update staging files

changchaishi · changchaishi · commit 0e5a1bbab5c3 · 2023-03-07T23:22:22.000+08:00
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -1,21 +1,33 @@
 name: CD
 
-on: [workflow_dispatch, pull_request, push]
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
 
 jobs:
   cd:
+    # the secret for pipeline only
+    env:
+      project_admins: ${{ secrets.PROJECT_ADMINS }}
+    if: |
+      github.event_name == 'push' || (
+        github.event_name == 'workflow_dispatch' &&
+        contains(fromJSON(vars.PROJECT_ADMINS), github.actor)
+      )
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
       uses: actions/checkout@v3
-
-    - name: Decode private key file
+    - name: Generate .env for staging vm from github secrets
       run: |
         echo "${{secrets.PRODUCTION_DOT_ENV_FILE}}" > .env
+    - name: Decode private key file for OpenSSH access over Ansible
+      run: |
         echo "${{secrets.SSH_PRIVATE_KEY}}" | base64 --decode > "private.pem"
         chmod 400 private.pem
-
-    - name: Run CD playbook
+    - name: Run playbook for deployment
       uses: dawidd6/action-ansible-playbook@v2
       with:
         playbook: deploy.yml
@@ -24,6 +36,7 @@ jobs:
             hosts:
               staging:
                 ansible_host: staging.pycon.tw
-                ansible_user: changchaishi
+                ansible_user: "${{secrets.GCE_USERNAME}}"
+                # secret file generated from previous step
                 ansible_ssh_private_key_file: private.pem
                 ansible_python_interpreter: /home/dev/.pyenv/shims/python
diff --git a/deploy.yml b/deploy.yml
@@ -1,25 +1,26 @@
 ---
-- name: Check services
+- name: Deploy project to staging machine
   hosts: staging
-  # need to use become since I'm connecting using personal private key
+  # escalate privilege
   become: true
-  # switch user as dev
   become_user: dev
   vars:
     project_dir: /home/dev/web-projects/pycontw-2023-ansible
 
   tasks:
-    - name: Ensure that Docker for python is present (docker in pip)
+    - name: Dependencies check dor docker and docker-compose in remote server
       community.general.python_requirements_info:
         dependencies:
           - docker
+          - docker-compose
 
-    - name: Create a directory if it does not exist
+    - name: Create project directory (if not exist)
       ansible.builtin.file:
         path: "{{ project_dir }}"
         state: directory
 
-    - name: Copy entire project files to remote server
+    # Copy project files to remote server (.env is included)
+    - name: Copy project files to remote server
       ansible.posix.synchronize:
         src: ./
         dest: "{{ project_dir }}"
@@ -33,5 +34,4 @@
       community.docker.docker_compose:
         project_src: "{{ project_dir }}"
         build: true
-        # try to build first, without up the service
-        state: absent
+        state: present
diff --git a/docker-compose-staging.yml b/docker-compose-staging.yml
@@ -0,0 +1,47 @@
+version: "3.5"
+services:
+  web:
+    build: .
+    container_name: pycontw-2023-ansible
+    image: pycontw-2023_web-ansible
+    hostname: pycontw-2023
+    entrypoint: ""
+    command:
+      # Hacky script for quick demonstration purpose
+      - bash
+      - -c
+      - |
+        set -o errexit -o nounset -o pipefail
+        python3 manage.py compilemessages
+        python3 manage.py migrate
+        python3 manage.py collectstatic --no-input
+
+        exec uwsgi --http-socket :8000 \
+          --master \
+          --hook-master-start "unix_signal:15 gracefully_kill_them_all" \
+          --static-map /static=assets \
+          --static-map /media=media \
+          --mount /prs=pycontw2016/wsgi.py \
+          --manage-script-name \
+          --offload-threads 2
+    restart: always
+    environment:
+      # Save us from having to type `--setting=pycontw2016.settings.production`
+      DJANGO_SETTINGS_MODULE: pycontw2016.settings.production.pycontw2023
+      SCRIPT_NAME: /prs
+      SECRET_KEY: ${SECRET_KEY}
+      DATABASE_URL: ${DATABASE_URL}
+      EMAIL_URL: ${EMAIL_URL}
+      DSN_URL: ${DSN_URL}
+      GTM_TRACK_ID: ${GTM_TRACK_ID}
+      SLACK_WEBHOOK_URL: ${SLACK_WEBHOOK_URL}
+
+    volumes:
+      - ${MEDIA_ROOT}:/usr/local/app/src/media
+    networks:
+      - network
+
+networks:
+  network:
+    external: true
+    name: network-2023
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,8 +2,8 @@ version: "3.5"
 services:
   web:
     build: .
-    container_name: pycontw-2023-ansible
-    image: pycontw-2023_web-ansible
+    container_name: pycontw-2023
+    image: pycontw-2023_web
     hostname: pycontw-2023
     entrypoint: ""
     command:
