From ff24d4e7245ae572a50db9874c99f49b102303c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9E=D0=BB=D0=B5=D0=B3=20=D0=93=D0=BE=D0=B2=D0=BE=D1=80?= =?UTF-8?q?=D0=BE=D0=B2=D1=81=D0=BA=D0=B8=D0=B9?= Date: Tue, 24 Sep 2024 20:54:46 +0500 Subject: [PATCH] fix docker compose prod --- .github/workflows/production_deploy.yaml | 89 +++++++++++++++++++++++- infra/nginx/nginx_prod.conf | 34 +++++++++ 2 files changed, 121 insertions(+), 2 deletions(-) create mode 100644 infra/nginx/nginx_prod.conf diff --git a/.github/workflows/production_deploy.yaml b/.github/workflows/production_deploy.yaml index 617e7afd..554eb990 100644 --- a/.github/workflows/production_deploy.yaml +++ b/.github/workflows/production_deploy.yaml @@ -85,11 +85,96 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Build and push Docker image for Production - if: github.ref == 'refs/heads/master' uses: docker/build-push-action@v5 with: context: . file: infra/prod/prod.Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + labels: ${{ steps.meta.outputs.labels }} + + deploy: + name: Deploy changes on server + runs-on: ubuntu-latest + environment: + name: stage_deploy + needs: [pytest, code_style_pep8, build_and_push] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: dev + + - name: Set up SSH + run: | + mkdir -p ~/.ssh + chmod 700 ~/.ssh + ssh-keyscan -H ${{ secrets.HOST }} > ~/.ssh/known_hosts + chmod 644 ~/.ssh/known_hosts + echo "${{ secrets.TEST_RSA_SECRET_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + - name: Create folder for deploy + run: ssh -vvv ${{ secrets.USERNAME }}@${{ secrets.HOST }} mkdir -p ${{ env.DEPLOY_PATH }}/infra + + - name: Copy dev folder to VPS + run: | + scp -r $GITHUB_WORKSPACE/infra/prod/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}/infra/ + scp -r $GITHUB_WORKSPACE/infra/nginx/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}/infra/ + + - name: Execute commands on VPS + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.TEST_RSA_SECRET_KEY }} + script: | + cd ${{ env.DEPLOY_PATH }} + rm .env + touch .env + + echo HOST=${{ secrets.HOST }} >> .env + echo PORT=${{ secrets.PORT }} >> .env + echo IMAGE_COMPOSE=${{ secrets.IMAGE_COMPOSE }} >> .env + echo ST=${{ secrets.ST }} >> .env + + echo SECRET_KEY=${{ secrets.SECRET_KEY }} >> .env + echo DEBUG=${{ secrets.DEBUG }} >> .env + echo ALLOWED_HOSTS=${{ secrets.ALLOWED_HOSTS }} >> .env + echo CSRF_TRUSTED_ORIGINS=${{ secrets.CSRF_TRUSTED_ORIGINS }} >> .env + + echo DB_ENGINE=${{ secrets.DB_ENGINE }} >> .env + echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} >> .env + echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env + echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env + echo DB_HOST=${{ secrets.DB_HOST }} >> .env + echo DB_PORT=${{ secrets.DB_PORT }} >> .env + + echo EMAIL_BACKEND=${{ secrets.EMAIL_BACKEND }} >> .env + echo EMAIL_HOST=${{ secrets.EMAIL_HOST }} >> .env + echo EMAIL_PORT=${{ secrets.EMAIL_PORT }} >> .env + echo EMAIL_HOST_USER=${{ secrets.EMAIL_HOST_USER }} >> .env + echo EMAIL_HOST_PASSWORD=${{ secrets.EMAIL_HOST_PASSWORD }} >> .env + echo EMAIL_USE_TLS=${{ secrets.EMAIL_USE_TLS }} >> .env + + # TODO Добавить копирование переменных с конфигами для Celery и Redis + + cd infra/prod/ + sudo systemctl stop adaptive_hockey_federation.service + docker system prune --force + + # Installing defend service for app + sudo cp -f /home/production/adaptive_hockey_federation/infra/prod/adaptive_hockey_federation.service /etc/systemd/system/adaptive_hockey_federation.service + sudo systemctl daemon-reload + sudo systemctl start adaptive_hockey_federation.service + + sudo systemctl is-active --quiet adaptive_hockey_federation.service + until [ $? -eq 0 ]; do + echo "Waiting for adaptive_hockey_federation.service to be active..." + sleep 5 + sudo systemctl is-active --quiet adaptive_hockey_federation.service + done + + echo "adaptive_hockey_federation.service is active" + + docker exec adaptive_hockey_federation python manage.py collectstatic --noinput + docker exec adaptive_hockey_federation python manage.py migrate \ No newline at end of file diff --git a/infra/nginx/nginx_prod.conf b/infra/nginx/nginx_prod.conf new file mode 100644 index 00000000..f5dabf4d --- /dev/null +++ b/infra/nginx/nginx_prod.conf @@ -0,0 +1,34 @@ +server{ + listen 80; + listen [::]:80; + server_name _; + return 308 https://$host$request_uri; +} + +server{ + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${HOST}; + include /config/nginx/ssl.conf; + location / { + proxy_pass http://site:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /admin/ { + proxy_pass http://site:8000/admin/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /media/ { + root /var/html/; + } + + location /static/ { + root /var/html/; + } +} \ No newline at end of file