-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #23 from groupher/add-cat-state-filter-for-posts
feat(devops): deploy to fly.io
- Loading branch information
Showing
45 changed files
with
657 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# This file excludes paths from the Docker build context. | ||
# | ||
# By default, Docker's build context includes all files (and folders) in the | ||
# current directory. Even if a file isn't copied into the container it is still sent to | ||
# the Docker daemon. | ||
# | ||
# There are multiple reasons to exclude files from the build context: | ||
# | ||
# 1. Prevent nested folders from being copied into the container (ex: exclude | ||
# /assets/node_modules when copying /assets) | ||
# 2. Reduce the size of the build context and improve build time (ex. /build, /deps, /doc) | ||
# 3. Avoid sending files containing sensitive information | ||
# | ||
# More information on using .dockerignore is available here: | ||
# https://docs.docker.com/engine/reference/builder/#dockerignore-file | ||
|
||
.dockerignore | ||
|
||
# Ignore git, but keep git HEAD and refs to access current commit hash if needed: | ||
# | ||
# $ cat .git/HEAD | awk '{print ".git/"$2}' | xargs cat | ||
# d0b8727759e1e0e7aa3d41707d12376e373d5ecc | ||
.git | ||
!.git/HEAD | ||
!.git/refs | ||
|
||
# Common development/test artifacts | ||
/cover/ | ||
/doc/ | ||
/test/ | ||
/tmp/ | ||
.elixir_ls | ||
|
||
# Mix artifacts | ||
/_build/ | ||
/deps/ | ||
*.ez | ||
|
||
# Generated on crash by the VM | ||
erl_crash.dump | ||
|
||
# Static artifacts - These should be fetched and built inside the Docker image | ||
/assets/node_modules/ | ||
/priv/static/assets/ | ||
/priv/static/cache_manifest.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
# Find eligible builder and runner images on Docker Hub. We use Ubuntu/Debian instead of | ||
# Alpine to avoid DNS resolution issues in production. | ||
# | ||
# https://hub.docker.com/r/hexpm/elixir/tags?page=1&name=ubuntu | ||
# https://hub.docker.com/_/ubuntu?tab=tags | ||
# | ||
# | ||
# This file is based on these images: | ||
# | ||
# - https://hub.docker.com/r/hexpm/elixir/tags - for the build image | ||
# - https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye-20240130-slim - for the release image | ||
# - https://pkgs.org/ - resource for finding needed packages | ||
# - Ex: hexpm/elixir:1.15.7-erlang-26.0.2-debian-bullseye-20240130-slim | ||
# | ||
ARG ELIXIR_VERSION=1.15.7 | ||
ARG OTP_VERSION=26.0.2 | ||
ARG DEBIAN_VERSION=bullseye-20240130-slim | ||
|
||
ARG BUILDER_IMAGE="hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-debian-${DEBIAN_VERSION}" | ||
ARG RUNNER_IMAGE="debian:${DEBIAN_VERSION}" | ||
|
||
FROM ${BUILDER_IMAGE} as builder | ||
|
||
# install build dependencies | ||
RUN apt-get update -y && apt-get install -y build-essential git \ | ||
&& apt-get clean && rm -f /var/lib/apt/lists/*_* | ||
|
||
# prepare build dir | ||
WORKDIR /app | ||
|
||
# install hex + rebar | ||
RUN mix local.hex --force && \ | ||
mix local.rebar --force | ||
|
||
# set build ENV | ||
ENV MIX_ENV="prod" | ||
|
||
# install mix dependencies | ||
COPY mix.exs mix.lock ./ | ||
RUN mix deps.get --only $MIX_ENV | ||
RUN mkdir config | ||
|
||
# copy compile-time config files before we compile dependencies | ||
# to ensure any relevant config change will trigger the dependencies | ||
# to be re-compiled. | ||
COPY config/config.exs config/${MIX_ENV}.exs config/ | ||
RUN mix deps.compile | ||
|
||
COPY priv priv | ||
|
||
COPY lib lib | ||
|
||
# Compile the release | ||
RUN mix compile | ||
|
||
# Changes to config/runtime.exs don't require recompiling the code | ||
COPY config/runtime.exs config/ | ||
|
||
COPY rel rel | ||
RUN mix release | ||
|
||
# start a new build stage so that the final image will only contain | ||
# the compiled release and other runtime necessities | ||
FROM ${RUNNER_IMAGE} | ||
|
||
