- improve beta deployment (#312)

* composer update * improve deployment * add encrypted beta .env * add images to docker meta step * update readme * improve tags, remove docker login * fix path for encrypted beta env * exclude deployment dir from Docker image * adjust running artisan command on beta * keep deployment scripts dir inside Docker image * disable showing command in the output * fix FATAL: role "root" does not exist * add make commands for development * move faker to require dependencies * add command for creating user in non production environments * code style fix * add LOCAL_EMAIL_FOR_LOGIN_VIA_GOOGLE in beta env * move LOCAL_EMAIL_FOR_LOGIN_VIA_GOOGLE to config * move DEPLOYMENT_PROJECT_VERSION_ARG at the end of Dockerfile * bump ssh action
blumilksoftware · Jun 1, 2023 · 7521107 · 7521107
1 parent 7c9328c
commit 7521107
Show file tree

Hide file tree

Showing 20 changed files with 857 additions and 518 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -7,3 +7,4 @@ public/build/
 public/hot
 .phpunit.result.cache
 .env
+environment/prod/deployment/beta
diff --git a/.env.example b/.env.example
@@ -67,3 +67,5 @@ DOCKER_TEST_DB_DATABASE=${DB_DATABASE}
 DOCKER_TEST_DB_USERNAME=${DB_USERNAME}
 DOCKER_TEST_DB_PASSWORD=${DB_PASSWORD}
 DOCKER_TEST_DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
+
+BETA_ENV_KEY=
diff --git a/.github/workflows/deploy-to-beta-manually.yml b/.github/workflows/deploy-to-beta-manually.yml
@@ -13,6 +13,8 @@ jobs:
     environment: beta
     name: Deploy to beta
     runs-on: ubuntu-22.04
+    env:
+      REPO_NAME: toby
     steps:
       - name: set branch name
         run: echo "BRANCH_NAME=$GITHUB_REF_NAME" >> $GITHUB_ENV
@@ -29,6 +31,9 @@ jobs:
           git config user.email "<>"
           git merge --no-commit --no-ff origin/main
 
+      - name: set deployment project version
+        run: echo "DEPLOYMENT_PROJECT_VERSION=$(bash ./environment/prod/deployment/scripts/version.sh --long)" >> $GITHUB_ENV
+
       - name: set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
@@ -39,18 +44,42 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/${{ env.REPO_NAME }}
+          tags: type=raw,value=beta
+          context: git
+
       - name: build and push image
         uses: docker/build-push-action@v4
         with:
           context: .
           file: ./environment/prod/app/Dockerfile
+          build-args: DEPLOYMENT_PROJECT_VERSION_ARG=${{ env.DEPLOYMENT_PROJECT_VERSION }}
+          labels: ${{ steps.meta.outputs.labels }}
           push: true
           tags: ghcr.io/${{ github.repository_owner }}/toby:beta
           cache-from: type=gha, ref=ghcr.io/${{ github.repository_owner }}/toby-beta-build-cache
           cache-to: type=gha, ref=ghcr.io/${{ github.repository_owner }}/toby-beta-build-cache, mode=max
 
+      - name: copy files via ssh
+        uses: appleboy/[email protected]
+        with:
+          timeout: 10s
+          command_timeout: 10m
+          host: ${{ secrets.VPS_OVH_BF7EC892_HOST }}
+          port: ${{ secrets.VPS_OVH_BF7EC892_PORT }}
+          username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }}
+          key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }}
+          passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }}
+          source: "./environment/prod/deployment/beta/*,./environment/prod/deployment/scripts/*"
+          target: ${{ secrets.TOBY_VPS_BETA_APP_PATH }}
+          rm: true
+
       - name: run deployment script over ssh
-        uses: appleboy/[email protected].8
+        uses: appleboy/[email protected].10
         with:
           timeout: 10s
           command_timeout: 10m
@@ -61,12 +90,6 @@ jobs:
           passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }}
           script_stop: true
           script: |
-            cd ${{ secrets.TOBY_VPS_BETA_APP_PATH }}
-            git config user.name "GitHub Actions Bot"
-            git config user.email "<>"
-            git fetch
-            git checkout --force "${{ env.BRANCH_NAME }}"
-            git pull
-            git merge --no-commit --no-ff origin/main
-            make beta-deploy
-            docker images --filter dangling=true | grep "ghcr.io/blumilksoftware/toby" | awk '{print $3}'| xargs --no-run-if-empty docker rmi
+            cd ${{ secrets.TOBY_VPS_BETA_APP_PATH }}/environment/prod/deployment/beta
+            make beta-deploy BETA_ENV_KEY=${{ secrets.BETA_ENV_KEY }}
+            docker images --filter dangling=true | grep "ghcr.io/blumilksoftware/${{ env.REPO_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi
diff --git a/.github/workflows/run-command-on-beta.yml b/.github/workflows/run-command-on-beta.yml
@@ -26,5 +26,5 @@ jobs:
           passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }}
           script_stop: true
           script: |
-            cd ${{ secrets.TOBY_VPS_BETA_APP_PATH }}
+            cd ${{ secrets.TOBY_VPS_BETA_APP_PATH }}/environment/prod/deployment/beta
             make beta-artisan ARTISAN_ARGS="${{ inputs.artisan_arguments }}"
diff --git a/.gitignore b/.gitignore
@@ -10,6 +10,7 @@
 /vendor
 .env
 .env.backup
+.env.beta
 .phpunit.result.cache
 docker-compose.override.yml
 Homestead.json

