Added new Ansible playbooks (#54)

.dockerignore

@@ -1,14 +1,15 @@
 .env
-.env.example
-.env.testing
+.env.*
 .git
 .gitattributes
 .gitignore
 .gitlab-ci.yml
 .phpstorm.meta.php
 .release.json
+.server/ssl
 .travis.yml
 _ide_helper.php
+ansible
 backups
 build
 codeception.yml

.env.example

@@ -4,9 +4,6 @@ APP_DEBUG=true
 APP_LOG_LEVEL=debug
 APP_URL=http://localhost
 
-SITE_NAME="G-ZERO CMS"
-SITE_DESC="Content management system."
-
 DOMAIN=dev.gzero.pl
 SESSION_DOMAIN=.dev.gzero.pl
 SESSION_SECURE_COOKIE=false

.gitignore

@@ -9,4 +9,5 @@ Homestead.yaml
 /public/gzero/*
 tests/_output/*
 .phpstorm.meta.php
-_ide_helper.php
+_ide_helper.php
+.vscode

.gitlab-ci.yml

@@ -23,7 +23,7 @@ test:
     - postgres:9.6-alpine
     - redis:3-alpine
   script:
-    - composer install --prefer-dist --no-interaction --no-suggest
+    - composer install --prefer-dist --no-interaction --no-suggest --no-progress
     - "php vendor/bin/codecept run -c codeception.yml -o \"settings: lint: false\" --env platform"
 
 build:
@@ -33,33 +33,43 @@ build:
   services:
     - docker:1.12.5-dind
   script:
-    - composer install --prefer-dist --no-interaction --no-dev --no-suggest
+    - composer install --prefer-dist --no-interaction --no-dev --no-suggest --no-progress --optimize-autoloader
     - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com
     - if [ -n "${CI_BUILD_TAG}" ]; then docker build --pull -t registry.gitlab.com/grupazero/staging:${CI_BUILD_TAG} .; fi
     - if [ -n "${CI_BUILD_TAG}" ]; then docker push registry.gitlab.com/grupazero/staging:${CI_BUILD_TAG}; fi
     - if [ -z "${CI_BUILD_TAG}" ]; then docker build --pull -t registry.gitlab.com/grupazero/staging:latest .; fi
     - if [ -z "${CI_BUILD_TAG}" ]; then docker push registry.gitlab.com/grupazero/staging:latest; fi
+  only:
+    - tags
+    - master
 