RUN apt-get update -y && apt-get install -y libstdc++6 openssl libncurses5 locales \ | ||
&& apt-get clean && rm -f /var/lib/apt/lists/*_* | ||
|
||
# Set the locale | ||
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen | ||
|
||
ENV LANG en_US.UTF-8 | ||
ENV LANGUAGE en_US:en | ||
ENV LC_ALL en_US.UTF-8 | ||
|
||
WORKDIR "/app" | ||
RUN chown nobody /app | ||
|
||
# set runner ENV | ||
ENV MIX_ENV="prod" | ||
|
||
# Only copy the final release from the build stage | ||
COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/groupher_server ./ | ||
|
||
USER nobody | ||
|
||
CMD ["/app/bin/server"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
import Config | ||
|
||
import Helper.Utils, only: [get_host_from_url: 1] | ||
|
||
# ## Using releases | ||
# | ||
# If you use `mix release`, you need to explicitly enable the server | ||
# by passing the PHX_SERVER=true when you start it: | ||
# | ||
# PHX_SERVER=true bin/groupher_hello start | ||
# | ||
# Alternatively, you can use `mix phx.gen.release` to generate a `bin/server` | ||
# script that automatically sets the env var above. | ||
if System.get_env("PHX_SERVER") do | ||
config :groupher_server, GroupherServerWeb.Endpoint, server: true | ||
end | ||
|
||
if config_env() == :prod do | ||
# The secret key base is used to sign/encrypt cookies and other secrets. | ||
# A default value is used in config/dev.exs and config/test.exs but you | ||
# want to use a different value for prod and you most likely don't want | ||
# to check this value into version control, so we use an environment | ||
# variable instead. | ||
|
||
secret_key_base = | ||
System.get_env("SECRET_KEY_BASE") || | ||
raise """ | ||
environment variable SECRET_KEY_BASE is missing. | ||
You can generate one by calling: mix phx.gen.secret | ||
""" | ||
|
||
host = | ||
System.get_env("PHX_HOST") || "groupher-server.fly.dev" | ||
|
||
port = String.to_integer(System.get_env("PORT") || "4000") | ||
|
||
config :groupher_server, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY") | ||
|
||
config :groupher_server, GroupherServerWeb.Endpoint, | ||
url: [host: host, port: 443, scheme: "https"], | ||
http: [ | ||
# Enable IPv6 and bind on all interfaces. | ||
# Set it to {0, 0, 0, 0, 0, 0, 0, 1} for local network only access. | ||
# See the documentation on https://hexdocs.pm/bandit/Bandit.html#t:options/0 | ||
# for details about using IPv6 vs IPv4 and loopback vs public addresses. | ||
ip: {0, 0, 0, 0, 0, 0, 0, 0}, | ||
port: port | ||
], | ||
secret_key_base: secret_key_base | ||
|
||
# For production, we often load configuration from external | ||
# sources, such as your system environment. For this reason, | ||
# you won't find the :http configuration below, but set inside | ||
# GroupherServerWeb.Endpoint.init/2 when load_from_system_env is | ||
# true. Any dynamic configuration should be done there. | ||
# | ||
# Don't forget to configure the url host to something meaningful, | ||
# Phoenix uses this information when generating URLs. | ||
# | ||
# Finally, we also include the path to a cache manifest | ||
# containing the digested version of static files. This | ||
# manifest is generated by the mix phx.digest task | ||
# which you typically run after static files are built. | ||
config :groupher_server, GroupherServerWeb.Endpoint, load_from_system_env: true | ||
# url: [host: "groupher.com", port: 80] | ||
config :groupher_server, GroupherServerWeb.Endpoint, server: true | ||
|
||
# cache_static_manifest: "priv/static/cache_manifest.json" | ||
|
||
# Do not print debug messages in production | ||
# config :logger, level: :info | ||
config :logger, :console, format: "[$level] $message\n" | ||
|
||
# ## SSL Support | ||
# | ||
# To get SSL working, you will need to add the `https` key | ||
# to the previous section and set your `:url` port to 443: | ||
# | ||
# config :groupher_server, GroupherServerWeb.Endpoint, | ||
# ... | ||
# url: [host: "example.com", port: 443], | ||
# https: [:inet6, | ||
# port: 443, | ||
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"), | ||
