Merge branch 'master' of makerforce.io:beep/backend

.drone.yml

@@ -343,10 +343,56 @@ name: deploy
 clone:
   depth: 1
 steps:
-  - name: nop
-    image: 'alpine:3.8'
-    commands:
-      - echo nop
+  - name: submodule
+    image: plugins/git
+    settings:
+      recursive: true
+      submodule_override:
+        backend-auth: 'https://git.makerforce.io/beep/backend-auth.git'
+        backend-bite: 'https://git.makerforce.io/beep/backend-bite.git'
+        backend-core: 'https://git.makerforce.io/beep/backend-core.git'
+        backend-heartbeat: 'https://git.makerforce.io/beep/backend-heartbeat.git'
+        backend-login: 'https://git.makerforce.io/beep/backend-login.git'
+        backend-protobuf: 'https://git.makerforce.io/beep/backend-protobuf.git'
+        backend-publish: 'https://git.makerforce.io/beep/backend-publish.git'
+        backend-signal: 'https://git.makerforce.io/beep/backend-signal.git'
+        backend-store: 'https://git.makerforce.io/beep/backend-store.git'
+        backend-subscribe: 'https://git.makerforce.io/beep/backend-subscribe.git'
+        backend-transcription: 'https://git.makerforce.io/beep/backend-transcription.git'
+  - name: copy-docker-compose
+    image: appleboy/drone-scp
+    settings:
+      host: staging.beepvoice.app
+      username: core
+      ssh_key:
+        from_secret: ssh_key
+      source:
+        - docker-compose.staging.yml
+      target: /home/core/staging
+  - name: copy-migrations
+    image: appleboy/drone-scp
+    settings:
+      host: staging.beepvoice.app
+      username: core
+      ssh_key:
+        from_secret: ssh_key
+      source:
+        - backend-core/postgres/*
+      target: /home/core/staging/backend-core/postgres
+  - name: docker-compose-up
+    image: appleboy/drone-ssh
+    settings:
+      host: staging.beepvoice.app
+      username: core
+      ssh_key:
+        from_secret: ssh_key
+      script:
+        - >-
+          cd /home/core/staging && docker-compose -f docker-compose.staging.yml
+          pull
+        - >-
+          cd /home/core/staging && docker-compose -f docker-compose.staging.yml
+          up -d
 depends_on:
   - backend-auth
   - backend-bite

README.md

@@ -93,3 +93,6 @@ URL: `<base-url>/transcription`
 `transcription` takes the raw audio data, packages it and then sends it to the [Google Cloud Speech-to-Text](https://cloud.google.com/speech-to-text/). Sends the transcripted result to `store` to be stored. Handles HTTP requests to retrieve transcriptions too.
 
 `transcription` relies on a running `nats` instance. Is insecure if not behind `traefik` calling `auth`.
+
+## Staging
+

