Merge pull request #1429 from openworld-community/feature/1142-fronte…

…nd_build_optimization Change deploy workflow
openworld-community · Oct 15, 2024 · a9471c3 · a9471c3
2 parents 0fc0721 + c08e555
commit a9471c3
Show file tree

Hide file tree

Showing 18 changed files with 281 additions and 89 deletions.
diff --git a/.github/workflows/build-and-push-test.yml b/.github/workflows/build-and-push-test.yml
@@ -0,0 +1,96 @@
+name: Build docker images and push to GHCR
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+concurrency: build-and-deploy
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  env_var: ${{ vars.ENV_CONTEXT_VAR }}
+  REGISTRY: ghcr.io
+  TAG_NAME: latest
+  FRONTEND_CACHE_IMAGE_NAME: frontend_buildcache
+  BACKEND_CACHE_IMAGE_NAME: backend_buildcache
+
+jobs:
+  build-and-push:
+    name: Build image and push it to registry
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Export lowercase image names
+        shell: bash
+        run: |
+          : "${{ env.REGISTRY }}/${{ github.repository }}_frontend:latest"
+          echo "FRONTEND_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
+          : "${{ env.REGISTRY }}/${{ github.repository }}_backend:latest"
+          echo "BACKEND_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
+          : "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.FRONTEND_CACHE_IMAGE_NAME }}:latest"
+          echo "FRONTEND_CACHE_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
+          : "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.BACKEND_CACHE_IMAGE_NAME }}:latest"
+          echo "BACKEND_CACHE_IMAGE_TAG=${_,,}" | tee -a $GITHUB_ENV
+
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and push frontend docker image
+        uses: docker/build-push-action@v3
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./
+          file: ./frontend/Dockerfile
+          tags: "${{ env.FRONTEND_IMAGE_TAG }}"
+          push: true
+          cache-from: type=registry,ref=${{ env.FRONTEND_CACHE_IMAGE_TAG }}
+          cache-to: type=registry,ref=${{ env.FRONTEND_CACHE_IMAGE_TAG }},mode=max
+
+      - name: Build and push backend docker image
+        uses: docker/build-push-action@v3
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ./
+          file: ./backend/Dockerfile
+          tags: "${{ env.BACKEND_IMAGE_TAG }}"
+          push: true
+          cache-from: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }}
+          cache-to: type=registry,ref=${{ env.BACKEND_CACHE_IMAGE_TAG }},mode=max
+
+  deploy-test:
+    name: Connect to server, pull latest image and deploy it
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: install ssh keys
+        # check this thread to understand why its needed:
+        # https://stackoverflow.com/a/70447517
+        run: |
+          install -m 600 -D /dev/null ~/.ssh/id_rsa
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
+      - name: connect and pull
+        run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ vars.TEST_DIR }} && git checkout ${{ vars.TEST_BRANCH }} && git pull"
+      - name: connect and update traefik
+        run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ vars.TEST_DIR }} && docker compose --compatibility -p ows-events -f docker-compose.traefik.yml up -d --build && exit"
+      - name: connect and  services
+        run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} " docker login ghcr.io -u ${{ github.actor }} --password-stdin && export NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID=${{ secrets.TEST_GOOGLE_OAUTH_KEY }} && export PEREDELANOCONF_GOOGLEDOC=${{ secrets.PEREDELANOCONF_GOOGLEDOC_ID }} && export NUXT_PUBLIC_GTAG_ID=${{ secrets.TEST_GTAG_ID }} && export GITHUB_PARSING_TOKEN=${{ secrets.PARSING_TOKEN }} && export SECRET_KEY=${{ secrets.BACKEND_SECRET_KEY }} && export NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME=${{ vars.TEST_AUTH_TELEGRAM_BOT_NAME }} && cd ${{ vars.TEST_DIR }} && docker compose --compatibility -p ows-events_test -f docker-compose.test.new.yml up -d --force-recreate && exit"
+      - name: cleanup
+        run: rm -rf ~/.ssh
+
diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml
@@ -1,9 +1,6 @@
 name: 'Deploy'
 
 on:
-  push:
-    branches:
-      - main
   workflow_dispatch:
 
 concurrency: build-and-deploy

diff --git a/backend/src/config/vars.ts b/backend/src/config/vars.ts
@@ -18,7 +18,7 @@ export const vars = {
 		googledocs: {
 			peredelanoConfSheetId: process.env.PEREDELANOCONF_GOOGLEDOC || ''
 		},
-		googleauth: process.env.VITE_GOOGLE_OAUTH_KEY || '123',
+		googleauth: process.env.NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID || '123',
 		googleAnalytics: {
 			apiSecret: process.env.GA_API_SECRET || '',
 			measurementId: process.env.GA_MEASUREMENT_ID || ''

diff --git a/docker-compose.build.yml b/docker-compose.build.yml
@@ -16,18 +16,20 @@ services:
             dockerfile: ./frontend/Dockerfile
             args:
                 - NODE_ENV=production
-                - VITE_API_URL=https://127.0.0.1/api
-                - VITE_BASE_URL=https://127.0.0.1
-                - VITE_IPREGISTRY_API_KEY=ryy5dlbl3v8y55x4
-                - VITE_TELEGRAM_AUTH_BOT_NAME
                 - VITE_MODE=production
-                - VITE_DOMAIN=127.0.0.1
         logging: *default-logging
         restart: always
         networks:
             - build_ows_events
         ports:
             - '80:3000'
+        environment:
+            - NUXT_PUBLIC_API_URL=http://localhost:7080/api
+            - NUXT_PUBLIC_BASE_URL=http://localhost:7080
+            - NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME=afisha_oauth_local_bot
+            - NUXT_PUBLIC_DOMAIN=localhost
+            - NUXT_PUBLIC_GTAG_ID=localhostGtagId
+            - NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
 
     backend:
         build:
@@ -42,7 +44,7 @@ services:
         environment:
             - MODE=prod
             - MONGO_URI=mongodb://mongo:27017/dev
-            - FRONTEND_URL=https://127.0.0.1
+            - FRONTEND_URL=http://127.0.0.1
             - SECRET_KEY
         networks:
             - build_ows_events

diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -24,13 +24,14 @@ services:
             - backend
         environment:
             - NODE_ENV=development
-            - VITE_STAGE=test
-            - VITE_API_URL=http://127.0.0.1/api
-            - VITE_BASE_URL=http://127.0.0.1
-            - VITE_IPREGISTRY_API_KEY=ryy5dlbl3v8y55x4
             - VITE_MODE=development
-            - VITE_TELEGRAM_AUTH_BOT_NAME=afisha_oauth_local_bot
-            - VITE_GOOGLE_OAUTH_KEY
+            - VITE_STAGE=test
+            - NUXT_PUBLIC_API_URL=http://127.0.0.1/api
+            - NUXT_PUBLIC_BASE_URL=http://127.0.0.1
+            - NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME=afisha_oauth_local_bot
+            - NUXT_PUBLIC_DOMAIN=localhost
+            - NUXT_PUBLIC_GTAG_ID=localhostGtagId
+            - NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
 
     backend:
         build:
@@ -45,7 +46,7 @@ services:
             - MODE=dev
             - FRONTEND_URL=http://127.0.0.1
             - MONGO_URI=mongodb://mongo:27017/dev
-            - VITE_GOOGLE_OAUTH_KEY
+            - NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
         ports:
             - '7080:7080'
         volumes:

diff --git a/docker-compose.test.new.yml b/docker-compose.test.new.yml
@@ -0,0 +1,118 @@
+version: '3.7'
+
+x-logging: &default-logging
+    driver: json-file
+    options:
+        max-size: '10m'
+        max-file: '5'
+
+networks:
+    traefikpublic:
+        external:
+            name: ows-events_traefikpublic
+
+services:
+    frontend:
+        image: ghcr.io/openworld-community/ows-events_frontend:latest
+        logging: *default-logging
+        restart: always
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https'
+            - 'traefik.http.middlewares.compressor.compress=true'
+            - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
+            - 'traefik.http.routers.test_frontend_https.rule=Host(`test.afisha.peredelano.com`)'
+            - 'traefik.http.routers.test_frontend_https.middlewares=sslheader@docker'
+            - 'traefik.http.routers.test_frontend_https.middlewares=compressor@docker'
+            - 'traefik.http.routers.test_frontend_https.entrypoints=http, https'
+            - 'traefik.http.routers.test_frontend_https.tls.certresolver=myresolver'
+            - 'traefik.http.routers.test_frontend_http.rule=Host(`test.afisha.peredelano.com`)'
+            - 'traefik.http.routers.test_frontend_http.middlewares=redirect-to-https@docker'
+            - 'traefik.http.routers.test_frontend_http.entrypoints=http'
+        networks:
+            - traefikpublic
+        ports:
+            - '3002:3000'
+        environment:
+            - NUXT_PUBLIC_API_URL=https://api-test.afisha.peredelano.com/api
+            - NUXT_PUBLIC_BASE_URL=https://api-test.afisha.peredelano.com
+            - NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME
+            - NUXT_PUBLIC_DOMAIN=test.afisha.peredelano.com
+            - NUXT_PUBLIC_GTAG_ID
+            - NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
+        deploy:
+            resources:
+                limits:
+                    cpus: '0.22'
+                    memory: 300M
+                reservations:
+                    cpus: '0.1'
+                    memory: 150M
+
+    backend:
+        image: ghcr.io/openworld-community/ows-events_backend:latest
+        logging: *default-logging
+        restart: always
+        depends_on:
+            - mongo
+        links:
+            - mongo
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https'
+            - 'traefik.http.middlewares.redirect-https.redirectscheme.scheme=https'
+            - 'traefik.http.routers.test_backend_https.rule=Host(`api-test.afisha.peredelano.com`)'
+            - 'traefik.http.routers.test_backend_https.middlewares=sslheader@docker'
+            - 'traefik.http.routers.test_backend_https.entrypoints=http, https'
+            - 'traefik.http.routers.test_backend_https.tls.certresolver=myresolver'
+            - 'traefik.http.routers.test_backend_http.rule=Host(`api-test.afisha.peredelano.com`)'
+            - 'traefik.http.routers.test_backend_http.middlewares=redirect-https@docker'
+            - 'traefik.http.routers.test_backend_http.entrypoints=http'
+        environment:
+            - MODE=prod
+            - MONGO_URI=mongodb://mongo:27017/test
+            - FRONTEND_URL=https://test.afisha.peredelano.com
+            - SECRET_KEY
+            - LOCALIZATION_API_KEY
+            - GITHUB_PARSING_TOKEN
+            - PEREDELANOCONF_GOOGLEDOC
+            - NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
+            - GA_API_SECRET
+            - GA_MEASUREMENT_ID
+        networks:
+            - traefikpublic
+        ports:
+            - '7082:7080'
+        volumes:
+            - /root/ows-events_test/assets/img:/app/assets/img
+        deploy:
+            resources:
+                limits:
+                    cpus: '0.22'
+                    memory: 300M
+                reservations:
+                    cpus: '0.1'
+                    memory: 150M
+
+    mongo:
+        image: mongo:6.0
+        restart: unless-stopped
+        command: ['--bind_ip_all']
+        ports:
+            - '127.0.0.1:27002:27017'
+        networks:
+            - traefikpublic
+        healthcheck:
+            test: test $$(echo "rs.initiate().ok || rs.status().ok" | mongo --quiet) -eq 1
+            interval: 10s
+            start_period: 30s
+        volumes:
+            - /root/db/test:/data/db
+        deploy:
+            resources:
+                limits:
+                    cpus: '0.4'
+                    memory: 400M
+                reservations:
+                    cpus: '0.2'
+                    memory: 200M
diff --git a/docker-compose.win.yml b/docker-compose.win.yml
@@ -20,12 +20,14 @@ services:
             - backend
         environment:
             - NODE_ENV=development
-            - VITE_STAGE=test
-            - VITE_API_URL=http://127.0.0.1/api
-            - VITE_BASE_URL=http://127.0.0.1
-            - VITE_IPREGISTRY_API_KEY=ryy5dlbl3v8y55x4
             - VITE_MODE=development
-            - VITE_TELEGRAM_AUTH_BOT_NAME=afisha_oauth_local_bot
+            - VITE_STAGE=test
+            - NUXT_PUBLIC_API_URL=http://127.0.0.1/api
+            - NUXT_PUBLIC_BASE_URL=http://127.0.0.1
+            - NUXT_PUBLIC_TELEGRAM_AUTH_BOT_NAME=afisha_oauth_local_bot
+            - NUXT_PUBLIC_DOMAIN=localhost
+            - NUXT_PUBLIC_GTAG_ID=localhostGtagId
+            - NUXT_PUBLIC_GOOGLE_SIGN_IN_CLIENT_ID
         develop:
             watch:
                 # sync static content