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")] | ||
# | ||
# Where those two env variables return an absolute path to | ||
# the key and cert in disk or a relative path inside priv, | ||
# for example "priv/ssl/server.key". | ||
# | ||
# We also recommend setting `force_ssl`, ensuring no data is | ||
# ever sent via http, always redirecting to https: | ||
# | ||
# config :groupher_server, GroupherServerWeb.Endpoint, | ||
# force_ssl: [hsts: true] | ||
# | ||
# Check `Plug.SSL` for all available options in `force_ssl`. | ||
|
||
# ## Using releases | ||
# | ||
# If you are doing OTP releases, you need to instruct Phoenix | ||
# to start the server for all endpoints: | ||
# | ||
# config :phoenix, :serve_endpoints, true | ||
# | ||
# Alternatively, you can configure exactly which server to | ||
# start per endpoint: | ||
# | ||
# config :groupher_server, GroupherServerWeb.Endpoint, server: true | ||
# | ||
|
||
# Finally import the config/prod.secret.exs | ||
# which should be versioned separately. | ||
# import_config "prod.secret.exs" | ||
|
||
config :groupher_server, GroupherServerWeb.Endpoint, secret_key_base: secret_key_base | ||
|
||
config :groupher_server, Helper.Guardian, | ||
issuer: "groupher_server", | ||
secret_key: System.get_env("GUARDIAN_KEY") | ||
|
||
# You can generate a new secret by running: | ||
# mix phx.gen.secret | ||
# should use RDS 内网地址 | ||
# see https://neon.tech/docs/guides/elixir-ecto for Neon DB on vercel | ||
config :groupher_server, GroupherServer.Repo, | ||
adapter: Ecto.Adapters.Postgres, | ||
url: System.get_env("DATABASE_URL"), | ||
pool_size: String.to_integer(System.get_env("DB_POOL_SIZE") || "20"), | ||
ssl: true, | ||
ssl_opts: [ | ||
# server_name_indication: System.get_env("DB_HOST") |> String.to_charlist(), | ||
server_name_indication: | ||
get_host_from_url(System.get_env("DATABASE_URL")) |> String.to_charlist(), | ||
verify: :verify_none | ||
] | ||
|
||
config :groupher_server, :github_oauth, | ||
client_id: System.get_env("OAUTH_GITHUB_CLIENT_ID"), | ||
client_secret: System.get_env("OAUTH_GITHUB_CLIENT_SECRET"), | ||
redirect_uri: System.get_env("OAUTH_GITHUB_REDIRECT_URI") | ||
|
||
config :groupher_server, :ip_locate, ip_service: System.get_env("IP_LOCATE_KEY") | ||
config :groupher_server, :plausible, token: System.get_env("PLAUSIBLE_TOKEN") | ||
config :groupher_server, :audit, token: System.get_env("AUDIT_TOKEN") | ||
|
||
# config :sentry, | ||
# dsn: System.get_env("SENTRY_DSN"), | ||
# environment_name: :prod, | ||
# enable_source_code_context: true, | ||
# root_source_code_path: File.cwd!(), | ||
# tags: %{ | ||
# env: "production" | ||
# }, | ||
# included_environments: [:prod] | ||
|
||
# config email services | ||
config :groupher_server, GroupherServer.Mailer, api_key: System.get_env("MAILER_API_KEY") | ||
|
||
config :ex_aliyun_openapi, :sts, | ||
access_key_id: System.get_env("ALI_OSS_STS_AK"), | ||
access_key_secret: System.get_env("_ALIOSS_STS_AS") | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# fly.toml app configuration file generated for groupher-server on 2024-03-03T20:11:00+08:00 | ||
# | ||
# See https://fly.io/docs/reference/configuration/ for information about how to use this file. | ||
# | ||
|
||
app = 'groupher-server' | ||
primary_region = 'hkg' | ||
kill_signal = 'SIGTERM' | ||
|
||
[build] | ||
|
||
[deploy] | ||
release_command = '/app/bin/migrate' | ||
|
||
[env] | ||
PHX_HOST = 'groupher-server.fly.dev' | ||
PORT = '8080' | ||
|
||
[http_service] | ||
internal_port = 8080 | ||
force_https = true | ||
auto_stop_machines = true | ||
auto_start_machines = true | ||
min_machines_running = 0 | ||
processes = ['app'] | ||
|
||
[http_service.concurrency] | ||
type = 'connections' | ||
hard_limit = 1000 | ||
soft_limit = 1000 | ||
|
||
[[vm]] | ||
memory = '1gb' | ||
cpu_kind = 'shared' | ||
cpus = 1 |
Oops, something went wrong.