Compare commits
2 Commits
v0.0.0
...
v0.1.25020
| Author | SHA1 | Date | |
|---|---|---|---|
| 64d0105d4a | |||
| fc19676a8d |
@@ -3,71 +3,63 @@ name: Creates a docker image for production
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
- "v*"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
build_docker:
|
||||
name: Build the docker image
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Build started
|
||||
uses: voxmedia/github-action-slack-notify-build@v1
|
||||
if: success()
|
||||
with:
|
||||
channel: ci-notifications
|
||||
status: STARTED
|
||||
color: good
|
||||
env:
|
||||
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v1
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 1
|
||||
- name: Log in to Docker Hub
|
||||
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
|
||||
- name: Log in to Nexus Docker Hub
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
registry: docker.nexus.makecodes.dev
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
- name: Extract metadata (tags, labels) for Docker
|
||||
id: meta
|
||||
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: redbeard/mines-backend
|
||||
- name: Build and push Docker image
|
||||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
|
||||
env:
|
||||
SCOPE: production
|
||||
images: docker.nexus.makecodes.dev/mines/backend
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
- name: Build finished
|
||||
if: success()
|
||||
uses: voxmedia/github-action-slack-notify-build@v1
|
||||
with:
|
||||
channel: ci-notifications
|
||||
status: SUCCESS
|
||||
color: good
|
||||
- name: Deploy to production server
|
||||
run: |
|
||||
TOKEN=$(curl --silent --location 'https://auth.makecodes.dev/auth' \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data '{
|
||||
"email": "'$USERNAME'",
|
||||
"password": "'$PASSWORD'"
|
||||
}' | jq -r '.token')
|
||||
# curl --location --silent 'https://deployer.makecodes.dev/deploy' \
|
||||
# --header 'Content-Type: application/json' \
|
||||
# --header "Authorization: Bearer $TOKEN" \
|
||||
# --data '{
|
||||
# "image": "docker.nexus.makecodes.dev/makecodes/nfe-vision",
|
||||
# "service": "nfe-vision_app",
|
||||
# "version": "${{ github.ref_name }}",
|
||||
# "pipeline": "${{ github.run_number }}",
|
||||
# "repository": "makecodes/nfe-vision"
|
||||
# }'
|
||||
# curl --location --silent 'https://deployer.makecodes.dev/deploy' \
|
||||
# --header 'Content-Type: application/json' \
|
||||
# --header "Authorization: Bearer $TOKEN" \
|
||||
# --data '{
|
||||
# "image": "docker.nexus.makecodes.dev/makecodes/nfe-vision",
|
||||
# "service": "nfe-vision_worker",
|
||||
# "version": "${{ github.ref_name }}",
|
||||
# "pipeline": "${{ github.run_number }}",
|
||||
# "repository": "makecodes/nfe-vision"
|
||||
# }'
|
||||
env:
|
||||
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
|
||||
deploy:
|
||||
name: Deploy
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- build
|
||||
steps:
|
||||
- name: Deploy to production
|
||||
uses: appleboy/ssh-action@master
|
||||
with:
|
||||
host: ${{ secrets.SSH_HOST }}
|
||||
username: ${{ secrets.SSH_USERNAME }}
|
||||
password: ${{ secrets.SSH_PASSWORD }}
|
||||
port: ${{ secrets.SSH_PORT }}
|
||||
script: |
|
||||
cd /media/data/apps/mines-backend
|
||||
docker pull redbeard/mines-backend:latest
|
||||
docker-compose up -d app0
|
||||
docker-compose up -d app1
|
||||
docker exec -t mines-be0 python manage.py migrate
|
||||
docker image prune -f
|
||||
USERNAME: ${{ secrets.SERVER_AUTH_USERNAME }}
|
||||
