Merge branch 'develop' into feature/projects-autocomplite

Pet-projects-CodePET · Mar 25, 2024 · 484896e · 484896e
2 parents 969ca95 + fe6fc66
commit 484896e
Show file tree

Hide file tree

Showing 12 changed files with 205 additions and 108 deletions.
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -43,6 +43,7 @@ jobs:
         with:
           context: ./infra/nginx/
           push: true
+          build-args: NGINX_NAME=${{ secrets.NGINX_DEV }}
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}_nginx:latest
 
   build_and_push_to_docker_hub_certbot:
@@ -63,6 +64,7 @@ jobs:
         with:
           context: ./infra/certbot/
           push: true
+          build-args: DOMAIN_NAME=${{ secrets.DOMAIN_DEV }}
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}_certbot:latest
 
   deploy:
@@ -97,6 +99,8 @@ jobs:
             DOCKERHUB_USERNAME_FRONT=${{ secrets.DOCKERHUB_USERNAME_FRONT }}
             DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
             ALLOWED_HOSTS=${{ secrets.ALLOWED_HOSTS }}
+            NGINX_NAME=${{ secrets.NGINX_DEV }}
+            DOMAIN_NAME=${{ secrets.DOMAIN_DEV }}
             EMAIL_HOST=${{ secrets.EMAIL_HOST }}
             EMAIL_HOST_USER=${{ secrets.EMAIL_HOST_USER }}
             EMAIL_HOST_PASSWORD=${{ secrets.EMAIL_HOST_PASSWORD }}

diff --git a/.github/workflows/qa_deploy.yaml b/.github/workflows/qa_deploy.yaml
@@ -10,16 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to Docker
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Push to DockerHub
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./
           push: true
@@ -30,29 +30,50 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to Docker
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Push to DockerHub
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./infra/nginx/
           push: true
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}_nginx:latest
 
+  build_and_push_to_docker_hub_certbot:
+    name: Push certbot Docker image to DockerHub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      - name: Push to DockerHub
+        uses: docker/build-push-action@v5
+        with:
+          context: ./infra/certbot/
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}_certbot:latest
+
   deploy:
     runs-on: ubuntu-latest
     needs:
       - build_and_push_to_docker_hub_backend
       - build_and_push_to_docker_hub_nginx
+      - build_and_push_to_docker_hub_certbot
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Create project directory and .env-file
       uses: appleboy/ssh-action@master
       with:
@@ -75,6 +96,8 @@ jobs:
             DOCKERHUB_USERNAME_FRONT=${{ secrets.DOCKERHUB_USERNAME_FRONT }}
             DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}
             ALLOWED_HOSTS=${{ secrets.ALLOWED_HOSTS }}
+            NGINX_NAME=${{ secrets.NGINX_QA }}
+            DOMAIN_NAME=${{ secrets.DOMAIN_QA }}
             EMAIL_HOST=${{ secrets.EMAIL_HOST }}
             EMAIL_HOST_USER=${{ secrets.EMAIL_HOST_USER }}
             EMAIL_HOST_PASSWORD=${{ secrets.EMAIL_HOST_PASSWORD }}
@@ -105,4 +128,6 @@ jobs:
           sudo docker compose -f docker-compose-prod.yaml exec backend python manage.py migrate
           sudo docker compose -f docker-compose-prod.yaml exec backend python manage.py collectstatic --no-input
           sudo docker compose -f docker-compose-prod.yaml exec backend cp -r static/. /backend_static/static/
+          sudo docker compose -f docker-compose-prod.yaml run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d testcodepet.tw1.ru
+          sudo docker compose -f docker-compose-prod.yaml run --rm certbot renew
           sudo docker system prune -f
diff --git a/infra/.env.example b/infra/.env.example
@@ -22,3 +22,9 @@ POSTGRES_PORT=
 DOCKERHUB_USERNAME_FRONT=
 DOCKERHUB_USERNAME=
 PROJECT_NAME=
+
+# Переменные для работы с nginx. Название файла
+NGINX_NAME=nginx_loc.conf
+
+# Переменные для работы с cerbot. Получение сертификата для доменного имени
+DOMAIN_NAME=
diff --git a/infra/certbot/Dockerfile b/infra/certbot/Dockerfile
@@ -1,5 +1,7 @@
 FROM certbot/certbot
 
