diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..9f01d76 --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,49 @@ +name: Experiment Hub Backend deploy pipeline +run-name: Run by ${{ github.actor }} +on: + push: + tags: + - 'v*' + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and export to Docker + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64 + load: true + tags: ${{ steps.meta.outputs.tags }} + - name: Test + run: | + docker run --rm ${{ steps.meta.outputs.tags }} npm run start:dev + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 11a27b8..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Deploy to DigitalOcean - -on: - push: - branches: - - main - -jobs: - build-and-deploy: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Login to DigitalOcean Container Registry - uses: digitalocean/action-doctl@v2 - with: - token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - - - name: Docker Login - # You may pin to the exact commit or the version. - # uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc - uses: docker/login-action@v2.2.0 - with: - # Server address of Docker registry. If not set then will default to Docker Hub - registry: registry.digitalocean.com/experiment-hub-cr - # Username used to log against the Docker registry - username: ${{ secrets.DOCKER_USERNAME }} - # Password or personal access token used to log against the Docker registry - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Build and push Docker image - run: | - docker build -t registry.digitalocean.com/experiment-hub-cr/experiment-hub-backend:latest . - docker push registry.digitalocean.com/experiment-hub-cr/experiment-hub-backend diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml deleted file mode 100644 index 51f842d..0000000 --- a/.github/workflows/node.js.yml +++ /dev/null @@ -1,32 +0,0 @@ -# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node -# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs - -name: Node.js CI - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -jobs: - build: - - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [18.x] - - steps: - - uses: actions/checkout@v3 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - cache: 'npm' - - run: npm install - - run: npx prisma generate - - run: npm run prisma:generate:db_clients - - run: npm run build --if-present - - run: npm test diff --git a/Dockerfile b/Dockerfile index f2ae550..0b18713 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,9 +8,8 @@ RUN npm install RUN npx prisma generate --schema=./prisma/mongo/schema.prisma RUN npx prisma generate --schema=./prisma/postgres/schema.prisma RUN npm run prisma:generate:db_clients -RUN npm run prisma:postgres:dbpush -RUN npm run prisma:mongo:dbpush RUN npm run build EXPOSE 3000 + CMD [ "npm", "run", "start:prod" ] diff --git a/docker-compose.yaml b/docker-compose.yaml index fcdb96d..083ee95 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,11 +2,8 @@ version: '3' services: experiment-hub-backend: - build: . - env_file: - - .env + container_name: experiment-hub-backend + image: carobaldino/experiment-hub-backend:v0.1 ports: - 3000:3000 - volumes: - - ./:/usr/src/app - command: npm run start:dev \ No newline at end of file + command: npm run start:dev diff --git a/infra.md b/infra.md new file mode 100644 index 0000000..9b47571 --- /dev/null +++ b/infra.md @@ -0,0 +1,178 @@ +# Infra documentation + +## VM Postgres +```bash +#update repos and upgrade +apt update +apt upgrade + +#basic admin +useradd -m -s /bin/bash experiment-hub +usermod -aG sudo experiment-hub +passwd experiment-hub #saved in secrets +##Add public keys under /home/experiment-hub/.ssh/authorized_keys + +#configure firewall +sudo ufw status #shows inactive +sudo ufw allow ssh +sudo ufw allow from 10.124.0.0/20 to any port 5432 +sudo ufw enable +reboot + +#postgre install +sudo apt install postgresql postgresql-contrib + +#change postgres password +sudo su - postgres +psql + \password #saved in secrets + create database experiment_hub; + +#modify postgres.conf +sudo vim /etc/postgresql/14/main/postgresql.conf +listen_addresses = '*' # what IP address(es) to listen on; + +#modify pg_hba.conf +sudo vim /etc/postgresql/14/main/pg_hba.conf +host experiment_hub postgres 10.0.0.0/8 scram-sha-256 +``` + +## VM Mongo +```bash +#update repos and upgrade +apt update +apt upgrade + +#basic admin +useradd -m -s /bin/bash experiment-hub +usermod -aG sudo experiment-hub +passwd experiment-hub #saved in secrets +##Add public keys under /home/experiment-hub/.ssh/authorized_keys + +#configure firewall +sudo ufw status #shows inactive +sudo ufw allow ssh +sudo ufw allow from 10.124.0.0/20 to any port 27017 +sudo ufw enable +reboot + +#install mongo +sudo apt-get install gnupg curl +curl -fsSL https://pgp.mongodb.com/server-6.0.asc | \ + sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg \ + --dearmor +echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list +sudo apt-get update +sudo apt-get install -y mongodb-org +echo "mongodb-org hold" | sudo dpkg --set-selections +echo "mongodb-org-database hold" | sudo dpkg --set-selections +echo "mongodb-org-server hold" | sudo dpkg --set-selections +echo "mongodb-mongosh hold" | sudo dpkg --set-selections +echo "mongodb-org-mongos hold" | sudo dpkg --set-selections +echo "mongodb-org-tools hold" | sudo dpkg --set-selections +systemctl enable mongod.service +sudo systemctl start mongod +sudo systemctl status mongod +``` + +In `mongosh`` +``` +use admin +db.createUser( + { + user: "admin", + pwd: passwordPrompt(), + roles: [ + { role: "userAdminAnyDatabase", db: "admin" }, + { role: "readWriteAnyDatabase", db: "admin" }, + { role: "clusterAdmin", db: "admin" } + ] + } +) + +use experiment_hub +db.createUser( + { + user: "experiment_hub", + pwd: passwordPrompt(), + roles: [ + { role: "dbOwner", db: "experiment_hub" }, + { role: "userAdmin", db: "experiment_hub" } + ] + } +) +``` + +Create keyfile for replica set +```bash +sudo openssl rand -base64 756 > /var/lib/mongodb/keyfile +sudo chmod 400 /var/lib/mongodb/keyfile + +``` + +In `/etc/mongod.conf`` +```yml +net: + port: 27017 + bindIp: 0.0.0.0 +security: + authorization: enabled + keyFile: /var/lib/mongodb/keyfile +replication: + replSetName: experiment-hub-rs +``` + +Then restart mongodb service an login: +``` +mongosh --authenticationDatabase "admin" -u "admin" admin -p + +use admin +rs.initiate() + +use experiment_hub + +alias mongoshadmin='mongosh --authenticationDatabase "admin" -u "admin" admin -p' +``` + +## VM experiment-hub-backend +```bash +#create user with sudo +useradd -m -s /bin/bash experiment-hub +usermod -aG sudo experiment-hub +passwd experiment-hub #saved in secrets +##Add public keys under /home/experiment-hub/.ssh/authorized_keys +sudo apt update +sudo apt upgrade + +#install docker +#InstalaciĆ³n de Docker +sudo apt install apt-transport-https ca-certificates curl software-properties-common +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt update +sudo apt install docker-ce +sudo systemctl status docker #check service status +sudo usermod -aG docker ${USER} + +#install docker compose +sudo apt install docker-compose + +#activate firewall +sudo ufw status #shows inactive +sudo ufw allow ssh +sudo ufw allow from any to any port 80 proto tcp +sudo ufw allow from 10.124.0.0/20 to any port 3000 proto tcp +sudo ufw allow from any to any port 3000 proto tcp +sudo ufw enable +reboot + +#install postgres client +sudo apt install postgresql-client + +#install mongo shell +sudo apt-get install gnupg +wget -qO- https://www.mongodb.org/static/pgp/server-7.0.asc | sudo tee /etc/apt/trusted.gpg.d/server-7.0.asc +echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list +sudo apt-get update +sudo apt-get install -y mongodb-mongosh +``` diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..2bfeab5 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,58 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; +} + +http { + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { + listen 80; + listen [::]:80; + + server_name api.experiment-hub.com; + + location / { + proxy_pass http://localhost:3000; + } + + location /health-nginx { + add_header Content-Type text/plain; + return 200 'Nginx is OK.'; + } + } + + + ## + # SSL Settings + ## + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + ## + # Virtual Host Configs + ## + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +}