-<empty>}"
|
||||
|
||||
if command -v ip >/dev/null 2>&1; then
|
||||
echo "Runner network info:"
|
||||
ip -4 addr show || true
|
||||
ip route || true
|
||||
else
|
||||
hostname -I || true
|
||||
fi
|
||||
|
||||
- name: Verify Docker CLI
|
||||
run: docker version
|
||||
|
||||
- name: Log in to Docker Hub (optional)
|
||||
if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
|
||||
run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
|
||||
|
||||
- name: Log in to Gitea registry
|
||||
run: echo "${REGISTRY_PASSWORD}" | docker login "${REGISTRY}" -u "${REGISTRY_USERNAME}" --password-stdin
|
||||
|
||||
- name: Build all-in-one image
|
||||
run: docker build -t condado-newsletter:latest -f Dockerfile.allinone .
|
||||
|
||||
- name: Log in to Gitea container registry
|
||||
run: echo "${{ secrets.GITEA_REGISTRY_PASSWORD }}" | docker login ${REGISTRY} -u "${{ secrets.GITEA_REGISTRY_USERNAME }}" --password-stdin
|
||||
|
||||
- name: Tag registry images
|
||||
run: |
|
||||
docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:latest
|
||||
docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
|
||||
docker build -t "${REGISTRY}/${IMAGE_NAME}:latest" -f Dockerfile.allinone .
|
||||
docker tag "${REGISTRY}/${IMAGE_NAME}:latest" "${REGISTRY}/${IMAGE_NAME}:${{ gitea.sha }}"
|
||||
|
||||
- name: Push registry images
|
||||
- name: Build result debug
|
||||
run: |
|
||||
docker push ${REGISTRY}/${IMAGE_NAME}:latest
|
||||
docker push ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
|
||||
set -eu
|
||||
echo "Listing produced image tags"
|
||||
docker image ls "${REGISTRY}/${IMAGE_NAME}" --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}}' || true
|
||||
|
||||
330
.gitea/workflows/deploy.yml
Normal file
330
.gitea/workflows/deploy.yml
Normal file
@@ -0,0 +1,330 @@
|
||||
name: Deploy Production Stack
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["Build And Publish Production Image"]
|
||||
types: [completed]
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy Stack Via Portainer
|
||||
if: ${{ gitea.event_name == 'workflow_dispatch' || gitea.event.workflow_run.conclusion == 'success' }}
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
STACK_NAME: condado-newsletter-stack
|
||||
PORTAINER_URL: ${{ secrets.PORTAINER_URL }}
|
||||
PORTAINER_API_KEY: ${{ secrets.PORTAINER_API_KEY }}
|
||||
PORTAINER_ENDPOINT_ID: ${{ secrets.PORTAINER_ENDPOINT_ID }}
|
||||
ENV_VARS: ${{ secrets.ENV_VARS }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
github-server-url: http://gitea.lab
|
||||
|
||||
- name: Validate ENV_VARS secret
|
||||
run: |
|
||||
set -eu
|
||||
if [ -z "${ENV_VARS}" ]; then
|
||||
echo "ENV_VARS secret is empty."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Deploy stack via Portainer API
|
||||
run: |
|
||||
set -u
|
||||
set +e
|
||||
|
||||
if ! command -v curl >/dev/null 2>&1; then
|
||||
echo "curl is not available in this runner image"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command -v jq >/dev/null 2>&1; then
|
||||
echo "jq is not available in this runner image"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PORTAINER_BASE_URL=$(printf '%s' "${PORTAINER_URL:-http://portainer.lab/}" | sed -E 's/[[:space:]]+$//; s#/*$##')
