From 9d636b00a6648e49e0ce508c4ada72ebec3ef6fd Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 12:13:22 +0100 Subject: [PATCH 01/14] Automatically deploy PR --- .gitea/workflows/deploy-branch.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .gitea/workflows/deploy-branch.yaml diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml new file mode 100644 index 0000000..ebc16ae --- /dev/null +++ b/.gitea/workflows/deploy-branch.yaml @@ -0,0 +1,12 @@ +name: Deploy to branch.dsv.su.se +on: pull_request + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@fce8e6274715bb34bd3981bb68a616ab99b7f80a + with: + gitea-token: ${{ secrets.GITEA_TOKEN }} + ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} + compose-file: 'compose.yaml' -- 2.39.5 From a1dc7b273d02c916c8c8191a7992fb7f19a40c3b Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 12:54:32 +0100 Subject: [PATCH 02/14] Errors out if the directory does not exist. --- compose.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose.yaml b/compose.yaml index 813710a..77336cb 100644 --- a/compose.yaml +++ b/compose.yaml @@ -24,11 +24,11 @@ services: interval: 3s timeout: 1s retries: 5 - volumes: - - type: bind - source: ./db/ - target: /docker-entrypoint-initdb.d/ - read_only: true +# volumes: +# - type: bind +# source: ./db/ +# target: /docker-entrypoint-initdb.d/ +# read_only: true oauth2: build: -- 2.39.5 From 8860aa7b789528cd9d8890c8bd54d57891a5f035 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:01:53 +0100 Subject: [PATCH 03/14] Fix u+x --- mvnw | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 mvnw diff --git a/mvnw b/mvnw old mode 100644 new mode 100755 -- 2.39.5 From 7c0d86b1b2dc184577b50ef9a832d3d2d1ee1d72 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:02:17 +0100 Subject: [PATCH 04/14] Post URL after deploying --- .gitea/workflows/deploy-branch.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index ebc16ae..cf58c15 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -5,8 +5,22 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@fce8e6274715bb34bd3981bb68a616ab99b7f80a + - id: deploy + uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@fce8e6274715bb34bd3981bb68a616ab99b7f80a with: gitea-token: ${{ secrets.GITEA_TOKEN }} ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} compose-file: 'compose.yaml' + - name: Post URL to deployment as comment + uses: actions/github-script@v7 + env: + BRANCH_URL: ${{ steps.deploy.outputs.url }} + with: + script: | + const url = process.env.BRANCH_URL; + github.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `Deployed to ${url}` + }) -- 2.39.5 From 7cef43535c983a41a41e1ffc1b2f6a1a0bc42fd4 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:06:47 +0100 Subject: [PATCH 05/14] New action version --- .gitea/workflows/deploy-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index cf58c15..b060661 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - id: deploy - uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@fce8e6274715bb34bd3981bb68a616ab99b7f80a + uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@213ce70f50f2699510976d7305899fb2c92f5e11 with: gitea-token: ${{ secrets.GITEA_TOKEN }} ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} -- 2.39.5 From fc2026fa9a5050bf731570a67209a1125dba2271 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:10:09 +0100 Subject: [PATCH 06/14] New action version --- .gitea/workflows/deploy-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index b060661..ca6aadd 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - id: deploy - uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@213ce70f50f2699510976d7305899fb2c92f5e11 + uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@6fea6eff5c5014fc8c2c413f9c28f3592ce84ce2 with: gitea-token: ${{ secrets.GITEA_TOKEN }} ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} -- 2.39.5 From 4e405ad276ae4bbdc7f7a3a4dfe3cd5487e5681e Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:13:05 +0100 Subject: [PATCH 07/14] Fix posting comment --- .gitea/workflows/deploy-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index ca6aadd..7779e35 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -18,7 +18,7 @@ jobs: with: script: | const url = process.env.BRANCH_URL; - github.issues.createComment({ + github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, -- 2.39.5 From 958cfbb49be297d254090863c609ace6803744b0 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:36:01 +0100 Subject: [PATCH 08/14] Hook into Traefik for routing --- .gitea/workflows/deploy-branch.yaml | 2 +- compose-branch.yaml | 47 +++++++++++++++++++++++ compose.yaml | 4 ++ src/main/resources/application-docker.yml | 6 +-- 4 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 compose-branch.yaml diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index 7779e35..9e10620 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -10,7 +10,7 @@ jobs: with: gitea-token: ${{ secrets.GITEA_TOKEN }} ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} - compose-file: 'compose.yaml' + compose-file: 'compose-branch.yaml' - name: Post URL to deployment as comment uses: actions/github-script@v7 env: diff --git a/compose-branch.yaml b/compose-branch.yaml new file mode 100644 index 0000000..6e7fb40 --- /dev/null +++ b/compose-branch.yaml @@ -0,0 +1,47 @@ +services: + web: + extends: + file: compose.yaml + service: web + depends_on: + db: + condition: service_healthy + networks: + - blog-network + - traefik + environment: + - OAUTH2_AUTHORIZATION_URI=https://oauth2-${VHOST}/authorize + - OAUTH2_TOKEN_URI=https://oauth2-${VHOST}/exchange + - OAUTH2_USER_INFO_URI=https://oauth2-${VHOST}/verify + labels: + - "traefik.enable=true" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${VHOST}`)" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=secure" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt" + + db: + extends: + file: compose.yaml + service: db + networks: + - blog-network + + oauth2: + extends: + file: compose.yaml + service: oauth2 + networks: + - traefik + environment: + CLIENT_REDIRECT_URI: https://${VHOST}/login/oauth2/code/local + labels: + - "traefik.enable=true" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.rule=Host(`oauth2-${VHOST}`)" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.entrypoints=secure" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.tls.certresolver=letsencrypt" + +networks: + blog-network: + traefik: + name: traefik + external: true diff --git a/compose.yaml b/compose.yaml index 77336cb..8ef11d7 100644 --- a/compose.yaml +++ b/compose.yaml @@ -8,6 +8,10 @@ services: restart: always ports: - "8080:8080" + environment: + - OAUTH2_AUTHORIZATION_URI=http://localhost:59999/authorize # exposed port since browser has to access + - OAUTH2_TOKEN_URI=http://oauth2:8080/exchange # inside the docker network + - OAUTH2_USER_INFO_URI=http://oauth2:8080/verify db: image: mariadb:latest diff --git a/src/main/resources/application-docker.yml b/src/main/resources/application-docker.yml index 52d5d44..78c648c 100644 --- a/src/main/resources/application-docker.yml +++ b/src/main/resources/application-docker.yml @@ -8,9 +8,9 @@ spring: client: provider: embedded-toker: - authorization-uri: http://localhost:59999/authorize # exposed port since browser has to access - token-uri: http://oauth2:8080/exchange # inside the docker network - user-info-uri: http://oauth2:8080/verify + authorization-uri: ${OAUTH2_AUTHORIZATION_URI} + token-uri: ${OAUTH2_TOKEN_URI} + user-info-uri: ${OAUTH2_USER_INFO_URI} user-name-attribute: sub registration: local: -- 2.39.5 From 06d493e720c44c6adb5a6ab35b229a2fa11cecff Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:40:52 +0100 Subject: [PATCH 09/14] Documentation lies and extend depends_on fails instead of ignores --- compose-branch.yaml | 6 +++--- compose-parent.yaml | 40 ++++++++++++++++++++++++++++++++++++++++ compose.yaml | 44 +++++++++----------------------------------- 3 files