ci: app release pipeline

This commit is contained in:
Nikos Papadakis 2023-09-03 15:02:37 +03:00
parent 7e71df8a96
commit ec365709b4
Signed by untrusted user who does not match committer: nikos
GPG key ID: 78871F9905ADFF02
11 changed files with 66 additions and 88 deletions

View file

@ -1,2 +1,2 @@
elixir 1.15.4-otp-26 elixir 1.15.5
erlang 26.0.2 erlang 26.0.2

View file

@ -13,8 +13,7 @@ steps:
image: git.nikos.gg/prymn/rust/aarch64:latest image: git.nikos.gg/prymn/rust/aarch64:latest
commands: commands:
- protoc --version - protoc --version
- cd agent - cargo build --bin prymn_agent --release --target "${BUILD_TARGET}"
- cargo build --release --target "${BUILD_TARGET}"
- mkdir -p "dist/${BUILD_TARGET}" - mkdir -p "dist/${BUILD_TARGET}"
- cp "target/${BUILD_TARGET}/release/prymn_agent" "dist/${BUILD_TARGET}" - cp "target/${BUILD_TARGET}/release/prymn_agent" "dist/${BUILD_TARGET}"
@ -27,5 +26,5 @@ steps:
from_secret: r2_access_key from_secret: r2_access_key
secret_key: secret_key:
from_secret: r2_secret_key from_secret: r2_secret_key
source: agent/dist/**/* source: dist/**/*
target: / target: /

View file

@ -0,0 +1,35 @@
labels:
platform: linux/arm64
when:
- event: tag
branch: main
steps:
make-release:
image: docker.io/hexpm/elixir:1.15.5-erlang-26.0.2-debian-bookworm-20230612
environment:
- MIX_ENV=prod
commands:
- apt-get update -y && apt-get install -y build-essential
- cd app
- mix local.hex --force && mix local.rebar --force
- mix deps.get --only prod
- mix compile
- mix assets.deploy
- mix phx.gen.release
- mix release
deploy:
image: alpine:latest
environment:
- REMOTE_SERVER="prymnci@${APP_SERVER_ADDRESS}"
- DEPLOY_PATH="/srv/app"
commands:
- apk add --no-cache openssh-client rsync
- eval $(ssh-agent -s)
- echo "${DEPLOY_KEY}" | ssh-add -
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
- echo "${DEPLOY_KEY}" > ~/.ssh/known_hosts
- cd app && rsync -avz --delete _build/prod/rel/prymn/ "${REMOTE_SERVER}:${DEPLOY_PATH}"
secrets: [ DEPLOY_KEY ]

24
Cargo.lock generated
View file

@ -709,15 +709,6 @@ version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
[[package]]
name = "memoffset"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
dependencies = [
"autocfg",
]
[[package]] [[package]]
name = "mime" name = "mime"
version = "0.3.17" version = "0.3.17"
@ -752,16 +743,13 @@ checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.26.2" version = "0.27.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bfdda3d196821d6af13126e40375cdf7da646a96114af134d5f417a9a1dc8e1a" checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
dependencies = [ dependencies = [
"bitflags 1.3.2", "bitflags 2.4.0",
"cfg-if", "cfg-if",
"libc", "libc",
"memoffset",
"pin-utils",
"static_assertions",
] ]
[[package]] [[package]]
@ -1280,12 +1268,6 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "static_assertions"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]] [[package]]
name = "strsim" name = "strsim"
version = "0.10.0" version = "0.10.0"

View file

@ -9,7 +9,7 @@ chrono = "0.4.26"
clap = { version = "4.3.9" } clap = { version = "4.3.9" }
envy = "0.4.2" envy = "0.4.2"
itertools = "0.11.0" itertools = "0.11.0"
nix = "0.26.2" nix = "0.27.1"
once_cell = "1.18.0" once_cell = "1.18.0"
prost = "0.11.9" prost = "0.11.9"
reqwest = { version = "0.11.18", features = ["blocking", "rustls-tls", "json"], default-features = false } reqwest = { version = "0.11.18", features = ["blocking", "rustls-tls", "json"], default-features = false }

View file

@ -8,7 +8,7 @@ pub struct Config {
} }
fn default_backend_url() -> String { fn default_backend_url() -> String {
"https://prymn.net".to_string() "https://app.prymn.net".to_string()
} }
pub static CONFIG: Lazy<Config> = pub static CONFIG: Lazy<Config> =

View file

@ -62,9 +62,6 @@ config :prymn, PrymnWeb.Endpoint,
] ]
] ]
# Enable dev routes for dashboard and mailbox
config :prymn, dev_routes: true
# Do not include metadata nor timestamps in development logs # Do not include metadata nor timestamps in development logs
config :logger, :console, format: "[$level] $message\n" config :logger, :console, format: "[$level] $message\n"

