Merge branch 'master' of makerforce.io:beep/backend

.drone.yml

@@ -1,4 +1,19 @@
 kind: pipeline
+name: ssh-test
+clone:
+  depth: 1
+steps:
+  - name: ssh
+    image: appleboy/drone-ssh
+    settings:
+      host: staging.beepvoice.app
+      username: core
+      key:
+        from_secret: ssh_key
+      script:
+        - cd /home/core/staging && ls
+---
+kind: pipeline
 name: backend-auth
 clone:
   depth: 1
@@ -31,6 +46,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-bite
@@ -65,6 +83,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-core
@@ -99,6 +120,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-heartbeat
@@ -133,6 +157,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-login
@@ -167,6 +194,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-publish
@@ -201,6 +231,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-signal
@@ -235,6 +268,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-store
@@ -269,6 +305,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-subscribe
@@ -303,6 +342,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: backend-transcription
@@ -337,6 +379,9 @@ steps:
         from_secret: docker_username
       password:
         from_secret: docker_password
+    when:
+      branch:
+        - master
 ---
 kind: pipeline
 name: deploy
@@ -364,35 +409,50 @@ steps:
     settings:
       host: staging.beepvoice.app
       username: core
-      ssh_key:
+      key:
         from_secret: ssh_key
       source:
         - docker-compose.staging.yml
+        - traefik.staging.toml
       target: /home/core/staging
+    when:
+      branch:
+        - master
   - name: copy-migrations
     image: appleboy/drone-scp
     settings:
       host: staging.beepvoice.app
       username: core
-      ssh_key:
+      key:
         from_secret: ssh_key
       source:
         - backend-core/postgres/*
-      target: /home/core/staging/backend-core/postgres
+      target: /home/core/staging
+    when:
+      branch:
+        - master
   - name: docker-compose-up
     image: appleboy/drone-ssh
     settings:
       host: staging.beepvoice.app
       username: core
-      ssh_key:
+      key:
         from_secret: ssh_key
       script:
         - >-
-          cd /home/core/staging && docker-compose -f docker-compose.staging.yml
+          cd /home/core/staging && /home/core/docker-compose -f
-          pull
+          docker-compose.staging.yml pull
         - >-
-          cd /home/core/staging && docker-compose -f docker-compose.staging.yml
+          cd /home/core/staging && /home/core/docker-compose -f
-          up -d
+          docker-compose.staging.yml up -d
+    when:
+      branch:
+        - master
+  - name: slack
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: slack_webhook_beep
 depends_on:
   - backend-auth
   - backend-bite

docker-compose.staging.yml

@@ -2,36 +2,12 @@
 # Deployment
 #
 # Requirements
-# ./traefik.staging.toml
 # ./backend-core/postgres
 #
 
 version: "3"
 services:
 
-  traefik:
-    image: traefik
-    command: --configfile=/traefik.toml
-    depends_on:
-      - core
-      - signal
-      - heartbeat
-      - bite
-      - publish
-      - subscribe
-      - transcription
-      - auth
-    ports:
-      - "80:80"
-      - "443:443"
-      - "1837:1837"
-      - "8080:8080"
-    volumes:
-      - ./traefik.staging.toml:/traefik.toml:ro
-    networks:
-      - traefiknet
-      - authnet
-
   pg:
     image: postgres:10.3
     environment:
@@ -71,7 +47,13 @@ services:
       - POSTGRES=postgresql://root@pg:5432/core?sslmode=disable
     networks:
       - pgnet
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/core/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
   signal:
     image: registry.makerforce.io/beep/backend-signal:latest
@@ -79,7 +61,13 @@ services:
     environment:
       - PORT=80
     networks:
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/signal/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
   heartbeat:
     image: registry.makerforce.io/beep/backend-heartbeat:latest
@@ -91,7 +79,13 @@ services:
       - REDIS=redis:6379
     networks:
       - redisnet
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/heartbeat/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
   login:
     image: registry.makerforce.io/beep/backend-login:latest
@@ -106,9 +100,13 @@ services:
       - TWILIO_SID=AC22ea3eea85e5108a96b947aea8ab1320
       - TWILIO_TOKEN=fb23fa1a1564aa9f62a7a3117f07b3a0
     networks:
-      - traefiknet
+      - http
       - redisnet
       - pgnet
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/login/
+      - traefik.port=80
 