|
||||
|
||||
echo "Portainer deploy debug"
|
||||
echo "PORTAINER_URL=${PORTAINER_URL:-http://portainer.lab/}"
|
||||
echo "PORTAINER_BASE_URL=${PORTAINER_BASE_URL}"
|
||||
echo "STACK_NAME=${STACK_NAME}"
|
||||
echo "PORTAINER_ENDPOINT_ID=${PORTAINER_ENDPOINT_ID}"
|
||||
echo "HTTP_PROXY=${HTTP_PROXY:-<empty>}"
|
||||
echo "HTTPS_PROXY=${HTTPS_PROXY:-<empty>}"
|
||||
echo "NO_PROXY=${NO_PROXY:-<empty>}"
|
||||
|
||||
echo "Current runner network info:"
|
||||
if command -v ip >/dev/null 2>&1; then
|
||||
ip -4 addr show || true
|
||||
ip route || true
|
||||
else
|
||||
hostname -I || true
|
||||
fi
|
||||
|
||||
ENV_JSON=$(printf '%s\n' "${ENV_VARS}" | jq -R -s '
|
||||
split("\n")
|
||||
| map(gsub("\r$"; ""))
|
||||
| map(select(length > 0))
|
||||
| map(select(startswith("#") | not))
|
||||
| map(select(test("^[A-Za-z_][A-Za-z0-9_]*=.*$")))
|
||||
| map(capture("^(?<name>[A-Za-z_][A-Za-z0-9_]*)=(?<value>.*)$"))
|
||||
| map({name: .name, value: .value})
|
||||
')
|
||||
|
||||
echo "Loaded $(printf '%s' "${ENV_JSON}" | jq 'length') env entries from ENV_VARS"
|
||||
echo "ENV names preview:"
|
||||
printf '%s' "${ENV_JSON}" | jq -r '.[0:10][]?.name' || true
|
||||
|
||||
REQUIRED_ENV_KEYS=(
|
||||
APP_PASSWORD
|
||||
JWT_SECRET
|
||||
SPRING_DATASOURCE_USERNAME
|
||||
SPRING_DATASOURCE_PASSWORD
|
||||
APP_RECIPIENTS
|
||||
)
|
||||
|
||||
MISSING_KEYS=()
|
||||
for REQUIRED_KEY in "${REQUIRED_ENV_KEYS[@]}"; do
|
||||
if ! printf '%s' "${ENV_JSON}" | jq -e --arg required_key "${REQUIRED_KEY}" 'map(.name) | index($required_key) != null' >/dev/null; then
|
||||
MISSING_KEYS+=("${REQUIRED_KEY}")
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "${#MISSING_KEYS[@]}" -gt 0 ]; then
|
||||
echo "ENV_VARS is missing required keys: ${MISSING_KEYS[*]}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Portainer base URL: ${PORTAINER_BASE_URL}"
|
||||
echo "Target stack: ${STACK_NAME}"
|
||||
echo "Endpoint id set: $([ -n "${PORTAINER_ENDPOINT_ID}" ] && echo yes || echo no)"
|
||||
|
||||
PORTAINER_HOST=$(printf '%s' "${PORTAINER_BASE_URL}" | sed -E 's#^[a-zA-Z]+://##; s#/.*$##; s/:.*$//')
|
||||
PORTAINER_IP=""
|
||||
ACTIVE_PORTAINER_BASE_URL="${PORTAINER_BASE_URL}"
|
||||
|
||||
if command -v getent >/dev/null 2>&1; then
|
||||
PORTAINER_IP=$(getent hosts "${PORTAINER_HOST}" | awk 'NR==1{print $1}')
|
||||
if [ -n "${PORTAINER_IP}" ]; then
|
||||
PORTAINER_IP_BASE_URL="${PORTAINER_BASE_URL/${PORTAINER_HOST}/${PORTAINER_IP}}"
|
||||
echo "Portainer DNS resolved ${PORTAINER_HOST} -> ${PORTAINER_IP}"
|
||||
echo "IP fallback URL: ${PORTAINER_IP_BASE_URL}"
|
||||
else
|
||||
echo "DNS lookup returned no IP for ${PORTAINER_HOST}"
|
||||
fi
|
||||
else
|
||||
echo "getent not available; skipping DNS pre-check"
|
||||
fi
|
||||
|
||||
STACKS_BODY=$(mktemp)
|
||||
STACKS_HEADERS=$(mktemp)
|
||||
STACKS_ERR=$(mktemp)
|
||||
|
||||
STACKS_HTTP_CODE=$(curl -sS \
|
||||
--noproxy "*" \
|
||||
-D "${STACKS_HEADERS}" \
|
||||
-o "${STACKS_BODY}" \
|
||||
-w "%{http_code}" \
|
||||
"${ACTIVE_PORTAINER_BASE_URL}/api/stacks" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
2>"${STACKS_ERR}")
|
||||
STACKS_CURL_EXIT=$?
