改进

.gitignore

@@ -18,4 +18,3 @@ yarn-error.log
 /.idea
 /.vscode
 rr
-.rr.yaml

.gitlab-ci.yml

@@ -0,0 +1,51 @@
+stages:
+  - build
+  - deploy
+
+docker-build:
+  image: docker:latest
+  stage: build
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  script:
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        tag=""
+        echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
+      else
+        tag=":$CI_COMMIT_REF_SLUG"
+        echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
+      fi
+    - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
+    - docker push "$CI_REGISTRY_IMAGE${tag}"
+  # Run this job in a branch where a Dockerfile exists
+  rules:
+    - if: $CI_COMMIT_BRANCH
+      exists:
+        - Dockerfile
+
+deploy_to_cluster:
+  image:
+    name: bitnami/kubectl:latest
+    entrypoint: ['']
+  tags:
+    - k8s
+  stage: deploy
+  script:
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        tag=""
+        echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
+      else
+        tag=":$CI_COMMIT_REF_SLUG"
+        sed -i "s/registry.daisukide.com:2083\/ecosystem\/oauth:latest/registry.daisukide.com:2083\/ecosystem\/oauth$tag/g" deploy/manifest.yaml
+        echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
+      fi
+    - kubectl get pods
+    - kubectl apply -f deploy/manifest.yaml
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        kubectl -n ecosystem rollout restart deployment oauth
+      fi

.rr.yaml

@@ -0,0 +1,10 @@
+version: "3"
+
+server:
+  command: "php artisan app:work"
+
+grpc:
+  listen: "tcp://127.0.0.1:9001"
+
+  proto:
+    - "resources/proto/pinger.proto"

Dockerfile

@@ -0,0 +1,23 @@
+FROM registry.daisukide.com:2083/leaf/docker-php-image:latest
+
+WORKDIR /app
+
+COPY . /app
+
+RUN useradd -ms /bin/bash -u 1337 www && rm -rf vendor/
+
+RUN apt update && apt install supervisor -y
+# unset composer repo
+RUN composer config -g repo.packagist composer https://packagist.org
+RUN composer install --no-dev
+RUN composer dump-autoload --optimize --no-dev --classmap-authoritative
+RUN ./vendor/bin/rr get-binary
+RUN art octane:install --server=roadrunner
+
+COPY deploy/start-container /usr/local/bin/start-container
+COPY deploy/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+RUN chmod +x /usr/local/bin/start-container
+
+EXPOSE 8000
+
+ENTRYPOINT ["start-container"]

deploy/manifest.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: oauth
+  namespace: ecosystem
+spec:
+  selector:
+    matchLabels:
+      app: oauth
+      framework: laravel
+  template:
+    metadata:
+      labels:
+        app: oauth
+        framework: laravel
+
+    spec:
+      containers:
+        - name: oauth-http
+          image: registry.daisukide.com:2083/ecosystem/oauth:latest
+          imagePullPolicy: Always
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          ports:
+            - containerPort: 8000
+          envFrom:
+            - configMapRef:
+                name: oauth-env
+          env:
+            - name: APP_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: oauth-secret
+                  key: application-key
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: oauth-secret
+                  key: database-password
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: oauth-secret
+                  key: redis-password
+          volumeMounts:
+            - name: oauth-storage
+              mountPath: /app/storage
+      imagePullSecrets:
+        - name: registry
+      volumes:
+        - name: oauth-storage
+          persistentVolumeClaim:
+            claimName: oauth-storage-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: oauth
+  namespace: ecosystem
+spec:
+  selector:
+    app: oauth
+    framework: laravel
+  ports:
+    - port: 80
+      targetPort: 8000
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: oauth-env
+  namespace: ecosystem
+  labels:
+    env: prod
+    app: oauth
+data:
+  APP_ENV: "production"
+  DB_USERNAME: "ecosystem_oauth"
+  DB_CONNECTION: "mysql"
+  DB_HOST: "mariadb-mariadb-galera.databases.svc.cluster.local"
+  DB_PORT: "3306"
+  DB_DATABASE: "ecosystem_oauth"
+  REDIS_HOST: "redis.databases.svc.cluster.local"

deploy/start-container

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if [ ! -d /.composer ]; then
+    mkdir /.composer
+fi
+
+chmod -R ugo+rw /.composer
+
+cp .env.example .env
+php /app/artisan app:init
+
+exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

deploy/supervisord.conf

@@ -0,0 +1,44 @@
+[supervisord]
+nodaemon=true
+user=root
+logfile=/var/log/supervisor/supervisord.log
+pidfile=/var/run/supervisord.pid
+
+[program:www]
+process_name=%(program_name)s_%(process_num)02d
+command=/usr/bin/php /app/artisan octane:start --host=0.0.0.0
+# user=www
+autostart=true
+autorestart=true
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:grpc]
+process_name=%(program_name)s_%(process_num)02d
+command=/app/rr serve
+workingdir=/app
+autostart=true
+autorestart=true
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:queue]
+process_name=%(program_name)s_%(process_num)02d
+command=/usr/bin/php /app/artisan queue:work
+# user=www
+autostart=true
+autorestart=true
+stopasgroup=true
+killasgroup=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0