From ec365709b41a6e8614520b29f08020fd869d74c3 Mon Sep 17 00:00:00 2001 From: Nikos Papadakis Date: Sun, 3 Sep 2023 15:02:37 +0300 Subject: [PATCH] ci: app release pipeline --- .tool-versions | 2 +- .woodpecker/release-agent.yml | 5 +- .woodpecker/release-app.yml | 35 ++++++++++++++ Cargo.lock | 24 ++-------- agent/Cargo.toml | 2 +- agent/src/config.rs | 2 +- app/config/dev.exs | 3 -- app/config/prod.exs | 4 +- app/config/runtime.exs | 47 +++---------------- .../prymn_web/live/server_live/show.html.heex | 5 +- app/lib/prymn_web/router.ex | 25 +++++----- 11 files changed, 66 insertions(+), 88 deletions(-) create mode 100644 .woodpecker/release-app.yml diff --git a/.tool-versions b/.tool-versions index eabe3fd..b9c63eb 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ -elixir 1.15.4-otp-26 +elixir 1.15.5 erlang 26.0.2 diff --git a/.woodpecker/release-agent.yml b/.woodpecker/release-agent.yml index f8f3867..96e8201 100644 --- a/.woodpecker/release-agent.yml +++ b/.woodpecker/release-agent.yml @@ -13,8 +13,7 @@ steps: image: git.nikos.gg/prymn/rust/aarch64:latest commands: - protoc --version - - cd agent - - cargo build --release --target "${BUILD_TARGET}" + - cargo build --bin prymn_agent --release --target "${BUILD_TARGET}" - mkdir -p "dist/${BUILD_TARGET}" - cp "target/${BUILD_TARGET}/release/prymn_agent" "dist/${BUILD_TARGET}" @@ -27,5 +26,5 @@ steps: from_secret: r2_access_key secret_key: from_secret: r2_secret_key - source: agent/dist/**/* + source: dist/**/* target: / diff --git a/.woodpecker/release-app.yml b/.woodpecker/release-app.yml new file mode 100644 index 0000000..1b0b0e2 --- /dev/null +++ b/.woodpecker/release-app.yml @@ -0,0 +1,35 @@ +labels: + platform: linux/arm64 + +when: + - event: tag + branch: main + +steps: + make-release: + image: docker.io/hexpm/elixir:1.15.5-erlang-26.0.2-debian-bookworm-20230612 + environment: + - MIX_ENV=prod + commands: + - apt-get update -y && apt-get install -y build-essential + - cd app + - mix local.hex --force && mix local.rebar --force + - mix deps.get --only prod + - mix compile + - mix assets.deploy + - mix phx.gen.release + - mix release + + deploy: + image: alpine:latest + environment: + - REMOTE_SERVER="prymnci@${APP_SERVER_ADDRESS}" + - DEPLOY_PATH="/srv/app" + commands: + - apk add --no-cache openssh-client rsync + - eval $(ssh-agent -s) + - echo "${DEPLOY_KEY}" | ssh-add - + - mkdir -p ~/.ssh && chmod 700 ~/.ssh + - echo "${DEPLOY_KEY}" > ~/.ssh/known_hosts + - cd app && rsync -avz --delete _build/prod/rel/prymn/ "${REMOTE_SERVER}:${DEPLOY_PATH}" + secrets: [ DEPLOY_KEY ] diff --git a/Cargo.lock b/Cargo.lock index 2611991..a472206 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -709,15 +709,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" -[[package]] -name = "memoffset" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4" -dependencies = [ - "autocfg", -] - [[package]] name = "mime" version = "0.3.17" @@ -752,16 +743,13 @@ checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" [[package]] name = "nix" -version = "0.26.2" +version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfdda3d196821d6af13126e40375cdf7da646a96114af134d5f417a9a1dc8e1a" +checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.4.0", "cfg-if", "libc", - "memoffset", - "pin-utils", - "static_assertions", ] [[package]] @@ -1280,12 +1268,6 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" -[[package]] -name = "static_assertions" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" - [[package]] name = "strsim" version = "0.10.0" diff --git a/agent/Cargo.toml b/agent/Cargo.toml index 044d1c7..deee9fa 100644 --- a/agent/Cargo.toml +++ b/agent/Cargo.toml @@ -9,7 +9,7 @@ chrono = "0.4.26" clap = { version = "4.3.9" } envy = "0.4.2" itertools = "0.11.0" -nix = "0.26.2" +nix = "0.27.1" once_cell = "1.18.0" prost = "0.11.9" reqwest = { version = "0.11.18", features = ["blocking", "rustls-tls", "json"], default-features = false } diff --git a/agent/src/config.rs b/agent/src/config.rs index 3861de5..ed54131 100644 --- a/agent/src/config.rs +++ b/agent/src/config.rs @@ -8,7 +8,7 @@ pub struct Config { } fn default_backend_url() -> String { - "https://prymn.net".to_string() + "https://app.prymn.net".to_string() } pub static CONFIG: Lazy = diff --git a/app/config/dev.exs b/app/config/dev.exs index f9df5e3..76269c3 100644 --- a/app/config/dev.exs +++ b/app/config/dev.exs @@ -62,9 +62,6 @@ config :prymn, PrymnWeb.Endpoint, ] ] -# Enable dev routes for dashboard and mailbox -config :prymn, dev_routes: true - # Do not include metadata nor timestamps in development logs config :logger, :console, format: "[$level] $message\n" diff --git a/app/config/prod.exs b/app/config/prod.exs index 5593bd0..57c1de7 100644 --- a/app/config/prod.exs +++ b/app/config/prod.exs @@ -5,9 +5,7 @@ import Config # manifest is generated by the `mix assets.deploy` task, # which you should run after static files are built and # before starting your production server. -config :prymn, PrymnWeb.Endpoint, - cache_static_manifest: "priv/static/cache_manifest.json", - http: [host: "prymn.net"] +config :prymn, PrymnWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json" # Configures Swoosh API Client config :swoosh, api_client: Swoosh.ApiClient.Finch, finch_name: Prymn.Finch diff --git a/app/config/runtime.exs b/app/config/runtime.exs index 520d818..936fe22 100644 --- a/app/config/runtime.exs +++ b/app/config/runtime.exs @@ -48,53 +48,20 @@ if config_env() == :prod do You can generate one by calling: mix phx.gen.secret """ - host = System.get_env("PHX_HOST") || "example.com" - port = String.to_integer(System.get_env("PORT") || "4000") + host = System.get_env("HOST") || "app.prymn.net" config :prymn, PrymnWeb.Endpoint, url: [host: host, port: 443, scheme: "https"], - http: [ - # Enable IPv6 and bind on all interfaces. - # Set it to {0, 0, 0, 0, 0, 0, 0, 1} for local network only access. - # See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html - # for details about using IPv6 vs IPv4 and loopback vs public addresses. + https: [ ip: {0, 0, 0, 0, 0, 0, 0, 0}, - port: port + port: 443, + cipher_suite: :strong, + keyfile: System.get_env("PRYMN_SSL_KEY_PATH"), + certfile: System.get_env("PRYMN_SSL_CERT_PATH") ], + force_ssl: [hsts: true], secret_key_base: secret_key_base - # ## SSL Support - # - # To get SSL working, you will need to add the `https` key - # to your endpoint configuration: - # - # config :prymn, PrymnWeb.Endpoint, - # https: [ - # ..., - # port: 443, - # cipher_suite: :strong, - # keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"), - # certfile: System.get_env("SOME_APP_SSL_CERT_PATH") - # ] - # - # The `cipher_suite` is set to `:strong` to support only the - # latest and more secure SSL ciphers. This means old browsers - # and clients may not be supported. You can set it to - # `:compatible` for wider support. - # - # `:keyfile` and `:certfile` expect an absolute path to the key - # and cert in disk or a relative path inside priv, for example - # "priv/ssl/server.key". For all supported SSL configuration - # options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1 - # - # We also recommend setting `force_ssl` in your endpoint, ensuring - # no data is ever sent via http, always redirecting to https: - # - # config :prymn, PrymnWeb.Endpoint, - # force_ssl: [hsts: true] - # - # Check `Plug.SSL` for all available options in `force_ssl`. - # ## Configuring the mailer # # In production you need to configure the mailer to use a different adapter. diff --git a/app/lib/prymn_web/live/server_live/show.html.heex b/app/lib/prymn_web/live/server_live/show.html.heex index 8d56c80..0cfc367 100644 --- a/app/lib/prymn_web/live/server_live/show.html.heex +++ b/app/lib/prymn_web/live/server_live/show.html.heex @@ -42,7 +42,10 @@ -
+

<%= @uptime || "" %>s

Uptime

diff --git a/app/lib/prymn_web/router.ex b/app/lib/prymn_web/router.ex index 518acb9..0548e6d 100644 --- a/app/lib/prymn_web/router.ex +++ b/app/lib/prymn_web/router.ex @@ -1,4 +1,6 @@ defmodule PrymnWeb.Router do + import Phoenix.LiveDashboard.Router + import Plug.BasicAuth import PrymnWeb.UserAuth use PrymnWeb, :router @@ -17,6 +19,11 @@ defmodule PrymnWeb.Router do plug :accepts, ["json"] end + pipeline :dev do + # TODO: Make this safer :) + plug :basic_auth, username: "hello", password: "secret" + end + scope "/", PrymnWeb do pipe_through [:browser, :require_authenticated_user] @@ -73,20 +80,10 @@ defmodule PrymnWeb.Router do post "/servers/register", ServerController, :register end - # Enable LiveDashboard and Swoosh mailbox preview in development - if Application.compile_env(:prymn, :dev_routes) do - # If you want to use the LiveDashboard in production, you should put - # it behind authentication and allow only admins to access it. - # If your application does not have an admins-only section yet, - # you can use Plug.BasicAuth to set up some basic authentication - # as long as you are also using SSL (which you should anyway). - import Phoenix.LiveDashboard.Router + scope "/dev" do + pipe_through [:browser, :dev] - scope "/dev" do - pipe_through :browser - - live_dashboard "/dashboard", metrics: PrymnWeb.Telemetry - forward "/mailbox", Plug.Swoosh.MailboxPreview - end + live_dashboard "/dashboard", metrics: PrymnWeb.Telemetry + forward "/mailbox", Plug.Swoosh.MailboxPreview end end