Automatically deploy pull requests for testing #8
21
.gitea/workflows/cleanup-branch.yaml
Normal file
21
.gitea/workflows/cleanup-branch.yaml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
name: Clean up branch.dsv.su.se
|
||||
on:
|
||||
pull_request:
|
||||
types:
|
||||
- closed
|
||||
jobs:
|
||||
Cleanup-branch:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Generate mangled vhost name
|
||||
id: mangled-name
|
||||
run: |
|
||||
MANGLED_BRANCH_NAME="$(echo ${{ gitea.headref}} | sed -r -e 's%/%-%g' -e 's/[^0-9a-z\-]//g')"
|
||||
echo $MANGLED_BRANCH_NAME
|
||||
echo "MANGLED_NAME=$MANGLED_BRANCH_NAME" >> "$GITHUB_OUTPUT"
|
||||
- name: Set up SSH key
|
||||
run: |
|
||||
echo "${{ secrets.BRANCH_CLEANUP_KEY }}" >> ssh_key
|
||||
chmod 0600 ssh_key
|
||||
- name: Execute clean up script
|
||||
run: echo "${{ gitea.serverurl }}/${{ gitea.repository }}.git ${{ gitea.headref }} ${{ steps.mangled-name.outputs.MANGLED_NAME }}" | ssh -o StrictHostKeyChecking=accept-new -i ssh_key branch.dsv.su.se
|
||||
37
.gitea/workflows/deploy-branch.yaml
Normal file
37
.gitea/workflows/deploy-branch.yaml
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
name: Deploy to branch.dsv.su.se
|
||||
on:
|
||||
pull_request:
|
||||
types:
|
||||
- opened
|
||||
- reopened
|
||||
- ready_for_review
|
||||
jobs:
|
||||
Deploy-branch:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Generate mangled vhost name
|
||||
id: mangled-name
|
||||
run: |
|
||||
MANGLED_BRANCH_NAME="$(echo ${{ gitea.headref}} | sed -r -e 's%/%-%g' -e 's/[^0-9a-z\-]//g')"
|
||||
echo $MANGLED_BRANCH_NAME
|
||||
echo "MANGLED_NAME=$MANGLED_BRANCH_NAME" >> "$GITHUB_OUTPUT"
|
||||
- name: Set up SSH key
|
||||
run: |
|
||||
echo "${{ secrets.BRANCH_DEPLOY_KEY }}" >> ssh_key
|
||||
chmod 0600 ssh_key
|
||||
- name: Execute deploy script
|
||||
run: echo "${{ gitea.serverurl }}/${{ gitea.repository }}.git ${{ gitea.headref }} ${{ steps.mangled-name.outputs.MANGLED_NAME }}" | ssh -o StrictHostKeyChecking=accept-new -i ssh_key branch.dsv.su.se
|
||||
- name: Post URL to deployment as comment
|
||||
uses: actions/github-script@v7
|
||||
env:
|
||||
MANGLED_BRANCH_NAME: ${{ steps.mangled-name.outputs.MANGLED_NAME }}
|
||||
with:
|
||||
script: |
|
||||
const repositoryName = context.repo.repo;
|
||||
const mangledBranchName = process.env.MANGLED_BRANCH_NAME;
|
||||
github.rest.issues.createComment({
|
||||
issue_number: context.issue.number,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
body: `https://${repositoryName}-${mangledBranchName}.branch.dsv.su.se`
|
||||
})
|
||||
|
|
@ -17,3 +17,5 @@ FROM tomcat:10-jdk21-openjdk-bookworm as run
|
|||
LABEL authors="thuning"
|
||||
|
||||
COPY --from=build /build/target/*.war /usr/local/tomcat/webapps/ROOT.war
|
||||
|
||||
EXPOSE 8080
|
||||
|
|
|
|||
57
docker-compose-branch.yml
Normal file
57
docker-compose-branch.yml
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
services:
|
||||
whisper-api:
|
||||
build:
|
||||
context: .
|
||||
environment:
|
||||
- DBHOST=jdbc:mariadb://whisper-api-db:3306/whisper_api
|
||||
- DBUSER=root
|
||||
- DBPASS=mariadb
|
||||
- OAUTH2_CLIENT_ID=whisper-frontend
|
||||
- OAUTH2_CLIENT_SECRET=s3cr3t
|
||||
- OAUTH2_AUTH_URI=https://oauth2-${VHOST}/authorize
|
||||
- OAUTH2_TOKEN_URI=https://oauth2-${VHOST}/exchange
|
||||
- OAUTH2_USER_INFO_URI=https://oauth2-${VHOST}/verify
|
||||
depends_on:
|
||||
- whisper-api-db
|
||||
- whisper-api-oauth2
|
||||
networks:
|
||||
- whisper-network
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${VHOST}`)"
|
||||
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=secure"
|
||||
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"
|
||||
|
||||
whisper-api-db:
|
||||
image: mariadb
|
||||
restart: on-failure
|
||||
networks:
|
||||
- whisper-network
|
||||
environment:
|
||||
- MARIADB_ROOT_PASSWORD=mariadb
|
||||
- MARIADB_DATABASE=whisper_api
|
||||
- MYSQL_ROOT_HOST=%
|
||||
|
||||
whisper-api-oauth2:
|
||||
build:
|
||||
context: https://github.com/dsv-su/toker.git
|
||||
dockerfile: embedded.Dockerfile
|
||||
restart: on-failure
|
||||
networks:
|
||||
- traefik
|
||||
environment:
|
||||
CLIENT_ID: whisper-frontend
|
||||
CLIENT_SECRET: s3cr3t
|
||||
CLIENT_REDIRECT_URI: https://${VHOST}/login/oauth2/code/su
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.rule=Host(`oauth2-${VHOST}`)"
|
||||
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.entrypoints=secure"
|
||||
- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.tls.certresolver=letsencrypt"
|
||||
|
||||
networks:
|
||||
whisper-network:
|
||||
traefik:
|
||||
name: traefik
|
||||
external: true
|
||||
|
|
@ -2,10 +2,13 @@ package se.su.dsv.whisperapi;
|
|||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.web.filter.ForwardedHeaderFilter;
|
||||
|
||||
@SpringBootApplication
|
||||
public class WhisperApiApplication {
|
||||
|
|
@ -21,4 +24,11 @@ public class WhisperApiApplication {
|
|||
.oauth2Login(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean<ForwardedHeaderFilter> forwardedHeaderFilter() {
|
||||
var filterRegistrationBean = new FilterRegistrationBean<>(new ForwardedHeaderFilter());
|
||||
filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
|
||||
return filterRegistrationBean;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user