From b407b94c0faa108c2ebaa5441535ae8d9f8058b8 Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Sun, 24 Mar 2019 01:11:57 +0800 Subject: [PATCH 1/2] Add staging files --- docker-compose.staging.yml | 190 +++++++++++++++++++++++++++++++++++++ traefik.staging.toml | 183 +++++++++++++++++++++++++++++++++++ 2 files changed, 373 insertions(+) create mode 100644 docker-compose.staging.yml create mode 100644 traefik.staging.toml diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml new file mode 100644 index 0000000..8dc39ee --- /dev/null +++ b/docker-compose.staging.yml @@ -0,0 +1,190 @@ +# +# Deployment +# +# Requirements +# ./traefik.staging.toml +# ./backend-core/postgres +# + +version: "3" +services: + + traefik: + image: traefik + command: --configfile=/traefik.toml + depends_on: + - core + - signal + - heartbeat + - bite + - publish + - subscribe + - transcription + - auth + ports: + - "80:80" + - "443:443" + - "1837:1837" + - "8080:8080" + volumes: + - ./traefik.staging.toml:/traefik.toml:ro + networks: + - traefiknet + - authnet + + pg: + image: postgres:10.3 + environment: + - POSTGRES_USER=root + - POSTGRES_PASSWORD= + - POSTGRES_DB=core + ports: + - "5432:5432" # Close this for production + volumes: + - ./backend-core/postgres:/docker-entrypoint-initdb.d:ro + networks: + - pgnet + + nats: + image: nats:latest + ports: # Close these for production + - "4222:4222" + - "6222:6222" + - "8222:8222" + networks: + - natsnet + + redis: + image: redis:latest + ports: + - "6379:6379" # Close this for production + networks: + - redisnet + + core: + image: registry.makerforce.io/beep/backend-core:latest + restart: unless-stopped + depends_on: + - pg + environment: + - LISTEN=:80 + - POSTGRES=postgresql://root@pg:5432/core?sslmode=disable + networks: + - pgnet + - traefiknet + + signal: + image: registry.makerforce.io/beep/backend-signal:latest + restart: unless-stopped + environment: + - PORT=80 + networks: + - traefiknet + + heartbeat: + image: registry.makerforce.io/beep/backend-heartbeat:latest + restart: unless-stopped + depends_on: + - redis + environment: + - LISTEN=:80 + - REDIS=redis:6379 + networks: + - redisnet + - traefiknet + + login: + image: registry.makerforce.io/beep/backend-login:latest + restart: unless-stopped + environment: + - LISTEN=:80 + - SECRET=secret + - POSTGRES=postgresql://root@pg:5432/core?sslmode=disable + - REDIS=redis:6379 + - TTL=120s + - MESSAGING_SID=MG19d18fafcff1f3f34dff04c5b04c0699 + - TWILIO_SID=AC22ea3eea85e5108a96b947aea8ab1320 + - TWILIO_TOKEN=fb23fa1a1564aa9f62a7a3117f07b3a0 + networks: + - traefiknet + - redisnet + - pgnet + + auth: + image: registry.makerforce.io/beep/backend-auth:latest + restart: unless-stopped + environment: + - LISTEN=0.0.0.0:10205 + - SECRET=secret + ports: + - "10205:10205" # Remove this for production + networks: + - authnet + + bite: + image: registry.makerforce.io/beep/backend-bite:latest + restart: unless-stopped + depends_on: + - nats + environment: + - LISTEN=:80 + - NATS=nats://nats:4222 + networks: + - natsnet + - traefiknet + + publish: + image: registry.makerforce.io/beep/backend-publish:latest + restart: unless-stopped + depends_on: + - nats + environment: + - LISTEN=:80 + - NATS=nats://nats:4222 + - SECRET=secret + networks: + - natsnet + - traefiknet + + store: + image: registry.makerforce.io/beep/backend-store:latest + restart: unless-stopped + depends_on: + - nats + environment: + - NATS=nats://nats:4222 + - DBPATH=/tmp/badger + networks: + - natsnet + + subscribe: + image: registry.makerforce.io/beep/backend-subscribe:latest + restart: unless-stopped + depends_on: + - nats + environment: + - LISTEN=:80 + - NATS=nats://nats:4222 + networks: + - natsnet + - traefiknet + + transcription: + image: registry.makerforce.io/beep/backend-transcription:latest + restart: unless-stopped + depends_on: + - nats + environment: + - LISTEN=:80 + - NATS=nats://nats:4222 + - API_KEY=AIzaSyDxSXDefzw9gXCQaVzOCYlRn_vcC9Da9Q0 + networks: + - natsnet + - traefiknet + +networks: + authnet: + pgnet: + natsnet: + redisnet: + traefiknet: diff --git a/traefik.staging.toml b/traefik.staging.toml new file mode 100644 index 0000000..4bd1583 --- /dev/null +++ b/traefik.staging.toml @@ -0,0 +1,183 @@ +# staging + +[api] + +dashboard = false + +[acme] + +email = "letsencrypt+alpha@beepvoice.app" +caServer = "https://acme-v02.api.letsencrypt.org/directory" +acmeLogging = true +storage = "acme-staging.json" +onHostRule = true +entryPoint = "https" + [acme.httpChallenge] + entryPoint = "http" + +# funny, this doesn't work... +defaultEntryPoints = ["http", "https"] + +[entryPoints] + + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + [entryPoints.traefik] + address = ":8080" + +[file] + +# Core + +[backends.core] + [backends.core.servers.one] + url = "http://core" + +[frontends.core] +backend = "core" +entrypoints = ["http", "https"] + [frontends.core.auth.forward] + address = "http://auth:10205/auth" + [frontends.core.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.core.routes.one] + rule = "PathPrefixStrip: /core/" + +# Signal + +[backends.signal] + [backends.signal.servers.one] + url = "http://signal" + +[frontends.signal] +backend = "signal" +entrypoints = ["http", "https"] + [frontends.signal.auth.forward] + address = "http://auth:10205/auth" + [frontends.signal.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.signal.routes.one] + rule = "PathPrefixStrip: /signal/" + +# Heartbeat + +[backends.heartbeat] + [backends.heartbeat.servers.one] + url = "http://heartbeat" + +[frontends.heartbeat] +backend = "heartbeat" +entrypoints = ["http", "https"] + [frontends.heartbeat.auth.forward] + address = "http://auth:10205/auth" + [frontends.heartbeat.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.heartbeat.routes.one] + rule = "PathPrefixStrip: /heartbeat/" + +# Bite + +[backends.bite] + [backends.bite.servers.one] + url = "http://bite" + +[frontends.bite] +backend = "bite" +entrypoints = ["http", "https"] + [frontends.bite.auth.forward] + address = "http://auth:10205/auth" + [frontends.bite.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.bite.routes.one] + rule = "PathPrefixStrip: /bite/" + +# Publish + +[backends.publish] + [backends.publish.servers.one] + url = "http://publish" + +[frontends.publish] +backend = "publish" +entrypoints = ["http", "https"] + [frontends.publish.auth.forward] + address = "http://auth:10205/auth" + [frontends.publish.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.publish.routes.one] + rule = "PathPrefixStrip: /publish/" + +# Subscribe + +[backends.subscribe] + [backends.subscribe.servers.one] + url = "http://subscribe" + +[frontends.subscribe] +backend = "subscribe" +entrypoints = ["http", "https"] + [frontends.subscribe.auth.forward] + address = "http://auth:10205/auth" + [frontends.subscribe.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.subscribe.routes.one] + rule = "PathPrefixStrip: /subscribe/" + +# Transcription + +[backends.transcription] + [backends.transcription.servers.one] + url = "http://transcription" + +[frontends.transcription] +backend = "transcription" +entrypoints = ["http", "https"] + [frontends.transcription.auth.forward] + address = "http://auth:10205/auth" + [frontends.transcription.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization, X-User-Claim" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.transcription.routes.one] + rule = "PathPrefixStrip: /transcription/" + +# Login + +[backends.login] + [backends.login.servers.one] + url = "http://login" + +[frontends.login] +backend = "login" +entrypoints = ["login", "login_https"] + [frontends.login.headers.customresponseheaders] + Access-Control-Allow-Origin = "*" + Access-Control-Allow-Headers = "Content-Type, Authorization" + Access-Control-Allow-Credentials = "true" + Access-Control-Allow-Methods = "GET, HEAD, POST, PUT, PATCH, DELETE" + [frontends.login.routes.one] + rule = "PathPrefixStrip: /" From 15784560a9fe9fca906df40af6d1f58a1105e2ac Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Sun, 24 Mar 2019 01:28:38 +0800 Subject: [PATCH 2/2] Add deploy step --- .drone.yml | 54 ++++++++++++++++++++++++++++++++++++++++++++++---- README.md | 3 +++ drone_gen.js | 56 +++++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 104 insertions(+), 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8712c0b..fbab619 100644 --- a/.drone.yml +++ b/.drone.yml @@ -343,10 +343,56 @@ name: deploy clone: depth: 1 steps: - - name: nop - image: 'alpine:3.8' - commands: - - echo nop + - name: submodule + image: plugins/git + settings: + recursive: true + submodule_override: + backend-auth: 'https://git.makerforce.io/beep/backend-auth.git' + backend-bite: 'https://git.makerforce.io/beep/backend-bite.git' + backend-core: 'https://git.makerforce.io/beep/backend-core.git' + backend-heartbeat: 'https://git.makerforce.io/beep/backend-heartbeat.git' + backend-login: 'https://git.makerforce.io/beep/backend-login.git' + backend-protobuf: 'https://git.makerforce.io/beep/backend-protobuf.git' + backend-publish: 'https://git.makerforce.io/beep/backend-publish.git' + backend-signal: 'https://git.makerforce.io/beep/backend-signal.git' + backend-store: 'https://git.makerforce.io/beep/backend-store.git' + backend-subscribe: 'https://git.makerforce.io/beep/backend-subscribe.git' + backend-transcription: 'https://git.makerforce.io/beep/backend-transcription.git' + - name: copy-docker-compose + image: appleboy/drone-scp + settings: + host: staging.beepvoice.app + username: core + ssh_key: + from_secret: ssh_key + source: + - docker-compose.staging.yml + target: /home/core/staging + - name: copy-migrations + image: appleboy/drone-scp + settings: + host: staging.beepvoice.app + username: core + ssh_key: + from_secret: ssh_key + source: + - backend-core/postgres/* + target: /home/core/staging/backend-core/postgres + - name: docker-compose-up + image: appleboy/drone-ssh + settings: + host: staging.beepvoice.app + username: core + ssh_key: + from_secret: ssh_key + script: + - >- + cd /home/core/staging && docker-compose -f docker-compose.staging.yml + pull + - >- + cd /home/core/staging && docker-compose -f docker-compose.staging.yml + up -d depends_on: - backend-auth - backend-bite diff --git a/README.md b/README.md index 788e4ed..8002a90 100644 --- a/README.md +++ b/README.md @@ -93,3 +93,6 @@ URL: `/transcription` `transcription` takes the raw audio data, packages it and then sends it to the [Google Cloud Speech-to-Text](https://cloud.google.com/speech-to-text/). Sends the transcripted result to `store` to be stored. Handles HTTP requests to retrieve transcriptions too. `transcription` relies on a running `nats` instance. Is insecure if not behind `traefik` calling `auth`. + +## Staging + diff --git a/drone_gen.js b/drone_gen.js index feda30b..882fb2d 100644 --- a/drone_gen.js +++ b/drone_gen.js @@ -59,11 +59,57 @@ const deploy = { }, steps: [ { - name: 'nop', - image: 'alpine:3.8', - commands: [ - 'echo nop', - ], + name: 'submodule', + image: 'plugins/git', + settings: { + recursive: true, + submodule_override, + }, + }, + { + name: 'copy-docker-compose', + image: 'appleboy/drone-scp', + settings: { + host: 'staging.beepvoice.app', + username: 'core', + ssh_key: { + from_secret: 'ssh_key', + }, + source: [ + 'docker-compose.staging.yml', + ], + target: '/home/core/staging', + }, + }, + { + name: 'copy-migrations', + image: 'appleboy/drone-scp', + settings: { + host: 'staging.beepvoice.app', + username: 'core', + ssh_key: { + from_secret: 'ssh_key', + }, + source: [ + 'backend-core/postgres/*', + ], + target: '/home/core/staging/backend-core/postgres', + }, + }, + { + name: 'docker-compose-up', + image: 'appleboy/drone-ssh', + settings: { + host: 'staging.beepvoice.app', + username: 'core', + ssh_key: { + from_secret: 'ssh_key', + }, + script: [ + 'cd /home/core/staging && docker-compose -f docker-compose.staging.yml pull', + 'cd /home/core/staging && docker-compose -f docker-compose.staging.yml up -d', + ], + }, }, ], depends_on: dockers,