   auth:
     image: registry.makerforce.io/beep/backend-auth:latest
@@ -119,7 +117,7 @@ services:
     ports:
       - "10205:10205" # Remove this for production
     networks:
-      - authnet
+      - http
 
   bite:
     image: registry.makerforce.io/beep/backend-bite:latest
@@ -131,7 +129,13 @@ services:
       - NATS=nats://nats:4222
     networks:
       - natsnet
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/bite/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
   publish:
     image: registry.makerforce.io/beep/backend-publish:latest
@@ -144,7 +148,13 @@ services:
       - SECRET=secret
     networks:
       - natsnet
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/publish/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
   store:
     image: registry.makerforce.io/beep/backend-store:latest
@@ -167,7 +177,13 @@ services:
       - NATS=nats://nats:4222
     networks:
       - natsnet
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/subscribe/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
   transcription:
     image: registry.makerforce.io/beep/backend-transcription:latest
@@ -180,11 +196,18 @@ services:
       - API_KEY=AIzaSyDxSXDefzw9gXCQaVzOCYlRn_vcC9Da9Q0
     networks:
       - natsnet
-      - traefiknet
+      - http
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:staging.beepvoice.app;PathPrefixStrip:/transcription/
+      - traefik.frontend.auth.forward.address=http://auth:10205/auth
+      - traefik.frontend.auth.forward.authResponseHeaders=X-User-Claim
+      - traefik.port=80
 
 networks:
-  authnet:
   pgnet:
   natsnet:
   redisnet:
-  traefiknet:
+  http:
+    external: 
+      name: http

drone_gen.js

@@ -47,10 +47,37 @@ const yamls = dockers.map(f => ({
 					from_secret: 'docker_password',
 				},
 			},
+			when: {
+				branch: ['master'],
+			},
 		},
 	],
 }))
 
+const sshTest = {
+	kind: 'pipeline',
+	name: 'ssh-test',
+	clone: {
+		depth: 1,
+	},
+	steps: [
+		{
+			name: 'ssh',
+			image: 'appleboy/drone-ssh',
+			settings: {
+				host: 'staging.beepvoice.app',
+				username: 'core',
+				key: {
+					from_secret: 'ssh_key',
+				},
+				script: [
+					'cd /home/core/staging && ls'
+				],
+			},
+		},
+	],
+};
+
 const deploy = {
 	kind: 'pipeline',
 	name: 'deploy',
@@ -72,14 +99,18 @@ const deploy = {
 			settings: {
 				host: 'staging.beepvoice.app',
 				username: 'core',
-				ssh_key: {
+				key: {
 					from_secret: 'ssh_key',
 				},
 				source: [
 					'docker-compose.staging.yml',
+					'traefik.staging.toml',
 				],
 				target: '/home/core/staging',
 			},
+			when: {
+				branch: ['master'],
+			},
 		},
 		{
 			name: 'copy-migrations',
@@ -87,13 +118,16 @@ const deploy = {
 			settings: {
 				host: 'staging.beepvoice.app',
 				username: 'core',
-				ssh_key: {
+				key: {
 					from_secret: 'ssh_key',
 				},
 				source: [
 					'backend-core/postgres/*',
 				],
-				target: '/home/core/staging/backend-core/postgres',
+				target: '/home/core/staging',
+			},
+			when: {
+				branch: ['master'],
 			},
 		},
 		{
@@ -102,20 +136,32 @@ const deploy = {
 			settings: {
 				host: 'staging.beepvoice.app',
 				username: 'core',
-				ssh_key: {
+				key: {
 					from_secret: 'ssh_key',
 				},
 				script: [
-					'cd /home/core/staging && docker-compose -f docker-compose.staging.yml pull',
+					'cd /home/core/staging && /home/core/docker-compose -f docker-compose.staging.yml pull',
-					'cd /home/core/staging && docker-compose -f docker-compose.staging.yml up -d',
+					'cd /home/core/staging && /home/core/docker-compose -f docker-compose.staging.yml up -d',
 				],
 			},
+			when: {
+				branch: ['master'],
+			},
+		},
+		{
+			name: 'slack',
+			image: 'plugins/slack',
+			settings: {
+				webhook: {
+					from_secret: 'slack_webhook_beep',
+				},
+			},
 		},
 	],
 	depends_on: dockers,
 };
 
