feat: production deployment changes

Author: aswindevs

Dockerfile

@@ -0,0 +1,40 @@
+#
+# conductor:server - Netflix conductor server
+#
+
+# ===========================================================================================================
+# 0. Builder stage
+# ===========================================================================================================
+FROM eclipse-temurin:17-jdk-focal AS builder
+
+LABEL maintainer="Netflix OSS <[email protected]>"
+
+# Copy the project directly onto the image
+COPY . /conductor
+WORKDIR /conductor
+
+# Build the server on run
+RUN ./gradlew build -x test --stacktrace
+
+# ===========================================================================================================
+# 1. Bin stage
+# ===========================================================================================================
+FROM eclipse-temurin:17-jre-focal
+
+LABEL maintainer="Netflix OSS <[email protected]>"
+
+# Make app folders
+RUN mkdir -p /app/config /app/logs /app/libs
+
+# Copy the compiled output to new image
+COPY --from=builder /conductor/docker/server/bin /app
+COPY --from=builder /conductor/docker/server/config /app/config
+COPY --from=builder /conductor/server/build/libs/*boot*.jar /app/libs/conductor-server.jar
+
+# Copy the files for the server into the app folders
+RUN chmod +x /app/startup.sh
+
+HEALTHCHECK --interval=60s --timeout=30s --retries=10 CMD curl -I -XGET http://localhost:8080/health || exit 1
+
+CMD [ "/app/startup.sh" ]
+ENTRYPOINT [ "/bin/sh"]

core/build.gradle

@@ -43,6 +43,8 @@ dependencies {
 
     implementation "org.openjdk.nashorn:nashorn-core:15.4"
 
+    implementation "com.netflix.spectator:spectator-reg-metrics3:${version_spectator}"
+
     // JAXB is not bundled with Java 11, dependencies added explicitly
     // These are needed by Apache BVAL
     implementation "jakarta.xml.bind:jakarta.xml.bind-api:${revJAXB}"

dependencies.gradle

@@ -67,5 +67,5 @@ ext {
     revNatsStreaming = '2.6.5'
     revNats = '2.15.6'
     revStan = '2.2.3'
-
+    version_spectator='0.60.0'
 }

server/build.gradle

@@ -70,7 +70,9 @@ dependencies {
     implementation "io.orkes.queues:orkes-conductor-queues:${revOrkesQueues}"
 
     implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${revSpringDoc}"
+    runtimeOnly group: 'com.netflix.conductor', name: 'conductor-postgres-persistence', version: '3.9.1'
 
+    implementation "com.netflix.spectator:spectator-reg-metrics3:${version_spectator}"
 
     runtimeOnly "org.glassfish.jaxb:jaxb-runtime:${revJAXB}"
 

ui/Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx
+COPY default.conf /etc/nginx/conf.d/default.conf
+COPY build/ /usr/share/nginx/html

ui/default-dev.conf

@@ -0,0 +1,69 @@
+map $http_x_forwarded_for $allow {
+    default 0;
+    "103.138.236.18" 1;
+    "103.181.238.106" 1;
+    "103.142.30.151" 1;
+    "61.2.142.186" 1;
+}
+
+server {
+  listen 5000;
+  server_name conductor;
+  server_tokens off;
+
+  location / {
+
+    if ($allow != 1) {
+        return 401;
+    }
+
+    add_header Referrer-Policy "strict-origin";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.orkes.io *.googletagmanager.com *.pendo.io https://cdn.jsdelivr.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;";
+    add_header Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), hid=(), idle-detection=(), serial=(), window-placement=(self)";
+
+    # This would be the directory where your React app's static files are stored at
+    root /usr/share/nginx/html;
+    try_files $uri /index.html;
+  }
+
+  location /api {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-dev-mb-svc-conductor-server.sirn-dev-mb.local:8080/api;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /actuator {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-dev-mb-svc-conductor-server.sirn-dev-mb.local:8080/actuator;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /swagger-ui {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-dev-mb-svc-conductor-server.sirn-dev-mb.local:8080/swagger-ui;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+    location /health {
+            access_log off;
+            add_header 'Content-Type' 'application/json';
+            return 200 '{"status":"UP"}';
+    }
+}

ui/default-local.conf

@@ -0,0 +1,50 @@
+server {
+  listen 5000;
+  server_name conductor;
+  server_tokens off;
+
+  location / {
+    add_header Referrer-Policy "strict-origin";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.orkes.io *.googletagmanager.com *.pendo.io https://cdn.jsdelivr.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;";
+    add_header Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), hid=(), idle-detection=(), serial=(), window-placement=(self)";
+
+    # This would be the directory where your React app's static files are stored at
+    root /usr/share/nginx/html;
+    try_files $uri /index.html;
+  }
+
+  location /api {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://localhost:8080/api;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /actuator {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://localhost:8080/actuator;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /swagger-ui {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://localhost:8080/swagger-ui;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+}

ui/default-prd.conf

@@ -0,0 +1,69 @@
+map $http_x_forwarded_for $allow {
+    default 0;
+    "103.138.236.18" 1;
+    "103.181.238.106" 1;
+    "103.142.30.151" 1;
+    "61.2.142.186" 1;
+}
+
+server {
+  listen 5000;
+  server_name conductor;
+  server_tokens off;
+
+  location / {
+
+    if ($allow != 1) {
+        return 401;
+    }
+
+    add_header Referrer-Policy "strict-origin";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.orkes.io *.googletagmanager.com *.pendo.io https://cdn.jsdelivr.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;";
+    add_header Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), hid=(), idle-detection=(), serial=(), window-placement=(self)";
+
+    # This would be the directory where your React app's static files are stored at
+    root /usr/share/nginx/html;
+    try_files $uri /index.html;
+  }
+
+  location /api {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-prd-mb-svc-conductor-server.sirn-prd-mb.local:8080/api;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /actuator {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-prd-mb-svc-conductor-server.sirn-prd-mb.local:8080/actuator;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /swagger-ui {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-prd-mb-svc-conductor-server.sirn-prd-mb.local:8080/swagger-ui;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+    location /health {
+            access_log off;
+            add_header 'Content-Type' 'application/json';
+            return 200 '{"status":"UP"}';
+    }
+}