From c3d72434d61d08e3611a758333b1d407519bfd32 Mon Sep 17 00:00:00 2001 From: mamutmk5 Date: Fri, 25 Jun 2021 11:17:39 +0200 Subject: [PATCH 1/2] OPS-2468 - changes build pipeline to github actions (#332) --- .../build-and-push-docker-image.yaml | 98 ++++++++++++++---- .github/workflows/main.yml | 72 ++++++++++++++ .github/workflows/nodejs.yml | 34 ------- .github/workflows/tag.yml | 92 +++++++++++++++++ CHANGELOG.md | 38 ++++--- Dockerfile | 37 +------ Makefile | 99 ------------------- Makefile.inc | 47 --------- .../all/node-notification-service.yml | 2 + .../node-notification-service/tasks/main.yml | 39 ++++++++ .../templates/configmap.yml.j2 | 15 +++ .../templates/configmap_configmapfiles.yml.j2 | 68 +++++++++++++ .../templates/deployment.yml.j2 | 67 +++++++++++++ .../templates/onepassword.yml.j2 | 9 ++ .../templates/secret.yml.j2 | 11 +++ .../templates/svc.yml.j2 | 16 +++ docker-compose-notification-service.yml | 64 ------------ docker-compose.yml | 52 ---------- package-lock.json | 2 +- package.json | 2 +- 20 files changed, 501 insertions(+), 363 deletions(-) create mode 100644 .github/workflows/main.yml delete mode 100644 .github/workflows/nodejs.yml create mode 100644 .github/workflows/tag.yml delete mode 100644 Makefile delete mode 100644 Makefile.inc create mode 100644 ansible/group_vars/all/node-notification-service.yml create mode 100644 ansible/roles/node-notification-service/tasks/main.yml create mode 100644 ansible/roles/node-notification-service/templates/configmap.yml.j2 create mode 100644 ansible/roles/node-notification-service/templates/configmap_configmapfiles.yml.j2 create mode 100644 ansible/roles/node-notification-service/templates/deployment.yml.j2 create mode 100644 ansible/roles/node-notification-service/templates/onepassword.yml.j2 create mode 100644 ansible/roles/node-notification-service/templates/secret.yml.j2 create mode 100644 ansible/roles/node-notification-service/templates/svc.yml.j2 delete mode 100644 docker-compose-notification-service.yml delete mode 100644 docker-compose.yml diff --git a/.github/workflows/build-and-push-docker-image.yaml b/.github/workflows/build-and-push-docker-image.yaml index 3fcc957e..9fa5b793 100644 --- a/.github/workflows/build-and-push-docker-image.yaml +++ b/.github/workflows/build-and-push-docker-image.yaml @@ -3,32 +3,88 @@ name: Build and push Docker image on: push: - branches: + branches-ignore: + - main - master - - develop - - feature/* - - release/* - - hotfix/* - tags: - - '[0-9]*' - - pull_request: + - dependabot/* jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [8.x, 10.x, 12.x] + redis-version: [5] + steps: + - name: Git checkout + uses: actions/checkout@v1 + - name: Start Mailcatcher + run: docker run --name mailcatcher --publish 1025:1025 --detach schickling/mailcatcher + - name: Start MongoDB + uses: supercharge/mongodb-github-action@1.1.0 + - name: Start Redis + uses: supercharge/redis-github-action@1.1.0 + with: + redis-version: ${{ matrix.redis-version }} + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm install + - run: npm run build + - run: npm test + env: + CI: true + build_and_push: + needs: + - test runs-on: ubuntu-18.04 - if: (contains(github.event.head_commit.message, '[skip ci]') == false) && (github.event_name == 'push') steps: - uses: actions/checkout@v2 - + + - name: Docker meta Service Name + id: docker_meta_img + uses: docker/metadata-action@v3 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch,enable=false,priority=600 + type=sha,enable=true,priority=600,prefix= - name: Log into registry - run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - - name: Build image - run: make build - - - name: Push image - run: make push - - - name: Cleanup - run: make clean + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GH_DOCKER_USERNAME }} + password: ${{ secrets.GH_DOCKER_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build and push ${{ github.repository }} + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64 + push: true + tags: ghcr.io/${{ github.repository }}:${{ github.sha }} + labels: ${{ steps.docker_meta_img.outputs.labels }} + + dispatch: + runs-on: ubuntu-latest + needs: + - build_and_push + steps: + - uses: actions/checkout@v2 + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - name: Repository Dispatch + uses: peter-evans/repository-dispatch@v1 + with: + token: ${{ secrets.REPO_ACCESS_TOKEN }} + repository: hpi-schul-cloud/dof_app_deploy + event-type: dev-deploy + client-payload: '{"branch": "${{ steps.extract_branch.outputs.branch}}" }' \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..8eb503ea --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,72 @@ +--- +name: Build and push Docker Image on Main + +on: + push: + branches: + - main + - master + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [8.x, 10.x, 12.x] + redis-version: [5] # [4, 5] + steps: + - name: Git checkout + uses: actions/checkout@v1 + - name: Start Mailcatcher + run: docker run --name mailcatcher --publish 1025:1025 --detach schickling/mailcatcher + - name: Start MongoDB + uses: supercharge/mongodb-github-action@1.1.0 + - name: Start Redis + uses: supercharge/redis-github-action@1.1.0 + with: + redis-version: ${{ matrix.redis-version }} + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm install + - run: npm run build + - run: npm test + env: + CI: true + + build_and_push: + needs: + - test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Docker meta Service Name + id: docker_meta_img + uses: crazy-max/ghaction-docker-meta@v2 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch,enable=false,priority=600 + type=sha,enable=true,priority=600,prefix= + + - name: Log into registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_DOCKER_USERNAME }} + password: ${{ secrets.GHCR_DOCKER_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build and push ${{ github.repository }} + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64 + push: true + tags: ghcr.io/${{ github.repository }}:${{ github.sha }} + labels: ${{ steps.docker_meta_img.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml deleted file mode 100644 index f92cfbf9..00000000 --- a/.github/workflows/nodejs.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Node.js CI - -on: [push] - -jobs: - build: - - runs-on: ubuntu-latest - - strategy: - matrix: - node-version: [8.x, 10.x, 12.x] - redis-version: [5] # [4, 5] - - steps: - - name: Git checkout - uses: actions/checkout@v1 - - name: Start Mailcatcher - run: docker run --name mailcatcher --publish 1025:1025 --detach schickling/mailcatcher - - name: Start MongoDB - uses: supercharge/mongodb-github-action@1.1.0 - - name: Start Redis - uses: supercharge/redis-github-action@1.1.0 - with: - redis-version: ${{ matrix.redis-version }} - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 - with: - node-version: ${{ matrix.node-version }} - - run: npm install - - run: npm run build - - run: npm test - env: - CI: true diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 00000000..b74b24b1 --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,92 @@ +--- +name: Build and push Docker Image on Tag + +on: + push: + tags: + - '[0-9]*' + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [8.x, 10.x, 12.x] + redis-version: [5] # [4, 5] + steps: + - name: Git checkout + uses: actions/checkout@v1 + - name: Start Mailcatcher + run: docker run --name mailcatcher --publish 1025:1025 --detach schickling/mailcatcher + - name: Start MongoDB + uses: supercharge/mongodb-github-action@1.1.0 + - name: Start Redis + uses: supercharge/redis-github-action@1.1.0 + with: + redis-version: ${{ matrix.redis-version }} + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm install + - run: npm run build + - run: npm test + env: + CI: true + + build_and_push: + needs: + - test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Docker meta Service Name + id: docker_meta_img + uses: docker/metadata-action@v3 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch,enable=false,priority=600 + type=sha,enable=true,priority=600,prefix= + + - name: Docker meta Service Name for docker hub + id: docker_meta_img_hub + uses: docker/metadata-action@v3 + with: + images: schulcloud/schulcloud-server + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Log into registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_DOCKER_USERNAME }} + password: ${{ secrets.GHCR_DOCKER_TOKEN }} + + - name: Log into registry + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Build and push ${{ github.repository }} + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64 + push: true + tags: ghcr.io/${{ github.repository }}:${{ github.sha }} + labels: ${{ steps.docker_meta_img.outputs.labels }} + + - name: Push Image to multiple registries + uses: akhilerm/tag-push-action@v1.0.0 + with: + src: ghcr.io/${{ github.repository }}:${{ github.sha }} + dst: ${{ steps.docker_meta_img_hub.outputs.tags }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 03e5f0b3..d4259952 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,34 +1,50 @@ -# Release 1.2.4 +# Changelog -## Bugfix +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +Allowed Types of change: `Added`, `Changed`, `Deprecated`, `Removed`, `Fixed`, `Security` + +## Unreleased + +## [1.2.5] - 2021-06-24 + +### Changed + +- OPS-2468 - changes build pipeline to github actions + +## [1.2.4] + +### Fixed - SC-8772 - update extend of mongodb connection -# Release 1.2.3 +## [1.2.3] -# Release 1.2.2 +## [1.2.2] -## Features +### Added - OPS-1575 - Added E-Mail address validation -# Release 1.1.1 +## [1.1.1] -## Features +### Added - Removed file log handler. (OPS-746) - Added multi-stages to Dockerfile. (OPS-746) -# Release 1.1.0 +## [1.1.0] -## Features +### Added - Added Makefile and GitHub Actions build pipeline (#205, OPS-623) - Added support for multiple SMTP configs (#206, SC-4907) - Added support for bounce address (#207, SC-4908) -# Hotfix 1.0.1 +## [1.0.1] -## Features +### Added - Added replyTo on mail interface diff --git a/Dockerfile b/Dockerfile index 4a099340..d6586a2d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,45 +3,16 @@ ARG NODE_IMAGE_TAG="10.21.0-alpine3.11" # --- stage:builder ------------------------------------------------------------ FROM node:${NODE_IMAGE_TAG} AS build -ARG BUILD_BRANCH -ARG BUILD_HASH - -LABEL build.stage="builder" -LABEL build.branch="${BUILD_BRANCH}" -LABEL build.hash="${BUILD_HASH}" - WORKDIR /app COPY . . -RUN set -x \ - && npm install \ - && npm run build - -# --- stage:test --------------------------------------------------------------- -FROM build AS test - -ARG BUILD_BRANCH -ARG BUILD_HASH - -LABEL build.stage="test" -LABEL build.branch="${BUILD_BRANCH}" -LABEL build.hash="${BUILD_HASH}" - -RUN set -x \ - && npm run lint - # && npm run test +RUN npm install +RUN npm run build # --- stage:release ------------------------------------------------------------ FROM node:${NODE_IMAGE_TAG} AS release -ARG BUILD_BRANCH -ARG BUILD_HASH - -LABEL build.stage="release" -LABEL build.branch="${BUILD_BRANCH}" -LABEL build.hash="${BUILD_HASH}" - USER node WORKDIR /usr/src/app @@ -50,6 +21,6 @@ ENV NODE_ENV "production" COPY --from=build /app /usr/src/app -EXPOSE 3100 +EXPOSE 3031 -CMD [ "npm", "start" ] +CMD [ "npm", "start" ] \ No newline at end of file diff --git a/Makefile b/Makefile deleted file mode 100644 index d7a866df..00000000 --- a/Makefile +++ /dev/null @@ -1,99 +0,0 @@ -# Cancel implicit rules on top Makefile -$(CURDIR)/Makefile Makefile: ; - --include $(wildcard Makefile.*) - -SHELL := /bin/bash - -GIT_REMOTE_URL ?= $(shell git remote get-url origin) -GIT_SHA ?= $(shell git rev-parse HEAD) -GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD | tr -s "[:punct:]" "-" | tr -s "[:upper:]" "[:lower:]") -GIT_CURRENT_VERSION_TAG ?= $(shell git tag --list "[0-9]*" --sort="-version:refname" --points-at HEAD | head -n 1) -GIT_LATEST_VERSION_TAG ?= $(shell git tag --list "[0-9]*" --sort="-version:refname" | head -n 1) - -ifeq ($(GIT_BRANCH),head) -ifneq ($(GIT_CURRENT_VERSION_TAG),) -GIT_BRANCH = master -GIT_LATEST_VERSION_TAG = $(GIT_CURRENT_VERSION_TAG) -else -$(error "Missing valid git version tag!") -endif -endif - -PROJECT_DIR ?= $(realpath $(dir $(lastword $(MAKEFILE_LIST)))) -PROJECT_NAME ?= $(basename $(notdir $(GIT_REMOTE_URL))) - -DOCKER_IMAGE_NAME ?= $(PROJECT_NAME) -DOCKER_CONTAINER_NAME ?= $(PROJECT_NAME) -DOCKER_REPO_NAMESPACE ?= schulcloud -DOCKER_REPO_NAME ?= $(DOCKER_REPO_NAMESPACE)/$(DOCKER_IMAGE_NAME) -DOCKER_VERSION_TAG ?= $(GIT_BRANCH)_v$(GIT_LATEST_VERSION_TAG)_$(GIT_SHA) -ifeq ($(GIT_LATEST_VERSION_TAG),) -DOCKER_VERSION_TAG = $(GIT_BRANCH)_$(GIT_SHA) -endif -DOCKER_SHA_TAG ?= $(GIT_SHA) - -.PHONY: self-init -self-init:: - $(info TODO: Implement recipes for self-init) - -.PHONY: self-update -self-update:: - $(info TODO: Implement recipes for self-update) - -.PHONY: clean -clean:: stop - docker rm --force $(DOCKER_CONTAINER_NAME) 2>/dev/null || true - docker image rm --force \ - $(DOCKER_REPO_NAME):$(DOCKER_VERSION_TAG) \ - $(DOCKER_REPO_NAME):$(DOCKER_SHA_TAG) \ - $(DOCKER_IMAGE_NAME) 2>/dev/null || true - docker image prune --force \ - --filter label="build.stage=test" \ - --filter label="build.branch=$(GIT_BRANCH)" \ - --filter label="build.hash=$(GIT_SHA)" 2>/dev/null || true - docker image prune --force \ - --filter label="build.stage=builder" \ - --filter label="build.branch=$(GIT_BRANCH)" \ - --filter label="build.hash=$(GIT_SHA)" 2>/dev/null || true - -.PHONY: build -build:: DOCKER_BUILD_OPTIONS += --pull --no-cache --force-rm --rm \ - --build-arg BUILD_BRANCH=$(GIT_BRANCH) \ - --build-arg BUILD_HASH=$(GIT_SHA) \ - --file "$(PROJECT_DIR)/Dockerfile" \ - --tag $(DOCKER_IMAGE_NAME) -build:: - docker build $(DOCKER_BUILD_OPTIONS) "$(PROJECT_DIR)" - -.PHONY: tags -tags:: DOCKER_TAG_OPTIONS += -tags:: - docker tag $(DOCKER_TAG_OPTIONS) $(DOCKER_IMAGE_NAME) $(DOCKER_REPO_NAME):$(DOCKER_VERSION_TAG) - docker tag $(DOCKER_TAG_OPTIONS) $(DOCKER_IMAGE_NAME) $(DOCKER_REPO_NAME):$(DOCKER_SHA_TAG) - -.PHONY: push -push:: DOCKER_PUSH_OPTIONS ?= -push:: tags - docker push $(DOCKER_PUSH_OPTIONS) $(DOCKER_REPO_NAME):$(DOCKER_VERSION_TAG) - docker push $(DOCKER_PUSH_OPTIONS) $(DOCKER_REPO_NAME):$(DOCKER_SHA_TAG) - -.PHONY: deploy -deploy:: - $(info TODO: Implement recipes for deploy) - -.PHONY: run -run:: DOCKER_RUN_OPTIONS += --rm --interactive --tty --name $(DOCKER_CONTAINER_NAME) -run:: DOCKER_RUN_COMMAND ?= -run:: - docker run $(DOCKER_RUN_OPTIONS) $(DOCKER_IMAGE_NAME) $(DOCKER_RUN_COMMAND) - -.PHONY: stop -stop:: - docker stop $(DOCKER_CONTAINER_NAME) 2>/dev/null || true - -.PHONY: exec -exec:: DOCKER_EXEC_OPTIONS += --interactive --tty -exec:: DOCKER_EXEC_COMMAND ?= /bin/sh -exec:: - docker exec $(DOCKER_EXEC_OPTIONS) $(DOCKER_CONTAINER_NAME) $(DOCKER_EXEC_COMMAND) diff --git a/Makefile.inc b/Makefile.inc deleted file mode 100644 index 3ac0961c..00000000 --- a/Makefile.inc +++ /dev/null @@ -1,47 +0,0 @@ -# Check if its included in a Makefile(.*) -ifneq ($(notdir $(firstword $(MAKEFILE_LIST))),Makefile) -$(error ERROR: This file has to be included in Makefile) -endif - -.PHONY: --deploy-test ---deploy-test: SSH_OPTIONS ?= ---deploy-test: SSH_IDENTITY_FILENAME ?= -ifneq ($(SSH_IDENTITY_FILENAME),) ---deploy-test: SSH_OPTIONS += -i $(SSH_IDENTITY_FILENAME) -endif ---deploy-test: SSH_LOGIN_NAME ?= -ifneq ($(SSH_LOGIN_NAME),) ---deploy-test: SSH_OPTIONS += -l $(SSH_LOGIN_NAME) -endif ---deploy-test: DEPLOY_SSH_OPTIONS += \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null ---deploy-test: DEPLOY_SSH_HOSTNAME = test.schul-cloud.org ---deploy-test: DEPLOY_SSH_COMMAND += /usr/bin/docker service update \ - --image $(DOCKER_IMAGE_NAME):$(DOCKER_VERSION_TAG) \ - --force \ - test-schul-cloud_messenger_sync ---deploy-test: - # Check Docker Hub for existing image tag - if curl -L -s -f https://registry.hub.docker.com/v2/repositories/$(DOCKER_IMAGE_NAME)/tags/$(DOCKER_VERSION_TAG) > /dev/null; then \ - ssh $(DEPLOY_SSH_OPTIONS) $(DEPLOY_SSH_HOSTNAME) $(DEPLOY_SSH_COMMAND); \ - fi - -.PHONY: --deploy-staging ---deploy-staging: - $(info TODO: Implement recipes for --deploy-staging) - -.PHONY: deploy -ifeq ($(GIT_BRANCH),develop) -deploy:: --deploy-test -endif -ifeq ($(patsubst release%,release,$(GIT_BRANCH)),release) -deploy:: --deploy-staging -endif -ifeq ($(patsubst hotfix%,hotfix,$(GIT_BRANCH)),hotfix) -deploy:: --deploy-staging -endif - -.PHONY: clean -clean:: - npm run clean diff --git a/ansible/group_vars/all/node-notification-service.yml b/ansible/group_vars/all/node-notification-service.yml new file mode 100644 index 00000000..385402ab --- /dev/null +++ b/ansible/group_vars/all/node-notification-service.yml @@ -0,0 +1,2 @@ +--- +NOTIFICATION_IMAGE_NAME: ghcr.io/hpi-schul-cloud/node-notification-service diff --git a/ansible/roles/node-notification-service/tasks/main.yml b/ansible/roles/node-notification-service/tasks/main.yml new file mode 100644 index 00000000..8dc06ade --- /dev/null +++ b/ansible/roles/node-notification-service/tasks/main.yml @@ -0,0 +1,39 @@ + - name: Service + community.kubernetes.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: svc.yml.j2 + + - name: Configmap + community.kubernetes.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: configmap.yml.j2 + + - name: Configmap File + community.kubernetes.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: configmap_configmapfiles.yml.j2 + when: NOTIFICATION_PLATFORM is defined and NOTIFICATION_PLATFORM != "testplatform" + + - name: Secred + community.kubernetes.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: secret.yml.j2 + when: ONEPASSWORD is undefined or ONEPASSWORD is defined and not ONEPASSWORD + + - name: Secred by 1Password + community.kubernetes.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: onepassword.yml.j2 + when: ONEPASSWORD is defined and ONEPASSWORD|bool + + - name: Deployment + community.kubernetes.k8s: + kubeconfig: ~/.kube/config + namespace: "{{ NAMESPACE }}" + template: deployment.yml.j2 + \ No newline at end of file diff --git a/ansible/roles/node-notification-service/templates/configmap.yml.j2 b/ansible/roles/node-notification-service/templates/configmap.yml.j2 new file mode 100644 index 00000000..c1823727 --- /dev/null +++ b/ansible/roles/node-notification-service/templates/configmap.yml.j2 @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: notification-configmap + namespace: {{ NAMESPACE }} + labels: + app: notification +data: + # general + NODE_ENV: "production" + TZ: "Europe/Berlin" + # MONGO_HOST: "in notification secret" +{% if ONEPASSWORD is undefined or ONEPASSWORD is defined and not ONEPASSWORD %} + REDIS_HOST: "{{ NOTIFICATION_REDIS_HOST }}" +{% endif %} \ No newline at end of file diff --git a/ansible/roles/node-notification-service/templates/configmap_configmapfiles.yml.j2 b/ansible/roles/node-notification-service/templates/configmap_configmapfiles.yml.j2 new file mode 100644 index 00000000..3462c508 --- /dev/null +++ b/ansible/roles/node-notification-service/templates/configmap_configmapfiles.yml.j2 @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: notification-configmap-configfiles + namespace: {{ NAMESPACE }} + labels: + app: notification +data: + config.json: | + { + "mail": { + "options": [{ + "host": "{{ SMTP_HOST }}", + "port": {{ SMTP_PORT }}, + "secure": {{ SMTP_SECURE | default("false", true) }}, + "auth": { + "user": "{{ SMTP_USER }}", + "pass": "{{ SMTP_PASS }}" + } + }], + "defaults": { + "from": "{{ SMTP_SENDER }}", + "envelope": { + "from": "{{ SMTP_BOUNCE }}" + }, + "delay": 0 + } + }, + "push": { + "service_account_object": { + "type": "", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "", + "token_uri": "", + "auth_provider_x509_cert_url": "", + "client_x509_cert_url": "" + }, + "database_url": "" + }, + "callback": { + "url": "http://localhost:3100/notification/callback/{MESSAGE_ID}/seenBy/{RECEIVER_ID}/?redirect={REDIRECT_URL}" + }, + "queue": { + "timeout": 10000, + "retries": 6, + "backoffTime": 120000, + "backoffStrategy": "fixed", + "defaults": { + "prefix": "notification", + "stallInterval": 5000, + "nearTermWindow": 1200000, + "delayedDebounce": 1000, + "isWorker": true, + "getEvents": true, + "sendEvents": true, + "storeJobs": true, + "ensureScripts": true, + "activateDelayedJobs": true, + "removeOnSuccess": true, + "removeOnFailure": false, + "redisScanCount": 200 + } + } + } diff --git a/ansible/roles/node-notification-service/templates/deployment.yml.j2 b/ansible/roles/node-notification-service/templates/deployment.yml.j2 new file mode 100644 index 00000000..2ab818c6 --- /dev/null +++ b/ansible/roles/node-notification-service/templates/deployment.yml.j2 @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: notification-deployment + namespace: {{ NAMESPACE }} + labels: + app: notification +spec: + replicas: 1 + selector: + matchLabels: + app: notification + template: + metadata: + labels: + app: notification + annotations: + # The field we'll use to couple our ConfigMap and Deployment + # cat notification-configmap.yml | sha256sum + configmapHash: "" + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + spec: + securityContext: + #readOnlyRootFilesystem: true + # run as user node (uid 1000) + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true + containers: + - name: notification + image: {{ NOTIFICATION_IMAGE_NAME }}:{{ APP_IMAGE_TAG }} + imagePullPolicy: IfNotPresent + ports: + - name: notification + containerPort: 3031 + protocol: TCP + # from configmap + envFrom: + - configMapRef: + name: notification-configmap + - secretRef: + name: notification-secret +{% if NOTIFICATION_PLATFORM is defined and NOTIFICATION_PLATFORM != "testplatform" %} + volumeMounts: + - name: configjson + mountPath: /usr/src/app/platforms/{{ NOTIFICATION_PLATFORM|default("testplatform", true) }}/config.json + subPath: config.json + readOnly: true +{% endif %} + resources: + limits: + cpu: "1000m" + memory: "1Gi" + requests: + cpu: "100m" + memory: "1Gi" +{% if NOTIFICATION_PLATFORM is defined and NOTIFICATION_PLATFORM != "testplatform" %} + volumes: + - name: configjson + configMap: + name: notification-configmap-configfiles + items: + - key: config.json + path: config.json +{% endif %} diff --git a/ansible/roles/node-notification-service/templates/onepassword.yml.j2 b/ansible/roles/node-notification-service/templates/onepassword.yml.j2 new file mode 100644 index 00000000..f36bc7ce --- /dev/null +++ b/ansible/roles/node-notification-service/templates/onepassword.yml.j2 @@ -0,0 +1,9 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: notification-secret + namespace: {{ NAMESPACE }} + labels: + app: notification +spec: + itemPath: "vaults/{{ VAULT }}/items/node_notification_service" \ No newline at end of file diff --git a/ansible/roles/node-notification-service/templates/secret.yml.j2 b/ansible/roles/node-notification-service/templates/secret.yml.j2 new file mode 100644 index 00000000..5e038af4 --- /dev/null +++ b/ansible/roles/node-notification-service/templates/secret.yml.j2 @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: notification-secret + namespace: {{ NAMESPACE }} + labels: + app: notification +type: Opaque +data: + # echo -n "VALUE" | base64 + MONGO_HOST: "{{ NOTIFICATION_MONGO_HOST| b64encode }}" \ No newline at end of file diff --git a/ansible/roles/node-notification-service/templates/svc.yml.j2 b/ansible/roles/node-notification-service/templates/svc.yml.j2 new file mode 100644 index 00000000..4bbede41 --- /dev/null +++ b/ansible/roles/node-notification-service/templates/svc.yml.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: app-1-svc + namespace: {{ NAMESPACE }} + labels: + app: app-1 +spec: + type: ClusterIP + ports: + - port: 3030 + targetPort: 3030 + protocol: TCP + name: app-1-http + selector: + app: app-1 diff --git a/docker-compose-notification-service.yml b/docker-compose-notification-service.yml deleted file mode 100644 index 93935c1c..00000000 --- a/docker-compose-notification-service.yml +++ /dev/null @@ -1,64 +0,0 @@ -version: '3' -services: - notification-service: - image: schulcloud/node-notification-service:latest - # build: - # context: . - # dockerfile: Dockerfile - container_name: notification-service - deploy: - replicas: 1 - restart_policy: - condition: any - environment: - - MONGO_HOST=notification-mongo/notification-service - - REDIS_HOST=notification-redis - volumes: - - notification-logs:/usr/src/app/logs - ports: - - 3031:3031 - depends_on: - - notification-mongo - - notification-redis - restart: always - - notification-mongo: - image: mongo:3 - deploy: - replicas: 1 - restart_policy: - condition: any - volumes: - - notification-mongo:/data/db - restart: always - - notification-redis: - image: redis:5.0.3 - deploy: - replicas: 1 - restart_policy: - condition: any - volumes: - - notification-redis:/data - restart: always - - notification-redis-commander: - container_name: redis-commander - hostname: redis-commander - image: rediscommander/redis-commander:latest - deploy: - replicas: 1 - restart_policy: - condition: any - environment: - - REDIS_HOSTS=notification-redis:6379 - ports: - - "8081:8081" - depends_on: - - notification-redis - restart: always - -volumes: - notification-mongo: - notification-redis: - notification-logs: diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index d0700baa..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,52 +0,0 @@ -version: "3" -services: - notification-service: - #image: friedow/node-notification-service:latest - build: - context: . - dockerfile: Dockerfile - container_name: notification-service - restart: always - ports: - - 3031:3031 - links: - - mongo - - redis - environment: - - MONGO_HOST=mongo - - REDIS_HOST=redis - #- NOTIFICATION_PORT=3031 - # - NODE_ENV=production - volumes: - # - ./logs:/usr/src/app/logs - - ./:/usr/src/app - depends_on: - - mongo - - redis - command: npm run debug - - mongo: - image: mongo:3 - restart: always - - redis: - image: redis:5.0.3 - restart: always - - redis-commander: - container_name: redis-commander - hostname: redis-commander - image: rediscommander/redis-commander:latest - restart: always - environment: - - REDIS_HOSTS=local:redis:6379 - ports: - - "8081:8081" - depends_on: - - redis - - mail: - image: schickling/mailcatcher - ports: - - 1080:1080 - - 1025:1025 diff --git a/package-lock.json b/package-lock.json index 4541943a..b303969f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "notification-service", - "version": "1.2.4", + "version": "1.2.5", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index c856bfe3..457ee4d8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "notification-service", - "version": "1.2.4", + "version": "1.2.5", "description": "A notification service for mails and push notifications build with Typescript on top of Node and Express.js.", "homepage": "https://github.com/schul-cloud/node-notification-service", "bugs": { From 59f4cfabd6e7b78b9b609a2e82de42629eab3649 Mon Sep 17 00:00:00 2001 From: mamutmk5 Date: Fri, 25 Jun 2021 15:14:48 +0200 Subject: [PATCH 2/2] Fix build and push tag to docker hub --- .github/workflows/tag.yml | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index b74b24b1..a467c337 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -41,15 +41,6 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Docker meta Service Name - id: docker_meta_img - uses: docker/metadata-action@v3 - with: - images: ghcr.io/${{ github.repository }} - tags: | - type=ref,event=branch,enable=false,priority=600 - type=sha,enable=true,priority=600,prefix= - - name: Docker meta Service Name for docker hub id: docker_meta_img_hub uses: docker/metadata-action@v3 @@ -59,13 +50,6 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - - name: Log into registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.GHCR_DOCKER_USERNAME }} - password: ${{ secrets.GHCR_DOCKER_TOKEN }} - - name: Log into registry uses: docker/login-action@v1 with: @@ -82,11 +66,5 @@ jobs: file: ./Dockerfile platforms: linux/amd64 push: true - tags: ghcr.io/${{ github.repository }}:${{ github.sha }} - labels: ${{ steps.docker_meta_img.outputs.labels }} - - - name: Push Image to multiple registries - uses: akhilerm/tag-push-action@v1.0.0 - with: - src: ghcr.io/${{ github.repository }}:${{ github.sha }} - dst: ${{ steps.docker_meta_img_hub.outputs.tags }} + tags: ${{ steps.docker_meta_img_hub.outputs.tags }} + labels: ${{ steps.docker_meta_img_hub.outputs.labels }}