From 0952f8fd365276856b8b6deb1f16fca22e25a729 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 25 Oct 2024 01:13:46 +0200 Subject: [PATCH 01/28] refactor: kubernetes workflows * use Github container registry to remove dependency on dockerhub * use sops for secure encryption of secrets * use ONBUILD in docker images for rebranding * use helmfile for deploying various environments --- .env.dist | 23 -- .env.enc | Bin 625 -> 0 bytes .github/workflows/deploy.yml | 57 ---- .github/workflows/publish.yml | 267 ------------------ .github/workflows/push.yml | 84 ++++++ .gitignore | 4 - .sops.yaml | 15 + .../constants/{donation.ts => donation.js} | 0 branding/constants/{emails.ts => emails.js} | 0 branding/constants/{filter.ts => filter.js} | 0 branding/constants/{groups.ts => groups.js} | 0 .../{headerMenu.ts => headerMenu.js} | 0 branding/constants/{links.ts => links.js} | 0 branding/constants/{logos.ts => logos.js} | 0 .../constants/{metadata.ts => metadata.js} | 0 branding/locales/{ => tmp}/de.json | 0 branding/locales/{ => tmp}/en.json | 0 docker/backend.Dockerfile | 6 + docker/maintenance.Dockerfile | 7 + docker/webapp.Dockerfile | 6 + helmfile/environments/default.yaml.gotmpl | 5 + helmfile/environments/staging.yaml.gotmpl | 5 + helmfile/helmfile.yaml.gotmpl | 33 +++ helmfile/scripts/image_tag.sh | 2 + helmfile/secrets/kubeconfig | 40 +++ helmfile/secrets/ocelot.yaml | 95 +++++++ helmfile/values/ocelot.yaml.gotmpl | 41 +++ kubeconfig.yaml.enc | Bin 1518 -> 0 bytes kubernetes/dns.values.yaml.enc | 2 - kubernetes/dns.values.yaml.template | 12 - kubernetes/values.yaml.enc | Bin 1762 -> 0 bytes kubernetes/values.yaml.template | 129 --------- 32 files changed, 339 insertions(+), 494 deletions(-) delete mode 100644 .env.dist delete mode 100644 .env.enc delete mode 100644 .github/workflows/deploy.yml delete mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/push.yml delete mode 100644 .gitignore create mode 100644 .sops.yaml rename branding/constants/{donation.ts => donation.js} (100%) rename branding/constants/{emails.ts => emails.js} (100%) rename branding/constants/{filter.ts => filter.js} (100%) rename branding/constants/{groups.ts => groups.js} (100%) rename branding/constants/{headerMenu.ts => headerMenu.js} (100%) rename branding/constants/{links.ts => links.js} (100%) rename branding/constants/{logos.ts => logos.js} (100%) rename branding/constants/{metadata.ts => metadata.js} (100%) rename branding/locales/{ => tmp}/de.json (100%) rename branding/locales/{ => tmp}/en.json (100%) create mode 100644 docker/backend.Dockerfile create mode 100644 docker/maintenance.Dockerfile create mode 100644 docker/webapp.Dockerfile create mode 100644 helmfile/environments/default.yaml.gotmpl create mode 100644 helmfile/environments/staging.yaml.gotmpl create mode 100644 helmfile/helmfile.yaml.gotmpl create mode 100755 helmfile/scripts/image_tag.sh create mode 100644 helmfile/secrets/kubeconfig create mode 100644 helmfile/secrets/ocelot.yaml create mode 100644 helmfile/values/ocelot.yaml.gotmpl delete mode 100644 kubeconfig.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.template delete mode 100644 kubernetes/values.yaml.enc delete mode 100644 kubernetes/values.yaml.template diff --git a/.env.dist b/.env.dist deleted file mode 100644 index d35240e..0000000 --- a/.env.dist +++ /dev/null @@ -1,23 +0,0 @@ -# GITHUB_OCELOT_REF affects the publish workflow -# GITHUB_OCELOT_REF is a ref (branch, tag, hash) of the ocelot repository -# if this value is not set the github ref just built in the triggering workflow is used. -# if this workflow is triggered by push to master instead of a build-trigger, -# the `master` branch of the ocelot repo is used. -# if you set it to `GITHUB_OCELOT_REF=master` unnessecary builds can occur. -# It is recommended to not set it rather then to set it to `master` -#GITHUB_OCELOT_REF=b2.4.0-351 -#OCELOT_VERSION=2.4.0-351 - -# DOCKERHUB_OCELOT_TAG applies to the deploy workflow -# DOCKERHUB_OCELOT_TAG is a dockerhub tag for the configured (values.yaml) docker images -# if this value is not set the version just built in the triggering workflow is used. -# using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, -# but its inaccurate if two workflows are running at the same time. -# It is recommended to not set it rather then to set it to `latest` -#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 - -# DOCKERHUB_BRAND_VARRIANT defines the name of the branded image uploaded to dockerhub. -DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social - -# DOCKERHUB_ORGANISATION defines which dockerhub organisation images will be uploaded to -# DOCKERHUB_ORGANISATION=ocelotsocialnetwork \ No newline at end of file diff --git a/.env.enc b/.env.enc deleted file mode 100644 index 41179a10ce4d6ecd3934f4ed59a9da7f60bd0da0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 625 zcmV-%0*?KR4Fm}T0#@!S4HSMRL15 zvBFxQ8Vv64j3dBn{%2M|xv9Yy5zNn_zkq~Q?cn3bAz`0A;~y_*neYj|IJjOXBP@Vf+|A;l z_dR-q@iUlLZcSuxq5sb$^8h-4KmyEvbXvHynSEbyw2Jq#5J`Azb>_5{?w3)s%+Cq+s8 LN7BaSS8~)g9v4R3 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index bda0ca9..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: deploy - -on: - repository_dispatch: - types: [trigger-ocelot-brand-build-success] - -jobs: - deploy: - # see example https://github.com/do-community/example-doctl-action - # see example https://github.com/do-community/example-doctl-action/blob/main/.github/workflows/workflow.yaml - name: Deploy defined version to cluster - runs-on: ubuntu-latest - env: - SECRET: ${{ secrets.SECRET }} - CONFIGURATION: "this" - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ocelot_ref }} - DOCKERHUB_OCELOT_TAG_JUST_BUILT: ${{ github.event.client_payload.BUILD_VERSION }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Checkout code - uses: actions/checkout@v3 - with: - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - - name: Set DOCKERHUB_OCELOT_TAG - run: | - if [ -z ${DOCKERHUB_OCELOT_TAG} ]; then - echo "DOCKERHUB_OCELOT_TAG=${DOCKERHUB_OCELOT_TAG_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Decrypt all secrets - run: ocelot/deployment/scripts/secrets.decrypt.sh - - name: Upgrade Cluster - run: ocelot/deployment/scripts/cluster.upgrade.sh - - name: Sleep for 4 minutes - run: sleep 240s - - name: Reset and seed Neo4j database - run: ocelot/deployment/scripts/cluster.reseed.sh \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index a8d4865..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,267 +0,0 @@ -name: publish -on: - repository_dispatch: - types: [trigger-ocelot-build-success] - push: - branches: - - master - -jobs: - build_branded: - name: Docker Build Branded - runs-on: ubuntu-latest - env: - SECRET: ${{ secrets.SECRET }} - CONFIGURATION: "this" - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Set DOCKERHUB_ORGANISATION - run: | - if [ -z ${DOCKERHUB_ORGANISATION} ]; then - echo "DOCKERHUB_ORGANISATION=ocelotsocialnetwork" >> $GITHUB_ENV - fi - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Branded Repo code - uses: actions/checkout@v3 - with: - ref: 'master' - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - fetch-depth: 0 - - name: Build branded images - run: | - ocelot/deployment/scripts/branded-images.build.sh - docker save "${DOCKERHUB_ORGANISATION}/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar - - - name: Upload Artifact (Backend) - uses: actions/upload-artifact@v2 - with: - name: docker-backend-branded - path: /tmp/backend-branded.tar - - - name: Upload Artifact (Webapp) - uses: actions/upload-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp/webapp-branded.tar - - - name: Upload Artifact (Maintenance) - uses: actions/upload-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp/maintenance-branded.tar - - upload_to_dockerhub: - name: Upload to Dockerhub - runs-on: ubuntu-latest - needs: [build_branded] - env: - SECRET: ${{ secrets.SECRET }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - - name: Download Docker Image (Backend) - uses: actions/download-artifact@v2 - with: - name: docker-backend-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/backend-branded.tar - - - name: Download Docker Image (Webapp) - uses: actions/download-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/webapp-branded.tar - - - name: Download Docker Image (Maintenance) - uses: actions/download-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/maintenance-branded.tar - - - name: Upload to dockerhub - run: ocelot/deployment/scripts/branded-images.upload.sh - - github_tag: - name: Tag latest version on Github - runs-on: ubuntu-latest - needs: [upload_to_dockerhub] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: package-version-to-git-tag + build number - uses: pkgdeps/git-tag-action@v2 - with: - github_token: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} - github_repo: ${{ github.repository }} - version: ${{ env.BUILD_VERSION }} - git_commit_sha: ${{ github.sha }} - git_tag_prefix: "b" - #- name: Generate changelog - # run: | - # yarn install - # yarn auto-changelog --latest-version ${{ env.VERSION }} --unreleased-only - - name: package-version-to-git-release - continue-on-error: true # Will fail if tag exists - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - tag_name: ${{ env.BUILD_VERSION }} - release_name: ${{ env.BUILD_VERSION }} - #body_path: ./CHANGELOG.md - draft: false - prerelease: false - -# TODO correct version - build_trigger: - name: Trigger successful brand build - runs-on: ubuntu-latest - needs: [github_tag] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: Repository Dispatch - uses: peter-evans/repository-dispatch@v2 - with: - token: ${{ github.token }} - event-type: trigger-ocelot-brand-build-success - repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "ref_ocelot": "${{ github.event.client_payload.ref }}", "sha_ocelot": "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..20c4576 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,84 @@ +name: publish + +on: push + +jobs: + build-and-push-images: + strategy: + matrix: + app: + - name: backend + file: docker/backend.Dockerfile + - name: webapp + file: docker/webapp.Dockerfile + - name: maintenance + file: docker/maintenance.Dockerfile + runs-on: ubuntu-latest + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/${{ matrix.app.name }} + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - name: Log in to the Container registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=schedule + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Build and push Docker images + id: push + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + with: + file: ${{ matrix.app.file }} + context: . + push: true + build-args: | + OCELOT_VERSION=hetzner + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + deploy-to-kubernetes: + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/staging' + needs: build-and-push-images + steps: + - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - run: | + mkdir -p ~/.config/sops/age + echo $SOPS_KEY | base64 --decode > ~/.config/sops/age/keys.txt + env: + SOPS_KEY: ${{ secrets.SOPS_KEY }} + - run: | + mkdir -p ~/.kube + sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config + chmod 600 ~/.kube/config + # - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV + - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 + with: + helmfile-args: apply --environment staging + helmfile-workdirectory: ./helmfile + helm-plugins: > + https://github.com/databus23/helm-diff, + https://github.com/jkroepke/helm-secrets, + https://github.com/aslafy-z/helm-git diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f780ba0..0000000 --- a/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.yaml -SECRET -.env -/backup \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..eec3468 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,15 @@ +creation_rules: + - age: >- + age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00, + age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw, + age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, + age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, + age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + +# age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret +# age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer +# age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula +# age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn +# age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt +# age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk diff --git a/branding/constants/donation.ts b/branding/constants/donation.js similarity index 100% rename from branding/constants/donation.ts rename to branding/constants/donation.js diff --git a/branding/constants/emails.ts b/branding/constants/emails.js similarity index 100% rename from branding/constants/emails.ts rename to branding/constants/emails.js diff --git a/branding/constants/filter.ts b/branding/constants/filter.js similarity index 100% rename from branding/constants/filter.ts rename to branding/constants/filter.js diff --git a/branding/constants/groups.ts b/branding/constants/groups.js similarity index 100% rename from branding/constants/groups.ts rename to branding/constants/groups.js diff --git a/branding/constants/headerMenu.ts b/branding/constants/headerMenu.js similarity index 100% rename from branding/constants/headerMenu.ts rename to branding/constants/headerMenu.js diff --git a/branding/constants/links.ts b/branding/constants/links.js similarity index 100% rename from branding/constants/links.ts rename to branding/constants/links.js diff --git a/branding/constants/logos.ts b/branding/constants/logos.js similarity index 100% rename from branding/constants/logos.ts rename to branding/constants/logos.js diff --git a/branding/constants/metadata.ts b/branding/constants/metadata.js similarity index 100% rename from branding/constants/metadata.ts rename to branding/constants/metadata.js diff --git a/branding/locales/de.json b/branding/locales/tmp/de.json similarity index 100% rename from branding/locales/de.json rename to branding/locales/tmp/de.json diff --git a/branding/locales/en.json b/branding/locales/tmp/en.json similarity index 100% rename from branding/locales/en.json rename to branding/locales/tmp/en.json diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile new file mode 100644 index 0000000..e152205 --- /dev/null +++ b/docker/backend.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-code AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-base AS branded +COPY --from=build /build . diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile new file mode 100644 index 0000000..32ae532 --- /dev/null +++ b/docker/maintenance.Dockerfile @@ -0,0 +1,7 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance:${OCELOT_VERSION}-code AS build + +FROM nginx:alpine AS branded +COPY --from=build ./app/dist/ /usr/share/nginx/html/ +COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile new file mode 100644 index 0000000..e4abd38 --- /dev/null +++ b/docker/webapp.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-code AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-base AS branded +COPY --from=build /build . diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl new file mode 100644 index 0000000..86a316d --- /dev/null +++ b/helmfile/environments/default.yaml.gotmpl @@ -0,0 +1,5 @@ +{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} + +domain: ocelot-social.roschaefer.de +namespace: ocelot-staging +image_tag: {{ $image_tag }} diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl new file mode 100644 index 0000000..856b3b4 --- /dev/null +++ b/helmfile/environments/staging.yaml.gotmpl @@ -0,0 +1,5 @@ +{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} + +domain: reformer-network-staging.roschaefer.de +namespace: reformer-network-staging +image_tag: {{ $image_tag }} diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl new file mode 100644 index 0000000..2120cf1 --- /dev/null +++ b/helmfile/helmfile.yaml.gotmpl @@ -0,0 +1,33 @@ +--- +environments: + default: + values: + - ./environments/default.yaml.gotmpl + staging: + values: + - ./environments/staging.yaml.gotmpl + production: + values: + - ./environments/production.yaml.gotmpl +--- +repositories: + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + - name: ocelot-social + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: prometheus + namespace: monitoring + chart: prometheus-community/kube-prometheus-stack + + - name: ocelot-social + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh new file mode 100755 index 0000000..f921945 --- /dev/null +++ b/helmfile/scripts/image_tag.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo "sha-$(git rev-parse HEAD | cut -c 1-7)" diff --git a/helmfile/secrets/kubeconfig b/helmfile/secrets/kubeconfig new file mode 100644 index 0000000..6c73d85 --- /dev/null +++ b/helmfile/secrets/kubeconfig @@ -0,0 +1,40 @@ +{ + "data": "ENC[AES256_GCM,data:ulO3Nr7Lpa7sbOnql79JuBSxrNagh1hQct9xTWDFM+9TzsR3g9LKP9f79wQCmNeV6i+lT0mao7RolV59ic5cFN6VhA+yT/D1OCKVoEtMF4T2hDXxJxycybSe21qiA8mFrA/xVM2iD0VS5geM0jIMR+08CkO3yhxe2XeSORG6e782pyoxNlU5JtltU5PX66LmvtdTHblDUix727Oc7YnBHxGkStI77hyqjR9nRELxBJSbBd1dhx5YoTV6lCX2mZF5ZZTmx64EhLio56VSzgFeECgWu5g9vb3iGOXe45jNXg5puwlPQeHyLf6HJqPhKMmLjy8KWVzQ3kJKjiE/y+A4MyBPVD28mSvhEDxFXAipDSfqn+q3ho3ir0/kbcY+cKBAQMxOpEmG5bWHW6UogBTZt14RqfyXEx3c2Y84ce7xZCnSZuOMZzM1FulzuBfoGOKMX7qiDrJw5ITyMGEcFPB1m4niOid7DQm8MCCvD8KPek/ojvIE3iquBEeAn0Wyjp+lOE2llF6D/wy/jx8M8X/9HrvhOqfXY5UyoQH8lglfCRExZriRO0+MOoHYDVVoZQjZsaYND9a7Txb1Gm5Pux6IpMgU8D+lpzvF3iT6Ynec+Lsh1eebD3PG4BUMAWry2Vsopg32MGdnkQoJVjINbo3BuDj8rlPGhDsruhPHGzZ4ZsB340zxq4FZDB3iC1D25YWrewDnrt7AqBL0twJvElIFFTdvDqFlcDsTtcsHyhZtOpSYcCDCMHCSNjBJhdlCGgyxZ4nQ74MxMCYcn9dfeM9JdVTuTAOboI2OYJSD2roi+hsqroNf2rw+gOS/hcwchI3xZvc2tHf4JaWx70uLh0DiNRHcHvegbIBrV2psrKnB6mhXIvnxVrsONXbCLggb2+xCA9mz4HNJczxYB74juSy2Zil3eNAXNkeLUYN3lww+xKF/YBA5eVOFdvjGBV5MT4ImrM6p4ZYkByECAWUhv7jhat0SVgEXRo9zEgzkt6NJTYcSongLIjzNrNrdD/acfIiYDB15vfZ4gj5r82FF3YV59PtXBZHfqi+Gd8XhW8YqPgxL8hp96S83Z77/lQ2V7p4bbi9R7Hr/4e/QhPpjwglyo5eaDxBsgPv6KhPFE4pQO3+aJeiqAH/tulsqpS5gVaGK1iUs/AJzQLd651/JgBaEcZDHo07mfZxwdc8U7OICgjMmBdMZCJ6Rph0BcN+nSHmpJ5peO0zG/CEQXYllL7Zh3Q05TqSBA0MgSi1u8pRSKoTDIW+Vd0C5IzqHwVrFmlNtYGmAdR4c7rzQoMfQmdFAnUyM4TSGOIHiqJievvo759PY0KmW5NfhVUrXHorjQQ66R8j+6vPDW26hwiqM90PtZeRcqbaRDobCM+sZ8bwY5xoyYCmcuq6qz9ijB2TuIU9CSYcBWmtBp0nDO1kURhT4358eSksUXGmoytiwFboPFXmZp6+MHwDeM8IaoFuMVs+bZntOghiU5TbToFPeZC8Yg30icnyw6ZcalyNOcSXYRFUc8JvazFGk08ZRKqNxGw+XjdPqcCyA9L3YShfb3t5Oc4AqkDCvZ0b3lDCZBCtxchIZSPU00PEfsStGCwwX2L/BRtygUdmT//k8Sm6eH1i6/nnKN9Z3+YA+Of7w3jTXSXXcc2wVv5qF7Lv0+0dj0Ts0QAzqCMlmQN568bA0s72WibRnfqdHupRmrdXc/aTZjkiRSKE9jY0CZjQkRBdkJ2Ojnjmi764j1iewWpfH0LY/dA6kwQDTE3IZR1GlS/M/d5makQk04R6kIfm+d9rK/4/GXVJMO8EcQ3n1Arq7/i/G7Yss8DhzGu3tqNhUT3T/x4K0vptoNEX7boxxW4XPXWfWpP/FY+IpUrw+CkXOK6fHPBQvc9EXuWJa0/GGQ2Stsq+Qtgj2pLlVBDiPXUL7tXuHfaKnCUEt1wi3LW3xBZJDtu1Y7Zw97jY3FkVvu2Md47Ze5usRVcykqG3I2KUxFQlFl6ZYWBS+lck03rcjF3a6M1trfueqUQxiW+0cYVSr88bhrB3p85fotIwDALUASq6BXPrF32yWLo0TBz+YITMvouVMFqinXXMS8YkCFuit3AYfEDh/fSpwNl/cMDsCim0KdT+ulnTF/+/crPV0du9E3HvHjQMsk9zFyNXaJPs+prwU3AhorGvOwK8c0yYrgZWdC3SH3VgiUWlfi5+1DxEcm1qP86vUFVtAdy5SeMgIMlds0UK8ejFsMWobcRrynJvHnDFbh6IZoMenwKLqpc7mzuzPUehkpS9HAthHorLs1J7qF69uOkoJBO6i6Qc1/g5ZTYjNcKj9ggusq/mb1hbfelCvxnRxAansf8hfV7GG7AZREhKKN/GPdPMOo8Il+hZeK7Wvk/jMDyReznzi7cSfbCNDypzfVWiHbtuePdbjYHMiWj6xiXD5s/Wp/umZ8mZhhWkesDfY7VSL0CTtHITOm5fARNGYXtAjM4xHYm/C/Z+iaVLl6Y6g4pWvTjzP/l3VqlmOTM/ylG/Ae/zHvCX+c3TNsPqwllT062H/i2yyJexSZHSYin39cwCEyg9YxHMe8yk02ND2zo00w4DOGdWBk1OxUIS2GNRQGN6k21tcqFqnqGz1DDrxOskRkVfy4MZUbw/cKIGLQH9pwtoonFZNr5jioyMDgZCuvXnoLYlXBtWROazpttP1m4sNygjCqZkTPfyQfPOfqnozjMnKq+2zY69zOFP8oWOBE7R0JxrOGqP5FACU7JYweyiNbuFANd2K4sNQUlWswuptwimNDaJ+zYzgQpm9pZsR2OCVlKKkaxo603nLyipM9J+C6OIWWUsxI46ZuYzp1xZAXaouyQycYq1nmc+vLo7chVpLujPtVaaHLGGdELguUnQZVnnXAFvQ4b7tmKd4wA1MT2MVF7dEB3O/E1FTeVheM6e6NYQB6qZHf0ZpOfENri7H3lrTKjFxIcLYl0bedSyjT1nyfXjTkYm7v+UskZjkfRDX7xeVQm8lV2kuDAiOk7xQ5OH1RrNaRf3Xgv4cysWSTb1wWu5iYS6xJzZv0aqL2/wfh/RBfpT/Fr5YKvgZPea/DkA23zs+epdWoMLDlk8LZwGmkmK7oGOAutOTVI2qGzCvT0weE4TC/hCTui8GSc5I6BE/G5QIomFDd2qXGYUjakB2iYzEUVs3/gfkYAylQp7GlAkwyyjjrgxLxtNQxOGWH3D2TCO8KKyND+Z8crxJXAA+3vUjWmjL9FHVx0MXdA2TGOLNbaFST327tIDA6ahlV8dE5+n+iEEFOHGg55F8Dty28W7F/rolXbjrRph60flb3NAK3V4gJmk699Q9wARQ5ZhKdNxLcQx3CezrbLG3AFv5TqzSfES39MNr4KZooBJ2Bvzvubx3K8uS8VjDr5sxx5XhQOVkkKP1cYMpjquwigfbe5Im8gSDH/rdIEg88dZh2jAoC1VP27Yz4Yf5xxtx7v2LyigjD6eLJ4kacVF+qjrWrGqrGPjd7/F5xAsT7F7LNQjI70z25efgUeelupyiNxONnLsYXvK1PNuxJxOY4gO7o83GetKKpTbfD2EDTR4PNYa5Rh6DTp/iu42pvI/pdGKcDVGpiP5hL/NwCaK0dT2FWOfFnntH/nlDDbRkWH0oM3DtKeX44Jd1OBI+LBfkuxpf1eqM0PlgVmg8PlQxMjT/1h4fPdEjcT/xXKhLMHHWj5NWEZBavKDgdqwWEBrKib2htI5wjPkAdqZwEjGEgrLyUINivxP/sDqJIYTCv27n2tc8LLPnfPwkaK6X9QQ0aTJc3ieJ6rbs7GNHfuo0oLZch4kJ9vMojMYucHGY6mdIGOMyN6VazaS/efc7DOElY+qVh3NhsnlRN9c6ZkFrFa5VQfP1HAxlgSRZ9UwH+7fcCfCWGCQB5aP509DgADhiwYe3uOmrwvKbLsvA+gGv9ukc5+a1hj81YOhNMh8B51Tq4s8eslxSfvSA8uBRw4KE+FIX3/JltB3t7GNWh3pY4Lf7wN1a4OMC6qhpUxE=,iv:rrXDWj2gjPcT5sretXzTAmPrlZI39KIttRBtPjhQihE=,tag:u+OmHH6EsbQ6DBla5XBT1A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1c2RaejgzYmo1U0pTNFI5\nZlRkUlZYUmova2FDdDdISEhwdkIrcVNDMlhnCjE0eUZHZGNobzYvUFRUbGI0YUFO\nT0JNcXpFVGRhRWE2RHd3cEtnK0doLzgKLS0tIC9nbGp5Ry9acVAzUDRUQUxrcGhF\nZVIxV2dkY1ZFY3pWZGdBLzJ1Ym9oVG8KX0++YnBMRArWAoX+ewtBRjkmNIUlr2Qh\nG1/htUWMAyUy9dGEGx3XXqcnj9h7r8Zwpe5wWF7ug+PAIAc9DZMzUg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5a2I1a1BmeDBtN3Y5aWNw\nN09ka0RaNHJka256RDFlb2pJT1FzSEVxemhnCkRYNFZVMUkvaFFWNDJ4eUliRGxC\nUURGZDV3azFMNzBBczRDNU1Wa1MyWE0KLS0tIFpNZXBDSTY1VzhkdkFENGp4aTVl\nSXFwa1QzUGc2SWFQQU1CaTREL2JGMkUKuzIqWZo9cuiFuZzexACH+QF9CeDmqfb7\nNx9KVa5/0X3mIA0FO0Teb477rs1HKDMuwwra1cPJDg/IjSCfbtKmAw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bUVQTVJuYVFJbzFYR0ZF\nL1lJNS9NcnR4eE10RnQwc3hwWUtSL1FJaGxFCkh4dFI1VklTV3cra1dZelZ3NG5m\nTDZleUlmTGFESG84Wm5LZkU0R1JXSUkKLS0tIGxHSmJFZWlwM1lna1lFYlZqQUNz\nZVpSSjhUS1Y0U2tLS0hNL3ZSejlwUEkKFURJ37P1vCq0U1VM1X8dU/8kgzgb3dzx\n0fPUhoxSXIlCXDbCx5wahzRXXzWX93TLFSfVyU6KjNOJ5EnK83bpIg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVVMvRm83M2ozd3BrcHZw\nTG8yRU9yNnloWUVLZ2xvMzlVdXFUc2ErMm04Ck9hYnhBdi96eTRKNmxvbUtkZWdh\nbzRYSnlBRkpOOG4renVFYkozR1ZtczQKLS0tIGR3Q0h0Yy91d202OUVPbFlYc29h\nUGFTN281YloreFFvUEhtZmYxWkx6NWcKawED4SC91t2HSqdL/9du45jU8LLLKfyD\nYRXxIxTg6+PEPPDQ+0ay51MLJjTQ8ei2tBecDD8Qr6AbN4nFhjzbYQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOL1BEZ1JtYi9HSzBXUEQ3\nVFg2eUszWGN1eXdVcXZ1UWxndUphRW9iV25JCmNsZnRkQ3B4eHJNK0QyUlE4dHBw\nV3krZGZBaFhGendVYWdxaGhjeWcyTEkKLS0tIEx5cG1LM2dXazViVFNqb0d2Wndu\nZ09xa3RIR3ZmL2w5SEJUckREUk1OQUEKekt3BpgyY1JFYe7FZ8TNWK/01ZAtalG0\n/jOawllVz/Cy58KyoVFb0E94rVQC+3XUFYsZb1uq1JBc/vpfHo+E3w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd0hBMUQxRDZOT2FnMnJG\nSjZFNTZrTjlKMEx4U1krL3NVUnlUYk5xTW5FCjlxN0tTZjh4bW4vbnp3QUt2ajB2\naEhaR05EbkNhUndieWpibEdkWnZuUUUKLS0tIG5FSUtlbDBHZFNOQUR5K1lPbFhz\nZmxpVlJ0YmJGOU1YVllKL3g5ODJYTnMKDAhwI7rRIjn0Wbdywd3xJsll8n707JQ2\n+O0lMPMSFm+3kbl6DMx4HiRbw3dmf7cBuPPZftRguM+xlE6ZS3PC/w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-10-26T13:06:56Z", + "mac": "ENC[AES256_GCM,data:NogQqIBG02rimzrpZ/TTO9T4u+B3F1xVqdl1JvvhCjrqLEZQ53tYcwMDRQV8vK3oan/8cb2AohjqJIRxkgPZA4jkaiIDvFrH/H2uxdDfpzOGqh+SZAUliixN/YdKhtkO1la+r3h982NPh0H9sgP4mCjKQGhqtSwU53of4mzR8ek=,iv:LBzyR44L6VBk03sBG7AptdG7JOPB5XjCR/IqyZpE3pM=,tag:AjxHSa7nKlMKxIs5420PGA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.0" + } +} \ No newline at end of file diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml new file mode 100644 index 0000000..c95d91d --- /dev/null +++ b/helmfile/secrets/ocelot.yaml @@ -0,0 +1,95 @@ +secrets: + acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] + jwt_secret: ENC[AES256_GCM,data:KkTXkAo3Gl75ywq8ZDNQKA==,iv:nvHqdXhH5/+Ggt8CRZcq+1K25vo6cIiY4D1aoqdTpiI=,tag:eZOSl6Il1Ecl0sj/SjcvSw==,type:str] + webapp: + env: + MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] + backend: + env: + JWT_SECRET: ENC[AES256_GCM,data:8qGviTFMOv9QyoNVwnlFNZ2PmvedbKJM,iv:rmZgs8h2QVsokzMzdGdEcInBLv8AX3xFUjkGhTf3sF0=,tag:SUJpMaIGAb14yg8RxCVUtA==,type:str] + MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] + PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] + #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:z1EyEokf/TNkFLhRzsCbHew/6T8=,iv:Satr1c8aZQE73ZolC6n+PO74r+Gj3un5Mj0DIYb3n14=,tag:iK6l0GXuhLauBtFXTmLyKQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:r0qbaUBB3CSUHR76,iv:TJIx71HW1aBB0sCEd1TB/tTgPBxLR1sdGAEf0t7Qilg=,tag:arXYtwVbIXVaUJpyommokQ==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:lZ05DvSu,iv:Tyu7poao1shqKGd/sjTCgGNHU1xgRpjwjMRd+ArGf6o=,tag:dKms4G683JvFzja7YOwYKg==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:c9rnPIaKHIh2LNIJON3ib1IsA09OWGchDxRPRpvrtJw=,iv:08Acxl74lJbYtEEU6crVIYRXwkER8t1XPrhBA2PwEio=,tag:F0xrrt2PkBUMEyp7a81ssw==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:MGmv,iv:IFg6oEncN0ICEmw96XL4EuPKqEZ6KLwU5FJYkveMSpY=,tag:kIVXlt0o5TfhOtRVqU/c4w==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:ORAIWtg=,iv:6X4V3RDeYHrFdBTjsb3Ji0KWsZ2meL8ilqHNGQbcV/M=,tag:R87FgoQwqpes+0ejcOlrPg==,type:str] + #ENC[AES256_GCM,data:wEE3/SPsZqy9LATseOZG7LsCbjG5gY4VUT/TzxhHLJqcYP5I,iv:gcOA0XiUGWq15G4zTRPZ0qZ/XYMTjr+9krbOx0dwpeY=,tag:jd8LTiVT7UQShqMR9zZUZA==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:PowbGhU=,iv:a1dK5AVySu749vPQvX9OLfMuD+tZkLNtXTMr17+4KuA=,tag:fuJQ7c4RBl25If01MSAmug==,type:str] + SMTP_DKIM_PRIVATKEY: null + SMTP_DKIM_DOMAINNAME: null + SMTP_DKIM_KEYSELECTOR: null + NEO4J_USERNAME: null + NEO4J_PASSWORD: null + REDIS_PASSWORD: null + neo4j: + env: + NEO4J_USERNAME: "" + NEO4J_PASSWORD: "" +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjZ5RGI0YTFIbDk3MnBs + ODN3RUg3ZVhsS1dEeDdodFJaQzg2RjFpcm1vClNzV1NwdEFwaXJnclRNVTJIbzVk + VEc3YUV4eWJLb04valdNV216SnhtbzQKLS0tIHpuR2JGZWp0WnNUdStuL1ZLU0FK + eGEreGNJTnU1OTgxL2ljVVRjUUxraEkKvkV7G56/GtJLbLVHvrq+rJ8npBckvww/ + Tq7/k/YmGV764d3Zb0Vs6TNJhoOvKF6sK645wrFlSzVNj51UxkhWYw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWTI4M202SmlhbzJnckF3 + ODZrY3ZQQkRLZmQrNmg4Uys2d0JBWWJMWkN3CmNwUi9HT2VYd0paMnJScnFxSXB0 + YThaU2RqWFdHMXczQ1VmdFdJQmJSU00KLS0tIDk4TW5DdUNJY3dnS1JGQUluaTJw + d3ErbWdrZ2I3ZU1ZZGZBZ1JZU0lZMUEKnQHREjKUZ6a2+Es7SlLY46h4NPdeaE8c + w4My+za7IjGSyL6HKqxSBLUS4Q79cI3iBNu8SwikocmEkqQ/DWlC6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTmhYKzUyUGJnRHhjTU5m + TVVFOGl5d3ZFYzE4U216a1YvVUlXTGFvYTM4CkZaMTcvRk1CVDJwek9TT0UvOWMr + SWNrb0pvYTZaTHM4aGRpcG9odDhyUm8KLS0tIEkrSmc4V2c0Q0ltWkdRZWQ5NFEr + Y1VWV0JTRjVmWUU4U1pTZkVhbTVLREEKvCxhsCX//e7XawyJG3XeCGLOUqxCx9No + To4JGg10ciWcW0eqyP5lQfwdlECkmPapNz8gaf40DVpPDij5Nja+zA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHh6b3hpbFJrcHl6eHl6 + MkZmNUJWSTJRUFVNOHJaYld3QWUwSy93aEFNCjZTZnNZRlJRR3VEeXROOFBmY2Qz + SHF2bWMvdm5zNi92SUFlc2FZcFl1Y1kKLS0tIG4wYzdKTWFKaExiTVlFa0tRdzVs + bGFuMlF6bkw2Z1lGNmZTV1R0ZEs2T0EK78at74wFk1B5OgeMSKrGLl3sNiwrzitL + 0kcMVyxfV68mpjb0Cw2WtEUo0jFmKFXi7H5FbJeoPrDG0QFvIvgfsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYXE0V2pFYnU5Slk5Nk5j + Snh2UElZajhMZnlZTjVkcFBSMnF2VFJ6TG40ClBFQzV4SUpUZTZaSWpRdXNIdDBq + ZHFUSG5uUHU0bXhhcEpCejh2elM1M2MKLS0tIEovMDdrUEs5blNvL3R0VGVaMVhw + Q3V1UmU0OUtWRmRuQ1dtMFROUDF6NG8KRJRymV0GaOW7sENEqYogNK2HeArsuY8Y + lVWepYYDoeRWwu7kmzORaEnW6G4m0F3rADfwMrQVTNvZ+1Xn/yFOXg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbHhMUElKUWhFMERGVWpz + cFRwTVovOStYNUQ4czIxR25MUzNON2ZzRmc0CjNvOGd4bmdjWHhwdEMzTzJkQU1Y + SHJrZG1pQ3pmZnZxWXh4bjkwN3ZvVFEKLS0tIHRhVDgzUHNsMHYrV0RoWCtmR0Nl + Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY + pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-09T15:57:09Z" + mac: ENC[AES256_GCM,data:VL7iP5uJIiwtFaVuZM88Hc9E5bkyO1kN88tAYd5HfGrTlNAKtINJZRL/ZeG+fNEFNyrtkxs5nfXeCSb0yNop66nWOLpupRBxHVt763Akp/YS/l3qH9UYaDUUkgtPg313pG1vNMiBxss0oE0CDEn+xBxuQFrWUPowG71JuBvHs/Q=,iv:8BE0rDKRBCB7CSVNZNE1wKmhYxiJhbCgI8hh5PACjQ0=,tag:4FUes7xDpSp/KF4AIJiM/A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl new file mode 100644 index 0000000..3d4e796 --- /dev/null +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -0,0 +1,41 @@ +domain: {{ .StateValues.domain }} + +cert_manager: + issuer: reformer-network-letsencrypt-prod + +cert_manager: + issuer: {{ .Release.Name }}-letsencrypt-prod + +underMaintenance: false + +global: + image: + pullPolicy: Always + +backend: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/backend + tag: {{ .StateValues.image_tag }} + storage: "10Gi" + env: + PRODUCTION_DB_CLEAN_ALLOW: "true" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: + +webapp: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp + tag: {{ .StateValues.image_tag }} + +maintenance: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance + tag: {{ .StateValues.image_tag }} + +neo4j: + image: + repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j + tag: hetzner + storage: "5Gi" + storageBackups: "10Gi" diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc deleted file mode 100644 index b12c470b3a60e61a913de1e40c1be76f44d6445a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1518 zcmV1!-lUHG3MH_wES4X3g+0*V+;h zVQAD;IZ|e^IV@*{1SGf^Z!l7b1&T)4*3`Z?rUaWmhFsOY-q1{O#<=(4RTV$im& zF$2ew1X&wiE_aXERHxzLw5dOwk!L3K z_5LBuI2{c(j$e4e4DbVI4h}-4%YBZq*=iUL4?D_ef7v}Bp`W92Yg)NlFs1a40yPCy z4s~y^=CFR+|0VGn=pF(zU~6-UWDC1{dQH-*Ixk^%B$HLe74M}?)tr{Fo(%-^G!G^7v(yyGY>1O z*bk8XjA*svl{i?6W)tw=Gy4$5Kbf+Nz?WLUPmle#MxvJYnM$UeK@5f0)uRIOYBmCm(+oW%LlTS#b0s&ULV0R+w>NXAL=MH#UUU zE~au)?MbpF0Ja*iIx|}|H#n3CS=kZvIih)9#dQ2BClYdMe*!7H#{0099UXuP6fuso z&moyALSAd#L}5|e5gEm1b+jkh1CWrv*l^-7hW+u^&a5@mB|h0vGJ`3cp;kz#oKr^9 zr71~P=G(DM7Q)C&lKCh8Q*|Xi_z`zQZd{iia@Ua^H8TU({wdp7QCq20zF-sUmj#TR zz&8>jXQ|OD7H6@*hIYvKTyILI7Wj1BYlGs5&b| zVd)OB8|^xRp=2XyLQ{^{O0bjm`CGPw6Z@>XWjE9*QxyqR?`Ok#01H{hgLt(f~yO#xDM>{69 zPl`U3BAUc`0oR8Ov6a5G1~f?0L-{XD#YRht3jb-7_9}*k`udAU+NUlh0|!SLUbDRH6uvC4Saa?hg|bo2M_v|Hud@Sj#{mN{bC!!M$Z=Ed zSbBs$!MGi0uc~l?6A|wv=@Dx>eqx$*9F`u|1}EM1U-zy-2lT+@?24ZzI%TV2`>+ed zKV3|ajGu_XgeA`k@W>xRHpyy4IHd00B!~FaI>N1JObjgsY|bTvsXRpFoB1u}fh}Wo zT!SzBkQ;i#PqMRCRBuKs{!Uw1JXHbKZxb85297LfOF%2%s7e%~Cz-OP`}_%YfVD@5 zf(wZzQLUj$`R?vV-f!A{gR+x;5O0;N6f?=@gB!4w_rFqZUfyZTpVlD^2lFgfV2nae z*I~<^#LC=kplu!7oqsqoz)j0!ld4ZRuX(0IQkUl!v_mtV4)$MKt2>c`9 z4`XROTq~?sE$fBW@co00;)8nS7A}PGY*1DLK(5UJu@tRor#Wt)i8I#)$L{8N%K>b{ U?5k#)C3Mc_WkX+YAJIGId-CJlW&i*H diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc deleted file mode 100644 index 09dc5b4..0000000 --- a/kubernetes/dns.values.yaml.enc +++ /dev/null @@ -1,2 +0,0 @@ -Œ  UÃg¯è¬òÒÀeæC]ôå;W>v”,öæ›k0\kôº:Hðb°ˆv‡Á+ÿî2Ò»$“sé/¤RgÝ¢êd\ FPcºSªÉ@mp>h\æTkÈgDÚœ?±;™ùégêKeE5#ÙtÛåóÓ -©ÐQ+W×±ju¶K!P6•Ý `w£¨À¹Å‘"²¢¬%©=Ï/ÄÚw©˱ÕÎ7[@®©omDð® ’ç /‹é2„_f+6EKZ6?#q!eX0XNdb?0kSRRxdJD_+Ze22hgHs1wNMD5|=Q4 zU2@K%^4oZaqo9|}^iNT+7m%MKRurxI27`yGem$rK$2-Dp^rj~Yosz=TM~9B58N{14 z*;`12 z!b>W$Cu)9@Ls2MgLZW`LG7JWZ5lE`W*ucF6Ge}bkqmI-{v!3ZZMDS~(`;suw^6+2y zKj6W!g-+eDj3~J5lE&rR{Dd=M%*UwD40Z-qAwFtAaf67ez1NZ4dqR zovEbVBO2-zq5~k6z;$O4a&CTS6d!(_;cw~k$0Cy6L7oVAV7L5)UE+0vg}${<8mnYn znqcOe*$FGE`Fce|?82r`&YE_C;?S&gxnw0+?)uzhU74-lm=GW%e2(w}d#dpgs_J$W z%LJr9?gOWOdlt2LArai`%oy`Dh;@6xEHwrPG|A_26)(_32l+PS!|<)~nhS}TC=!}r zwZ8|_%B+d(hs#Jn*FTo-|2&)a-ksnj6&Oy{Ri-)n{o6(Uu{ok8*48r3q&z>izDN*B z5<^z`yIKW8UOQ~NOh%-^b9zJ9nz5g;WnADp$$x2lR%+88g}|v2mJtZ9EQ%51v?o^N z`fY1OSKii*tg1WI4Fgb1MgMV}z3E{ZxbMtp)RiJowCW4u*b z+TbVgFV~_eCrUFGL**LB4F&~`wXzJKjafJy7Nj%MD=~UP0XCIQ>vqWJU5m?kO*~rKn`36>5Hhg&Nc#;R?t#vdsZ+)^Rq$Hp7dMlh|0eFvq zL@9OFd9W^61)M#qCLu~IEiRCU%yS$V?xepzQ@Tliw&GOWVsH+l6_o+emEDaWrRwEL z0)uVo3H;^3QDi(FOk=_iNzs`9Y)5#H{_^S}e^VspzlY^<-N5z|Xt}L{pl& z?HNdL74GTqO`(t{;{ksLro+xlHuTfYgtv%* za4Zt-)ll}r8-h@!4M$^aMs8^(L8dd8dtYQ+Um)#YKLWl!dE6-HEA+eULRMS^2J37;c53FpCz8nY7?kI3)`-7x~}Eo2aqO!aKLe z;pPFzQtQ+rYn6oaF(a1Q@)1+r5pgZliOe6STSaFd;Kv>|WF0`U*=g`RTinfz&^YUP=2(M`S#m|QVXTo925y2|EinB8tBeYiDw8)O z$4GCYTEaG~8Kqk7y3Ep5WFN;Ve_5_cC zy1)*FtQ#X>Oyxk%>7x8a!5ML`CCoeNQ2Tn$!03wObaaa>oHd!b*H#+(?1-`|IQH*S zbway`NwRY6%h>EEi$d3O#FORN3B`?yOCz^do@&^oy};*2e_O^sV7@Rr4=S@*&`GPe zW8Pd>I~D~aCy|b}7~pr)V}&gz5|*&$vU0=D!Al~4ZGWn`bV*>d=Bj>_6u-xB=ax@| zxFRLa>(Zu4c>WN!U445bPYd*tc>^`;gv`wP_tUnxwhEd{OCW?o;6h4bgFxV5;+^u4 EL54neFaQ7m diff --git a/kubernetes/values.yaml.template b/kubernetes/values.yaml.template deleted file mode 100644 index 22e69ca..0000000 --- a/kubernetes/values.yaml.template +++ /dev/null @@ -1,129 +0,0 @@ -# please duplicate template file and rename to "values.yaml" and fill in your value - -# change all the below if needed -MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" -PRODUCTION_DB_CLEAN_ALLOW: false # only true for production environments on staging servers -PUBLIC_REGISTRATION: false -INVITE_REGISTRATION: false -COOKIE_EXPIRE_TIME: 730 # days (730 days, two years is the default in main code) -CATEGORIES_ACTIVE: false - -BACKEND: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/backend-branded" - CLIENT_URI: "https://staging.ocelot.social" - # create a new one for your network - JWT_SECRET: "b/&&7b78BF&fv/Vd" - PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" - # ocelot.social mail dummy - EMAIL_DEFAULT_SENDER: "devops@ocelot.social" - SMTP_HOST: "mail.ocelot.social" - SMTP_USERNAME: "devops@ocelot.social" - SMTP_PASSWORD: "devops@ocelot.social" - SMTP_PORT: "587" - SMTP_IGNORE_TLS: 'false' - SMTP_SECURE: 'false' # true for 465, false for other ports - # or - # SMTP_PORT: "465" - # SMTP_IGNORE_TLS: 'true' - # SMTP_SECURE: 'true' # true for 465, false for other ports - # optional - SMTP_DKIM_DOMAINNAME: ocelot.social - SMTP_DKIM_KEYSELECTOR: 2017 - # all newlines in one line with "\\n". multi line doesn't work with Helm - SMTP_DKIM_PRIVATKEY: "-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\\n" - - # most likely you don't need to change this - MIN_READY_SECONDS: "15" - PROGRESS_DEADLINE_SECONDS: "60" - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - STORAGE_UPLOADS: "25Gi" - RESOURCE_REQUESTS_MEMORY: "1G" - RESOURCE_LIMITS_MEMORY: "2G" - -WEBAPP: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/webapp-branded" - WEBSOCKETS_URI: "wss://staging.ocelot.social/api/graphql" - - # Most likely you don't need to change this - REPLICAS: "2" - MIN_READY_SECONDS: "15" - PROGRESS_DEADLINE_SECONDS: "60" - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - RESOURCE_REQUESTS_MEMORY: "1G" - RESOURCE_LIMITS_MEMORY: "2G" - -NEO4J: - # most likely you don't need to change this - REVISIONS_HISTORY_LIMIT: "25" - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/neo4j-community-branded" - DOCKER_IMAGE_PULL_POLICY: "Always" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - STORAGE: "5Gi" - RESOURCE_REQUESTS_MEMORY: "2G" - RESOURCE_LIMITS_MEMORY: "4G" - # required for Neo4j Enterprice version - #ACCEPT_LICENSE_AGREEMENT: "yes" - ACCEPT_LICENSE_AGREEMENT: "no" - AUTH: "none" - #DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "10000" # hc value - DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "400" # default value - #DBMS_MEMORY_HEAP_INITIAL_SIZE: "500MB" # HC value - DBMS_MEMORY_HEAP_INITIAL_SIZE: "" # default - #DBMS_MEMORY_HEAP_MAX_SIZE: "500MB" # HC value - DBMS_MEMORY_HEAP_MAX_SIZE: "" # default - #DBMS_MEMORY_PAGECACHE_SIZE: "490M" # HC value - DBMS_MEMORY_PAGECACHE_SIZE: "" # default - #APOC_IMPORT_FILE_ENABLED: "true" # HC value - APOC_IMPORT_FILE_ENABLED: "false" # default - DBMS_SECURITY_PROCEDURES_UNRESTRICTED: "algo.