changed, 52 insertions(+), 38 deletions(-) create mode 100644 compose-parent.yaml diff --git a/compose-branch.yaml b/compose-branch.yaml index 6e7fb40..78ac9b7 100644 --- a/compose-branch.yaml +++ b/compose-branch.yaml @@ -1,7 +1,7 @@ services: web: extends: - file: compose.yaml + file: compose-parent.yaml service: web depends_on: db: @@ -21,14 +21,14 @@ services: db: extends: - file: compose.yaml + file: compose-parent.yaml service: db networks: - blog-network oauth2: extends: - file: compose.yaml + file: compose-parent.yaml service: oauth2 networks: - traefik diff --git a/compose-parent.yaml b/compose-parent.yaml new file mode 100644 index 0000000..03ae2ab --- /dev/null +++ b/compose-parent.yaml @@ -0,0 +1,40 @@ +services: + web: + build: + context: . + restart: always + ports: + - "8080:8080" + + db: + image: mariadb:latest + restart: always + environment: + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + MARIADB_ROOT_HOST: "localhost" + MARIADB_DATABASE: "branch" + MARIADB_USER: "branch" + MARIADB_PASSWORD: "branch" + healthcheck: + test: ["CMD", "healthcheck.sh", "--connect"] + start_period: 5s + interval: 3s + timeout: 1s + retries: 5 +# volumes: +# - type: bind +# source: ./db/ +# target: /docker-entrypoint-initdb.d/ +# read_only: true + + oauth2: + build: + context: https://github.com/dsv-su/toker.git + dockerfile: embedded.Dockerfile + restart: always + ports: + - '59999:8080' + environment: + - CLIENT_ID=blog + - CLIENT_SECRET=s3cr3t + diff --git a/compose.yaml b/compose.yaml index 8ef11d7..e356310 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,47 +1,21 @@ services: web: - build: - context: . - depends_on: - db: - condition: service_healthy - restart: always - ports: - - "8080:8080" + extends: + file: compose-parent.yaml + service: web environment: - OAUTH2_AUTHORIZATION_URI=http://localhost:59999/authorize # exposed port since browser has to access - OAUTH2_TOKEN_URI=http://oauth2:8080/exchange # inside the docker network - OAUTH2_USER_INFO_URI=http://oauth2:8080/verify db: - image: mariadb:latest - restart: always - environment: - MARIADB_RANDOM_ROOT_PASSWORD: "yes" - MARIADB_ROOT_HOST: "localhost" - MARIADB_DATABASE: "branch" - MARIADB_USER: "branch" - MARIADB_PASSWORD: "branch" - healthcheck: - test: ["CMD", "healthcheck.sh", "--connect"] - start_period: 5s - interval: 3s - timeout: 1s - retries: 5 -# volumes: -# - type: bind -# source: ./db/ -# target: /docker-entrypoint-initdb.d/ -# read_only: true + extends: + file: compose-parent.yaml + service: db oauth2: - build: - context: https://github.com/dsv-su/toker.git - dockerfile: embedded.Dockerfile - restart: always - ports: - - '59999:8080' + extends: + file: compose-parent.yaml + service: oauth2 environment: - - CLIENT_ID=blog - - CLIENT_SECRET=s3cr3t - CLIENT_REDIRECT_URI=http://localhost:8080/login/oauth2/code/local -- 2.39.5 From 309d19af2903924d6a08994b37a78f15461ff1e1 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 13:49:22 +0100 Subject: [PATCH 10/14] Handle X-Forwarded-* headers --- .../dsv/branchdeploytesting/BlogApplication.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/main/java/se/su/dsv/branchdeploytesting/BlogApplication.java b/src/main/java/se/su/dsv/branchdeploytesting/BlogApplication.java index 0dd3dd9..ac6d1ff 100644 --- a/src/main/java/se/su/dsv/branchdeploytesting/BlogApplication.java +++ b/src/main/java/se/su/dsv/branchdeploytesting/BlogApplication.java @@ -2,11 +2,14 @@ package se.su.dsv.branchdeploytesting; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; +import org.springframework.core.Ordered; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.web.filter.ForwardedHeaderFilter; @SpringBootApplication @EnableWebSecurity @@ -23,4 +26,15 @@ public class BlogApplication { return http.build(); } + /** + * Spring runs on HTTP and is protected by a HTTPS proxy. + * This filter takes the `X-Forwarded-*` headers and updates the request to reflect the original HTTP request. + */ + @Bean + public FilterRegistrationBean forwardedHeaderFilter() { + var filterRegistrationBean = new FilterRegistrationBean<>(new ForwardedHeaderFilter()); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } + } -- 2.39.5 From 4576338ec152f9c7cce2e3fe6a346ec45dd2e224 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Wed, 30 Oct 2024 15:32:03 +0100 Subject: [PATCH 11/14] Remove explicit entry point --- compose-branch.