Merge pull request #18 from ladesa-ro/main

main into production

.development/.kc-db.env.example

@@ -0,0 +1,4 @@
+POSTGRESQL_DATABASE=ladesa-ro-auth
+
+# POSTGRESQL_USERNAME=postgres
+POSTGRESQL_PASSWORD=5fc445f63b0b4cf388d0e772e053d468

.devops/development/.kc.env.example → .development/.kc.env.example

@@ -1,8 +1,8 @@
 KC_DB=postgres
 
-KC_DB_URL_HOST=sisgea-servc-idp-db
+KC_DB_URL_HOST=ladesa-ro-auth-db
 KC_DB_URL_PORT=5432
-KC_DB_URL_DATABASE=sisgea-servc-idp
+KC_DB_URL_DATABASE=ladesa-ro-auth
 
 KC_DB_SCHEMA=keycloak
 KC_DB_USERNAME=postgres

.development/docker-compose.yml

@@ -0,0 +1,78 @@
+services:
+  ladesa-ro-auth-db:
+    image: bitnami/postgresql:15
+    container_name: ladesa-ro-auth-db
+
+    volumes:
+      - "ladesa-ro-auth-db-data:/bitnami/postgresql"
+      - "./volumes/db/scripts/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d"
+
+    env_file:
+      - .kc-db.env
+
+    networks:
+      ladesa-net:
+
+    ports:
+      - 23080:5432
+
+  ladesa-ro-auth-theme:
+    container_name: ladesa-ro-auth-theme
+
+    build:
+      context: ./images/development
+
+    command: tail -f /dev/null
+
+    volumes:
+      - ../:/var/lib/ladesa-ro/ctx
+
+  ladesa-ro-auth:
+    container_name: ladesa-ro-auth
+
+    build:
+      context: ../
+      args:
+        - KEYCLOAK_EXTRA_ARGS=-Dkeycloak.profile.feature.scripts=enabled
+
+    entrypoint: /opt/keycloak/bin/kc.sh
+    command: start-dev --import-realm
+
+    env_file:
+      - .kc.env
+
+    volumes:
+      - ./data/import:/opt/keycloak/data/import/
+
+    depends_on:
+      - ladesa-ro-auth-db
+
+    networks:
+      ladesa-net:
+
+    ports:
+      - 23032:5432
+
+    labels:
+      # ===================================================================
+      - "traefik.enable=true"
+      # ===================================================================
+      - "traefik.http.services.sso.loadbalancer.server.port=8080"
+      # ------------
+      - "traefik.http.routers.sso.rule=Host(`sso.ladesa.localhost`)"
+      - "traefik.http.routers.sso.entrypoints=websecure"
+      - "traefik.http.routers.sso.tls=true"
+      - "traefik.http.routers.sso.service=sso"
+      # ------------
+      - "traefik.http.routers.sso-insecure.rule=Host(`sso.ladesa.localhost`)"
+      - "traefik.http.routers.sso-insecure.entrypoints=web"
+      - "traefik.http.routers.sso-insecure.tls=false"
+      - "traefik.http.routers.sso-insecure.service=sso"
+      # ===================================================================
+
+networks:
+  ladesa-net:
+    external: true
+
+volumes:
+  ladesa-ro-auth-db-data:

.development/images/development/Dockerfile

@@ -0,0 +1,14 @@
+FROM node:22
+
+RUN apt-get update && \
+  apt-get install -y openjdk-17-jdk && \
+  apt-get install -y maven;
+
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
+
+
+USER node
+
+WORKDIR /var/lib/ladesa-ro/ctx

.devops/values.common.yml

@@ -0,0 +1,43 @@
+applicationName: ladesa-ro-sso
+
+service:
+  enabled: true
+  type: NodePort
+  ports:
+    - name: ladesa-ro-sso
+      port: 80
+      targetPort: web
+
+deployment:
+  enabled: false
+
+  replicas: 1
+
+  ports:
+    - containerPort: 8080
+      name: web
+
+  livenessProbe:
+    path: /health/live
+    port: 9000
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 1
+    failureThreshold: 20
+  readinessProbe:
+    path: /health/ready
+    port: 9000
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 1
+    failureThreshold: 20
+  startupProbe:
+    path: /health/started
+    port: 9000
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 1
+    failureThreshold: 20
+
+ingress:
+  enabled: false

.dockerignore

@@ -0,0 +1,10 @@
+node_modules
+.git
+.gitignore
+*.md
+dist
+Dockerfile
+.vitepress/cache
+.github
+.development
+.devops