diff --git a/Makefile b/Makefile
@@ -1,26 +1,21 @@
-DOCKER_COMPOSE_BETA_FILENAME = docker-compose.beta.yml
-BETA_DOCKER_EXEC = docker compose --file ${DOCKER_COMPOSE_BETA_FILENAME} exec --workdir /application/environment/scripts
-
-DOCKER_COMPOSE_PROD_FILENAME = docker-compose.prod.yml
-PROD_DOCKER_EXEC = docker compose --file ${DOCKER_COMPOSE_PROD_FILENAME} exec --workdir /application/environment/scripts
-
 export COMPOSE_DOCKER_CLI_BUILD = 1
 export DOCKER_BUILDKIT = 1
 
-beta-artisan:
-	echo "Running: php artisan ${ARTISAN_ARGS}" && \
-	docker compose --file ${DOCKER_COMPOSE_BETA_FILENAME} exec toby-beta-app php artisan ${ARTISAN_ARGS}
+include .env
 
-beta-deploy: create-deployment-file
-	docker compose --file ${DOCKER_COMPOSE_BETA_FILENAME} up --force-recreate --detach && \
-	echo "App post deploy actions" && \
-	${BETA_DOCKER_EXEC} toby-beta-app bash post-deploy-actions.sh
+SHELL := /bin/bash
 
-beta-reload-config:
-	echo "App config reload" && \
-	${BETA_DOCKER_EXEC} toby-beta-app bash reload-config.sh
+DOCKER_COMPOSE_FILE = docker-compose.yml
+DOCKER_COMPOSE_APP_CONTAINER = php
+
+DOCKER_COMPOSE_PROD_FILENAME = docker-compose.prod.yml
+PROD_DOCKER_EXEC = docker compose --file ${DOCKER_COMPOSE_PROD_FILENAME} exec --workdir /application/environment/scripts
 
-prod-deploy: create-deployment-file
+CURRENT_USER_ID = $(shell id --user)
+CURRENT_USER_GROUP_ID = $(shell id --group)
+CURRENT_DIR = $(shell pwd)
+
+prod-deploy:
 	docker compose --file ${DOCKER_COMPOSE_PROD_FILENAME} up --force-recreate --detach && \
 	echo "App post deploy actions" && \
 	${PROD_DOCKER_EXEC} toby-prod-app bash post-deploy-actions.sh
@@ -29,14 +24,55 @@ prod-reload-config:
 	echo "App config reload" && \
 	${PROD_DOCKER_EXEC} toby-prod-app bash reload-config.sh
 
+build:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} build --pull
+
+run:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} up --detach
+
+stop:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} stop
+
+restart: stop run
+
+shell:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} bash
+
+test:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} composer test
+
+fix:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} bash -c 'composer csf'
+
+queue:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} php artisan queue:work
 
-DEPLOYMENT_PROJECT_VERSION = $(shell ./environment/scripts/version.sh --long)
-DEPLOYMENT_DATETIME = $(shell TZ=Europe/Warsaw date --rfc-3339=seconds)
+encrypt-beta-env:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} run \
+	--rm \
+	--no-deps \
+	--volume ${CURRENT_DIR}/environment/prod/deployment/beta:/envs \
+	--entrypoint "" \
+	--workdir /application \
+	--user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" \
+	${DOCKER_COMPOSE_APP_CONTAINER} \
+	bash -c "cp /envs/.env.beta /application \
+		&& php artisan env:encrypt --env beta --key ${BETA_ENV_KEY} \
+		&& mv .env.beta.encrypted /envs \
+		&& rm .env.beta"
 
-create-deployment-file:
-	@echo "\
-	DEPLOY_DATE='${DEPLOYMENT_DATETIME}'\n\
-	DEPLOY_VERSION='${DEPLOYMENT_PROJECT_VERSION}'\
-	" > .deployment
+decrypt-beta-env:
+	@docker compose --file ${DOCKER_COMPOSE_FILE} run \
+	--rm \
+	--no-deps \
+	--volume ${CURRENT_DIR}/environment/prod/deployment/beta:/envs \
+	--entrypoint "" \
+	--workdir /application \
+	--user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" \
+	${DOCKER_COMPOSE_APP_CONTAINER} \
+	bash -c "cp /envs/.env.beta.encrypted /application \
+		&& php artisan env:decrypt --env beta --key ${BETA_ENV_KEY} \
+		&& mv .env.beta /envs \
+		&& rm .env.beta.encrypted"
 