|
||||
|
||||
echo "GET /api/stacks curl exit: ${STACKS_CURL_EXIT}"
|
||||
echo "GET /api/stacks http code: ${STACKS_HTTP_CODE}"
|
||||
echo "GET /api/stacks headers:"
|
||||
cat "${STACKS_HEADERS}" || true
|
||||
|
||||
if [ "${STACKS_CURL_EXIT}" -eq 6 ] && [ -n "${PORTAINER_IP:-}" ]; then
|
||||
echo "Retrying stack list with IP fallback due to DNS failure"
|
||||
STACKS_HTTP_CODE=$(curl -sS \
|
||||
--noproxy "*" \
|
||||
-D "${STACKS_HEADERS}" \
|
||||
-o "${STACKS_BODY}" \
|
||||
-w "%{http_code}" \
|
||||
"${PORTAINER_IP_BASE_URL}/api/stacks" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
2>"${STACKS_ERR}")
|
||||
STACKS_CURL_EXIT=$?
|
||||
if [ "${STACKS_CURL_EXIT}" -eq 0 ]; then
|
||||
ACTIVE_PORTAINER_BASE_URL="${PORTAINER_IP_BASE_URL}"
|
||||
fi
|
||||
echo "Retry GET /api/stacks curl exit: ${STACKS_CURL_EXIT}"
|
||||
echo "Retry GET /api/stacks http code: ${STACKS_HTTP_CODE}"
|
||||
fi
|
||||
|
||||
if [ "${STACKS_CURL_EXIT}" -ne 0 ]; then
|
||||
echo "GET /api/stacks stderr:"
|
||||
cat "${STACKS_ERR}" || true
|
||||
exit "${STACKS_CURL_EXIT}"
|
||||
fi
|
||||
|
||||
if [ "${STACKS_HTTP_CODE}" -lt 200 ] || [ "${STACKS_HTTP_CODE}" -ge 300 ]; then
|
||||
echo "GET /api/stacks body:"
|
||||
cat "${STACKS_BODY}" || true
|
||||
exit 1
|
||||
fi
|
||||
|
||||
STACK_ID=$(jq -r --arg stack_name "${STACK_NAME}" '.[] | select(.Name == $stack_name) | .Id' "${STACKS_BODY}" | head -n 1)
|
||||
|
||||
APPLY_BODY=$(mktemp)
|
||||
APPLY_HEADERS=$(mktemp)
|
||||
APPLY_ERR=$(mktemp)
|
||||
|
||||
# If the stack does not exist yet, remove orphan containers with names defined in compose.
|
||||
# This enables an idempotent create-or-recreate flow when old standalone containers exist.
|
||||
if [ -z "${STACK_ID}" ]; then
|
||||
echo "Stack not found in Portainer; checking for orphan containers with conflicting names"
|
||||
|
||||
mapfile -t CONTAINER_NAMES < <(awk '/container_name:/{print $2}' docker-compose.prod.yml | tr -d '"' | sed '/^$/d')
|
||||
|
||||
for CONTAINER_NAME in "${CONTAINER_NAMES[@]}"; do
|
||||
FILTERS=$(jq -cn --arg n "^/${CONTAINER_NAME}$" '{name: [$n]}')
|
||||
FILTERS_URLENC=$(printf '%s' "${FILTERS}" | jq -sRr @uri)
|
||||
LIST_URL="${ACTIVE_PORTAINER_BASE_URL}/api/endpoints/${PORTAINER_ENDPOINT_ID}/docker/containers/json?all=1&filters=${FILTERS_URLENC}"
|
||||
|
||||
LIST_BODY=$(mktemp)
|
||||
LIST_ERR=$(mktemp)
|
||||
LIST_HTTP_CODE=$(curl -sS \
|
||||
--noproxy "*" \
|
||||
-o "${LIST_BODY}" \
|
||||
-w "%{http_code}" \
|
||||
"${LIST_URL}" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
2>"${LIST_ERR}")
|
||||
LIST_CURL_EXIT=$?
