Merge pull request #29 from GeneralMagicio/develop

carry over CI to main branch

Author: geleeroyale

.github/workflows/prod-pipeline.yml

@@ -0,0 +1,138 @@
+name: prod-pipeline
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [closed]
+    branches:
+      - main
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        id: build_and_push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/generalmagicio/worldview-be:main
+
+  deploy:
+    needs: publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: SSH and Redeploy Staging
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.PROD_HOST }}
+          username: ${{ secrets.PROD_USERNAME }}
+          key: ${{ secrets.PROD_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          command_timeout: 200m
+          script: |
+            set -e
+            docker system prune -f
+            # Authenticate with GHCR
+            echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            cd worldview-be
+            git checkout main
+            git fetch origin main
+            git reset --hard origin/main
+            git pull origin main
+            docker compose pull
+
+  rollout-deploy-1:
+    needs: deploy
+    runs-on: ubuntu-latest
+    env:
+      CONTAINER: "worldview-be1"
+    steps:
+      - name: SSH and Redeploy Staging
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.PROD_HOST }}
+          username: ${{ secrets.PROD_USERNAME }}
+          key: ${{ secrets.PROD_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          envs: CONTAINER
+          script: |
+            ## Update each backend service one by one
+            ## First Deployment
+            export CONTAINER="${CONTAINER}"
+            cd worldview-be
+            docker compose rm -fs $CONTAINER
+            docker compose up --force-recreate -d $CONTAINER
+
+            # Wait for $CONTAINER to be healthy (timeout after 5 minutes)
+            echo "Waiting for $CONTAINER to become healthy..."
+            if ! timeout 300 bash -c 'until [ "$(docker inspect --format="{{json .State.Health.Status}}" $CONTAINER)" == "\"healthy\"" ]; do echo "Waiting for $CONTAINER to be healthy..."; sleep 5; done'; then
+                echo "Timeout waiting for $CONTAINER to become healthy"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            # Check if $CONTAINER is healthy
+            if [ "$(docker inspect --format='{{json .State.Health.Status}}' $CONTAINER)" != "\"healthy\"" ]; then
+                echo "$CONTAINER is not healthy, stopping deployment"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            echo "First deployment phase completed successfully"
+
+  rollout-deploy-2:
+    needs: rollout-deploy-1
+    runs-on: ubuntu-latest
+    env:
+      CONTAINER: "worldview-be2"
+    steps:
+      - name: SSH and Redeploy Staging
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.PROD_HOST }}
+          username: ${{ secrets.PROD_USERNAME }}
+          key: ${{ secrets.PROD_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          envs: CONTAINER
+          script: |
+            ## Update each backend service one by one
+            ## Second Deployment
+            export CONTAINER="${CONTAINER}"
+            cd worldview-be
+            docker compose rm -fs $CONTAINER
+            docker compose up --force-recreate -d $CONTAINER
+
+            # Wait for $CONTAINER to be healthy (timeout after 5 minutes)
+            echo "Waiting for $CONTAINER to become healthy..."
+            if ! timeout 300 bash -c 'until [ "$(docker inspect --format="{{json .State.Health.Status}}" $CONTAINER)" == "\"healthy\"" ]; do echo "Waiting for $CONTAINER to be healthy..."; sleep 5; done'; then
+                echo "Timeout waiting for $CONTAINER to become healthy"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            # Check if $CONTAINER is healthy
+            if [ "$(docker inspect --format='{{json .State.Health.Status}}' $CONTAINER)" != "\"healthy\"" ]; then
+                echo "$CONTAINER is not healthy, stopping deployment"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            echo "Second deployment phase completed successfully"

.github/workflows/staging-pipeline.yml

@@ -0,0 +1,138 @@
+name: staging-pipeline
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - develop
+  pull_request:
+    types: [closed]
+    branches:
+      - develop
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push
+        id: build_and_push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/generalmagicio/worldview-be:staging
+
+  deploy:
+    needs: publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: SSH and Redeploy Staging
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.STAGING_HOST }}
+          username: ${{ secrets.STAGING_USERNAME }}
+          key: ${{ secrets.STAGING_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          command_timeout: 200m
+          script: |
+            set -e
+            docker system prune -f
+            # Authenticate with GHCR
+            echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            cd worldview-be
+            git checkout develop
+            git fetch origin develop
+            git reset --hard origin/develop
+            git pull origin develop
+            docker compose pull
+
+  rollout-deploy-1:
+    needs: deploy
+    runs-on: ubuntu-latest
+    env:
+      CONTAINER: 'worldview-be1'
+    steps:
+      - name: SSH and Redeploy Staging
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.STAGING_HOST }}
+          username: ${{ secrets.STAGING_USERNAME }}
+          key: ${{ secrets.STAGING_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          envs: CONTAINER
+          script: |
+            ## Update each backend service one by one
+            ## First Deployment
+            export CONTAINER="${CONTAINER}"
+            cd worldview-be
+            docker compose rm -fs $CONTAINER
+            docker compose up --force-recreate -d $CONTAINER
+
+            # Wait for $CONTAINER to be healthy (timeout after 5 minutes)
+            echo "Waiting for $CONTAINER to become healthy..."
+            if ! timeout 300 bash -c 'until [ "$(docker inspect --format="{{json .State.Health.Status}}" $CONTAINER)" == "\"healthy\"" ]; do echo "Waiting for $CONTAINER to be healthy..."; sleep 5; done'; then
+                echo "Timeout waiting for $CONTAINER to become healthy"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            # Check if $CONTAINER is healthy
+            if [ "$(docker inspect --format='{{json .State.Health.Status}}' $CONTAINER)" != "\"healthy\"" ]; then
+                echo "$CONTAINER is not healthy, stopping deployment"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            echo "First deployment phase completed successfully"
+
+  rollout-deploy-2:
+    needs: rollout-deploy-1
+    runs-on: ubuntu-latest
+    env:
+      CONTAINER: 'worldview-be2'
+    steps:
+      - name: SSH and Redeploy Staging
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.STAGING_HOST }}
+          username: ${{ secrets.STAGING_USERNAME }}
+          key: ${{ secrets.STAGING_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          envs: CONTAINER
+          script: |
+            ## Update each backend service one by one
+            ## Second Deployment
+            export CONTAINER="${CONTAINER}"
+            cd worldview-be
+            docker compose rm -fs $CONTAINER
+            docker compose up --force-recreate -d $CONTAINER
+
+            # Wait for $CONTAINER to be healthy (timeout after 5 minutes)
+            echo "Waiting for $CONTAINER to become healthy..."
+            if ! timeout 300 bash -c 'until [ "$(docker inspect --format="{{json .State.Health.Status}}" $CONTAINER)" == "\"healthy\"" ]; do echo "Waiting for $CONTAINER to be healthy..."; sleep 5; done'; then
+                echo "Timeout waiting for $CONTAINER to become healthy"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            # Check if $CONTAINER is healthy
+            if [ "$(docker inspect --format='{{json .State.Health.Status}}' $CONTAINER)" != "\"healthy\"" ]; then
+                echo "$CONTAINER is not healthy, stopping deployment"
+                echo "Container logs:"
+                docker logs $CONTAINER
+                exit 1
+            fi
+            echo "Second deployment phase completed successfully"

.gitignore

@@ -36,7 +36,7 @@ lerna-debug.log*
 !.vscode/extensions.json
 
 # dotenv environment variable files
-.env
+.env*
 .env.development.local
 .env.test.local
 .env.production.local
@@ -54,3 +54,4 @@ pids
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+.yarn

.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules

Caddyfile

@@ -0,0 +1,17 @@
+{$BACKEND_URL} {
+  route {
+      @allowed {
+          path /*
+          remote_ip {$IP_WHITELIST}
+      }
+      reverse_proxy @allowed {
+        to worldview-be1:3000 worldview-be2:3000
+        lb_policy round_robin
+        health_uri /
+        health_interval 5s
+        health_timeout 2s
+        health_status 200
+      }
+      respond 403
+  }
+}

Dockerfile

@@ -0,0 +1,16 @@
+FROM node:22-alpine
+
+WORKDIR /usr/src/app
+COPY package*.json ./
+COPY tsconfig*.json ./
+COPY yarn.lock ./
+RUN apk update
+RUN apk add --no-cache curl openssl
+RUN npm install -g @nestjs/cli
+RUN npm install -g corepack && corepack enable
+RUN yarn install
+COPY . .
+RUN yarn prisma generate 
+RUN yarn run build
+EXPOSE 3000
+ENTRYPOINT ["sh", "-c", "npx prisma migrate deploy && yarn run start:prod"]

docker-compose-local.yml

@@ -0,0 +1,42 @@
+services:
+  worldview-be:
+    build:
+      context: .
+    container_name: worldview-be
+    restart: always
+    env_file:
+      - .env
+    ports:
+      - 3000
+    networks:
+      - worldview-backend
+    depends_on:
+      worldview-db:
+        condition: service_healthy
+  postgres:
+    image: postgres:16
+    container_name: postgres_db
+    restart: always
+    environment:
+      - POSTGRES_DB=qv
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - worldview-backend
+    ports:
+      - '5433:5432'
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "postgres", "-d", "qv"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  postgres_data:
+    driver: local
+
+networks:
+  worldview-backend:
+    driver: bridge