-.PHONY: beta-deploy beta-reload-config prod-deploy prod-reload-config create-deployment-file beta-artisan
+.PHONY: prod-deploy prod-reload-config build run stop restart shell test fix queue encrypt-beta-env decrypt-beta-env
diff --git a/app/Infrastructure/Console/Commands/Users/CreateUser.php b/app/Infrastructure/Console/Commands/Users/CreateUser.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Toby\Infrastructure\Console\Commands\Users;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\ValidationException;
+use Toby\Domain\Enums\Role;
+use Toby\Eloquent\Models\User;
+use ValueError;
+
+class CreateUser extends Command
+{
+    protected $signature = "toby:create-user {email} {--role=administrator}";
+    protected $description = "Create user in non-production environment.";
+
+    public function handle(): void
+    {
+        if (app()->isProduction()) {
+            $this->error("User cannot be created in production environment.");
+            return;
+        }
+
+        $email = $this->argument("email");
+
+        try {
+            Validator::validate(data: ["email" => $email], rules: ["email" => ["email"]]);
+        } catch (ValidationException) {
+            $this->error("Invalid email.");
+            return;
+        }
+
+        try {
+            $role = Role::from($this->option("role"));
+        } catch (ValueError) {
+            $this->error("Invalid role.");
+            return;
+        }
+
+        $userExists = User::query()->where("email", $email)->exists();
+        if ($userExists) {
+            $this->error("Email already exists.");
+            return;
+        }
+
+        User::factory([
+            "email" => $email,
+            "role" => $role,
+        ])->create();
+
+        $this->info("User has been created.");
+    }
+}
diff --git a/composer.json b/composer.json
@@ -8,32 +8,32 @@
         "php": "^8.1",
         "ext-pdo": "*",
         "ext-redis": "*",
-        "azuyalabs/yasumi": "^2.4",
-        "barryvdh/laravel-dompdf": "^2.0",
-        "doctrine/dbal": "^3.3",
-        "guzzlehttp/guzzle": "^7.0.1",
-        "inertiajs/inertia-laravel": "^0.6.2",
-        "laravel/framework": "^10.4.0",
-        "laravel/sanctum": "^3.2",
-        "laravel/socialite": "^5.2",
-        "laravel/telescope": "^4.6",
-        "laravel/tinker": "^2.5",
-        "maatwebsite/excel": "^3.1",
-        "phpoffice/phpword": "^1.0.0",
+        "azuyalabs/yasumi": "^2.6.0",
+        "barryvdh/laravel-dompdf": "^2.0.1",
+        "doctrine/dbal": "^3.6.2",
+        "fakerphp/faker": "^1.22.0",
+        "guzzlehttp/guzzle": "^7.7.0",
+        "inertiajs/inertia-laravel": "^0.6.9",
+        "laravel/framework": "^10.12.0",
+        "laravel/sanctum": "^3.2.5",
+        "laravel/socialite": "^5.6.1",
+        "laravel/telescope": "^4.14.3",
+        "laravel/tinker": "^2.8.1",
+        "maatwebsite/excel": "^3.1.48",
+        "phpoffice/phpword": "^1.1.0",
         "rackbeat/laravel-ui-avatars": "^1.2",
-        "sentry/sentry-laravel": "^3.4",
-        "spatie/laravel-google-calendar": "^3.5",
-        "spatie/laravel-model-states": "^2.1",
-        "spatie/laravel-slack-slash-command": "^1.11"
+        "sentry/sentry-laravel": "^3.4.0",
+        "spatie/laravel-google-calendar": "^3.6.0",
+        "spatie/laravel-model-states": "^2.4.6",
+        "spatie/laravel-slack-slash-command": "^1.11.4"
     },
     "require-dev": {
-        "blumilksoftware/codestyle": "^2.2",
-        "fakerphp/faker": "^1.19",
-        "laravel/dusk": "^7.1",
-        "mockery/mockery": "^1.5",
-        "nunomaduro/collision": "^7.0",
-        "phpunit/phpunit": "^10.0",
-        "spatie/laravel-ignition": "^2.0"
+        "blumilksoftware/codestyle": "^2.2.0",
+        "laravel/dusk": "^7.7.1",
+        "mockery/mockery": "^1.5.1",
+        "nunomaduro/collision": "^7.5.2",
+        "phpunit/phpunit": "^10.1.3",
+        "spatie/laravel-ignition": "^2.1.3"
     },
     "autoload": {
         "psr-4": {