2021-10-30 12:27:50 -04:00
5 changed files with 61 additions and 78 deletions
--- a/.drone-docker.yml
+++ b/.drone-docker.yml
@ -1,5 +1,5 @@
 kind: pipeline
-type: docker
+type: kubernetes
 name: default

 concurrency:
@ -11,15 +11,12 @@ environment:
 trigger:
  event:
    - push
-    - promote
+  branch:
+    - master
+    - main
+    - development

 steps:
- name: fetch and update submodules to the latest commit
-  image: alpine/git
-  commands:
-  - git submodule init
-  - git submodule update --recursive --remote
-
 - name: replace hosts and user variables
  image: ubuntu:impish
  environment:
@ -30,9 +27,10 @@ steps:
    DEPLOYMENT_USER:
      from_secret: deploy_username
  commands:
-    -  sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./frontend/.env
-    -  sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible/inventory
-    -  sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible/inventory
+    -  sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./items/frontend/.env.example
+    -  mv ./items/frontend/.env.example ./items/frontend/.env
+    -  sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible-items/inventory
+    -  sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible-items/inventory

 - name: build frontend
  image: node:lts-alpine3.14
@ -40,25 +38,25 @@ steps:
    - node -v
    - npm -v
    - yarn --version
-    - yarn --cwd ./frontend install
-    - yarn --cwd ./frontend build --pure-lockfile
-    - rm -rf ./api/public/static/*
-    - mv ./frontend/build/* ./api/public
-    - rm ./api/public/index.html
+    - yarn --cwd ./items/frontend install
+    - yarn --cwd ./items/frontend build --pure-lockfile
+    - rm -rf ./items/api/public/static/*
+    - mv ./items/frontend/build/* ./items/api/public
+    - rm ./items/api/public/index.html

 - name: check ansible syntax
  image: plugins/ansible:3
  settings:
-    playbook: ./.ansible/playbook.yml
-    inventory: ./.ansible/inventory
-    galaxy: ./.ansible/requirements.yml
+    playbook: ./.ansible-items/playbook.yml
+    inventory: ./.ansible-items/inventory
+    galaxy: ./.ansible-items/requirements.yml
    syntax_check: true
 - name: apply ansible playbook
  image: plugins/ansible:3
  settings:
-    playbook: ./.ansible/playbook.yml
-    inventory: ./.ansible/inventory
-    galaxy: ./.ansible/requirements.yml
+    playbook: ./.ansible-items/playbook.yml
+    inventory: ./.ansible-items/inventory
+    galaxy: ./.ansible-items/requirements.yml
    private_key:
      from_secret: deploy_ssh_key
  environment:
@ -69,7 +67,6 @@ steps:
    DEPLOYMENT_USER:
      from_secret: deploy_username
  when:
-    event:
-      - promote
-    target:
-      - production
+    branch:
+      - master
+      - main
--- a/.drone-kubernetes.yml
+++ b/.drone-kubernetes.yml
@ -31,11 +31,6 @@ steps:
    -  mv ./items/frontend/.env.example ./items/frontend/.env
    -  sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible-items/inventory
    -  sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible-items/inventory
-  when:
-    branch:
-      - master
-      - main
-      - development

 - name: build frontend
  image: node:lts-alpine3.14
@ -48,11 +43,6 @@ steps:
    - rm -rf ./items/api/public/static/*
    - mv ./items/frontend/build/* ./items/api/public
    - rm ./items/api/public/index.html
-  when:
-    branch:
-      - master
-      - main
-      - development

 - name: check ansible syntax
  image: plugins/ansible:3
--- a/items/README.md
+++ b/items/README.md
@ -26,9 +26,6 @@
 ## The pipeline walkthrough
 see [Walkthrough.md](./docs/Walkthrough.md)