|
||||
|
||||
echo "Container pre-check [${CONTAINER_NAME}] curl=${LIST_CURL_EXIT} http=${LIST_HTTP_CODE}"
|
||||
|
||||
if [ "${LIST_CURL_EXIT}" -ne 0 ]; then
|
||||
echo "Container pre-check stderr for ${CONTAINER_NAME}:"
|
||||
cat "${LIST_ERR}" || true
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "${LIST_HTTP_CODE}" -lt 200 ] || [ "${LIST_HTTP_CODE}" -ge 300 ]; then
|
||||
echo "Container pre-check non-success response for ${CONTAINER_NAME}:"
|
||||
cat "${LIST_BODY}" || true
|
||||
continue
|
||||
fi
|
||||
|
||||
mapfile -t MATCHING_IDS < <(jq -r '.[].Id' "${LIST_BODY}")
|
||||
if [ "${#MATCHING_IDS[@]}" -eq 0 ]; then
|
||||
echo "No conflicting container found for ${CONTAINER_NAME}"
|
||||
continue
|
||||
fi
|
||||
|
||||
for CONTAINER_ID in "${MATCHING_IDS[@]}"; do
|
||||
DELETE_URL="${ACTIVE_PORTAINER_BASE_URL}/api/endpoints/${PORTAINER_ENDPOINT_ID}/docker/containers/${CONTAINER_ID}?force=1"
|
||||
DELETE_BODY=$(mktemp)
|
||||
DELETE_ERR=$(mktemp)
|
||||
DELETE_HTTP_CODE=$(curl -sS -X DELETE \
|
||||
--noproxy "*" \
|
||||
-o "${DELETE_BODY}" \
|
||||
-w "%{http_code}" \
|
||||
"${DELETE_URL}" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
2>"${DELETE_ERR}")
|
||||
DELETE_CURL_EXIT=$?
|
||||
|
||||
echo "Removed conflicting container ${CONTAINER_NAME} (${CONTAINER_ID}) curl=${DELETE_CURL_EXIT} http=${DELETE_HTTP_CODE}"
|
||||
if [ "${DELETE_CURL_EXIT}" -ne 0 ]; then
|
||||
echo "Delete stderr:"
|
||||
cat "${DELETE_ERR}" || true
|
||||
fi
|
||||
if [ "${DELETE_HTTP_CODE}" -lt 200 ] || [ "${DELETE_HTTP_CODE}" -ge 300 ]; then
|
||||
echo "Delete response body:"
|
||||
cat "${DELETE_BODY}" || true
|
||||
fi
|
||||
done
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -n "${STACK_ID}" ]; then
|
||||
echo "Updating existing stack id=${STACK_ID}"
|
||||
REQUEST_URL="${ACTIVE_PORTAINER_BASE_URL}/api/stacks/${STACK_ID}?endpointId=${PORTAINER_ENDPOINT_ID}"
|
||||
PAYLOAD=$(jq -n \
|
||||
--rawfile stack_file docker-compose.prod.yml \
|
||||
--argjson env_vars "${ENV_JSON}" \
|
||||
'{StackFileContent: $stack_file, Env: $env_vars, Prune: false, PullImage: true}')
|
||||
|
||||
echo "Apply request URL: ${REQUEST_URL}"
|
||||
echo "Apply payload summary:"
|
||||
printf '%s' "${PAYLOAD}" | jq -r '{stackFileLength: (.StackFileContent | length), envCount: (.Env | length), prune: .Prune, pullImage: .PullImage}' || true
|
||||
|
||||
APPLY_HTTP_CODE=$(curl -sS -X PUT \
|
||||
--noproxy "*" \
|
||||
-D "${APPLY_HEADERS}" \
|
||||
-o "${APPLY_BODY}" \
|
||||
-w "%{http_code}" \
|
||||
"${REQUEST_URL}" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "${PAYLOAD}" \
|
||||
2>"${APPLY_ERR}")
|
||||
APPLY_CURL_EXIT=$?
|
||||
else
|
||||
echo "Creating new stack ${STACK_NAME}"
|
||||
REQUEST_URL="${ACTIVE_PORTAINER_BASE_URL}/api/stacks/create/standalone/string?endpointId=${PORTAINER_ENDPOINT_ID}"
|
||||
PAYLOAD=$(jq -n \
|
||||
--arg name "${STACK_NAME}" \
|
||||
--rawfile stack_file docker-compose.prod.yml \
|
||||
--argjson env_vars "${ENV_JSON}" \
|
||||
'{Name: $name, StackFileContent: $stack_file, Env: $env_vars, FromAppTemplate: false}')
|
||||
|
||||
echo "Apply request URL: ${REQUEST_URL}"
|
||||
echo "Apply payload summary:"
|
||||
printf '%s' "${PAYLOAD}" | jq -r '{name: .Name, stackFileLength: (.StackFileContent | length), envCount: (.Env | length), fromAppTemplate: .FromAppTemplate}' || true
|
||||
|
||||
APPLY_HTTP_CODE=$(curl -sS -X POST \
|
||||
--noproxy "*" \
|
||||
-D "${APPLY_HEADERS}" \
|
||||
-o "${APPLY_BODY}" \
|
||||
-w "%{http_code}" \
|
||||
"${REQUEST_URL}" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "${PAYLOAD}" \
|
||||
2>"${APPLY_ERR}")
|
||||
APPLY_CURL_EXIT=$?
