CI: Deploy Docker Images on remote VM

.env.example

@@ -1,15 +1,22 @@
+NODE_ENV=development
+
 DATABASE_CLIENT=mysql2
 DATABASE_USERNAME=vim
 DATABASE_PASSWORD=super-secret
 DATABASE_PORT=3306
 DATABASE_SSL=false
 
 WEB_DATABASE_NAME=vim
-CMS_DATABASE_NAME=vim_cms
+NEXT_PRIVATE_STANDALONE=true
+NEXTAUTH_SECRET=testsecret
 
+CMS_DATABASE_NAME=vim_cms
+CMS_HOST=0.0.0.0
 CMS_PORT=1337
 CMS_APP_KEYS=testkey1,testkey2
 CMS_API_TOKEN_SALT=testtoken
 CMS_ADMIN_JWT_SECRET=testsecret
 CMS_JWT_SECRET=testsecret
 CMS_TRANSFER_TOKEN_SALT=testtoken
+CMS_DISABLE_UPDATE_NOTIFICATION=false
+CMS_TELEMETRY_DISABLED=true

.github/workflows/build-push-cms.yml

@@ -5,9 +5,7 @@ on:
     branches:
       - main
       - development
-    paths:
-      - cms/**
-  workflow_dispatch:
+      - 'feature/**'
 
 jobs:
   push_to_registries:
@@ -19,14 +17,14 @@ jobs:
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
- 
+
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
- 
+
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
@@ -37,7 +35,7 @@ jobs:
             type=semver,pattern={{version}}
           images: |
             ghcr.io/${{ github.repository }}/cms
- 
+
       - name: Build and push Docker images
         uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
         with:
@@ -46,3 +44,4 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: CMS_URL=${{vars.CMS_URL}}

.github/workflows/build-push-web.yml

@@ -5,9 +5,9 @@ on:
     branches:
       - main
       - development
+      - 'feature/**'
     paths:
       - web/**
-  workflow_dispatch:
 
 jobs:
   push_to_registries:
@@ -19,14 +19,14 @@ jobs:
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
- 
+
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
- 
+
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
@@ -37,7 +37,7 @@ jobs:
             type=semver,pattern={{version}}
           images: |
             ghcr.io/${{ github.repository }}/web
- 
+
       - name: Build and push Docker images
         uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
         with:

.github/workflows/deploy-vm.yml

@@ -0,0 +1,52 @@
+name: Deploy Docker Images
+
+on:
+  pull_request:
+    branches:
+      - main
+      - development
+  workflow_run:
+    workflows:
+      - Build and Push Web Docker Image
+      - Build and Push CMS Docker Image
+    branches:
+      - development
+    types:
+      - completed
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: setup environment file
+      run: |
+        test -f .env || cp .env.example .env
+
+    - name: copy files to server
+      uses: appleboy/scp-action@v0.1.3
+      with:
+        host: ${{ secrets.SSH_HOST }}
+        username: ${{ secrets.SSH_USER }}
+        key: ${{ secrets.SSH_KEY }}
+        source: "./docker-compose.dev.yml,./.env"
+        target: "~/${{ github.event.repository.name }}/"
+
+    - name: pull & start container images
+      uses: appleboy/ssh-action@v1.0.3
+      with:
+        host: ${{ secrets.SSH_HOST }}
+        username: ${{ secrets.SSH_USER }}
+        key: ${{ secrets.SSH_KEY }}
+        script_stop: true
+        script: |
+          cd ~/${{ github.event.repository.name }}/
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{github.actor}} --password-stdin
+          docker compose -f docker-compose.dev.yml pull
+          docker compose -f docker-compose.dev.yml down
+          docker compose -f docker-compose.dev.yml up -d --wait --no-build --force-recreate
+          docker compose -f docker-compose.dev.yml logs -t -n 50

.github/workflows/verify-cms.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - development
+      - 'feature/**'
     paths:
       - cms/**
   pull_request:

.github/workflows/verify-web.yml

@@ -5,12 +5,14 @@ on:
     branches:
       - main
       - development
+      - 'feature/**'
     paths:
       - web/**
   pull_request:
     branches:
       - main
       - development
+      - 'feature/**'
     paths:
       - web/**
 

cms/.env.example

@@ -1,3 +1,7 @@
+STRAPI_DISABLE_UPDATE_NOTIFICATION=false
+STRAPI_TELEMETRY_DISABLED=true
+NODE_ENV=development
+
 HOST=0.0.0.0
 PORT=1337
 APP_KEYS="toBeModified1,toBeModified2"

cms/Dockerfile.prod

@@ -3,6 +3,10 @@ RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev l
 ARG NODE_ENV=production
 ENV NODE_ENV=${NODE_ENV}
 