.github/actions/build-and-push/action.yml

@@ -0,0 +1,69 @@
+name: "Continuous Deployment – Build and Push"
+description: "Builds the container image and pushes into the registry"
+
+inputs:
+  setup-qemu:
+    description: "Should use QEMU for container image build."
+    required: false
+    default: "false"
+
+  build-image:
+    description: "Should build the container image"
+    required: false
+    default: "true"
+
+  push-image:
+    description: "Enable built image push into the registry"
+    required: false
+    default: "true"
+
+  image-name:
+    description: "Valid container image name"
+    required: true
+
+  image-tag:
+    description: "Valid container image tag"
+    required: true
+
+  push-image-registry-url:
+    description: "Registry URL"
+    required: false
+
+  push-image-registry-username:
+    description: "Registry username"
+    required: false
+
+  push-image-registry-token:
+    description: "Registry password/token"
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - shell: bash
+      run: echo ${{ inputs.push-image-registry-url }}
+
+    - name: Set up QEMU
+      if: ${{ inputs.setup-qemu == 'true' }}
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login into Registry
+      if: ${{ inputs.push-image == 'true' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.push-image-registry-url }}
+        username: ${{ inputs.push-image-registry-username }}
+        password: ${{ inputs.push-image-registry-token }}
+
+    - name: Build and push container image to the registry
+      if: ${{ inputs.build-image == 'true' }}
+      uses: docker/build-push-action@v6
+      with:
+        push: ${{ inputs.push-image == 'true' }}
+        tags: ${{ inputs.push-image-registry-url }}/${{ inputs.image-name }}:${{ inputs.image-tag }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        target: sso-runtime

.github/actions/deploy-k8s/action.yml

@@ -0,0 +1,48 @@
+name: "Continuous Deployment – K8S"
+description: "Deploy resources to kubernetes cluster"
+
+inputs:
+  helm-values:
+    description: "yaml helm release values"
+    required: true
+  deployment:
+    description: "k8s deployment"
+    required: true
+  namespace:
+    description: "k8s namespace"
+    required: true
+  helm-release-name:
+    description: "helm application namespace"
+    default: "ladesa-ro-sso"
+
+runs:
+  using: composite
+  steps:
+    - name: deploy resources to kubernetes cluster
+      shell: bash
+      env:
+        K8S_NAMESPACE: ${{ inputs.namespace }}
+        K8S_DEPLOYMENT: ${{ inputs.deployment }}
+        HELM_RELEASE_NAME: ${{ inputs.helm-release-name }}
+        HELM_RELEASE_VALUES: ${{ inputs.helm-values }}
+      run: |
+
+        GENERIC_CHART_REPO=stakater
+        GENERIC_CHART_REPO_SOURCE=https://stakater.github.io/stakater-charts
+        GENERIC_CHART_NAME=stakater/application
+
+        if [[ "$(helm search repo \"${GENERIC_CHART_NAME}\" 2>/dev/null)" == 'No results found' ]] then
+          helm repo add ${GENERIC_CHART_REPO} ${GENERIC_CHART_REPO_SOURCE}
+          helm repo update
+        fi
+
+        echo "${HELM_RELEASE_VALUES}" | helm upgrade -i ${HELM_RELEASE_NAME} ${GENERIC_CHART_NAME} \
+          --namespace=${K8S_NAMESPACE} \
+          --values=./.devops/values.common.yml \
+          -f - \
+        ;
+
+        kubectl rollout restart \
+          deployment.apps/${K8S_DEPLOYMENT} \
+          --namespace ${K8S_NAMESPACE} \
+        ;

.github/check.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -xe
+
+if [[ "${LADESA_DEPLOY_NS_LOCAL}" == "true" && "${LADESA_DEPLOY_NS_LOCAL_SERVICE_SSO}" == "true" ]]; then
+  kubectl get secret ladesa-ro-sso-db-config --namespace=ladesa-ro-local;
+fi
+
+if [[ "${LADESA_DEPLOY_NS_DEVELOPMENT}" == "true" && "${LADESA_DEPLOY_NS_DEVELOPMENT_SERVICE_SSO}" == "true" ]]; then
+  kubectl get secret ladesa-ro-sso-db-config --namespace=ladesa-ro-development;
+fi
+
+if [[ "${LADESA_DEPLOY_NS_PRODUCTION}" == "true" && "${LADESA_DEPLOY_NS_PRODUCTION_SERVICE_SSO}" == "true" ]]; then
+  kubectl get secret ladesa-ro-sso-db-config --namespace=ladesa-ro-production;
+fi