vas3k · vas3k · Nov 7, 2021 · Oct 15, 2021 · Oct 16, 2021 · Oct 22, 2021
@@ -6,27 +6,55 @@ on:
       - master
 
 jobs:
-  test_docker_build:
-    name: Test build docker image (remove before merging "feature/docker-deploy")
+  build:
+    name: Build image
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - run: docker login ghcr.io -u vas3k -p ${{ secrets.TOKEN }}
-      - run: docker build -t ghcr.io/vas3k/vas3k.club:latest .
-      - run: docker image push ghcr.io/vas3k/vas3k.club:latest
+      - run: docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.TOKEN }}
+      - run: docker build -t ghcr.io/$GITHUB_ACTOR/club:latest -t ghcr.io/$GITHUB_ACTOR/club:$GITHUB_SHA .
+      - run: docker image push ghcr.io/$GITHUB_ACTOR/club:$GITHUB_SHA
+      - run: docker image push ghcr.io/$GITHUB_ACTOR/club:latest
 
-  build:
+  deploy:
     name: Deploy
     runs-on: ubuntu-latest
+    needs: build
+    env:
+      SSH_KEY_PATH: /tmp/ssh_key
     steps:
-      - name: Pull new code and restart server
-        uses: appleboy/ssh-action@e59c0ee97a7e5240ed9eb489791adbb9c9ac7f6b
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Make envfile
+        run: export | grep "secret_" | sed "s/declare -x secret_//" > .env
         env:
-          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
-          MEDIA_UPLOAD_URL: "https://i.vas3k.club/upload/"
-        with:
-          host: ${{ secrets.PRODUCTION_SSH_HOST }}
-          username: ${{ secrets.PRODUCTION_SSH_USERNAME }}
-          key: ${{ secrets.PRODUCTION_SSH_KEY }}
-          envs: POSTGRES_PASSWORD,MEDIA_UPLOAD_URL
-          script: cd vas3k.club && git pull && make redeploy
+          secret_SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          secret_APP_HOST: ${{ secrets.APP_HOST }}
+          secret_MEDIA_UPLOAD_URL: ${{ secrets.MEDIA_UPLOAD_URL }}
+          secret_MEDIA_UPLOAD_CODE: ${{ secrets.MEDIA_UPLOAD_CODE }}
+          secret_SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          secret_EMAIL_HOST: ${{ secrets.EMAIL_HOST }}
+          secret_EMAIL_HOST_USER: ${{ secrets.EMAIL_HOST_USER }}
+          secret_EMAIL_HOST_PASSWORD: ${{ secrets.EMAIL_HOST_PASSWORD }}
+          secret_TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_TOKEN }}
+          secret_TELEGRAM_BOT_URL: ${{ secrets.TELEGRAM_BOT_URL }}
+          secret_TELEGRAM_ADMIN_CHAT_ID: ${{ secrets.TELEGRAM_ADMIN_CHAT_ID }}
+          secret_TELEGRAM_CLUB_CHANNEL_URL: ${{ secrets.TELEGRAM_CLUB_CHANNEL_URL }}
+          secret_TELEGRAM_CLUB_CHANNEL_ID: ${{ secrets.TELEGRAM_CLUB_CHANNEL_ID }}
+          secret_TELEGRAM_CLUB_CHAT_URL: ${{ secrets.TELEGRAM_CLUB_CHAT_URL }}
+          secret_TELEGRAM_CLUB_CHAT_ID: ${{ secrets.TELEGRAM_CLUB_CHAT_ID }}
+          secret_TELEGRAM_ONLINE_CHANNEL_URL: ${{ secrets.TELEGRAM_ONLINE_CHANNEL_URL }}
+          secret_TELEGRAM_ONLINE_CHANNEL_ID: ${{ secrets.TELEGRAM_ONLINE_CHANNEL_ID }}
+          secret_STRIPE_ACTIVE: ${{ secrets.STRIPE_ACTIVE }}
+          secret_STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
+          secret_STRIPE_PUBLIC_KEY: ${{ secrets.STRIPE_PUBLIC_KEY }}
+          secret_STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
+          secret_PATREON_CLIENT_ID: ${{ secrets.PATREON_CLIENT_ID }}
+          secret_PATREON_CLIENT_SECRET: ${{ secrets.PATREON_CLIENT_SECRET }}
+          secret_JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
+          secret_WEBHOOK_SECRETS: ${{ secrets.WEBHOOK_SECRETS }}
+      - run: echo "GITHUB_SHA=$GITHUB_SHA" >> .env
+      - run: echo "${{ secrets.PRODUCTION_SSH_KEY }}" > ${{ env.SSH_KEY_PATH }} && chmod 600 ${{ env.SSH_KEY_PATH }}
+      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} .env ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/vas3k.club/.env
+      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} docker-compose.production.yml ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/vas3k.club/docker-compose.production.yml
+      - run: ssh -i ${{ env.SSH_KEY_PATH }} ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }} "cd /home/vas3k/vas3k.club && docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.TOKEN }} && docker pull ghcr.io/$GITHUB_ACTOR/club:$GITHUB_SHA && docker-compose -f docker-compose.production.yml --env-file=.env up -d club_app queue bot cron && docker image prune --force"
@@ -48,6 +48,7 @@ media/images
 media/i
 