docker-compose.staging.yml

@@ -0,0 +1,190 @@
+#
+# Deployment
+#
+# Requirements
+# ./traefik.staging.toml
+# ./backend-core/postgres
+#
+
+version: "3"
+services:
+
+  traefik:
+    image: traefik
+    command: --configfile=/traefik.toml
+    depends_on:
+      - core
+      - signal
+      - heartbeat
+      - bite
+      - publish
+      - subscribe
+      - transcription
+      - auth
+    ports:
+      - "80:80"
+      - "443:443"
+      - "1837:1837"
+      - "8080:8080"
+    volumes:
+      - ./traefik.staging.toml:/traefik.toml:ro
+    networks:
+      - traefiknet
+      - authnet
+
+  pg:
+    image: postgres:10.3
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=
+      - POSTGRES_DB=core
+    ports:
+      - "5432:5432" # Close this for production
+    volumes:
+      - ./backend-core/postgres:/docker-entrypoint-initdb.d:ro
+    networks:
+      - pgnet
+
+  nats:
+    image: nats:latest
+    ports: # Close these for production
+      - "4222:4222"
+      - "6222:6222"
+      - "8222:8222"
+    networks:
+      - natsnet
+
+  redis:
+    image: redis:latest
+    ports:
+      - "6379:6379" # Close this for production
+    networks:
+      - redisnet
+
+  core:
+    image: registry.makerforce.io/beep/backend-core:latest
+    restart: unless-stopped
+    depends_on:
+      - pg
+    environment:
+      - LISTEN=:80
+      - POSTGRES=postgresql://root@pg:5432/core?sslmode=disable
+    networks:
+      - pgnet
+      - traefiknet
+
+  signal:
+    image: registry.makerforce.io/beep/backend-signal:latest
+    restart: unless-stopped
+    environment:
+      - PORT=80
+    networks:
+      - traefiknet
+
+  heartbeat:
+    image: registry.makerforce.io/beep/backend-heartbeat:latest
+    restart: unless-stopped
+    depends_on:
+      - redis
+    environment:
+      - LISTEN=:80
+      - REDIS=redis:6379
+    networks:
+      - redisnet
+      - traefiknet
+
+  login:
+    image: registry.makerforce.io/beep/backend-login:latest
+    restart: unless-stopped
+    environment:
+      - LISTEN=:80
+      - SECRET=secret
+      - POSTGRES=postgresql://root@pg:5432/core?sslmode=disable
+      - REDIS=redis:6379
+      - TTL=120s
+      - MESSAGING_SID=MG19d18fafcff1f3f34dff04c5b04c0699
+      - TWILIO_SID=AC22ea3eea85e5108a96b947aea8ab1320
+      - TWILIO_TOKEN=fb23fa1a1564aa9f62a7a3117f07b3a0
+    networks:
+      - traefiknet
+      - redisnet
+      - pgnet
+
+  auth:
+    image: registry.makerforce.io/beep/backend-auth:latest
+    restart: unless-stopped
+    environment:
+      - LISTEN=0.0.0.0:10205
+      - SECRET=secret
+    ports:
+      - "10205:10205" # Remove this for production
+    networks:
+      - authnet
+
+  bite:
+    image: registry.makerforce.io/beep/backend-bite:latest
+    restart: unless-stopped
+    depends_on:
+      - nats
+    environment:
+      - LISTEN=:80
+      - NATS=nats://nats:4222
+    networks:
+      - natsnet
+      - traefiknet
+
+  publish:
+    image: registry.makerforce.io/beep/backend-publish:latest
+    restart: unless-stopped
+    depends_on:
+      - nats
+    environment:
+      - LISTEN=:80
+      - NATS=nats://nats:4222
+      - SECRET=secret
+    networks:
+      - natsnet
+      - traefiknet
+
+  store:
+    image: registry.makerforce.io/beep/backend-store:latest
+    restart: unless-stopped
+    depends_on:
+      - nats
+    environment:
+      - NATS=nats://nats:4222
+      - DBPATH=/tmp/badger
+    networks:
+      - natsnet
+
+  subscribe:
+    image: registry.makerforce.io/beep/backend-subscribe:latest
+    restart: unless-stopped
+    depends_on:
+      - nats
+    environment:
+      - LISTEN=:80
+      - NATS=nats://nats:4222
+    networks:
+      - natsnet
+      - traefiknet
+
+  transcription:
+    image: registry.makerforce.io/beep/backend-transcription:latest
+    restart: unless-stopped
+    depends_on:
+      - nats
+    environment:
+      - LISTEN=:80
+      - NATS=nats://nats:4222
+      - API_KEY=AIzaSyDxSXDefzw9gXCQaVzOCYlRn_vcC9Da9Q0
+    networks:
+      - natsnet
+      - traefiknet
+
+networks:
+  authnet:
+  pgnet:
+  natsnet:
+  redisnet:
+  traefiknet:

drone_gen.js

@@ -59,11 +59,57 @@ const deploy = {
 	},
 	steps: [
 		{
-			name: 'nop',
-			image: 'alpine:3.8',
-			commands: [
-				'echo nop',
-			],
+			name: 'submodule',
+			image: 'plugins/git',
+			settings: {
+				recursive: true,
+				submodule_override,
+			},
+		},
+		{
+			name: 'copy-docker-compose',
+			image: 'appleboy/drone-scp',
+			settings: {
+				host: 'staging.beepvoice.app',
+				username: 'core',
+				ssh_key: {
+					from_secret: 'ssh_key',
+				},
+				source: [
+					'docker-compose.staging.yml',
+				],
+				target: '/home/core/staging',
+			},
+		},
+		{
+			name: 'copy-migrations',
+			image: 'appleboy/drone-scp',
+			settings: {
+				host: 'staging.beepvoice.app',
+				username: 'core',
+				ssh_key: {
+					from_secret: 'ssh_key',
+				},
+				source: [
+					'backend-core/postgres/*',
+				],
+				target: '/home/core/staging/backend-core/postgres',
+			},
+		},
+		{
+			name: 'docker-compose-up',
+			image: 'appleboy/drone-ssh',
+			settings: {
+				host: 'staging.beepvoice.app',
+				username: 'core',
+				ssh_key: {
+					from_secret: 'ssh_key',
+				},
+				script: [
+					'cd /home/core/staging && docker-compose -f docker-compose.staging.yml pull',
+					'cd /home/core/staging && docker-compose -f docker-compose.staging.yml up -d',
+				],
+			},
 		},
 	],
 	depends_on: dockers,

