diff --git a/.gitignore b/.gitignore index 0171683..b2313e6 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,3 @@ yarn-error.log /.idea /.vscode rr -.rr.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..cf918ed --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,51 @@ +stages: + - build + - deploy + +docker-build: + image: docker:latest + stage: build + services: + - docker:dind + before_script: + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + script: + - | + if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then + tag="" + echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" + else + tag=":$CI_COMMIT_REF_SLUG" + echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + fi + - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . + - docker push "$CI_REGISTRY_IMAGE${tag}" + # Run this job in a branch where a Dockerfile exists + rules: + - if: $CI_COMMIT_BRANCH + exists: + - Dockerfile + +deploy_to_cluster: + image: + name: bitnami/kubectl:latest + entrypoint: [''] + tags: + - k8s + stage: deploy + script: + - | + if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then + tag="" + echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" + else + tag=":$CI_COMMIT_REF_SLUG" + sed -i "s/registry.daisukide.com:2083\/ecosystem\/oauth:latest/registry.daisukide.com:2083\/ecosystem\/oauth$tag/g" deploy/manifest.yaml + echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + fi + - kubectl get pods + - kubectl apply -f deploy/manifest.yaml + - | + if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then + kubectl -n ecosystem rollout restart deployment oauth + fi diff --git a/.rr.yaml b/.rr.yaml new file mode 100644 index 0000000..76b5502 --- /dev/null +++ b/.rr.yaml @@ -0,0 +1,10 @@ +version: "3" + +server: + command: "php artisan app:work" + +grpc: + listen: "tcp://127.0.0.1:9001" + + proto: + - "resources/proto/pinger.proto" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..8b8507d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM registry.daisukide.com:2083/leaf/docker-php-image:latest + +WORKDIR /app + +COPY . /app + +RUN useradd -ms /bin/bash -u 1337 www && rm -rf vendor/ + +RUN apt update && apt install supervisor -y +# unset composer repo +RUN composer config -g repo.packagist composer https://packagist.org +RUN composer install --no-dev +RUN composer dump-autoload --optimize --no-dev --classmap-authoritative +RUN ./vendor/bin/rr get-binary +RUN art octane:install --server=roadrunner + +COPY deploy/start-container /usr/local/bin/start-container +COPY deploy/supervisord.conf /etc/supervisor/conf.d/supervisord.conf +RUN chmod +x /usr/local/bin/start-container + +EXPOSE 8000 + +ENTRYPOINT ["start-container"] diff --git a/deploy/manifest.yaml b/deploy/manifest.yaml new file mode 100644 index 0000000..72e787a --- /dev/null +++ b/deploy/manifest.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oauth + namespace: ecosystem +spec: + selector: + matchLabels: + app: oauth + framework: laravel + template: + metadata: + labels: + app: oauth + framework: laravel + + spec: + containers: + - name: oauth-http + image: registry.daisukide.com:2083/ecosystem/oauth:latest + imagePullPolicy: Always + resources: + limits: + memory: "512Mi" + cpu: "500m" + ports: + - containerPort: 8000 + envFrom: + - configMapRef: + name: oauth-env + env: + - name: APP_KEY + valueFrom: + secretKeyRef: + name: oauth-secret + key: application-key + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: oauth-secret + key: database-password + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: oauth-secret + key: redis-password + volumeMounts: + - name: oauth-storage + mountPath: /app/storage + imagePullSecrets: + - name: registry + volumes: + - name: oauth-storage + persistentVolumeClaim: + claimName: oauth-storage-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: oauth + namespace: ecosystem +spec: + selector: + app: oauth + framework: laravel + ports: + - port: 80 + targetPort: 8000 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: oauth-env + namespace: ecosystem + labels: + env: prod + app: oauth +data: + APP_ENV: "production" + DB_USERNAME: "ecosystem_oauth" + DB_CONNECTION: "mysql" + DB_HOST: "mariadb-mariadb-galera.databases.svc.cluster.local" + DB_PORT: "3306" + DB_DATABASE: "ecosystem_oauth" + REDIS_HOST: "redis.databases.svc.cluster.local" diff --git a/deploy/start-container b/deploy/start-container new file mode 100644 index 0000000..b634c30 --- /dev/null +++ b/deploy/start-container @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +if [ ! -d /.composer ]; then + mkdir /.composer +fi + +chmod -R ugo+rw /.composer + +cp .env.example .env +php /app/artisan app:init + +exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf diff --git a/deploy/supervisord.conf b/deploy/supervisord.conf new file mode 100644 index 0000000..b09edcd --- /dev/null +++ b/deploy/supervisord.conf @@ -0,0 +1,44 @@ +[supervisord] +nodaemon=true +user=root +logfile=/var/log/supervisor/supervisord.log +pidfile=/var/run/supervisord.pid + +[program:www] +process_name=%(program_name)s_%(process_num)02d +command=/usr/bin/php /app/artisan octane:start --host=0.0.0.0 +# user=www +autostart=true +autorestart=true +stopasgroup=true +killasgroup=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:grpc] +process_name=%(program_name)s_%(process_num)02d +command=/app/rr serve +workingdir=/app +autostart=true +autorestart=true +stopasgroup=true +killasgroup=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:queue] +process_name=%(program_name)s_%(process_num)02d +command=/usr/bin/php /app/artisan queue:work +# user=www +autostart=true +autorestart=true +stopasgroup=true +killasgroup=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0