ruangrupa/kios-webapp
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test

Browse Source 
Signed-off-by: Max Schmidt <max.schmidt@outlook.de>
This commit is contained in:
Max Schmidt 2023-05-17 16:27:48 +02:00
parent 364fc363f0
commit 134820e898
6 changed files with 58 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.dev
View File

@ -5,5 +5,4 @@ PAYLOAD_SECRET=supersecretkey
MONGODB_URI=mongodb://payload:test@mongo:27017 MONGODB_URI=mongodb://payload:test@mongo:27017
MONGODB_USER=payload MONGODB_USER=payload
MONGODB_PW=test MONGODB_PW=test
MONGODB_DB=payload
NAME=astroad NAME=astroad

8
.env.prod
View File

@ -1,8 +0,0 @@
PAYLOAD_URL=http://localhost:3001
PAYLOAD_PORT=3001
PAYLOAD_SECRET=supersecretkey
MONGODB_URI=mongodb://payload:test@mongo:27017
MONGODB_USER=payload
MONGODB_PW=test
MONGODB_DB=payload
NAME=astroad

22
.github/workflows/payload.yml vendored
View File

@ -1,34 +1,18 @@
name: Trigger Astro build on server name: Payload update
on: on:
repository_dispatch: repository_dispatch:
types: [payload_update] types: [payload_update]
jobs: jobs:
build: build:
name: Run remote SSH command
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Trigger build via ssh - name: Trigger build
uses: appleboy/ssh-action@master uses: appleboy/ssh-action@master
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
username: ${{ secrets.USER }} username: ${{ secrets.USER }}
key: ${{ secrets.KEY }} key: ${{ secrets.KEY }}
script: | script: |
if [ -d ${{ secrets.PATH }} ]; then
cd ${{ secrets.PATH }} cd ${{ secrets.PATH }}
git pull git pull
else yarn prod astro
mkdir ${{ secrets.PATH }}
cd ${{ secrets.PATH }}
git clone -b prod ${{ github.repository }} .
mv .env.dev .env.prod
sed -i "s/ASTRO_URL=.*/ASTRO_URL=${{ ASTRO_URL }}/" .env.prod
sed -i "s/PAYLOAD_URL=.*/PAYLOAD_URL=${{ PAYLOAD_URL }}/" .env.prod
sed -i "s/PAYLOAD_PORT=.*/PAYLOAD_PORT=${{ PAYLOAD_PORT }}/" .env.prod
sed -i "s/PAYLOAD_SECRET=.*/PAYLOAD_SECRET=${{ PAYLOAD_SECRET }}/" .env.prod
sed -i "s/MONGODB_URI=.*/MONGODB_URI=${{ MONGODB_URI }}/" .env.prod
sed -i "s/MONGODB_USER=.*/MONGODB_USER=${{ MONGODB_USER }}/" .env.prod
sed -i "s/MONGODB_PW=.*/MONGODB_PW=${{ MONGODB_PW }}/" .env.prod
sed -i "s/MONGODB_DB=.*/MONGODB_DB=${{ MONGODB_DB }}/" .env.prod
sed -i "s/NAME=.*/NAME=${{ NAME }}/" .env.prod
fi

31
.github/workflows/push.yml vendored
View File

@ -8,16 +8,6 @@ jobs:
name: Run remote SSH command name: Run remote SSH command
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install dependencies
run: npm install dotenv
- name: Load environment variables from .env file
run: |
source .env.prod
- name: Print environment variable
run: echo ${PAYLOAD_URL}
- name: Trigger build via ssh - name: Trigger build via ssh
uses: appleboy/ssh-action@master uses: appleboy/ssh-action@master
with: with:
@ -25,6 +15,21 @@ jobs:
username: ${{ secrets.USER }} username: ${{ secrets.USER }}
key: ${{ secrets.KEY }} key: ${{ secrets.KEY }}
script: | script: |
echo ${{ PAYLOAD_URL }} if [ -d ${{ secrets.PATH }} ]; then
echo ${PAYLOAD_URL} cd ${{ secrets.PATH }}
echo $PAYLOAD_URL git pull
else
mkdir ${{ secrets.PATH }}
cd ${{ secrets.PATH }}
git clone -b prod ${{ github.repository }} .
mv .env.dev .env.prod
sed -i "s/ASTRO_URL=.*/ASTRO_URL=${{ env.ASTRO_URL }}/" .env.prod
sed -i "s/PAYLOAD_URL=.*/PAYLOAD_URL=${{ env.PAYLOAD_URL }}/" .env.prod
sed -i "s/PAYLOAD_PORT=.*/PAYLOAD_PORT=${{ secrets.PAYLOAD_PORT }}/" .env.prod
sed -i "s/PAYLOAD_SECRET=.*/PAYLOAD_SECRET=${{ secrets.PAYLOAD_SECRET }}/" .env.prod
sed -i "s/MONGODB_URI=.*/MONGODB_URI=${{ secrets.MONGODB_URI }}/" .env.prod
sed -i "s/MONGODB_USER=.*/MONGODB_USER=${{ secrets.MONGODB_USER }}/" .env.prod
sed -i "s/MONGODB_PW=.*/MONGODB_PW=${{ secrets.MONGODB_PW }}/" .env.prod
sed -i "s/NAME=.*/NAME=${{ env.NAME }}/" .env.prod
fi
yarn prod

2
README.md
View File

@ -25,4 +25,4 @@ Because Astro is completely static, a content change in the CMS must trigger a n
Ensure you have Traefik set up as a reverse proxy before deployment. The prod script will launch your site in a production-ready environment. Ensure you have Traefik set up as a reverse proxy before deployment. The prod script will launch your site in a production-ready environment.
Please note that since deployment is done through Github Workflows, you need to define the necessary secrets in the settings. You can find which secrets are used in the `.github/workflows/push.yml` file. This file converts the existing `.env.dev` to `.env.prod` and adds the secrets that have already been defined. Please note that since deployment is done through Github Workflows, you need to define the necessary secrets and envs in the settings. You can find which secrets and envs are used in the `.github/workflows/push.yml` file. This file converts the existing `.env.dev` to `.env.prod` and adds the secrets and envs that have already been defined.

41
docker-compose-prod.yml
View File

@ -5,16 +5,43 @@ services:
target: prod target: prod
environment: environment:
PAYLOAD_URL: ${PAYLOAD_URL} PAYLOAD_URL: ${PAYLOAD_URL}
ports: labels:
- 3000:3000 - "traefik.enable=true"
- "traefik.http.routers.${NAME}-astro.rule=Host(`${ASTRO_URL}`)"
- "traefik.http.routers.${NAME}-astro.entrypoints=https"
- "traefik.http.routers.${NAME}-astro.tls.certresolver=httpresolver"
- "traefik.http.routers.${NAME}-astro.middlewares=security-headers-${NAME}-astro"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.accesscontrolallowmethods=GET, OPTIONS, PUT, POST, DELETE, HEAD, PATCH"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.addvaryheader=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.hostsproxyheaders=X-Forwarded-Host"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.sslredirect=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.sslproxyheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stsseconds=63072000"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.stspreload=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.forcestsheader=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.permissionspolicy=camera=(), accelerometer=(), gamepad=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=()"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.framedeny=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.contentsecuritypolicy=default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.contenttypenosniff=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.browserxssfilter=true"
- "traefik.http.middlewares.security-headers-${NAME}-astro.headers.referrerpolicy=same-origin"
- traefik.docker.network=traefik_network
networks:
- traefik_network
payload: payload:
build: build:
context: payload context: payload
target: prod target: prod
ports: labels:
- 3001:3001 - traefik.enable=true
- traefik.http.routers.${NAME}-payload.rule=Host(`${PAYLOAD_URL}`)
- traefik.http.routers.${NAME}-payload.entrypoints=https
- traefik.http.routers.${NAME}-payload.tls.certresolver=httpresolver
- traefik.docker.network=traefik_network
mongo: networks:
ports: traefik_network:
- 27017:27017 external: true