ruangrupa/members.lumbung.space
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

get a deployment going
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
cellarspoon 2022-01-10 14:22:33 +01:00
parent f9061e2ecf
commit befbcd064d
No known key found for this signature in database
GPG Key ID: 03789458B3D0C410
4 changed files with 120 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.env.sample
View File

@ -1,11 +1,18 @@
APP_SECRET_KEY=foobar APP_SECRET_KEY=foobar
APP_THEME=lumbung APP_THEME=lumbung
AUTOMATICALLY_LOG_IN=False
DOMAIN=members.lumbung.space
ENTRYPOINT_CONF_VERSION=v1
INVITE_TIME_LIMIT=30 INVITE_TIME_LIMIT=30
KEYCLOAK_CLIENT_ID=admin-cli KEYCLOAK_CLIENT_ID=admin-cli
KEYCLOAK_CLIENT_SECRET=barfoo KEYCLOAK_CLIENT_SECRET=barfoo
KEYCLOAK_DOMAIN=login.lumbung.space KEYCLOAK_DOMAIN=login.lumbung.space
KEYCLOAK_REALM=lumbung-space KEYCLOAK_REALM=lumbung-space
LETS_ENCRYPT_ENV=production
NGINX_CONF_VERSION=v1
REDIS_DB=0 REDIS_DB=0
REDIS_HOST=localhost REDIS_HOST=localhost
REDIS_PORT=6379 REDIS_PORT=6379
AUTOMATICALLY_LOG_IN=False SECRET_APP_SECRET_KEY_VERSION=v1
SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
STACK_NAME=foo_example_com

77
compose.yml Normal file
View File

@ -0,0 +1,77 @@
---
version: "3.8"
services:
app:
image: "decentral1se/members.lumbung.space:latest"
environment:
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
- APP_THEME
- AUTOMATICALLY_LOG_IN
- INVITE_TIME_LIMIT
- KEYCLOAK_CLIENT_ID
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
- KEYCLOAK_DOMAIN
- KEYCLOAK_REALM
- REDIS_DB=0
- REDIS_HOST=cache
- REDIS_PORT=6379
secrets:
- app_secret_key
- keycloak_client_secret
networks:
- proxy
- internal
configs:
- source: entrypoint_sh
target: /usr/local/bin/entrypoint.sh
mode: 0555
entrypoint: /usr/local/bin/entrypoint.sh
healthcheck:
test: curl --fail 0.0.0.0:8000/healthz || exit 1
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.services.kcp.loadbalancer.server.port=8000"
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.kcp.entrypoints=web-secure"
- "traefik.http.routers.kcp.tls.certresolver=production"
command: |
uvicorn
--host 0.0.0.0
--forwarded-allow-ips="*"
--proxy-headers
members_lumbung_space.main:app
cache:
image: redis:6.2-alpine
networks:
- internal
healthcheck:
test: redis-cli ping
volumes:
- redis:/data
networks:
proxy:
external: true
internal:
configs:
entrypoint_sh:
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
secrets:
app_secret_key:
external: true
name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY_VERSION}
keycloak_client_secret:
external: true
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}
volumes:
redis:

30
entrypoint.sh.tmpl Normal file
View File

@ -0,0 +1,30 @@
#! /bin/bash
set -eu
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "KEYCLOAK_CLIENT_SECRET"
file_env "APP_SECRET_KEY"
echo "Passing it back to the upstream ENTRYPOINT/CMD..."
exec "$@"

6
makefile
View File

@ -1,5 +1,6 @@
.DEFAULT: run .DEFAULT: run
.PHONY: run redis
.PHONY: run redis deploy
run: run:
@if [ ! -d ".venv" ]; then \ @if [ ! -d ".venv" ]; then \
@ -11,3 +12,6 @@ run:
redis: redis:
@docker run -p 6379:6379 --name redis -d redis:6-alpine @docker run -p 6379:6379 --name redis -d redis:6-alpine
deploy:
@DOCKER_CONTEXT=lumbung.space docker stack deploy -c compose.yml members_lumbung_space