diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..c16c305 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,33 @@ +--- +kind: pipeline +name: continuous deployment +steps: + - name: build and push new image + image: plugins/docker + settings: + username: + from_secret: docker_reg_username + password: + from_secret: docker_reg_passwd + repo: decentral1se/kios-admin + tags: latest + + - name: deploy image + image: decentral1se/stack-ssh-deploy:latest + environment: + STACK_NAME: kios_admin_lumbung_space + SECRET_PAYLOAD_SECRET_VERSION: v1 + settings: + stack: kios_admin_lumbung_space + host: lumbung.space + deploy_key: + from_secret: drone_ssh_lumbung.space + depends_on: + - build and push new image + +trigger: + branch: + - main + event: + exclude: + - pull_request diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..da92de7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM node:18-alpine as base + +FROM base as builder + +WORKDIR /home/node +COPY package*.json ./ + +COPY . . +RUN yarn install +RUN yarn build + +FROM base as runtime + +ENV NODE_ENV=production + +WORKDIR /home/node +COPY package*.json ./ + +RUN yarn install --production +COPY --from=builder /home/node/dist ./dist +COPY --from=builder /home/node/build ./build + +EXPOSE 3000 diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..3c265f0 --- /dev/null +++ b/compose.yml @@ -0,0 +1,61 @@ +--- +version: "3.8" + +services: + app: + image: decentral1se/kios-admin:latest + networks: + - proxy + volumes: + - app:/home/node/app + - node_modules:/home/node/app/node_modules + environment: + MONGODB_URI: mongodb://db:27017/payload + PORT: 3000 + NODE_ENV: production + PAYLOAD_SECRET_FILE: /run/secrets/payload_secret + configs: + - source: app_entrypoint + target: /docker-entrypoint.sh + mode: 0555 + secrets: + - payload_secret + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.routers.coop-cloud-site.rule=Host(`kios-admin.lumbung.space`, `www.kios-admin.lumbung.space`)" + - "traefik.http.routers.coop-cloud-site.entrypoints=web-secure" + - "traefik.http.services.coop-cloud-site.loadbalancer.server.port=3000" + - "traefik.http.routers.coop-cloud-site.tls.certresolver=production" + + db: + image: mongo:6.0.3 + command: + - "--storageEngine=wiredTiger" + volumes: + - data:/data/db + logging: + driver: none + +volumes: + app: + node_modules: + data: + +networks: + proxy: + external: true + +secrets: + payload_secret: + external: true + name: ${STACK_NAME}_payload_secret_${SECRET_PAYLOAD_SECRET_VERSION} + +configs: + app_entrypoint: + name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION} + file: entrypoint.sh.tmpl + template_driver: golang diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 1a2d20e..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: '3' - -services: - - payload: - image: node:18-alpine - ports: - - "3000:3000" - volumes: - - .:/home/node/app - - node_modules:/home/node/app/node_modules - working_dir: /home/node/app/ - command: sh -c "yarn install && yarn dev" - depends_on: - - mongo - environment: - MONGODB_URI: mongodb://mongo:27017/payload - PORT: 3000 - NODE_ENV: development - PAYLOAD_SECRET: TESTING - - mongo: - image: mongo:latest - ports: - - "27017:27017" - command: - - --storageEngine=wiredTiger - volumes: - - data:/data/db - logging: - driver: none - -volumes: - data: - node_modules: diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl new file mode 100644 index 0000000..d45469a --- /dev/null +++ b/entrypoint.sh.tmpl @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e + +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$def" + + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + + export "$var"="$val" + unset "$fileVar" +} + +file_env "PAYLOAD_SECRET" + +node dist/server.js