diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 1f79d9c..0f3db11 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -1,17 +1,24 @@ -name: Deploy OPEX-Nginx - Dev +name: Push images on dev branch update + on: push: branches: - dev + jobs: - jenkinsJob: - name: Build OPEX-Nginx new dev version - runs-on: ubuntu-latest + build: + runs-on: ubuntu-20.04 + name: Build NGINX steps: - - name: Trigger opex-nginx-dev on jenkins - uses: appleboy/jenkins-action@master + - name: Checkout Source Code + uses: actions/checkout@v2 + - name: Build Docker images + run: TAG=dev docker-compose build + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 with: - url: ${{ secrets.JENKINS_URL }} - user: ${{ secrets.JENKINS_USER }} - token: ${{ secrets.JENKINS_TOKEN }} - job: "opex-nginx-dev" + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push images to GitHub Container Registry + run: TAG=dev docker-compose push diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ae64f05..db1da6d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,17 +1,24 @@ -name: Deploy OPEX-Nginx - Demo +name: Push images on main branch update + on: push: branches: - main + jobs: - jenkinsJob: - name: Deploy OPEX-Nginx new demo version - runs-on: ubuntu-latest + build: + runs-on: ubuntu-20.04 + name: Build NGINX steps: - - name: Trigger opex-nginx-demo on jenkins - uses: appleboy/jenkins-action@master + - name: Checkout Source Code + uses: actions/checkout@v2 + - name: Build Docker images + run: TAG=latest docker-compose build + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 with: - url: ${{ secrets.JENKINS_URL }} - user: ${{ secrets.JENKINS_USER }} - token: ${{ secrets.JENKINS_TOKEN }} - job: "opex-nginx-demo" + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push images to GitHub Container Registry + run: TAG=latest docker-compose push diff --git a/Dockerfile b/Dockerfile index 7a37ab1..c81a62b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,2 +1,3 @@ FROM nginx:1.20.2 -ADD nginx.conf opex.dev.crt private.pem /etc/nginx/ +ADD nginx.conf /etc/nginx/ +EXPOSE 443 \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index fb9d3ea..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,55 +0,0 @@ -pipeline { - agent any - - stages('Deploy') { - stage('Deliver') { - environment { - COMPOSE_PROJECT_NAME = 'demo-nginx' - DEFAULT_NETWORK_NAME = 'demo-opex' - } - steps { - withCredentials([ - file(credentialsId: 'private.pem', variable: 'PRIVATE'), - file(credentialsId: 'opex.dev.crt', variable: 'PUBLIC') - ]) { - sh 'cp -f $PRIVATE ./private.pem' - sh 'cp -f $PUBLIC ./opex.dev.crt' - } - sh 'docker-compose up -d --build --remove-orphans' - sh 'docker image prune -f' - sh 'docker network prune -f' - } - } - } - - post { - always { - echo 'One way or another, I have finished' - } - success { - echo ':)' - setBuildStatus(":)", "SUCCESS") - } - unstable { - echo ':/' - setBuildStatus(":/", "UNSTABLE") - } - failure { - echo ':(' - setBuildStatus(":(", "FAILURE") - } - changed { - echo 'Things were different before...' - } - } -} - -void setBuildStatus(String message, String state) { - step([ - $class : "GitHubCommitStatusSetter", - reposSource : [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/opexdev/OPEX-Nginx"], - contextSource : [$class: "ManuallyEnteredCommitContextSource", context: "ci/jenkins/build-status"], - errorHandlers : [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]], - statusResultSource: [$class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]]] - ]) -} diff --git a/dev.Jenkinsfile b/dev.Jenkinsfile deleted file mode 100644 index 05af7e7..0000000 --- a/dev.Jenkinsfile +++ /dev/null @@ -1,55 +0,0 @@ -pipeline { - agent any - - stages('Deploy') { - stage('Deliver') { - environment { - COMPOSE_PROJECT_NAME = 'dev-nginx' - DEFAULT_NETWORK_NAME = 'dev-opex' - } - steps { - withCredentials([ - file(credentialsId: 'private.pem', variable: 'PRIVATE'), - file(credentialsId: 'opex.dev.crt', variable: 'PUBLIC') - ]) { - sh 'cp -f $PRIVATE ./private.pem' - sh 'cp -f $PUBLIC ./opex.dev.crt' - } - sh 'docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build --remove-orphans' - sh 'docker image prune -f' - sh 'docker network prune -f' - } - } - } - - post { - always { - echo 'One way or another, I have finished' - } - success { - echo ':)' - setBuildStatus(":)", "SUCCESS") - } - unstable { - echo ':/' - setBuildStatus(":/", "UNSTABLE") - } - failure { - echo ':(' - setBuildStatus(":(", "FAILURE") - } - changed { - echo 'Things were different before...' - } - } -} - -void setBuildStatus(String message, String state) { - step([ - $class : "GitHubCommitStatusSetter", - reposSource : [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/opexdev/OPEX-Nginx"], - contextSource : [$class: "ManuallyEnteredCommitContextSource", context: "ci/jenkins/build-status"], - errorHandlers : [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]], - statusResultSource: [$class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]]] - ]) -} diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml deleted file mode 100644 index e8cc42d..0000000 --- a/docker-compose.dev.yml +++ /dev/null @@ -1,5 +0,0 @@ -version: '3.8' -services: - nginx: - ports: - - '8443:443' \ No newline at end of file diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index 5084fe0..0000000 --- a/docker-compose.override.yml +++ /dev/null @@ -1,5 +0,0 @@ -version: '3.8' -services: - nginx: - ports: - - '443:443' \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index fd64b91..dbc8956 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,18 +1,5 @@ version: '3.8' services: nginx: + image: ghcr.io/opexdev/nginx:$TAG build: . - volumes: - - www:/data/www - networks: - - default - deploy: - restart_policy: - condition: on-failure -volumes: - www: - external: false -networks: - default: - driver: bridge - name: ${DEFAULT_NETWORK_NAME:-opex} \ No newline at end of file diff --git a/nginx.conf b/nginx.conf index eb7e193..0614c61 100644 --- a/nginx.conf +++ b/nginx.conf @@ -13,8 +13,8 @@ http { ssl_session_timeout 10m; keepalive_timeout 70; - ssl_certificate opex.dev.crt; - ssl_certificate_key private.pem; + ssl_certificate /run/secrets/opex_dev_crt; + ssl_certificate_key /run/secrets/private_pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; @@ -47,7 +47,7 @@ http { } upstream docker-web-app { - server app:80; + server web-app:80; } upstream docker-ipg { @@ -70,6 +70,7 @@ http { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $server_name; server {