|
||||
fi
|
||||
|
||||
echo "Apply curl exit: ${APPLY_CURL_EXIT}"
|
||||
echo "Apply http code: ${APPLY_HTTP_CODE}"
|
||||
echo "Apply response headers:"
|
||||
cat "${APPLY_HEADERS}" || true
|
||||
|
||||
if [ "${APPLY_CURL_EXIT}" -ne 0 ]; then
|
||||
echo "Apply stderr:"
|
||||
cat "${APPLY_ERR}" || true
|
||||
exit "${APPLY_CURL_EXIT}"
|
||||
fi
|
||||
|
||||
if [ "${APPLY_HTTP_CODE}" -lt 200 ] || [ "${APPLY_HTTP_CODE}" -ge 300 ]; then
|
||||
echo "Apply response body:"
|
||||
cat "${APPLY_BODY}" || true
|
||||
echo "Apply response parsed as JSON (if possible):"
|
||||
jq -r '.' "${APPLY_BODY}" 2>/dev/null || echo "<non-json or empty body>"
|
||||
|
||||
if [ ! -s "${APPLY_BODY}" ]; then
|
||||
echo "Apply body is empty; retrying once with verbose curl for diagnostics"
|
||||
curl -v -X "$( [ -n "${STACK_ID}" ] && echo PUT || echo POST )" \
|
||||
--noproxy "*" \
|
||||
-o /tmp/portainer-debug-body.txt \
|
||||
"${REQUEST_URL}" \
|
||||
-H "X-API-Key: ${PORTAINER_API_KEY}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "${PAYLOAD}" \
|
||||
2>/tmp/portainer-debug-stderr.txt || true
|
||||
echo "Verbose retry stderr:"
|
||||
cat /tmp/portainer-debug-stderr.txt || true
|
||||
echo "Verbose retry body:"
|
||||
cat /tmp/portainer-debug-body.txt || true
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Portainer deploy completed successfully"
|
||||
57
.github/workflows/ci.yml
vendored
57
.github/workflows/ci.yml
vendored
@@ -1,57 +0,0 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: ["develop"]
|
||||
|
||||
jobs:
|
||||
backend-test:
|
||||
name: Backend Tests
|
||||
runs-on: ubuntu-latest
|
||||
defaults:
|
||||
run:
|
||||
working-directory: backend
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up JDK 21
|
||||
uses: actions/setup-java@v4
|
||||
with:
|
||||
java-version: "21"
|
||||
distribution: temurin
|
||||
cache: gradle
|
||||
|
||||
- name: Make Gradle wrapper executable
|
||||
run: chmod +x gradlew
|
||||
|
||||
- name: Run tests
|
||||
run: ./gradlew test --no-daemon
|
||||
|
||||
- name: Upload test results
|
||||
if: always()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: backend-test-results
|
||||
path: backend/build/reports/tests/
|
||||
|
||||
frontend-test:
|
||||
name: Frontend Tests
|
||||
runs-on: ubuntu-latest
|
||||
defaults:
|
||||
run:
|
||||
working-directory: frontend
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Node 20
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: "20"
|
||||
cache: npm
|
||||
cache-dependency-path: frontend/package-lock.json
|
||||
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
|
||||
- name: Run tests
|
||||
run: npm run test
|
||||
@@ -29,14 +29,10 @@ ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
RUN apt-get update && apt-get install -y \
|
||||
nginx \
|
||||
postgresql \
|
||||
supervisor \
|
||||
openjdk-21-jre-headless \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# PostgreSQL data directory
|
||||
RUN mkdir -p /var/lib/postgresql/data && chown -R postgres:postgres /var/lib/postgresql
|
||||
|
||||
# Copy frontend static files
|
||||
COPY --from=frontend-build /app/frontend/dist /usr/share/nginx/html
|
||||
|
||||
|
||||
1020
INSTRUCTIONS.md
1020
INSTRUCTIONS.md
File diff suppressed because it is too large
Load Diff
@@ -14,8 +14,10 @@ import java.util.Date
|
||||
@Service
|
||||
class JwtService(
|
||||
@Value("\${app.jwt.secret}") val secret: String,
|
||||
@Value("\${app.jwt.expiration-ms}") val expirationMs: Long
|
||||
@Value("\${app.jwt.expiration-ms:86400000}") expirationMsRaw: String
|
||||
) {
|
||||
private val expirationMs: Long = expirationMsRaw.toLongOrNull() ?: 86400000L
|
||||
|
||||
private val signingKey by lazy {
|
||||
Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8))
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ spring:
|
||||
|
||||
jpa:
|
||||
hibernate:
|
||||
ddl-auto: validate
|
||||
ddl-auto: ${SPRING_JPA_HIBERNATE_DDL_AUTO:validate}
|
||||
show-sql: false
|
||||
properties:
|
||||
hibernate:
|
||||
|
||||
@@ -40,7 +40,7 @@ class AuthServiceTest {
|
||||
fun should_returnValidClaims_when_jwtTokenParsed() {
|
||||
val realJwtService = JwtService(
|
||||
secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
|
||||
expirationMs = 86400000L
|
||||
expirationMsRaw = "86400000"
|
||||
)
|
||||
val token = realJwtService.generateToken()
|
||||
|
||||
@@ -51,7 +51,7 @@ class AuthServiceTest {
|
||||
fun should_returnFalse_when_expiredTokenValidated() {
|
||||
val realJwtService = JwtService(
|
||||
secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
|
||||
expirationMs = 1L
|
||||
expirationMsRaw = "1"
|
||||
)
|
||||
val token = realJwtService.generateToken()
|
||||
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
package com.condado.newsletter.service
|
||||
|
||||
import io.jsonwebtoken.Jwts
|
||||
import io.jsonwebtoken.security.Keys
|
||||
import org.junit.jupiter.api.Assertions.assertTrue
|
||||
import org.junit.jupiter.api.Test
|
||||
|
||||
class JwtServiceTest {
|
||||
|
||||
private val secret = "12345678901234567890123456789012"
|
||||
|
||||
@Test
|
||||
fun should_generate_token_when_expiration_is_empty() {
|
||||
val jwtService = JwtService(secret, "")
|
||||
|
||||
val token = jwtService.generateToken()
|
||||
|
||||
val claims = Jwts.parser()
|
||||
.verifyWith(Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8)))
|
||||
.build()
|
||||
.parseSignedClaims(token)
|
||||
.payload
|
||||
|
||||
assertTrue(claims.expiration.after(claims.issuedAt))
|
||||
}
|
||||
}
|
||||
@@ -1,15 +1,42 @@
|
||||
services:
|
||||
condado-newsletter:
|
||||
image: gitea.lab/sancho41/condado-newsletter:latest
|
||||
container_name: condado-newsletter
|
||||
condado-newsletter-postgres:
|
||||
image: postgres:16
|
||||
container_name: condado-newsletter-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: ${APP_DB_NAME:-condado}
|
||||
POSTGRES_USER: ${POSTGRES_USER:-condado}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-condado}
|
||||
volumes:
|
||||
- postgres-data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- default
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -h localhost -U $${POSTGRES_USER:-postgres}"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
start_period: 10s
|
||||
|
||||
condado-newsletter:
|
||||
image: sancho41/condado-newsletter:latest
|
||||
container_name: condado-newsletter
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
condado-newsletter-postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- external
|
||||
- default
|
||||
environment:
|
||||
SPRING_PROFILES_ACTIVE: prod
|
||||
SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME}
|
||||
SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
|
||||
SPRING_JPA_HIBERNATE_DDL_AUTO: ${SPRING_JPA_HIBERNATE_DDL_AUTO:-update}
|
||||
SPRING_DATASOURCE_URL: jdbc:postgresql://condado-newsletter-postgres:5432/${APP_DB_NAME:-condado}
|
||||
SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME:-condado}
|
||||
SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD:-condado}
|
||||
APP_PASSWORD: ${APP_PASSWORD}
|
||||
JWT_SECRET: ${JWT_SECRET}
|
||||
JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS}
|
||||
JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS:-86400000}
|
||||
MAIL_HOST: ${MAIL_HOST}
|
||||
MAIL_PORT: ${MAIL_PORT}
|
||||
MAIL_USERNAME: ${MAIL_USERNAME}
|
||||
@@ -25,22 +52,24 @@ services:
|
||||
extra_hosts:
|
||||
- "celtinha.desktop:host-gateway"
|
||||
- "host.docker.internal:host-gateway"
|
||||
volumes:
|
||||
- postgres-data:/var/lib/postgresql/data
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.condado.rule=Host(`condado-newsletter.lab`)"
