ci: app release pipeline

.tool-versions

@@ -1,2 +1,2 @@
-elixir 1.15.4-otp-26
+elixir 1.15.5
 erlang 26.0.2

.woodpecker/release-agent.yml

@@ -13,8 +13,7 @@ steps:
     image: git.nikos.gg/prymn/rust/aarch64:latest
     commands:
       - protoc --version
-      - cd agent
+      - cargo build --bin prymn_agent --release --target "${BUILD_TARGET}"
-      - cargo build --release --target "${BUILD_TARGET}"
       - mkdir -p "dist/${BUILD_TARGET}"
       - cp "target/${BUILD_TARGET}/release/prymn_agent" "dist/${BUILD_TARGET}"
 
@@ -27,5 +26,5 @@ steps:
         from_secret: r2_access_key
       secret_key:
         from_secret: r2_secret_key
-      source: agent/dist/**/*
+      source: dist/**/*
       target: /

.woodpecker/release-app.yml

@@ -0,0 +1,35 @@
+labels:
+  platform: linux/arm64
+
+when:
+  - event: tag
+    branch: main
+
+steps:
+  make-release:
+    image: docker.io/hexpm/elixir:1.15.5-erlang-26.0.2-debian-bookworm-20230612
+    environment:
+      - MIX_ENV=prod
+    commands:
+      - apt-get update -y && apt-get install -y build-essential
+      - cd app
+      - mix local.hex --force && mix local.rebar --force
+      - mix deps.get --only prod
+      - mix compile
+      - mix assets.deploy
+      - mix phx.gen.release
+      - mix release
+
+  deploy:
+    image: alpine:latest
+    environment:
+      - REMOTE_SERVER="prymnci@${APP_SERVER_ADDRESS}"
+      - DEPLOY_PATH="/srv/app"
+    commands:
+      - apk add --no-cache openssh-client rsync
+      - eval $(ssh-agent -s)
+      - echo "${DEPLOY_KEY}" | ssh-add -
+      - mkdir -p ~/.ssh && chmod 700 ~/.ssh
+      - echo "${DEPLOY_KEY}" > ~/.ssh/known_hosts
+      - cd app && rsync -avz --delete _build/prod/rel/prymn/ "${REMOTE_SERVER}:${DEPLOY_PATH}"
+    secrets: [ DEPLOY_KEY ]

Cargo.lock

@@ -709,15 +709,6 @@ version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
 
-[[package]]
-name = "memoffset"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
-dependencies = [
- "autocfg",
-]
-
 [[package]]
 name = "mime"
 version = "0.3.17"
@@ -752,16 +743,13 @@ checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"
 
 [[package]]
 name = "nix"
-version = "0.26.2"
+version = "0.27.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfdda3d196821d6af13126e40375cdf7da646a96114af134d5f417a9a1dc8e1a"
+checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
 dependencies = [
- "bitflags 1.3.2",
+ "bitflags 2.4.0",
  "cfg-if",
  "libc",
- "memoffset",
- "pin-utils",
- "static_assertions",
 ]
 
 [[package]]
@@ -1280,12 +1268,6 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
 [[package]]
 name = "strsim"
 version = "0.10.0"

agent/Cargo.toml

@@ -9,7 +9,7 @@ chrono = "0.4.26"
 clap = { version = "4.3.9" }
 envy = "0.4.2"
 itertools = "0.11.0"
-nix = "0.26.2"
+nix = "0.27.1"
 once_cell = "1.18.0"
 prost = "0.11.9"
 reqwest = { version = "0.11.18", features = ["blocking", "rustls-tls", "json"], default-features = false }

agent/src/config.rs

@@ -8,7 +8,7 @@ pub struct Config {
 }
 
 fn default_backend_url() -> String {
-    "https://prymn.net".to_string()
+    "https://app.prymn.net".to_string()
 }
 
 pub static CONFIG: Lazy<Config> =

app/config/dev.exs

@@ -62,9 +62,6 @@ config :prymn, PrymnWeb.Endpoint,
     ]
   ]
 
-# Enable dev routes for dashboard and mailbox
-config :prymn, dev_routes: true
-
 # Do not include metadata nor timestamps in development logs
 config :logger, :console, format: "[$level] $message\n"
 

app/config/prod.exs

@@ -5,9 +5,7 @@ import Config
 # manifest is generated by the `mix assets.deploy` task,
 # which you should run after static files are built and
 # before starting your production server.
-config :prymn, PrymnWeb.Endpoint,
+config :prymn, PrymnWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
-  cache_static_manifest: "priv/static/cache_manifest.json",
-  http: [host: "prymn.net"]
 
 # Configures Swoosh API Client
 config :swoosh, api_client: Swoosh.ApiClient.Finch, finch_name: Prymn.Finch

app/config/runtime.exs

@@ -48,53 +48,20 @@ if config_env() == :prod do
       You can generate one by calling: mix phx.gen.secret
       """
 
-  host = System.get_env("PHX_HOST") || "example.com"
+  host = System.get_env("HOST") || "app.prymn.net"
-  port = String.to_integer(System.get_env("PORT") || "4000")
 
   config :prymn, PrymnWeb.Endpoint,
     url: [host: host, port: 443, scheme: "https"],
-    http: [
+    https: [
-      # Enable IPv6 and bind on all interfaces.
-      # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
-      # See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html
-      # for details about using IPv6 vs IPv4 and loopback vs public addresses.
       ip: {0, 0, 0, 0, 0, 0, 0, 0},
-      port: port
+      port: 443,
+      cipher_suite: :strong,
+      keyfile: System.get_env("PRYMN_SSL_KEY_PATH"),
+      certfile: System.get_env("PRYMN_SSL_CERT_PATH")
     ],
+    force_ssl: [hsts: true],
     secret_key_base: secret_key_base
 
-  # ## SSL Support
-  #
-  # To get SSL working, you will need to add the `https` key
-  # to your endpoint configuration:
-  #
-  #     config :prymn, PrymnWeb.Endpoint,
-  #       https: [
-  #         ...,
-  #         port: 443,
-  #         cipher_suite: :strong,
-  #         keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
-  #         certfile: System.get_env("SOME_APP_SSL_CERT_PATH")
-  #       ]
-  #
-  # The `cipher_suite` is set to `:strong` to support only the
-  # latest and more secure SSL ciphers. This means old browsers
-  # and clients may not be supported. You can set it to
-  # `:compatible` for wider support.
-  #
-  # `:keyfile` and `:certfile` expect an absolute path to the key
-  # and cert in disk or a relative path inside priv, for example
-  # "priv/ssl/server.key". For all supported SSL configuration
-  # options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
-  #
-  # We also recommend setting `force_ssl` in your endpoint, ensuring
-  # no data is ever sent via http, always redirecting to https:
-  #
-  #     config :prymn, PrymnWeb.Endpoint,
-  #       force_ssl: [hsts: true]
-  #
-  # Check `Plug.SSL` for all available options in `force_ssl`.
-
   # ## Configuring the mailer
   #
   # In production you need to configure the mailer to use a different adapter.

app/lib/prymn_web/live/server_live/show.html.heex

@@ -42,7 +42,10 @@
   </div>
 </section>
 
-<section :if={@server.status == :registered} class="my-10 flex rounded bg-gray-800 p-5 text-white">
+<section
+  :if={@server.status == :registered}
+  class="my-10 flex justify-between rounded bg-gray-800 p-5 text-white"
+>
   <div>
     <p class="text-xl"><%= @uptime || "" %>s</p>
     <p class="text-sm">Uptime</p>

app/lib/prymn_web/router.ex

@@ -1,4 +1,6 @@
 defmodule PrymnWeb.Router do
+  import Phoenix.LiveDashboard.Router
+  import Plug.BasicAuth
   import PrymnWeb.UserAuth
 
   use PrymnWeb, :router
@@ -17,6 +19,11 @@ defmodule PrymnWeb.Router do
     plug :accepts, ["json"]
   end
 
+  pipeline :dev do
+    # TODO: Make this safer :)
+    plug :basic_auth, username: "hello", password: "secret"
+  end
+
   scope "/", PrymnWeb do
     pipe_through [:browser, :require_authenticated_user]
 
@@ -73,20 +80,10 @@ defmodule PrymnWeb.Router do
     post "/servers/register", ServerController, :register
   end
 
-  # Enable LiveDashboard and Swoosh mailbox preview in development
-  if Application.compile_env(:prymn, :dev_routes) do
-    # If you want to use the LiveDashboard in production, you should put
-    # it behind authentication and allow only admins to access it.
-    # If your application does not have an admins-only section yet,
-    # you can use Plug.BasicAuth to set up some basic authentication
-    # as long as you are also using SSL (which you should anyway).
-    import Phoenix.LiveDashboard.Router
-
   scope "/dev" do
-      pipe_through :browser
+    pipe_through [:browser, :dev]
 
     live_dashboard "/dashboard", metrics: PrymnWeb.Telemetry
     forward "/mailbox", Plug.Swoosh.MailboxPreview
   end
 end
-end