+ARG CMS_URL
+ENV CMS_URL=${CMS_URL}
+RUN echo "CMS_URL=$CMS_URL"
+
 WORKDIR /opt/
 COPY package.json package-lock.json ./
 RUN npm install -g node-gyp

cms/config/admin.ts

@@ -11,7 +11,8 @@ export default ({ env }) => ({
 		},
 	},
 	flags: {
-		nps: env.bool("FLAG_NPS", true),
+		nps: env.bool("FLAG_NPS", false),
+		promoteEE: env.bool("FLAG_EE", false),
 	},
 	watchIgnoreFiles: ["**/config/sync/**"],
 });

cms/config/middlewares.ts

@@ -4,7 +4,7 @@ module.exports = [
 	{
 		name: "strapi::cors",
 		config: {
-			origin: ["http://localhost:3000", "http://web:3000", "http://localhost:1337", "http://cms:1337"],
+			origin: ["http://localhost:3000", "http://web:3000", "http://localhost:1337", "http://cms:1337", "http://preview.vim.org"],
 			methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"],
 			headers: ["Content-Type", "Authorization", "Origin", "Accept"],
 			keepHeaderOnError: true,

cms/config/server.ts

@@ -1,6 +1,7 @@
 export default ({ env }) => ({
 	host: env("HOST", "0.0.0.0"),
 	port: env.int("PORT", 1337),
+	url: env("NODE_ENV") === "development" ? "" : env("CMS_URL"),
 	app: {
 		keys: env.array("APP_KEYS"),
 	},

docker-compose.dev.yml

@@ -0,0 +1,64 @@
+services:
+  web:
+    container_name: web
+    image: ghcr.io/vim/website_next_generation/web:${TAG:-development}
+    environment:
+      - CMS_API=http://cms:1337/api
+      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
+    ports:
+      - 3000:3000
+    networks:
+      - vim_network
+
+  db:
+    container_name: db
+    image: mysql:8
+    restart: unless-stopped
+    environment:
+      - MYSQL_ROOT_PASSWORD=${DATABASE_PASSWORD}
+      - MYSQL_USER=${DATABASE_USERNAME}
+      - MYSQL_PASSWORD=${DATABASE_PASSWORD}
+      - MYSQL_DATABASE=${CMS_DATABASE_NAME}
+    volumes:
+      - vim-cms-data:/var/lib/mysql
+      - ./db/docker-scripts:/docker-entrypoint-initdb.d
+    ports:
+      - ${DATABASE_PORT}:3306
+    networks:
+      - vim_network
+
+  cms:
+    container_name: strapi
+    image: ghcr.io/vim/website_next_generation/cms:${TAG:-development}
+    restart: unless-stopped
+    environment:
+      DATABASE_CLIENT: ${DATABASE_CLIENT}
+      DATABASE_HOST: db
+      DATABASE_PORT: ${DATABASE_PORT}
+      DATABASE_NAME: ${CMS_DATABASE_NAME}
+      DATABASE_USERNAME: ${DATABASE_USERNAME}
+      DATABASE_PASSWORD: ${DATABASE_PASSWORD}
+      DATABASE_SSL: false
+      HOST: ${CMS_HOST}
+      PORT: ${CMS_PORT}
+      APP_KEYS: ${CMS_APP_KEYS}
+      API_TOKEN_SALT: ${CMS_API_TOKEN_SALT}
+      ADMIN_JWT_SECRET: ${CMS_ADMIN_JWT_SECRET}
+      TRANSFER_TOKEN_SALT: ${CMS_TRANSFER_TOKEN_SALT}
+      JWT_SECRET: ${CMS_JWT_SECRET}
+      STRAPI_DISABLE_UPDATE_NOTIFICATION: ${CMS_DISABLE_UPDATE_NOTIFICATION}
+      STRAPI_TELEMETRY_DISABLED: ${CMS_TELEMETRY_DISABLED}
+    ports:
+      - 1337:1337
+    networks:
+      - vim_network
+    depends_on:
+      - db
+
+volumes:
+  vim-cms-data:
+
+networks:
+  vim_network:
+    name: vim_network
+    driver: bridge

.development.docker-compose.yml → docker-compose.local.yml

@@ -1,4 +1,3 @@
-version: "3"
 services:
   web:
     container_name: web
@@ -29,7 +28,7 @@ services:
       - vim-cms-data:/var/lib/mysql
       - ./db/docker-scripts:/docker-entrypoint-initdb.d
     ports:
-      - 3306:3306
+      - ${DATABASE_PORT}:3306
     networks:
       - vim_network
 
@@ -51,6 +50,8 @@ services:
       ADMIN_JWT_SECRET: ${CMS_ADMIN_JWT_SECRET}
       APP_KEYS: ${CMS_APP_KEYS}
       NODE_ENV: ${NODE_ENV}
+      STRAPI_DISABLE_UPDATE_NOTIFICATION: false
+      STRAPI_TELEMETRY_DISABLED: true
     volumes:
       - ./cms/config:/opt/app/config
       - ./cms/src:/opt/app/src

makefile

@@ -1,6 +1,6 @@
 .PHONY: clean build run logsmake
 
-DC=docker compose -f .development.docker-compose.yml
+DC=docker compose -f docker-compose.local.yml
 
 default: help
 init: init-env check-env install

nginx/conf.d/upstream.conf

@@ -0,0 +1,9 @@
+# Strapi server
+upstream strapi {
+	server 127.0.0.1:1337;
+}
+
+# NextJS server
+upstream nextjs {
+	server 127.0.0.1:3000;
+}