Add deployment

.env.sample

@@ -0,0 +1,9 @@
+# Local development
+export MASTODON_ACCESS_TOKEN=foobar
+export MASTODON_API_BASE_URL=social.lumbung.space
+export APP_LOG_LEVEL=info
+
+# Deployment
+export DOMAIN=publish.lumbung.space
+export ENTRYPOINT_CONF_VERSION=v1
+export SECRET_MASTODON_ACCESS_TOKEN=v1

README.md

@@ -21,3 +21,20 @@ A service to facilitate collective digital publishing practices.
   - **cloud.lumbung.space**: Using [Nextcloud flows](https://nextcloud.com/blog/nextcloud-flow-makes-it-easy-to-automate-actions-and-workflows/), we can trigger an outgoing HTTP request towards `pubspace`
   - **tv.lumbung.space**: Using [a federation client](https://mastodonpy.readthedocs.io/) we can watch for specific hashtags to trigger publishing
   - **social.lumbung.space**: Using [a federation client](https://mastodonpy.readthedocs.io/), we can watch for specific hashtags to trigger publishing
+
+## Nextcloud flow script
+
+```bash
+echo "TODO"
+```
+
+## Deployment
+
+> Work In Progress
+
+```
+$ printf $YOURMASTODONACCESSTOKEN | docker secret create  publish_lumbung_space_access_token_v1 -
+$ cp .env.sample .env  # and update the values to match the environment
+$ set -a && source .env && set +a
+$ docker stack deploy -c compose.yml publish_lumbung_space
+```

compose.yml

@@ -0,0 +1,50 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: "decentral1se/pubspace:latest"
+    environment:
+      - MASTODON_ACCESS_TOKEN_FILE=/run/secrets/access_token
+    secrets:
+      - access_token
+    networks:
+      - proxy
+    configs:
+      - source: entrypoint_sh
+        target: /usr/local/bin/entrypoint.sh
+        mode: 0555
+    entrypoint: /usr/local/bin/entrypoint.sh
+    healthcheck:
+      test: curl --fail 0.0.0.0:8000/healthz || exit 1
+    deploy:
+      update_config:
+        failure_action: rollback
+        order: start-first
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.kcp.loadbalancer.server.port=8000"
+        - "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.kcp.entrypoints=web-secure"
+        - "traefik.http.routers.kcp.tls.certresolver=production"
+    command: |
+      uvicorn
+      --host 0.0.0.0
+      --forwarded-allow-ips="*"
+      --proxy-headers
+      pubspace:app
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  entrypoint_sh:
+    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang
+
+secrets:
+  access_token:
+    external: true
+    name: ${STACK_NAME}_access_token_${SECRET_MASTODON_ACCESS_TOKEN}

makefile

@@ -1,5 +1,5 @@
 .DEFAULT: run
-.PHONY: run
+.PHONY: run build push
 
 run:
 	@if [ ! -d ".venv" ]; then \
@@ -8,3 +8,9 @@ run:
 		.venv/bin/poetry install; \
 	fi
 	.venv/bin/poetry run uvicorn pubspace:app --reload
+
+build:
+	@docker build -t decentral1se/pubspace .
+
+push: build
+	@docker push decentral1se/pubspace

pubspace.py

@@ -38,3 +38,8 @@ mastodon.stream_hashtag("pubspace", PubspaceListener(), run_async=True)
 @app.get("/")
 async def home(request: Request):
     app.state.log.info(await request.json())
+
+
+@app.get("/healthz")
+async def healthz(request: Request):
+    return {"detail": "ALL ENGINES FIRING"}