 deploy to staging:
   image: williamyeh/ansible:alpine3
   stage: deploy
   environment: staging
   before_script:
       - eval $(ssh-agent -s)
-      - echo "$SSH_PRIVATE_KEY" > ssh.key
+      - echo "$STAGING_SSH_PRIVATE_KEY" > ssh.key
       - chmod 600 ssh.key
       - ssh-add ssh.key
       - mkdir -p ~/.ssh
       - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
   script:
-    - "ansible-playbook -i ansible/hosts
-      -e APP_KEY=$CI_APP_KEY
+    # TODO Validate if all env values are present
+    - "ansible-playbook -i ansible/staging
+      -e APP_KEY=$STAGING_APP_KEY
       -e APP_VERSION=$CI_BUILD_TAG
-      -e DOMAIN=$CI_DOMAIN
-      -e POSTGRES_USER=$CI_DB_USER
-      -e POSTGRES_PASSWORD=$CI_DB_PASSWORD
-      -e POSTGRES_DATABASE=$CI_DB_DATABASE
-      ansible/playbooks/deploy-staging.yml"
+      -e DOMAIN=$STAGING_DOMAIN
+      -e POSTGRES_USER=$STAGING_DB_USER
+      -e POSTGRES_PASSWORD=$STAGING_DB_PASSWORD
+      -e POSTGRES_DATABASE=$STAGING_DB_DATABASE
+      -e MAIL_USERNAME=$STAGING_MAIL_USERNAME
+      -e MAIL_PASSWORD=$STAGING_MAIL_PASSWORD
+      -e S3_KEY=$STAGING_S3_KEY
+      -e S3_SECRET=$STAGING_S3_SECRET
+      -e S3_BUCKET=$STAGING_S3_BUCKET
+      -e LETSENCRYPT_EMAIL=$STAGING_LETSENCRYPT_EMAIL
+      ansible/deploy-staging.yml"
   only:
     - tags
     - master
@@ -70,13 +80,27 @@ deploy to production:
   environment: production
   before_script:
     - eval $(ssh-agent -s)
-    - echo "$SSH_PRIVATE_KEY" > ssh.key
+    - echo "$PRODUCTION_SSH_PRIVATE_KEY" > ssh.key
     - chmod 600 ssh.key
     - ssh-add ssh.key
     - mkdir -p ~/.ssh
     - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
   script:
-  - echo "@TODO Implement"
+    # TODO Validate if all env values are present
+    - "ansible-playbook -i ansible/production
+      -e APP_KEY=$PRODUCTION_APP_KEY
+      -e APP_VERSION=$CI_BUILD_TAG
+      -e DOMAIN=$PRODUCTION_DOMAIN
+      -e POSTGRES_USER=$PRODUCTION_DB_USER
+      -e POSTGRES_PASSWORD=$PRODUCTION_DB_PASSWORD
+      -e POSTGRES_DATABASE=$PRODUCTION_DB_DATABASE
+      -e MAIL_USERNAME=$PRODUCTION_MAIL_USERNAME
+      -e MAIL_PASSWORD=$PRODUCTION_MAIL_PASSWORD
+      -e S3_KEY=$PRODUCTION_S3_KEY
+      -e S3_SECRET=$PRODUCTION_S3_SECRET
+      -e S3_BUCKET=$PRODUCTION_S3_BUCKET
+      -e LETSENCRYPT_EMAIL=$PRODUCTION_LETSENCRYPT_EMAIL
+      ansible/deploy-production.yml"
   only:
     - tags
     - master

.server/nginx/site.conf

@@ -0,0 +1,72 @@
+server {
+    listen 80;
+    server_name "www.{{DEFAULT_HOST}}";
+    return 301 http://{{DEFAULT_HOST}}$request_uri;
+}
+server {
+    listen 80;
+    server_name .{{DEFAULT_HOST}};
+
+    root /var/www/public;
+    index index.php;
+
+    # Cache everything for better performance
+    location ~*  \.(jpg|jpeg|png|gif|ico|svg|woff|woff2|css|js)$ {
+        expires 14d;
+    }
+
+    # Disable sendfile - https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
+    sendfile off;
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    # Stdout logging
+    error_log /dev/stdout info;
+    access_log /dev/stdout;
+
+    # Remove index.php$
+    if ($request_uri ~* "^(.*/)index\.php$") {
+        return 301 $1;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+
+        # Remove from everywhere index.php
+        if ($request_uri ~* "^(.*/)index\.php(/?)(.*)") {
+            return 301 $1$3;
+        }
+    }
+
+    # Remove trailing slash.
+    if (!-d $request_filename) {
+        rewrite ^/(.+)/$ /$1 permanent;
+    }
+
+    # Clean Double Slashes
+    if ($request_uri ~* "\/\/") {
+        rewrite ^/(.*) /$1 permanent;
+    }
+
+    location ~ \.php$ {
+        try_files $uri = 404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php7.1-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    # deny access to . files, for security
+    #
+    location ~ /\. {
+          log_not_found off;
+          deny all;
+    }
+}
+server {
+    listen 80;
+    server_name  _;
+    rewrite ^ http://{{DEFAULT_HOST}}$request_uri permanent;
+}

.server/ssl/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

Dockerfile

@@ -1,7 +1,8 @@
-FROM gzero/platform-container:v2
+FROM gzero/platform-container:v3
 