*,apoc.*" - -MAINTENANCE: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/maintenance-branded" - - # Most likely you don't need to change this - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - RESOURCE_REQUESTS_MEMORY: "500M" - RESOURCE_LIMITS_MEMORY: "1G" - -LETSENCRYPT: - # change all the below if needed - # ISSUER is used by cert-manager to set up certificates with the given provider. - # change it to "letsencrypt-production" once you are ready to have valid cetrificates. - # Be aware that the is an issuing limit with letsencrypt, so a dry run with staging might be wise - ISSUER: "letsencrypt-staging" - EMAIL: "devops@ocelot.social" - DOMAINS: - - "staging.ocelot.social" - - "www.staging.ocelot.social" - -NGINX: - # most likely you don't need to change this - PROXY_BODY_SIZE: "10m" - -STORAGE: - # change all the below if needed - PROVISIONER: "dobs.csi.digitalocean.com" - - # most likely you don't need to change this - RECLAIM_POLICY: "Retain" - VOLUME_BINDING_MODE: "Immediate" - ALLOW_VOLUME_EXPANSION: true \ No newline at end of file From 0fec341e823b3fcc4c83a5747d416c6712bcf72f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 20:36:32 +0200 Subject: [PATCH 02/28] chore: empty commit to test wei:pull github app From f066a4ea37021e2f97c37748db6096cd7004e2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 22:08:58 +0200 Subject: [PATCH 03/28] maintenance mode --- helmfile/values/ocelot.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 3d4e796..da91fd6 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -6,7 +6,7 @@ cert_manager: cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod -underMaintenance: false +underMaintenance: true global: image: From 013893910310c56bb9d788eace7d9eb094e52d4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 22:30:24 +0200 Subject: [PATCH 04/28] remove prometheus prometheu should be installed centrally --- helmfile/helmfile.yaml.gotmpl | 6 ------ 1 file changed, 6 deletions(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 2120cf1..34e6f84 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -11,8 +11,6 @@ environments: - ./environments/production.yaml.gotmpl --- repositories: - - name: prometheus-community - url: https://prometheus-community.github.io/helm-charts - name: ocelot-social url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner @@ -20,10 +18,6 @@ apiVersions: - monitoring.coreos.com/v1 releases: - - name: prometheus - namespace: monitoring - chart: prometheus-community/kube-prometheus-stack - - name: ocelot-social namespace: {{ .StateValues.namespace }} chart: ocelot-social/ocelot-social From 72ec5d4e2b718a1088a83485ef51372b34c33227 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 22:32:04 +0200 Subject: [PATCH 05/28] undo maintenance mode --- helmfile/values/ocelot.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index da91fd6..3d4e796 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -6,7 +6,7 @@ cert_manager: cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod -underMaintenance: true +underMaintenance: false global: image: From 5b0e1ab07dbc95a8d6b6dddac71bb4cb4e29fc18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 26 Oct 2024 23:57:26 +0200 Subject: [PATCH 06/28] fix oversights --- helmfile/environments/staging.yaml.gotmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl index 856b3b4..86a316d 100644 --- a/helmfile/environments/staging.yaml.gotmpl +++ b/helmfile/environments/staging.yaml.gotmpl @@ -1,5 +1,5 @@ {{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -domain: reformer-network-staging.roschaefer.de -namespace: reformer-network-staging +domain: ocelot-social.roschaefer.de +namespace: ocelot-staging image_tag: {{ $image_tag }} From 841bc4d66a48d387f051c7f3fe5c1eb6ca05e67c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 15:26:53 +0100 Subject: [PATCH 07/28] update to new interfaces --- .github/workflows/{push.yml => publish.yml} | 32 ++++++++++++++------- docker/backend.Dockerfile | 4 +-- docker/maintenance.Dockerfile | 4 +-- docker/webapp.Dockerfile | 4 +-- helmfile/environments/default.yaml.gotmpl | 5 ---- helmfile/environments/staging.yaml.gotmpl | 6 ++-- helmfile/helmfile.yaml.gotmpl | 8 +----- helmfile/scripts/image_tag.sh | 2 -- 8 files changed, 30 insertions(+), 35 deletions(-) rename .github/workflows/{push.yml => publish.yml} (69%) delete mode 100644 helmfile/environments/default.yaml.gotmpl delete mode 100755 helmfile/scripts/image_tag.sh diff --git a/.github/workflows/push.yml b/.github/workflows/publish.yml similarity index 69% rename from .github/workflows/push.yml rename to .github/workflows/publish.yml index 20c4576..f7a6f43 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,16 @@ name: publish -on: push +on: + workflow_dispatch: + inputs: + ocelot_version: + description: Ocelot build image version + required: true + type: string + deploy: + description: Deploy to cluster + required: true + type: boolean jobs: build-and-push-images: @@ -38,13 +48,13 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=schedule - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=ref,event=branch - type=ref,event=pr - type=sha + type=schedule,prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=semver,pattern={{version}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=semver,pattern={{major}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=ref,event=branch,prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=ref,event=pr,prefix=ocelot-${{ inputs.ocelot_version }}--branded- + type=sha,prefix=ocelot-${{ inputs.ocelot_version }}--branded-sha- - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 @@ -53,13 +63,13 @@ jobs: context: . push: true build-args: | - OCELOT_VERSION=hetzner + OCELOT_VERSION=${{ inputs.ocelot_version }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} deploy-to-kubernetes: runs-on: ubuntu-latest - if: github.ref == 'refs/heads/staging' + if: ${{ inputs.deploy }} needs: build-and-push-images steps: - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 @@ -73,7 +83,7 @@ jobs: mkdir -p ~/.kube sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - # - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV + - run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: helmfile-args: apply --environment staging diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile index e152205..5e5fbda 100644 --- a/docker/backend.Dockerfile +++ b/docker/backend.Dockerfile @@ -1,6 +1,6 @@ ARG OCELOT_VERSION=master -FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-code AS build +FROM ghcr.io/ocelot-social-community/ocelot-social/backend-build:${OCELOT_VERSION} AS build -FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-base AS branded +FROM ghcr.io/ocelot-social-community/ocelot-social/backend-base:${OCELOT_VERSION} AS branded COPY --from=build /build . diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile index 32ae532..b471bbd 100644 --- a/docker/maintenance.Dockerfile +++ b/docker/maintenance.Dockerfile @@ -1,7 +1,7 @@ ARG OCELOT_VERSION=master -FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance:${OCELOT_VERSION}-code AS build +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-build:${OCELOT_VERSION} AS build -FROM nginx:alpine AS branded +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-base:${OCELOT_VERSION} AS branded COPY --from=build ./app/dist/ /usr/share/nginx/html/ COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile index e4abd38..1a6b024 100644 --- a/docker/webapp.Dockerfile +++ b/docker/webapp.Dockerfile @@ -1,6 +1,6 @@ ARG OCELOT_VERSION=master -FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-code AS build +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-build:${OCELOT_VERSION} AS build -FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-base AS branded +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-base:${OCELOT_VERSION} AS branded COPY --from=build /build . diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl deleted file mode 100644 index 86a316d..0000000 --- a/helmfile/environments/default.yaml.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} - -domain: ocelot-social.roschaefer.de -namespace: ocelot-staging -image_tag: {{ $image_tag }} diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl index 86a316d..cc64193 100644 --- a/helmfile/environments/staging.yaml.gotmpl +++ b/helmfile/environments/staging.yaml.gotmpl @@ -1,5 +1,3 @@ -{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} - -domain: ocelot-social.roschaefer.de +domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging -image_tag: {{ $image_tag }} +image_tag: {{ requiredEnv "IMAGE_TAG" }} diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 34e6f84..b1022f5 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -1,18 +1,12 @@ --- environments: - default: - values: - - ./environments/default.yaml.gotmpl staging: values: - ./environments/staging.yaml.gotmpl - production: - values: - - ./environments/production.yaml.gotmpl --- repositories: - name: ocelot-social - url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner apiVersions: - monitoring.coreos.com/v1 diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh deleted file mode 100755 index f921945..0000000 --- a/helmfile/scripts/image_tag.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -echo "sha-$(git rev-parse HEAD | cut -c 1-7)" From d2a56c433464ff723e526461f1b469d44206b658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 20:48:46 +0100 Subject: [PATCH 08/28] refactor: turn staging into default environment --- .github/workflows/publish.yml | 2 +- .../environments/{staging.yaml.gotmpl => default.yaml.gotmpl} | 0 helmfile/helmfile.yaml.gotmpl | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename helmfile/environments/{staging.yaml.gotmpl => default.yaml.gotmpl} (100%) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f7a6f43..12c679b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -86,7 +86,7 @@ jobs: - run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: - helmfile-args: apply --environment staging + helmfile-args: apply helmfile-workdirectory: ./helmfile helm-plugins: > https://github.com/databus23/helm-diff, diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl similarity index 100% rename from helmfile/environments/staging.yaml.gotmpl rename to helmfile/environments/default.yaml.gotmpl diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index b1022f5..9f4764b 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -1,8 +1,8 @@ --- environments: - staging: + default: values: - - ./environments/staging.yaml.gotmpl + - ./environments/default.yaml.gotmpl --- repositories: - name: ocelot-social From 67cfcc9590172b526727ef6b62eb3c12f88cfa66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 21:24:36 +0100 Subject: [PATCH 09/28] better image tagging in helmfile --- .github/workflows/publish.yml | 3 ++- helmfile/environments/default.yaml.gotmpl | 5 ++++- helmfile/scripts/image_tag.sh | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100755 helmfile/scripts/image_tag.sh diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 12c679b..7a60a5b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -83,9 +83,10 @@ jobs: mkdir -p ~/.kube sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - - run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: + env: + OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} helmfile-args: apply helmfile-workdirectory: ./helmfile helm-plugins: > diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index cc64193..35beae5 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,3 +1,6 @@ +{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} +{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default "master" }} + domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging -image_tag: {{ requiredEnv "IMAGE_TAG" }} +image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh new file mode 100755 index 0000000..f921945 --- /dev/null +++ b/helmfile/scripts/image_tag.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo "sha-$(git rev-parse HEAD | cut -c 1-7)" From 5d0da1e282969e290c6805658e2d156fbad1e5ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 21:28:57 +0100 Subject: [PATCH 10/28] obsolete code --- helmfile/helmfile.yaml.gotmpl | 3 --- 1 file changed, 3 deletions(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 9f4764b..72fef8c 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -8,9 +8,6 @@ repositories: - name: ocelot-social url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner -apiVersions: - - monitoring.coreos.com/v1 - releases: - name: ocelot-social namespace: {{ .StateValues.namespace }} From e971592128d364cc0109708015115af495f3ba1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sun, 27 Oct 2024 21:38:55 +0100 Subject: [PATCH 11/28] fix worfklow --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7a60a5b..cf2bde4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -84,9 +84,9 @@ jobs: sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 + env: + OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} with: - env: - OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} helmfile-args: apply helmfile-workdirectory: ./helmfile helm-plugins: > From 57e7615c2533b267e685f353e82ca86962fe1154 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 10:53:42 +0100 Subject: [PATCH 12/28] feat: docker-compose.yml for branding --- .gitignore | 1 + docker-compose.yml | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 .gitignore create mode 100644 docker-compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..c524a5e --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,52 @@ +services: + webapp: + image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + build: + context: . + dockerfile: ./docker/backend.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + environment: + GRAPHQL_URI: http://backend:4000 + ports: + - 3000:3000 + depends_on: + - backend + + backend: + image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + build: + context: . + dockerfile: ./docker/webapp.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + environment: + CLIENT_URI: http://localhost:3000 + GRAPHQL_URI: http://backend:4000 + NEO4J_URI: bolt://neo4j:7687 + ports: + - 4000:4000 + depends_on: + - neo4j + + maintenance: + image: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + build: + context: . + dockerfile: ./docker/maintenance.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + ports: + - 3001:80 + + neo4j: + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:${OCELOT_VERSION:-master} + environment: + NEO4J_AUTH: none + NEO4J_dbms_allow__format__migration: "true" + NEO4J_dbms_allow__upgrade: "true" + NEO4J_dbms_security_procedures_unrestricted: algo.*,apoc.* + From 78e7f7b3b799213fa74acf89c632f0f117d0b54f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 14:19:53 +0100 Subject: [PATCH 13/28] feat: use checked in OCELOT_VERSION `workflow_dispatch` only works on the default branch which is inconvenient for development --- .env | 1 + .github/workflows/publish.yml | 34 +++++++------------ .gitignore | 1 - helmfile/environments/default.yaml.gotmpl | 4 +-- .../{image_tag.sh => branded_image_tag.sh} | 0 helmfile/scripts/ocelot_image_tag.sh | 6 ++++ 6 files changed, 21 insertions(+), 25 deletions(-) create mode 100644 .env delete mode 100644 .gitignore rename helmfile/scripts/{image_tag.sh => branded_image_tag.sh} (100%) create mode 100755 helmfile/scripts/ocelot_image_tag.sh diff --git a/.env b/.env new file mode 100644 index 0000000..76a9ce4 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +OCELOT_VERSION=sha-80ff4ef diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cf2bde4..f67f8cb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,16 +1,6 @@ name: publish -on: - workflow_dispatch: - inputs: - ocelot_version: - description: Ocelot build image version - required: true - type: string - deploy: - description: Deploy to cluster - required: true - type: boolean +on: push jobs: build-and-push-images: @@ -42,19 +32,21 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=schedule,prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=semver,pattern={{version}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=semver,pattern={{major}},prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=ref,event=branch,prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=ref,event=pr,prefix=ocelot-${{ inputs.ocelot_version }}--branded- - type=sha,prefix=ocelot-${{ inputs.ocelot_version }}--branded-sha- + type=schedule,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=semver,pattern={{version}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=semver,pattern={{major}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=ref,event=branch,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=ref,event=pr,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- + type=sha,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded-sha- - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 @@ -63,13 +55,13 @@ jobs: context: . push: true build-args: | - OCELOT_VERSION=${{ inputs.ocelot_version }} + OCELOT_VERSION=${{ env.OCELOT_VERSION }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} deploy-to-kubernetes: runs-on: ubuntu-latest - if: ${{ inputs.deploy }} + if: ${{ github.ref == 'refs/tags/staging' }} needs: build-and-push-images steps: - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 @@ -84,8 +76,6 @@ jobs: sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config chmod 600 ~/.kube/config - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 - env: - OCELOT_IMAGE_TAG: ${{ inputs.ocelot_version }} with: helmfile-args: apply helmfile-workdirectory: ./helmfile diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 4c49bd7..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.env diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 35beae5..ff14844 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,5 +1,5 @@ -{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default "master" }} +{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} +{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }} domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/branded_image_tag.sh similarity index 100% rename from helmfile/scripts/image_tag.sh rename to helmfile/scripts/branded_image_tag.sh diff --git a/helmfile/scripts/ocelot_image_tag.sh b/helmfile/scripts/ocelot_image_tag.sh new file mode 100755 index 0000000..6cc9baa --- /dev/null +++ b/helmfile/scripts/ocelot_image_tag.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +SCRIPT_PATH=$(realpath $0) +SCRIPT_DIR=$(dirname $SCRIPT_PATH) + +set -a; . ${SCRIPT_DIR}/../../.env; set +a; +echo $OCELOT_VERSION From 6894b57008d6087b6bc25b811a31436e0803f3d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 21:17:24 +0100 Subject: [PATCH 14/28] tagging is actually unnecessaryand and can be done later --- docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c524a5e..d73b131 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ services: webapp: - image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp build: context: . dockerfile: ./docker/backend.Dockerfile @@ -15,7 +15,7 @@ services: - backend backend: - image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend build: context: . dockerfile: ./docker/webapp.Dockerfile @@ -32,7 +32,7 @@ services: - neo4j maintenance: - image: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance:ocelot-${OCELOT_VERSION:-master}--branded-${BRANDED_VERSION:-master} + image: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance build: context: . dockerfile: ./docker/maintenance.Dockerfile @@ -43,7 +43,7 @@ services: - 3001:80 neo4j: - image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:${OCELOT_VERSION:-master} + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" From 8e2884ced67a8277c7566bde3c314a1fa01adc3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 28 Oct 2024 22:11:54 +0100 Subject: [PATCH 15/28] fix docker-compose.yml --- docker-compose.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d73b131..2fe9141 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,12 +3,15 @@ services: image: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp build: context: . - dockerfile: ./docker/backend.Dockerfile + dockerfile: ./docker/webapp.Dockerfile target: branded args: OCELOT_VERSION: ${OCELOT_VERSION:-master} environment: - GRAPHQL_URI: http://backend:4000 + HOST: 0.0.0.0 + WEBSOCKETS_URI: ws://localhost:3000/api/graphql + GRAPHQL_URI: http://backend:4000/ + MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" ports: - 3000:3000 depends_on: @@ -18,7 +21,7 @@ services: image: ghcr.io/ocelot-social-community/stage.ocelot.social/backend build: context: . - dockerfile: ./docker/webapp.Dockerfile + dockerfile: ./docker/backend.Dockerfile target: branded args: OCELOT_VERSION: ${OCELOT_VERSION:-master} @@ -26,6 +29,9 @@ services: CLIENT_URI: http://localhost:3000 GRAPHQL_URI: http://backend:4000 NEO4J_URI: bolt://neo4j:7687 + MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + JWT_SECRET: "b/&&7b78BF&fv/Vd" + PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" ports: - 4000:4000 depends_on: @@ -43,7 +49,7 @@ services: - 3001:80 neo4j: - image: ghcr.io/ocelot-social-community/ocelot-social/neo4j + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" From 9672ebfe97b4455ddcb73b9e9d3bc0c269fbeb3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 15:29:06 +0100 Subject: [PATCH 16/28] update to new ocelot helm chart --- helmfile/helmfile.yaml.gotmpl | 10 +++++++++- helmfile/secrets/ocelot.yaml | 5 ++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 72fef8c..02ac5a0 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -6,7 +6,7 @@ environments: --- repositories: - name: ocelot-social - url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/chart?ref=hetzner + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts?ref=hetzner releases: - name: ocelot-social @@ -16,3 +16,11 @@ releases: - ./values/ocelot.yaml.gotmpl secrets: - ./secrets/ocelot.yaml + + - name: ocelot-neo4j + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml index c95d91d..8a6d669 100644 --- a/helmfile/secrets/ocelot.yaml +++ b/helmfile/secrets/ocelot.yaml @@ -1,6 +1,5 @@ secrets: acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] - jwt_secret: ENC[AES256_GCM,data:KkTXkAo3Gl75ywq8ZDNQKA==,iv:nvHqdXhH5/+Ggt8CRZcq+1K25vo6cIiY4D1aoqdTpiI=,tag:eZOSl6Il1Ecl0sj/SjcvSw==,type:str] webapp: env: MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] @@ -88,8 +87,8 @@ sops: Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-09T15:57:09Z" - mac: ENC[AES256_GCM,data:VL7iP5uJIiwtFaVuZM88Hc9E5bkyO1kN88tAYd5HfGrTlNAKtINJZRL/ZeG+fNEFNyrtkxs5nfXeCSb0yNop66nWOLpupRBxHVt763Akp/YS/l3qH9UYaDUUkgtPg313pG1vNMiBxss0oE0CDEn+xBxuQFrWUPowG71JuBvHs/Q=,iv:8BE0rDKRBCB7CSVNZNE1wKmhYxiJhbCgI8hh5PACjQ0=,tag:4FUes7xDpSp/KF4AIJiM/A==,type:str] + lastmodified: "2024-10-29T14:27:59Z" + mac: ENC[AES256_GCM,data:FlVMBkKZGPkY90XhLifKdQoPPBNr/Qk1UTUjgGM8BzRQ8bFqikxTtXWukAE7JW4bhB+FK7AEwenrGzurMaLoNPQZBCELQQApxwHrTCNlIGPbEHL3jZFFV2hh1cP05r1caGncw2wqYi0G0ozR0PUaDHiw3tqbTV5D8yfa6tumB1I=,iv:zbdnPH/1eLRq7br+DIqHtsSp+eI+TGoR7XZSdD7Cxtc=,tag:JqPaVZSQvBnV/B9BV7pIiQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 From a6951cbac79aecdccddf2c05d422d554c9b2e771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 16:05:15 +0100 Subject: [PATCH 17/28] better naming of github image repos --- helmfile/environments/default.yaml.gotmpl | 1 + helmfile/values/ocelot.yaml.gotmpl | 13 ++++--------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index ff14844..b51a5f7 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -4,3 +4,4 @@ domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} +github_repository: ocelot-social-community/stage.ocelot.social diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 3d4e796..95c8bc9 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -1,8 +1,5 @@ domain: {{ .StateValues.domain }} -cert_manager: - issuer: reformer-network-letsencrypt-prod - cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod @@ -10,12 +7,12 @@ underMaintenance: false global: image: + tag: {{ .StateValues.image_tag }} pullPolicy: Always backend: image: - repository: ghcr.io/ocelot-social-community/stage.ocelot.social/backend - tag: {{ .StateValues.image_tag }} + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend storage: "10Gi" env: PRODUCTION_DB_CLEAN_ALLOW: "true" @@ -25,13 +22,11 @@ backend: webapp: image: - repository: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp - tag: {{ .StateValues.image_tag }} + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp maintenance: image: - repository: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance - tag: {{ .StateValues.image_tag }} + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/maintenance neo4j: image: From 6652a02c876570906a3b7a7e19dc3c6d2c3f59b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 17:34:46 +0100 Subject: [PATCH 18/28] deploy on any tag --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f67f8cb..ec666fa 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -61,7 +61,7 @@ jobs: deploy-to-kubernetes: runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/tags/staging' }} + if: ${{ startsWith(github.ref, 'refs/tags/') }} needs: build-and-push-images steps: - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 From be5bcf8faa7b11df099a1d6fed285ec0d268c76e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 17:41:17 +0100 Subject: [PATCH 19/28] refactor: no need to tag OCELOT_VERSION Now we have the version in a file, it's not necessary to encode it in the docker tag. --- .github/workflows/publish.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ec666fa..3e1e651 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -32,21 +32,21 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Read $OCELOT_VERSION from file - run: cat .env >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=schedule,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=semver,pattern={{version}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=semver,pattern={{major}},prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=ref,event=branch,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=ref,event=pr,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded- - type=sha,prefix=ocelot-${{ env.OCELOT_VERSION }}--branded-sha- + type=schedule + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 From a90047a31a6185e378ee1dbc73587b319eeafbb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 21:23:01 +0100 Subject: [PATCH 20/28] update OCELOT_VERSION --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 76a9ce4..9e9af18 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-80ff4ef +OCELOT_VERSION=sha-d120d82 From 2ecbf8e7e28cf99d82b8150e1baadb5ef55cea48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 21:43:15 +0100 Subject: [PATCH 21/28] add docker label `ocelot-version` --- .github/workflows/publish.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3e1e651..4f16f74 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -32,6 +32,8 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 @@ -45,8 +47,8 @@ jobs: type=ref,event=branch type=ref,event=pr type=sha - - name: Read $OCELOT_VERSION from file - run: cat .env >> $GITHUB_ENV + labels: | + ocelot-version=${{ env.OCELOT_VERSION }} - name: Build and push Docker images id: push uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 From 9ae9020b235c364dda417b45bac498f29beb015d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 21:56:36 +0100 Subject: [PATCH 22/28] fix image tag generation --- helmfile/environments/default.yaml.gotmpl | 5 ++--- helmfile/scripts/{branded_image_tag.sh => image_tag.sh} | 0 helmfile/scripts/ocelot_image_tag.sh | 6 ------ 3 files changed, 2 insertions(+), 9 deletions(-) rename helmfile/scripts/{branded_image_tag.sh => image_tag.sh} (100%) delete mode 100755 helmfile/scripts/ocelot_image_tag.sh diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index b51a5f7..3a52ff8 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,7 +1,6 @@ -{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} -{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }} +{{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} domain: staging.ocelot-social.roschaefer.de namespace: ocelot-staging -image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} +image_tag: {{ $image_tag }} github_repository: ocelot-social-community/stage.ocelot.social diff --git a/helmfile/scripts/branded_image_tag.sh b/helmfile/scripts/image_tag.sh similarity index 100% rename from helmfile/scripts/branded_image_tag.sh rename to helmfile/scripts/image_tag.sh diff --git a/helmfile/scripts/ocelot_image_tag.sh b/helmfile/scripts/ocelot_image_tag.sh deleted file mode 100755 index 6cc9baa..0000000 --- a/helmfile/scripts/ocelot_image_tag.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -SCRIPT_PATH=$(realpath $0) -SCRIPT_DIR=$(dirname $SCRIPT_PATH) - -set -a; . ${SCRIPT_DIR}/../../.env; set +a; -echo $OCELOT_VERSION From a8a1311783e5c689563c3ca2f4df6f0d2f3cdb77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 29 Oct 2024 22:18:52 +0100 Subject: [PATCH 23/28] typos --- helmfile/helmfile.yaml.gotmpl | 2 +- helmfile/values/ocelot.yaml.gotmpl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 02ac5a0..781bd89 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -19,7 +19,7 @@ releases: - name: ocelot-neo4j namespace: {{ .StateValues.namespace }} - chart: ocelot-social/ocelot-social + chart: ocelot-social/ocelot-neo4j values: - ./values/ocelot.yaml.gotmpl secrets: diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 95c8bc9..98ccdeb 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -15,6 +15,7 @@ backend: repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend storage: "10Gi" env: + NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" PRODUCTION_DB_CLEAN_ALLOW: "true" PUBLIC_REGISTRATION: "true" INVITE_REGISTRATION: "true" From 282afc6b569c71a1d404f13be4d98327ed49e72a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 5 Nov 2024 13:14:36 +0100 Subject: [PATCH 24/28] update build image, add webapp env --- .env | 2 +- helmfile/values/ocelot.yaml.gotmpl | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.env b/.env index 9e9af18..2511428 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-d120d82 +OCELOT_VERSION=sha-7725002 diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 98ccdeb..563dece 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -16,14 +16,17 @@ backend: storage: "10Gi" env: NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" - PRODUCTION_DB_CLEAN_ALLOW: "true" PUBLIC_REGISTRATION: "true" INVITE_REGISTRATION: "true" - CATEGORIES_ACTIVE: + CATEGORIES_ACTIVE: "true" webapp: image: repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp + env: + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "true" maintenance: image: From 224d44563928e2b35d659e20cd982a9b5f4b90da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Wed, 6 Nov 2024 17:25:17 +0100 Subject: [PATCH 25/28] update build image --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 2511428..9e04686 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-7725002 +OCELOT_VERSION=sha-9e68997 From c9a63e31dfeacd08a4556c14aed9d740f13e6f00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Sat, 9 Nov 2024 17:11:05 +0100 Subject: [PATCH 26/28] change wildcard domain to it4c.org --- helmfile/environments/default.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 3a52ff8..ae9d879 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,6 +1,6 @@ {{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -domain: staging.ocelot-social.roschaefer.de +domain: staging.ocelot-social.it4c.org namespace: ocelot-staging image_tag: {{ $image_tag }} github_repository: ocelot-social-community/stage.ocelot.social From aeb25f0687e602bdd83e286e991abc3872f49ef5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Tue, 17 Dec 2024 12:51:45 +0100 Subject: [PATCH 27/28] corrected domain --- helmfile/environments/default.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index ae9d879..547424d 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,6 +1,6 @@ {{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} -domain: staging.ocelot-social.it4c.org +domain: stage.ocelot.social namespace: ocelot-staging image_tag: {{ $image_tag }} github_repository: ocelot-social-community/stage.ocelot.social From ce2f82c298bc2cfe19dca2a86f99c3ad46f1e47a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 30 May 2025 00:33:22 +0800 Subject: [PATCH 28/28] remove reference to `hetzner` branch in helm repo --- helmfile/helmfile.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 781bd89..130895f 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -6,7 +6,7 @@ environments: --- repositories: - name: ocelot-social - url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts?ref=hetzner + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts releases: - name: ocelot-social