 club/.env
+.env
 db.sqlite3
 *.session
 venv/

@@ -10,14 +10,19 @@ RUN apt-get update \
       gdal-bin \
       libgdal-dev \
       make \
+      npm \
+      cron \
     && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
 COPY . /app
+COPY etc/crontab /etc/crontab
+RUN chmod 600 /etc/crontab
+
+RUN cd frontend && npm install && npm run build && cd ..
+
 RUN pip3 install pipenv==2021.5.29
 RUN sh -c 'if [ "$MODE" = 'production' ]; then pipenv lock --keep-outdated --requirements > requirements.txt; fi'
 RUN sh -c 'if [ "$MODE" = 'dev' ]; then pipenv lock --dev --requirements > requirements.txt; fi'
 RUN pip3 install -r requirements.txt
-
-RUN sh -c 'if [ -e vas3k_club.env ]; then cp -rf vas3k_club.env /app/club/.env; fi'
@@ -20,6 +20,10 @@ run-bot:  ## Runs telegram bot
 docker-run-bot:
 	python3 bot/main.py
 
+docker-run-cron:
+	env >> /etc/environment
+	cron -f -l 2
+
 run-uvicorn:  ## Runs uvicorn (ASGI) server in managed mode
 	pipenv run uvicorn --fd 0 --lifespan off club.asgi:application
 
@@ -31,6 +35,7 @@ docker-run-dev:  ## Runs dev server in docker
 
 docker-run-production:  ## Runs production server in docker
 	python3 manage.py migrate
+	cp -r /app/frontend/static /tmp/
 	gunicorn club.asgi:application -w 7 -k uvicorn.workers.UvicornWorker --bind=0.0.0.0:8814 --capture-output --log-level debug --access-logfile - --error-logfile -
 
 help:  ## Display this help

@@ -1,10 +1,6 @@
-version: "3.7"
-
 services:
   club_app: &app
-    build:
-      dockerfile: Dockerfile
-      context: .
+    image: ghcr.io/vas3k/club:${GITHUB_SHA:-latest}
     command: make docker-run-production
     container_name: club_app
     environment:
@@ -22,9 +18,11 @@ services:
       - EMAIL_HOST
       - EMAIL_PORT
       - DEFAULT_FROM_EMAIL
+    env_file:
+      - .env
     restart: always
     volumes:
-      - ./frontend/static:/app/frontend/static
+      - ./frontend/static:/tmp/static
       - ./gdpr/downloads:/app/gdpr/downloads
     depends_on:
       - postgres
@@ -53,6 +51,16 @@ services:
     ports:
       - "8816:8816"
 
+  cron:
+    <<: *app
+    command: make docker-run-cron
+    container_name: club_cron
+    depends_on:
+      - club_app
+      - postgres
+      - redis
+    ports: []
+
   postgres:
     image: postgres:12
     container_name: club_postgres

@@ -1,9 +1,8 @@
-30 2 * * *  /home/vas3k/backup.sh >> /home/vas3k/backup.log 2>&1
-0 1 * * * cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py delete_users >>/home/vas3k/crons.log 2>&1
-0 3 * * * cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py renew_subscriptions >>/home/vas3k/crons.log 2>&1
-0 9 * * 2-6 cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py send_daily_digest --production true >>/home/vas3k/crons.log 2>&1
-0 11 * * 1 cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py send_weekly_digest --production true >>/home/vas3k/crons.log 2>&1
-0 5 * * 7 cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py rebuild_search_index >>/home/vas3k/crons.log 2>&1
-0 8 * * * cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py replay_stuck_reviews >>/home/vas3k/crons.log 2>&1
-0 8 * * * find /home/vas3k/vas3k.club/gdpr/downloads/ -mindepth 1 -mtime +3 -type f -delete >>/home/vas3k/crons.log 2>&1
-13 */3 * * * cd /home/vas3k/vas3k.club && /usr/local/bin/pipenv run python manage.py update_hotness >>/home/vas3k/crons.log 2>&1
+0 1 * * * root cd /app && python3 manage.py delete_users  >/proc/1/fd/1 2>/proc/1/fd/2
+0 3 * * * root cd /app && python3 manage.py renew_subscriptions  >/proc/1/fd/1 2>/proc/1/fd/2
+0 9 * * 2-6 root cd /app && python3 manage.py send_daily_digest --production true  >/proc/1/fd/1 2>/proc/1/fd/2
+0 11 * * 1 root cd /app && python3 manage.py send_weekly_digest --production true  >/proc/1/fd/1 2>/proc/1/fd/2
+0 5 * * 7 root cd /app && python3 manage.py rebuild_search_index  >/proc/1/fd/1 2>/proc/1/fd/2
+0 8 * * * root cd /app && python3 manage.py replay_stuck_reviews  >/proc/1/fd/1 2>/proc/1/fd/2
+0 8 * * * find /app/gdpr/downloads/ -mindepth 1 -mtime +3 -type f -delete >/proc/1/fd/1 2>/proc/1/fd/2
+13 * * * * root cd /app && python3 manage.py update_hotness  >/proc/1/fd/1 2>/proc/1/fd/2