PASSWORD: ${{ secrets.SERVER_AUTH_PASSWORD }}
|
||||
|
||||
100
Dockerfile
100
Dockerfile
@@ -1,52 +1,72 @@
|
||||
FROM python:3.8-slim-buster
|
||||
FROM python:3.12.6-bullseye AS base
|
||||
|
||||
ARG SCOPE
|
||||
ARG APP_USER \
|
||||
APP_GROUP \
|
||||
UID \
|
||||
GID \
|
||||
NEXUS_USERNAME \
|
||||
NEXUS_PASSWORD
|
||||
|
||||
# Setup env
|
||||
ENV SCOPE=${SCOPE} \
|
||||
# python
|
||||
PYTHONDONTWRITEBYTECODE=1 \
|
||||
PYTHONFAULTHANDLER=1 \
|
||||
PYTHONUNBUFFERED=1 \
|
||||
PYTHONHASHSEED=random \
|
||||
LC_ALL=C.UTF-8 \
|
||||
LANG=C.UTF-8 \
|
||||
# pip
|
||||
PIP_NO_CACHE_DIR=off \
|
||||
PIP_DISABLE_PIP_VERSION_CHECK=on \
|
||||
PIP_DEFAULT_TIMEOUT=100 \
|
||||
# poetry:
|
||||
POETRY_VERSION=1.1.13 \
|
||||
POETRY_NO_INTERACTION=1 \
|
||||
POETRY_VIRTUALENVS_CREATE=false \
|
||||
POETRY_CACHE_DIR='/var/cache/pypoetry' \
|
||||
POETRY_HOME='/usr/local'
|
||||
ENV APP_USER=${APP_USER:-mines} \
|
||||
APP_GROUP=${APP_GROUP:-mines} \
|
||||
UID=${UID:-1000} \
|
||||
GID=${GID:-1000} \
|
||||
PYTHONFAULTHANDLER=1 \
|
||||
PYTHONUNBUFFERED=1 \
|
||||
PYTHONHASHSEED=random \
|
||||
PYTHONDONTWRITEBYTECODE=1 \
|
||||
LC_ALL=C.UTF-8 \
|
||||
LANG=C.UTF-8 \
|
||||
PIP_NO_CACHE_DIR=off \
|
||||
PIP_DISABLE_PIP_VERSION_CHECK=on \
|
||||
PIP_DEFAULT_TIMEOUT=100 \
|
||||
UV_LINK_MODE=copy \
|
||||
UV_PROJECT_ENVIRONMENT=/.venv \
|
||||
VIRTUAL_ENV=/.venv \
|
||||
PATH="/.venv/bin:$PATH"
|
||||
|
||||
SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
|
||||
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
|
||||
|
||||
RUN apt-get update && apt-get upgrade -y \
|
||||
&& apt-get install --no-install-recommends -y \
|
||||
WORKDIR /app
|
||||
|
||||
COPY uv.lock pyproject.toml ./
|
||||
|
||||
# Dependências
|
||||
RUN echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
|
||||
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
|
||||
apt-get update && \
|
||||
apt-get install -y \
|
||||
bash \
|
||||
curl \
|
||||
clang \
|
||||
build-essential \
|
||||
curl \
|
||||
default-libmysqlclient-dev \
|
||||
gnupg \
|
||||
jq \
|
||||
libc6 \
|
||||
libffi-dev \
|
||||
libjpeg-dev \
|
||||
libmariadb-dev \
|
||||
libpq-dev \
|
||||
# Installing `poetry` package manager:
|
||||
# https://github.com/python-poetry/poetry
|
||||
&& curl -sSL 'https://install.python-poetry.org' | python - \
|
||||
&& poetry --version \
|
||||
# Cleaning cache:
|
||||
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*
|
||||
libpthread-stubs0-dev \
|
||||
libxml2-dev \
|
||||
libxslt-dev \
|
||||
mariadb-client \
|
||||
zlib1g-dev && \
|
||||
apt-get install -y --no-install-recommends gcc && \
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && \
|
||||
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
|
||||
uv sync --dev && \
|
||||
uv cache clean && \
|
||||
. $VIRTUAL_ENV/bin/activate
|
||||
|
||||
# Copy only requirements to cache them in docker layer
|
||||
WORKDIR /code
|
||||
COPY poetry.lock pyproject.toml /code/
|
||||
|
||||
RUN poetry config virtualenvs.create false \
|
||||
&& poetry install $(test "$SCOPE" == production && echo "--no-dev") --no-interaction --no-ansi
|
||||
# Copia o restante do código da aplicação
|
||||
COPY . /app
|
||||
|
||||
# Creating folders, and files for a project:
|
||||
COPY . /code
|
||||
RUN groupadd -r $APP_GROUP -g $GID && \
|
||||
useradd -r -g $APP_GROUP -u $UID $APP_USER --shell /bin/bash --home /app
|
||||
|
||||
CMD ["/code/commands/run-prod.sh"]
|
||||
USER $APP_USER
|
||||
|
||||
CMD ["/app/commands/run-prod.sh"]
|
||||
|
||||
Reference in New Issue
Block a user