|
||||
- "traefik.http.services.condado.loadbalancer.server.port=80"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "homepage.group=Hyperlink"
|
||||
- "homepage.name=Condado Newsletter"
|
||||
- "homepage.description=Automated newsletter generator using AI"
|
||||
- "homepage.logo=https://raw.githubusercontent.com/celtinha/condado-newsletter/main/docs/logo.png"
|
||||
- "homepage.url=http://condado-newsletter.lab"
|
||||
- "homepage.logo=claude-ai.png"
|
||||
- "homepage.href=http://condado-newsletter.lab"
|
||||
|
||||
volumes:
|
||||
postgres-data:
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
|
||||
external:
|
||||
name: traefik
|
||||
external: true
|
||||
|
||||
@@ -4,14 +4,13 @@ services:
|
||||
postgres:
|
||||
image: postgres:16-alpine
|
||||
restart: unless-stopped
|
||||
container_name: condado-newsletter-postgres
|
||||
environment:
|
||||
POSTGRES_DB: condado
|
||||
POSTGRES_USER: ${SPRING_DATASOURCE_USERNAME}
|
||||
POSTGRES_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
|
||||
volumes:
|
||||
- postgres-data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- condado-net
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U ${SPRING_DATASOURCE_USERNAME} -d condado"]
|
||||
interval: 10s
|
||||
@@ -20,6 +19,7 @@ services:
|
||||
|
||||
# ── Backend (Spring Boot) ────────────────────────────────────────────────────
|
||||
backend:
|
||||
container_name: condado-newsletter-backend
|
||||
build:
|
||||
context: ./backend
|
||||
dockerfile: Dockerfile
|
||||
@@ -29,7 +29,7 @@ services:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
SPRING_PROFILES_ACTIVE: dev
|
||||
SPRING_DATASOURCE_URL: ${SPRING_DATASOURCE_URL}
|
||||
SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/condado
|
||||
SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME}
|
||||
SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
|
||||
APP_PASSWORD: ${APP_PASSWORD}
|
||||
@@ -50,36 +50,42 @@ services:
|
||||
extra_hosts:
|
||||
- "celtinha.desktop:host-gateway"
|
||||
- "host.docker.internal:host-gateway"
|
||||
networks:
|
||||
- condado-net
|
||||
|
||||
# ── Frontend + Nginx ─────────────────────────────────────────────────────────
|
||||
nginx:
|
||||
container_name: condado-newsletter-frontend
|
||||
build:
|
||||
context: ./frontend
|
||||
dockerfile: Dockerfile
|
||||
args:
|
||||
VITE_API_BASE_URL: ${VITE_API_BASE_URL}
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
depends_on:
|
||||
- backend
|
||||
networks:
|
||||
- condado-net
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.condado.rule=Host(`condado-newsletter.lab`)"
|
||||
- "traefik.http.services.condado.loadbalancer.server.port=80"
|
||||
- "homepage.group=Hyperlink"
|
||||
- "homepage.name=Condado Newsletter"
|
||||
- "homepage.description=Automated newsletter generator using AI"
|
||||
- "homepage.logo=claude-dark.png"
|
||||
- "homepage.href=http://condado-newsletter.lab"
|
||||
|
||||
# ── Mailhog (DEV ONLY — SMTP trap) ───────────────────────────────────────────
|
||||
mailhog:
|
||||
container_name: condado-newsletter-mailhog
|
||||
image: mailhog/mailhog:latest
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8025:8025"
|
||||
networks:
|
||||
- condado-net
|
||||
|
||||
volumes:
|
||||
postgres-data:
|
||||
|
||||
networks:
|
||||
condado-net:
|
||||
driver: bridge
|
||||
traefik:
|
||||
external: true
|
||||
name: traefik
|
||||
|
||||
@@ -5,28 +5,29 @@ APP_DB_NAME=${APP_DB_NAME:-condado}
|
||||
APP_DB_USER=${SPRING_DATASOURCE_USERNAME:-condado}
|
||||
APP_DB_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-condado}
|
||||
|
||||
# ── Initialise PostgreSQL data directory on first run ─────────────────────────
|
||||
if [ ! -f /var/lib/postgresql/data/PG_VERSION ]; then
|
||||
echo "Initialising PostgreSQL data directory..."