-COPY fullchain.pem /letsencrypt/live/devcodepet.tw1.ru/fullchain.pem
+ARG DOMAIN_NAME
 
-COPY privkey.pem /letsencrypt/live/devcodepet.tw1.ru/privkey.pem
+COPY fullchain.pem letsencrypt/live/${DOMAIN_NAME}/fullchain.pem
+
+COPY privkey.pem letsencrypt/live/${DOMAIN_NAME}/privkey.pem
diff --git a/infra/docker-compose-prod.yaml b/infra/docker-compose-prod.yaml
@@ -52,6 +52,7 @@ services:
     ports:
       - "80:80"
       - "443:443"
+    env_file: .env
     volumes:
       - static_volume:/staticfiles/
       - media_value:/mediafiles/
@@ -64,6 +65,7 @@ services:
 
   certbot:
     image: ${DOCKERHUB_USERNAME}/${PROJECT_NAME}_certbot:latest
+    env_file: .env
     volumes:
       - certbot:/var/www/certbot/
       - letsencrypt:/etc/letsencrypt/

diff --git a/infra/nginx/Dockerfile b/infra/nginx/Dockerfile
@@ -1,2 +1,5 @@
 FROM nginx:1.25.4-alpine-slim
-COPY nginx.conf /etc/nginx/templates/default.conf.template
+
+ARG NGINX_NAME
+
+COPY ${NGINX_NAME} /etc/nginx/templates/default.conf.template
diff --git a/infra/nginx/nginx.conf b/infra/nginx/nginx.conf
diff --git a/infra/nginx/nginx_dev.conf b/infra/nginx/nginx_dev.conf
@@ -0,0 +1,67 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name 89.23.117.80;
+    server_tokens off;
+
+    root /staticfiles;
+
+    location / {
+      return 301 https://devcodepet.tw1.ru$request_uri;
+    }
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name devcodepet.tw1.ru;
+    server_tokens off;
+
+    root /staticfiles;
+
+    location /.well-known/acme-challenge/ {
+      root /certbot;
+    }
+
+    location /admin/ {
+      proxy_set_header Host $http_host;
+      proxy_pass http://backend:8000/admin/;
+    }
+
+    location / {
+      return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 ssl http2;
+    server_name 89.23.117.80 devcodepet.tw1.ru;
+
+    ssl_certificate /letsencrypt/live/devcodepet.tw1.ru/fullchain.pem;
+    ssl_certificate_key /letsencrypt/live/devcodepet.tw1.ru/privkey.pem;
+
+    root /staticfiles;
+
+    location /api/v1/ {
+      proxy_set_header Host $http_host;
+      proxy_pass http://backend:8000/api/v1/;
+    }
+    location /admin/ {
+      proxy_set_header Host $http_host;
+      proxy_pass http://backend:8000/admin/;
+    }
+
+    location /.well-known/acme-challenge/ {
+      root /certbot;
+    }
+
+    location / {
+    	try_files $uri $uri.html $uri/ =404;
+    }
+
+    error_page 404 /404.html;
+    location = /404.html {
+      internal;
+    }
+}
diff --git a/infra/nginx/nginx_loc.conf b/infra/nginx/nginx_loc.conf
@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name localhost;
+    server_tokens off;
+
+    root /staticfiles;
+
+    location /api/v1/ {
+      proxy_set_header Host $http_host;
+      proxy_pass http://backend:8000/api/v1/;
+    }
+
+    location /admin/ {
+      proxy_set_header Host $http_host;
+      proxy_pass http://backend:8000/admin/;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /certbot;
+    }
+
+    location / {
+      try_files $uri $uri.html $uri/ =404;
+    }
+    error_page 404 /404.html;
+    location = /404.html {
+      internal;
+    }
+}