diff --git a/.forgejo/workflows/build-docker-image.yaml b/.forgejo/workflows/build-docker-image.yaml new file mode 100644 index 0000000..db89033 --- /dev/null +++ b/.forgejo/workflows/build-docker-image.yaml @@ -0,0 +1,66 @@ +name: Publish image +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + create-docker-images: + runs-on: host + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + registry: git.alecodes.page + username: ${{ vars.CONTAINER_REGISTRY_USER }} + password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64 + push: true + file: ./docker/Dockerfile + tags: | + git.alecodes.page/alecodes/index:latest + git.alecodes.page/alecodes/index:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: + - create-docker-images + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: 'Docker Stack Deploy' + uses: https://github.com/cssnr/stack-deploy-action@v1 + with: + host: ${{ vars.DOCKER_SWARM_HOST }} + port: ${{ vars.DOCKER_SWARM_PORT }} + user: ${{ secrets.DOCKER_SWARM_USER }} + ssh_key: '${{ secrets.DOCKER_SWARM_SSH_KEY }}' + file: 'docker/docker-stack.yaml' + name: 'index' + + rebase: + runs-on: ubuntu-latest + needs: deploy + if: success() + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' + ref: content-update + + - name: Update branch + run: | + set -x + git config --global user.name "robo" + git config --global user.email "robo@alecodes.page" + git rebase origin/main + git push origin content-update --force-with-lease diff --git a/docker/Dockerfile b/docker/Dockerfile index 0fdea99..61d4a80 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,12 +1,16 @@ FROM ghcr.io/linuxcontainers/debian-slim:latest -COPY --from=ghcr.io/amacneil/dbmate /usr/local/bin/dbmate /usr/local/bin/dbmate +COPY --from=ghcr.io/amacneil/dbmate:main /usr/local/bin/dbmate /usr/local/bin/dbmate COPY --from=lovasoa/sqlpage:main /usr/local/bin/sqlpage /usr/local/bin/sqlpage WORKDIR /app ENV SQLPAGE_WEB_ROOT=/app ENV SQLPAGE_CONFIGURATION_DIRECTORY=/app/sqlpage +ENV DB_DRIVER= +ENV DB_USER= +ENV DB_NAME= +ENV DB_PASSWORD_FILE= RUN addgroup --gid 1000 --system index_user && \ adduser --uid 1000 --system --no-create-home --ingroup index_user index_user && \ @@ -15,7 +19,12 @@ RUN addgroup --gid 1000 --system index_user && \ chown -R index_user:index_user /etc/sqlpage/sqlpage.db COPY --chown=index_user:index_user ./src /app +COPY --chown=index_user:index_user ./docker/entrypoint.sh /usr/bin/entrypoint.sh + +RUN chmod a+x /usr/bin/entrypoint.sh USER index_user +ENTRYPOINT ["/usr/bin/entrypoint.sh"] + CMD /usr/local/bin/sqlpage diff --git a/docker/docker-stack.yaml b/docker/docker-stack.yaml new file mode 100644 index 0000000..65e898c --- /dev/null +++ b/docker/docker-stack.yaml @@ -0,0 +1,50 @@ +services: + index: + image: git.alecodes.page/alecodes/index:${GITHUB_SHA:-latest} + networks: + - reverse_proxy + - default + secrets: + - index_db_pass + environment: + SQLPAGE_WEB_ROOT: /app + DB_DRIVER: postgres + DB_USER: index + DB_NAME: index + DB_PASSWORD_FILE: /run/secrets/index_db_pass + deploy: + rollback_config: + failure_action: continue + update_config: + delay: 2s + failure_action: rollback + order: start-first + placement: + constraints: + - node.labels.services_kind==projects + labels: + - traefik.enable=true + - traefik.http.routers.index.rule=Host(`alecodes.page`) + - traefik.http.services.index.loadbalancer.server.port=3000 + + db: + image: postgres:17 + secrets: + - index_db_pass + environment: + POSTGRES_USER: index + POSTGRES_DB: index + POSTGRES_PASSWORD_FILE: /run/secrets/index_db_pass + volumes: + - db_data:/var/lib/postgresql/data + +volumes: + db_data: + +networks: + reverse_proxy: + external: true + +secrets: + index_db_pass: + external: true diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 0000000..c793611 --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +if [[ -e $DB_PASSWORD_FILE ]]; then + DB_PASSWORD=$(cat $DB_PASSWORD_FILE) +fi + +export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@db:5432/${DB_DB}?sslmode=disable" + +echo $DATABASE_URL + +exec "$@"