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/compose-branch.yaml b/compose-branch.yaml index 78ac9b7..ff527dd 100644 --- a/compose-branch.yaml +++ b/compose-branch.yaml @@ -16,7 +16,6 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${VHOST}`)" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=secure" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt" db: @@ -37,7 +36,6 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.rule=Host(`oauth2-${VHOST}`)" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.entrypoints=secure" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.tls.certresolver=letsencrypt" networks: -- 2.39.5 From 05d11475b3c0a517fbb862223aa3f0d29f659b57 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Thu, 31 Oct 2024 14:31:54 +0100 Subject: [PATCH 12/14] Update deploy action --- .gitea/workflows/deploy-branch.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index 9e10620..4ba101b 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest steps: - id: deploy - uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@6fea6eff5c5014fc8c2c413f9c28f3592ce84ce2 + uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@e2788b9321d1e64cd8c2148e1a1a30724c29c7a1 with: gitea-token: ${{ secrets.GITEA_TOKEN }} ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} -- 2.39.5 From 785faaacbb47589ea7290074f579ad729907e86a Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Thu, 31 Oct 2024 14:32:04 +0100 Subject: [PATCH 13/14] Only post URL when PR is opened --- .gitea/workflows/deploy-branch.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index 4ba101b..99c2d73 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -13,6 +13,7 @@ jobs: compose-file: 'compose-branch.yaml' - name: Post URL to deployment as comment uses: actions/github-script@v7 + if: github.event.action == 'opened' env: BRANCH_URL: ${{ steps.deploy.outputs.url }} with: -- 2.39.5 From 3cdce10db1730ab35220ce06166078c0db3a0298 Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Mon, 25 Nov 2024 13:03:01 +0100 Subject: [PATCH 14/14] Test cleanup --- .gitea/workflows/cleanup-branch.yaml | 14 ++++++++++++++ .gitea/workflows/deploy-branch.yaml | 8 ++++---- 2 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 .gitea/workflows/cleanup-branch.yaml diff --git a/.gitea/workflows/cleanup-branch.yaml b/.gitea/workflows/cleanup-branch.yaml new file mode 100644 index 0000000..d81565a --- /dev/null +++ b/.gitea/workflows/cleanup-branch.yaml @@ -0,0 +1,14 @@ +name: Cleanup branch.dsv.su.se +on: + pull_request: + types: [closed] + +jobs: + cleanup: + runs-on: ubuntu-latest + steps: + - id: cleanup + uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@510ddaa0b9507c6c1bc288582ef6e23b8b5b6089 + with: + compose-file: 'compose-branch.yaml' + mode: 'cleanup' diff --git a/.gitea/workflows/deploy-branch.yaml b/.gitea/workflows/deploy-branch.yaml index 99c2d73..4099b9e 100644 --- a/.gitea/workflows/deploy-branch.yaml +++ b/.gitea/workflows/deploy-branch.yaml @@ -1,15 +1,15 @@ name: Deploy to branch.dsv.su.se -on: pull_request +on: + pull_request: + types: [opened, reopened, synchronize] jobs: deploy: runs-on: ubuntu-latest steps: - id: deploy - uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@e2788b9321d1e64cd8c2148e1a1a30724c29c7a1 + uses: https://gitea.dsv.su.se/ansv7779/action-branch-deploy@510ddaa0b9507c6c1bc288582ef6e23b8b5b6089 with: - gitea-token: ${{ secrets.GITEA_TOKEN }} - ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }} compose-file: 'compose-branch.yaml' - name: Post URL to deployment as comment uses: actions/github-script@v7 -- 2.39.5