diff --git a/.drone-docker.yml b/.drone-docker.yml index 657e927..001f83a 100644 --- a/.drone-docker.yml +++ b/.drone-docker.yml @@ -1,5 +1,5 @@ kind: pipeline -type: docker +type: kubernetes name: default concurrency: @@ -11,15 +11,12 @@ environment: trigger: event: - push - - promote + branch: + - master + - main + - development steps: -- name: fetch and update submodules to the latest commit - image: alpine/git - commands: - - git submodule init - - git submodule update --recursive --remote - - name: replace hosts and user variables image: ubuntu:impish environment: @@ -30,9 +27,10 @@ steps: DEPLOYMENT_USER: from_secret: deploy_username commands: - - sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./frontend/.env - - sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible/inventory - - sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible/inventory + - sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./items/frontend/.env.example + - mv ./items/frontend/.env.example ./items/frontend/.env + - sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible-items/inventory + - sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible-items/inventory - name: build frontend image: node:lts-alpine3.14 @@ -40,25 +38,25 @@ steps: - node -v - npm -v - yarn --version - - yarn --cwd ./frontend install - - yarn --cwd ./frontend build --pure-lockfile - - rm -rf ./api/public/static/* - - mv ./frontend/build/* ./api/public - - rm ./api/public/index.html + - yarn --cwd ./items/frontend install + - yarn --cwd ./items/frontend build --pure-lockfile + - rm -rf ./items/api/public/static/* + - mv ./items/frontend/build/* ./items/api/public + - rm ./items/api/public/index.html - name: check ansible syntax image: plugins/ansible:3 settings: - playbook: ./.ansible/playbook.yml - inventory: ./.ansible/inventory - galaxy: ./.ansible/requirements.yml + playbook: ./.ansible-items/playbook.yml + inventory: ./.ansible-items/inventory + galaxy: ./.ansible-items/requirements.yml syntax_check: true - name: apply ansible playbook image: plugins/ansible:3 settings: - playbook: ./.ansible/playbook.yml - inventory: ./.ansible/inventory - galaxy: ./.ansible/requirements.yml + playbook: ./.ansible-items/playbook.yml + inventory: ./.ansible-items/inventory + galaxy: ./.ansible-items/requirements.yml private_key: from_secret: deploy_ssh_key environment: @@ -69,7 +67,6 @@ steps: DEPLOYMENT_USER: from_secret: deploy_username when: - event: - - promote - target: - - production \ No newline at end of file + branch: + - master + - main \ No newline at end of file diff --git a/.drone-kubernetes.yml b/.drone-kubernetes.yml index 45ab387..001f83a 100644 --- a/.drone-kubernetes.yml +++ b/.drone-kubernetes.yml @@ -31,11 +31,6 @@ steps: - mv ./items/frontend/.env.example ./items/frontend/.env - sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible-items/inventory - sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible-items/inventory - when: - branch: - - master - - main - - development - name: build frontend image: node:lts-alpine3.14 @@ -48,11 +43,6 @@ steps: - rm -rf ./items/api/public/static/* - mv ./items/frontend/build/* ./items/api/public - rm ./items/api/public/index.html - when: - branch: - - master - - main - - development - name: check ansible syntax image: plugins/ansible:3 diff --git a/items/README.md b/items/README.md index 229da25..d494390 100644 --- a/items/README.md +++ b/items/README.md @@ -26,9 +26,6 @@ ## The pipeline walkthrough see [Walkthrough.md](./docs/Walkthrough.md) -## The pipeline details -![workflow](./docs/workflow.png) - ## Some enhancement ideas - Store the build so that it is not rebuilt on any `promote` event - Use a volume or a cache for Yarn install \ No newline at end of file diff --git a/items/docs/Walkthrough.md b/items/docs/Walkthrough.md index 7df00d8..ce56bac 100644 --- a/items/docs/Walkthrough.md +++ b/items/docs/Walkthrough.md @@ -58,22 +58,13 @@ Here are the environment variables. They are automatically injected in every ste trigger: event: - push - - promote + branch: + - master + - main + - development ``` -The pipeline is run on every push and every promote. Since the repository is *kind of* a [trunk](https://trunkbaseddevelopment.com), I dont think we need branches policies. Most steps are executed on any push since we want to check that everything builds and is still valid (tests are not added yet). Only the deployment is protected behing the promotion to production. - +The pipeline is run on every push only on branches `master`, `main` and `development`. We want to check that every development on `development` branch is correct and deploy automatically when merged in `master`/`main`. ## Steps -### Fetch and update submodules -```yml -- name: fetch and update submodules to the latest commit - image: alpine/git - commands: - - git submodule init - - git submodule update --recursive --remote -``` -Executed on every push. \ -Fetching and updating [submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) to the latest commit. - ### Replace hosts and user variables ```yml - name: replace hosts and user variables @@ -86,9 +77,10 @@ Fetching and updating [submodules](https://git-scm.com/book/en/v2/Git-Tools-Subm DEPLOYMENT_USER: from_secret: deploy_username commands: - - sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./frontend/.env - - sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible/inventory - - sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible/inventory + - sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./items/frontend/.env.example + - mv ./items/frontend/.env.example ./items/frontend/.env + - sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible-items/inventory + - sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible-items/inventory ``` Executed on every push. \ The following environment variables are injected using Drone secrets: @@ -107,11 +99,11 @@ The changes are never pushed and are discarded when the container/pod is termina - node -v - npm -v - yarn --version - - yarn --cwd ./frontend install - - yarn --cwd ./frontend build --pure-lockfile - - rm -rf ./api/public/static/* - - mv ./frontend/build/* ./api/public - - rm ./api/public/index.html + - yarn --cwd ./items/frontend install + - yarn --cwd ./items/frontend build --pure-lockfile + - rm -rf ./items/api/public/static/* + - mv ./items/frontend/build/* ./items/api/public + - rm ./items/api/public/index.html ``` Executed on every push. \ Since the PHP backend serves the ReactJS frontend, the former is built and moved in the latter. @@ -125,9 +117,9 @@ Notes: - name: check ansible syntax image: plugins/ansible:3 settings: - playbook: ./.ansible/playbook.yml - inventory: ./.ansible/inventory - galaxy: ./.ansible/requirements.yml + playbook: ./.ansible-items/playbook.yml + inventory: ./.ansible-items/inventory + galaxy: ./.ansible-items/requirements.yml syntax_check: true ``` Executed on every push. \ @@ -138,9 +130,9 @@ Check the Ansible syntax in [playbook.yml](../.ansible/playbook.yml), [inventory - name: apply ansible playbook image: plugins/ansible:3 settings: - playbook: ./.ansible/playbook.yml - inventory: ./.ansible/inventory - galaxy: ./.ansible/requirements.yml + playbook: ./.ansible-items/playbook.yml + inventory: ./.ansible-items/inventory + galaxy: ./.ansible-items/requirements.yml private_key: from_secret: deploy_ssh_key environment: @@ -151,10 +143,9 @@ Check the Ansible syntax in [playbook.yml](../.ansible/playbook.yml), [inventory DEPLOYMENT_USER: from_secret: deploy_username when: - event: - - promote - target: - - production + branch: + - master + - main ``` Executed only on promotion to production. \ This step actually deploys to the server. \ @@ -168,9 +159,6 @@ The following environment variables are injected using Drone secrets: #### Playbook definition ```yml hosts: host -become_user: root -become: true -become_method: sudo ``` Uses the host defined in [inventory](../.ansible/inventory). Remember, the step [Replace hosts and user variables](#replace-hosts-and-user-variables) already replaced the variables at this point. The playbook will be executed as `root` user using `sudo`. @@ -188,7 +176,7 @@ Since the copy does not override the folder, this step takes care of it. \ ```yml - name: Copy the project copy: - src: ../api/ + src: ../items/api/ dest: "{{ lookup('env', 'SPT_ITEMS_PATH') }}" ``` Copies the whole project (frontend and backend) from the [api](../api) folder into the server. @@ -245,9 +233,9 @@ Uses [Jinja2](https://jinja2docs.readthedocs.io/en/stable/) to resolve the [temp - name: Reset files permissions file: path: "{{ lookup('env', 'SPT_ITEMS_PATH') }}" - owner: www-data + owner: "{{ lookup('env', 'DEPLOYMENT_USER') }}" group: www-data - mode: 0744 + mode: 0774 recurse: yes ``` Permissions 0644: @@ -255,4 +243,15 @@ Permissions 0644: * group: read * other: read `www-data` is hardcoded here but it should be the standard user for Apache and Nginx. \ -`SPT_ITEMS_PATH` is injected thanks to the pipeline level environment variables (see [Environment variables](#environment-variables)). \ No newline at end of file +`SPT_ITEMS_PATH` is injected thanks to the pipeline level environment variables (see [Environment variables](#environment-variables)). + +#### Initialize database +```yml +- name: Initialize database + uri: + url: "https://{{ lookup('env', 'SPT_ITEMS_HOSTNAME') }}/api/refresh" + method: GET + status_code: [200, 204] + timeout: 60 +``` +The call to `/api/refresh` fetches the data from AKI Server repository, `development` branch. \ No newline at end of file diff --git a/items/docs/workflow.png b/items/docs/workflow.png deleted file mode 100644 index 9600c54..0000000 Binary files a/items/docs/workflow.png and /dev/null differ