View file

@ -5,9 +5,7 @@ import Config
# manifest is generated by the `mix assets.deploy` task, # manifest is generated by the `mix assets.deploy` task,
# which you should run after static files are built and # which you should run after static files are built and
# before starting your production server. # before starting your production server.
config :prymn, PrymnWeb.Endpoint, config :prymn, PrymnWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
cache_static_manifest: "priv/static/cache_manifest.json",
http: [host: "prymn.net"]
# Configures Swoosh API Client # Configures Swoosh API Client
config :swoosh, api_client: Swoosh.ApiClient.Finch, finch_name: Prymn.Finch config :swoosh, api_client: Swoosh.ApiClient.Finch, finch_name: Prymn.Finch

View file

@ -48,53 +48,20 @@ if config_env() == :prod do
You can generate one by calling: mix phx.gen.secret You can generate one by calling: mix phx.gen.secret
""" """
host = System.get_env("PHX_HOST") || "example.com" host = System.get_env("HOST") || "app.prymn.net"
port = String.to_integer(System.get_env("PORT") || "4000")
config :prymn, PrymnWeb.Endpoint, config :prymn, PrymnWeb.Endpoint,
url: [host: host, port: 443, scheme: "https"], url: [host: host, port: 443, scheme: "https"],
http: [ https: [
# Enable IPv6 and bind on all interfaces.
# Set it to {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
# See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html
# for details about using IPv6 vs IPv4 and loopback vs public addresses.
ip: {0, 0, 0, 0, 0, 0, 0, 0}, ip: {0, 0, 0, 0, 0, 0, 0, 0},
port: port port: 443,
cipher_suite: :strong,
keyfile: System.get_env("PRYMN_SSL_KEY_PATH"),
certfile: System.get_env("PRYMN_SSL_CERT_PATH")
], ],
force_ssl: [hsts: true],
secret_key_base: secret_key_base secret_key_base: secret_key_base
# ## SSL Support
#
# To get SSL working, you will need to add the `https` key
# to your endpoint configuration:
#
# config :prymn, PrymnWeb.Endpoint,
# https: [
# ...,
# port: 443,
# cipher_suite: :strong,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")
# ]
#
# The `cipher_suite` is set to `:strong` to support only the
# latest and more secure SSL ciphers. This means old browsers
# and clients may not be supported. You can set it to
# `:compatible` for wider support.
#
# `:keyfile` and `:certfile` expect an absolute path to the key
# and cert in disk or a relative path inside priv, for example
# "priv/ssl/server.key". For all supported SSL configuration
# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
#
# We also recommend setting `force_ssl` in your endpoint, ensuring
# no data is ever sent via http, always redirecting to https:
#
# config :prymn, PrymnWeb.Endpoint,
# force_ssl: [hsts: true]
#
# Check `Plug.SSL` for all available options in `force_ssl`.
# ## Configuring the mailer # ## Configuring the mailer
# #
# In production you need to configure the mailer to use a different adapter. # In production you need to configure the mailer to use a different adapter.

View file

@ -42,7 +42,10 @@
</div> </div>
</section> </section>
<section :if={@server.status == :registered} class="my-10 flex rounded bg-gray-800 p-5 text-white"> <section
:if={@server.status == :registered}
class="my-10 flex justify-between rounded bg-gray-800 p-5 text-white"
>
<div> <div>
<p class="text-xl"><%= @uptime || "" %>s</p> <p class="text-xl"><%= @uptime || "" %>s</p>
<p class="text-sm">Uptime</p> <p class="text-sm">Uptime</p>

View file

@ -1,4 +1,6 @@
defmodule PrymnWeb.Router do defmodule PrymnWeb.Router do
import Phoenix.LiveDashboard.Router
import Plug.BasicAuth
import PrymnWeb.UserAuth import PrymnWeb.UserAuth
use PrymnWeb, :router use PrymnWeb, :router
@ -17,6 +19,11 @@ defmodule PrymnWeb.Router do
plug :accepts, ["json"] plug :accepts, ["json"]
end end
pipeline :dev do
# TODO: Make this safer :)
plug :basic_auth, username: "hello", password: "secret"
end
scope "/", PrymnWeb do scope "/", PrymnWeb do
pipe_through [:browser, :require_authenticated_user] pipe_through [:browser, :require_authenticated_user]
@ -73,20 +80,10 @@ defmodule PrymnWeb.Router do
post "/servers/register", ServerController, :register post "/servers/register", ServerController, :register
end end
# Enable LiveDashboard and Swoosh mailbox preview in development scope "/dev" do
if Application.compile_env(:prymn, :dev_routes) do pipe_through [:browser, :dev]
# If you want to use the LiveDashboard in production, you should put
# it behind authentication and allow only admins to access it.
# If your application does not have an admins-only section yet,
# you can use Plug.BasicAuth to set up some basic authentication
# as long as you are also using SSL (which you should anyway).
import Phoenix.LiveDashboard.Router
scope "/dev" do live_dashboard "/dashboard", metrics: PrymnWeb.Telemetry
pipe_through :browser forward "/mailbox", Plug.Swoosh.MailboxPreview
live_dashboard "/dashboard", metrics: PrymnWeb.Telemetry
forward "/mailbox", Plug.Swoosh.MailboxPreview
end
end end
end end