diff --git a/frontend/Dockerfile b/frontend/Dockerfile
@@ -12,29 +12,11 @@ COPY ./frontend/ ./
 
 ARG NODE_ENV
 ARG VITE_STAGE
-ARG VITE_API_URL
-ARG VITE_BASE_URL
-ARG VITE_IPREGISTRY_API_KEY
-ARG VITE_AUTH_SERVER_URL
-ARG VITE_POSTAUTH_URL
-ARG VITE_TELEGRAM_AUTH_BOT_NAME
 ARG VITE_MODE
-ARG VITE_DOMAIN
-ARG VITE_GTAG_ID
-ARG VITE_GOOGLE_OAUTH_KEY
 
 ENV NODE_ENV ${NODE_ENV}
 ENV VITE_STAGE ${VITE_STAGE}
-ENV VITE_API_URL ${VITE_API_URL}
-ENV VITE_BASE_URL ${VITE_BASE_URL}
-ENV VITE_IPREGISTRY_API_KEY ${VITE_IPREGISTRY_API_KEY}
-ENV VITE_AUTH_SERVER_URL ${VITE_AUTH_SERVER_URL}
-ENV VITE_POSTAUTH_URL ${VITE_POSTAUTH_URL}
-ENV VITE_TELEGRAM_AUTH_BOT_NAME ${VITE_TELEGRAM_AUTH_BOT_NAME}
 ENV VITE_MODE ${VITE_MODE}
-ENV VITE_DOMAIN ${VITE_DOMAIN}
-ENV VITE_GTAG_ID ${VITE_GTAG_ID}
-ENV VITE_GOOGLE_OAUTH_KEY ${VITE_GOOGLE_OAUTH_KEY}
 
 RUN npm run postinstall
 RUN npm run build-demo

diff --git a/frontend/app.vue b/frontend/app.vue
@@ -7,7 +7,6 @@ import { CookieNameEnum, LocalStorageEnum } from './constants/enums/common';
 import { TOKEN_MAX_AGE_SECONDS } from './constants/defaultValues/time';
 import type { ComputedRef } from 'vue';
 import { getRouteName } from './utils';
-import { VITE_DOMAIN } from './constants/url';
 
 const { locale, locales, t } = useI18n();
 
@@ -19,6 +18,8 @@ const tablet = computed(
 );
 const desktop = computed(() => viewport.isGreaterOrEquals('desktop'));
 
+const config = useRuntimeConfig();
+
 provide('mobile', mobile as ComputedRef<boolean>);
 provide('tablet', tablet as ComputedRef<boolean>);
 provide('desktop', desktop as ComputedRef<boolean>);
@@ -32,7 +33,7 @@ const getPath = (path: string) => {
 const langRefs = locales.value.map((it) => ({
 	rel: 'alternate',
 	hreflang: it.code,
-	href: `${VITE_DOMAIN}/${it.code}${getPath(route.path)}`
+	href: `${config.public.domain}/${it.code}${getPath(route.path)}`
 }));
 useHead({
 	link: [
@@ -43,12 +44,12 @@ useHead({
 		},
 		{
 			rel: 'canonical',
-			href: `${VITE_DOMAIN}/${locale.value}${getPath(route.path)}`
+			href: `${config.public.domain}/${locale.value}${getPath(route.path)}`
 		},
 		{
 			rel: 'alternate',
 			hreflang: 'x-default',
-			href: `${VITE_DOMAIN}/ru${getPath(route.path)}`
+			href: `${config.public.domain}/ru${getPath(route.path)}`
 		},
 		...langRefs
 	],