|
||||
su -c "/usr/lib/postgresql/16/bin/initdb -D /var/lib/postgresql/data --encoding=UTF8 --locale=C" postgres
|
||||
|
||||
# Start postgres temporarily to create the app database and user
|
||||
su -c "/usr/lib/postgresql/16/bin/pg_ctl -D /var/lib/postgresql/data -w start" postgres
|
||||
|
||||
su -c "psql -v ON_ERROR_STOP=1 -c \"CREATE USER ${APP_DB_USER} WITH PASSWORD '${APP_DB_PASSWORD}';\"" postgres
|
||||
su -c "psql -v ON_ERROR_STOP=1 -c \"CREATE DATABASE ${APP_DB_NAME} OWNER ${APP_DB_USER};\"" postgres
|
||||
|
||||
su -c "/usr/lib/postgresql/16/bin/pg_ctl -D /var/lib/postgresql/data -w stop" postgres
|
||||
echo "PostgreSQL initialised."
|
||||
fi
|
||||
|
||||
# ── Ensure supervisor log directory exists ────────────────────────────────────
|
||||
mkdir -p /var/log/supervisor
|
||||
|
||||
# ── Defaults for all-in-one local PostgreSQL ─────────────────────────────────
|
||||
export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://localhost:5432/${APP_DB_NAME}}
|
||||
# ── Defaults for external PostgreSQL service in production compose ───────────
|
||||
export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://condado-newsletter-postgres:5432/${APP_DB_NAME}}
|
||||
export SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME:-${APP_DB_USER}}
|
||||
export SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-${APP_DB_PASSWORD}}
|
||||
export JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS:-86400000}
|
||||
|
||||
# ── Log all Spring Boot environment variables for debugging ──────────────────
|
||||
echo "========================================"
|
||||
echo "Spring Boot Configuration:"
|
||||
echo "========================================"
|
||||
echo "SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL}"
|
||||
echo "SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME}"
|
||||
echo "SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD}"
|
||||
echo "JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS}"
|
||||
echo "JAVA_OPTS=${JAVA_OPTS:-not set}"
|
||||
echo "OPENAI_API_KEY=${OPENAI_API_KEY:-not set}"
|
||||
echo "========================================"
|
||||
|
||||
# ── Start all services via supervisord ───────────────────────────────────────
|
||||
# Export unbuffered output for both Python and Java
|
||||
export PYTHONUNBUFFERED=1
|
||||
export JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8 -Djava.awt.headless=true"
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
@@ -1,27 +1,26 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/var/log/supervisor/supervisord.log
|
||||
silent=false
|
||||
logfile=/dev/stdout
|
||||
logfile_maxbytes=0
|
||||
pidfile=/var/run/supervisord.pid
|
||||
|
||||
[program:postgres]
|
||||
command=/usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
|
||||
user=postgres
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stdout_logfile=/var/log/supervisor/postgres.log
|
||||
stderr_logfile=/var/log/supervisor/postgres.err.log
|
||||
loglevel=info
|
||||
|
||||
[program:backend]
|
||||
command=java -jar /app/app.jar
|
||||
command=java -Dspring.output.ansi.enabled=always -Dlogging.level.root=DEBUG -jar /app/app.jar
|
||||
autostart=true
|
||||
autorestart=true
|
||||
startsecs=15
|
||||
stdout_logfile=/var/log/supervisor/backend.log
|
||||
stderr_logfile=/var/log/supervisor/backend.err.log
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
|
||||
[program:nginx]
|
||||
command=/usr/sbin/nginx -g "daemon off;"
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stdout_logfile=/var/log/supervisor/nginx.log
|
||||
stderr_logfile=/var/log/supervisor/nginx.err.log
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
|
||||
@@ -15,6 +15,9 @@ http {
|
||||
gzip_types text/plain text/css application/json application/javascript
|
||||
text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
access_log /dev/stdout;
|
||||
error_log /dev/stderr;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
|
||||
Reference in New Issue
Block a user