-## The pipeline details
-![workflow](./docs/workflow.png)
-
 ## Some enhancement ideas
 - Store the build so that it is not rebuilt on any `promote` event
 - Use a volume or a cache for Yarn install
--- a/items/docs/Walkthrough.md
+++ b/items/docs/Walkthrough.md
@ -58,22 +58,13 @@ Here are the environment variables. They are automatically injected in every ste
 trigger:
  event:
    - push
-    - promote
+  branch:
+    - master
+    - main
+    - development
 ```
-The pipeline is run on every push and every promote. Since the repository is *kind of*  a [trunk](https://trunkbaseddevelopment.com), I dont think we need branches policies. Most steps are executed on any push since we want to check that everything builds and is still valid (tests are not added yet). Only the deployment is protected behing the promotion to production.
-
+The pipeline is run on every push only on branches `master`, `main` and `development`. We want to check that every development on `development` branch is correct and deploy automatically when merged in `master`/`main`.
 ## Steps
-### Fetch and update submodules
-```yml
- name: fetch and update submodules to the latest commit
-  image: alpine/git
-  commands:
-  - git submodule init
-  - git submodule update --recursive --remote
-```
-Executed on every push. \
-Fetching and updating [submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) to the latest commit.
-
 ### Replace hosts and user variables
 ```yml
 - name: replace hosts and user variables
@ -86,9 +77,10 @@ Fetching and updating [submodules](https://git-scm.com/book/en/v2/Git-Tools-Subm
    DEPLOYMENT_USER:
      from_secret: deploy_username
  commands:
-    -  sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./frontend/.env
-    -  sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible/inventory
-    -  sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible/inventory
+    -  sed -i 's/{{ SPT_ITEMS_HOSTNAME }}/'"$SPT_ITEMS_HOSTNAME"'/g' ./items/frontend/.env.example
+    -  mv ./items/frontend/.env.example ./items/frontend/.env
+    -  sed -i 's/{{ DEPLOY_HOSTNAME }}/'"$DEPLOY_HOSTNAME"'/g' ./.ansible-items/inventory
+    -  sed -i 's/{{ DEPLOYMENT_USER }}/'"$DEPLOYMENT_USER"'/g' ./.ansible-items/inventory
 ```
 Executed on every push. \
 The following environment variables are injected using Drone secrets:
@ -107,11 +99,11 @@ The changes are never pushed and are discarded when the container/pod is termina
    - node -v
    - npm -v
    - yarn --version
-    - yarn --cwd ./frontend install
-    - yarn --cwd ./frontend build --pure-lockfile
-    - rm -rf ./api/public/static/*
-    - mv ./frontend/build/* ./api/public
-    - rm ./api/public/index.html
+    - yarn --cwd ./items/frontend install
+    - yarn --cwd ./items/frontend build --pure-lockfile
+    - rm -rf ./items/api/public/static/*
+    - mv ./items/frontend/build/* ./items/api/public
+    - rm ./items/api/public/index.html
 ```
 Executed on every push. \
 Since the PHP backend serves the ReactJS frontend, the former is built and moved in the latter.
@ -125,9 +117,9 @@ Notes:
 - name: check ansible syntax
  image: plugins/ansible:3
  settings:
-    playbook: ./.ansible/playbook.yml
-    inventory: ./.ansible/inventory
-    galaxy: ./.ansible/requirements.yml
+    playbook: ./.ansible-items/playbook.yml
+    inventory: ./.ansible-items/inventory
+    galaxy: ./.ansible-items/requirements.yml
    syntax_check: true
 ```
 Executed on every push. \
@ -138,9 +130,9 @@ Check the Ansible syntax in [playbook.yml](../.ansible/playbook.yml), [inventory
 - name: apply ansible playbook
  image: plugins/ansible:3
  settings:
-    playbook: ./.ansible/playbook.yml
-    inventory: ./.ansible/inventory
-    galaxy: ./.ansible/requirements.yml
+    playbook: ./.ansible-items/playbook.yml
+    inventory: ./.ansible-items/inventory
+    galaxy: ./.ansible-items/requirements.yml
    private_key:
      from_secret: deploy_ssh_key
  environment:
@ -151,10 +143,9 @@ Check the Ansible syntax in [playbook.yml](../.ansible/playbook.yml), [inventory
    DEPLOYMENT_USER:
      from_secret: deploy_username
  when:
-    event:
-      - promote
-    target:
-      - production
+    branch:
+      - master
+      - main
 ```
 Executed only on promotion to production. \
 This step actually deploys to the server. \
@ -168,9 +159,6 @@ The following environment variables are injected using Drone secrets:
 #### Playbook definition
 ```yml
 hosts: host
-become_user: root
-become: true
-become_method: sudo
 ```
 Uses the host defined in [inventory](../.ansible/inventory). Remember, the step [Replace hosts and user variables](#replace-hosts-and-user-variables) already replaced the variables at this point. The playbook will be executed as `root` user using `sudo`.

@ -188,7 +176,7 @@ Since the copy does not override the folder, this step takes care of it. \
 ```yml
 - name: Copy the project
  copy:
-    src: ../api/
+    src: ../items/api/
    dest: "{{ lookup('env', 'SPT_ITEMS_PATH') }}"
 ```
 Copies the whole project (frontend and backend) from the [api](../api) folder into the server.
@ -245,9 +233,9 @@ Uses [Jinja2](https://jinja2docs.readthedocs.io/en/stable/) to resolve the [temp
 - name: Reset files permissions
  file:
    path: "{{ lookup('env', 'SPT_ITEMS_PATH') }}"
-    owner: www-data
+    owner: "{{ lookup('env', 'DEPLOYMENT_USER') }}"
    group: www-data
-    mode: 0744
+    mode: 0774
    recurse: yes
 ```
 Permissions 0644:
@ -256,3 +244,14 @@ Permissions 0644:
    * other: read
 `www-data` is hardcoded here but it should be the standard user for Apache and Nginx. \
 `SPT_ITEMS_PATH` is injected thanks to the pipeline level environment variables (see [Environment variables](#environment-variables)).
+
+#### Initialize database
+```yml
+- name: Initialize database
+  uri:
+    url: "https://{{ lookup('env', 'SPT_ITEMS_HOSTNAME') }}/api/refresh"
+    method: GET
+    status_code: [200, 204]
+    timeout: 60
+```
+The call to `/api/refresh` fetches the data from AKI Server repository, `development` branch.
--- a/items/docs/workflow.png
+++ b/items/docs/workflow.png