-const droneyml = [].concat(yamls).concat(deploy).map(yaml.safeDump).join('---\n');
+const droneyml = [].concat(sshTest).concat(yamls).concat(deploy).map(yaml.safeDump).join('---\n');
 
 fs.writeFileSync(path.join(cwd, '.drone.yml'), droneyml);
 console.log('Written to .drone.yml');

traefik.staging.toml

@@ -1,183 +0,0 @@
-# staging
-
-[api]
-
-dashboard = false
-
-[acme]
-
-email = "letsencrypt+alpha@beepvoice.app"
-caServer = "https://acme-v02.api.letsencrypt.org/directory"
-acmeLogging = true
-storage = "acme-staging.json"
-onHostRule = true
-entryPoint = "https"
-  [acme.httpChallenge]
-  entryPoint = "http"
-
-# funny, this doesn't work...
-defaultEntryPoints = ["http", "https"]
-
-[entryPoints]
-
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-  [entryPoints.traefik]
-  address = ":8080"
-
-[file]
-
-# Core
-
-[backends.core]
-  [backends.core.servers.one]
-  url = "http://core"
-
-[frontends.core]
-backend = "core"
-entrypoints = ["http", "https"]
-  [frontends.core.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.core.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.core.routes.one]
-  rule = "PathPrefixStrip: /core/"
-
-# Signal
-
-[backends.signal]
-  [backends.signal.servers.one]
-  url = "http://signal"
-
-[frontends.signal]
-backend = "signal"
-entrypoints = ["http", "https"]
-  [frontends.signal.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.signal.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.signal.routes.one]
-  rule = "PathPrefixStrip: /signal/"
-
-# Heartbeat
-
-[backends.heartbeat]
-  [backends.heartbeat.servers.one]
-  url = "http://heartbeat"
-
-[frontends.heartbeat]
-backend = "heartbeat"
-entrypoints = ["http", "https"]
-  [frontends.heartbeat.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.heartbeat.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.heartbeat.routes.one]
-  rule = "PathPrefixStrip: /heartbeat/"
-
-# Bite
-
-[backends.bite]
-  [backends.bite.servers.one]
-  url = "http://bite"
-
-[frontends.bite]
-backend = "bite"
-entrypoints = ["http", "https"]
-  [frontends.bite.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.bite.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.bite.routes.one]
-  rule = "PathPrefixStrip: /bite/"
-
-# Publish
-
-[backends.publish]
-  [backends.publish.servers.one]
-  url = "http://publish"
-
-[frontends.publish]
-backend = "publish"
-entrypoints = ["http", "https"]
-  [frontends.publish.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.publish.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.publish.routes.one]
-  rule = "PathPrefixStrip: /publish/"
-
-# Subscribe
-
-[backends.subscribe]
-  [backends.subscribe.servers.one]
-  url = "http://subscribe"
-
-[frontends.subscribe]
-backend = "subscribe"
-entrypoints = ["http", "https"]
-  [frontends.subscribe.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.subscribe.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.subscribe.routes.one]
-  rule = "PathPrefixStrip: /subscribe/"
-
-# Transcription
-
-[backends.transcription]
-  [backends.transcription.servers.one]
-  url = "http://transcription"
-
-[frontends.transcription]
-backend = "transcription"
-entrypoints = ["http", "https"]
-  [frontends.transcription.auth.forward]
-  address = "http://auth:10205/auth"
-  [frontends.transcription.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.transcription.routes.one]
-  rule = "PathPrefixStrip: /transcription/"
-
-# Login
-
-[backends.login]
-  [backends.login.servers.one]
-  url = "http://login"
-
-[frontends.login]
-backend = "login"
-entrypoints = ["login", "login_https"]
-  [frontends.login.headers.customresponseheaders]
-  Access-Control-Allow-Origin = "*"
-  Access-Control-Allow-Headers = "Content-Type, Authorization"
-  Access-Control-Allow-Credentials = "true"
-  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
-  [frontends.login.routes.one]
-  rule = "PathPrefixStrip: /"