 MAINTAINER Adrian Skierniewski <adrian.skierniewski@gmail.com>
 
 COPY . /var/www/
+COPY ./.server/nginx/site.conf /etc/nginx/conf.d/site.template
 
 RUN chown www-data:www-data -R /var/www

README.md

@@ -182,4 +182,4 @@ We're providing some boilerplate configs for travis & gitlab-ci so that you can
 
 ## Deployment
 
-We're using ansible to as automation tool. We include example deploy-staging.yml playbook.
+We're using Ansible as automation tool. We include some example playbooks.

ansible/deploy-production.yml

@@ -0,0 +1,89 @@
+---
+- hosts: all
+  remote_user: root
+  tasks:
+    - name: Create directories
+      file:
+        path: "{{ item.path }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: 0755
+      with_items:
+        - { path: '/root/backups'}
+        - { path: '/root/backups/deployment'}
+        - { path: '/root/production'}
+        - { path: '/root/production/volumes'}
+        - { path: '/root/production/volumes/certs'}
+        - { path: '/root/production/volumes/conf.d'}
+        - { path: '/root/production/volumes/vhost.d'}
+        - { path: '/root/production/volumes/templates'}
+    - name: 'Ensure that database exists'
+      become: true
+      become_user: postgres
+      postgresql_db:
+        name: "{{ POSTGRES_DATABASE }}"
+        encoding: UTF-8
+        lc_collate: pl_PL.UTF-8
+        lc_ctype: pl_PL.UTF-8
+        template: template0
+    - name: 'Ensure that database user exists'
+      become: true
+      become_user: postgres
+      postgresql_user:
+        db: "{{ POSTGRES_DATABASE }}"
+        name: "{{ POSTGRES_USER }}"
+        password: "{{ POSTGRES_PASSWORD }}"
+        priv: "ALL"
+    - name: Backup database
+      become: true
+      become_user: postgres
+      shell: >
+        pg_dump --clean --if-exists {{ POSTGRES_DATABASE }} |
+        gzip > {{ POSTGRES_DATABASE }}_$(date +%Y%m%d_%H%M).sql.gz
+    - name: Move backup to backups dir
+      shell: >
+        mv /var/lib/postgresql/{{ POSTGRES_DATABASE }}_$(date +%Y%m%d_%H%M).sql.gz
+        /root/backups/deployment/{{ POSTGRES_DATABASE }}_$(date +%Y%m%d_%H%M).sql.gz
+    - name: Copy nginx proxy template file
+      copy:
+        src: ./templates/nginx-proxy.tmpl
+        dest: /root/production/volumes/templates/nginx.tmpl
+        owner: www-data
+        group: www-data
+        mode: 0644
+    - name: Copy docker-compose file
+      template:
+        src: ../templates/production-compose.yml
+        dest: /root/production/docker-compose.yml
+        force: yes
+    - name: Copy env file
+      template:
+        src: ../templates/env.j2
+        dest: /root/production/env
+        force: yes
+    - name: Stop existing containers
+      docker_service:
+        project_src: production
+        state: absent
+        remove_images: local
+        remove_volumes: true
+    - name: Run docker & docker-compose commands
+      shell: "{{ item.command }}"
+      args:
+        chdir: /root/production
+      with_items:
+        - { command: 'docker-compose pull'}
+        - { command: 'docker-compose up -d --remove-orphans'}
+        - { command: 'docker volume ls -qf dangling=true | xargs -r docker volume rm'} # Remove unused volumes
+        - { command: 'docker images -q --no-trunc | xargs -r docker rmi || true'} # Remove unused images
+    - name: Wait for docker containers
+      wait_for:
+          port: 443
+          delay: 15
+          state: drained
+          timeout: 300
+    - name: Run migrations
+      shell: docker-compose exec -T web_server php /var/www/artisan migrate --force
+      args:
+        chdir: /root/production