traefik.staging.toml

@@ -0,0 +1,183 @@
+# staging
+
+[api]
+
+dashboard = false
+
+[acme]
+
+email = "letsencrypt+alpha@beepvoice.app"
+caServer = "https://acme-v02.api.letsencrypt.org/directory"
+acmeLogging = true
+storage = "acme-staging.json"
+onHostRule = true
+entryPoint = "https"
+  [acme.httpChallenge]
+  entryPoint = "http"
+
+# funny, this doesn't work...
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+  [entryPoints.traefik]
+  address = ":8080"
+
+[file]
+
+# Core
+
+[backends.core]
+  [backends.core.servers.one]
+  url = "http://core"
+
+[frontends.core]
+backend = "core"
+entrypoints = ["http", "https"]
+  [frontends.core.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.core.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.core.routes.one]
+  rule = "PathPrefixStrip: /core/"
+
+# Signal
+
+[backends.signal]
+  [backends.signal.servers.one]
+  url = "http://signal"
+
+[frontends.signal]
+backend = "signal"
+entrypoints = ["http", "https"]
+  [frontends.signal.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.signal.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.signal.routes.one]
+  rule = "PathPrefixStrip: /signal/"
+
+# Heartbeat
+
+[backends.heartbeat]
+  [backends.heartbeat.servers.one]
+  url = "http://heartbeat"
+
+[frontends.heartbeat]
+backend = "heartbeat"
+entrypoints = ["http", "https"]
+  [frontends.heartbeat.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.heartbeat.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.heartbeat.routes.one]
+  rule = "PathPrefixStrip: /heartbeat/"
+
+# Bite
+
+[backends.bite]
+  [backends.bite.servers.one]
+  url = "http://bite"
+
+[frontends.bite]
+backend = "bite"
+entrypoints = ["http", "https"]
+  [frontends.bite.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.bite.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.bite.routes.one]
+  rule = "PathPrefixStrip: /bite/"
+
+# Publish
+
+[backends.publish]
+  [backends.publish.servers.one]
+  url = "http://publish"
+
+[frontends.publish]
+backend = "publish"
+entrypoints = ["http", "https"]
+  [frontends.publish.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.publish.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.publish.routes.one]
+  rule = "PathPrefixStrip: /publish/"
+
+# Subscribe
+
+[backends.subscribe]
+  [backends.subscribe.servers.one]
+  url = "http://subscribe"
+
+[frontends.subscribe]
+backend = "subscribe"
+entrypoints = ["http", "https"]
+  [frontends.subscribe.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.subscribe.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.subscribe.routes.one]
+  rule = "PathPrefixStrip: /subscribe/"
+
+# Transcription
+
+[backends.transcription]
+  [backends.transcription.servers.one]
+  url = "http://transcription"
+
+[frontends.transcription]
+backend = "transcription"
+entrypoints = ["http", "https"]
+  [frontends.transcription.auth.forward]
+  address = "http://auth:10205/auth"
+  [frontends.transcription.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.transcription.routes.one]
+  rule = "PathPrefixStrip: /transcription/"
+
+# Login
+
+[backends.login]
+  [backends.login.servers.one]
+  url = "http://login"
+
+[frontends.login]
+backend = "login"
+entrypoints = ["login", "login_https"]
+  [frontends.login.headers.customresponseheaders]
+  Access-Control-Allow-Origin = "*"
+  Access-Control-Allow-Headers = "Content-Type, Authorization"
+  Access-Control-Allow-Credentials = "true"
+  Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE"
+  [frontends.login.routes.one]
+  rule = "PathPrefixStrip: /"