update staging files

.github/workflows/cd.yml

@@ -1,21 +1,30 @@
 name: CD
 
-on: [workflow_dispatch, pull_request, push]
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - 'master'
 
 jobs:
  cd:
+ if: |
+ github.event_name == 'push' || (
+ github.event_name == 'workflow_dispatch' &&
+ contains(fromJSON(vars.PROJECT_ADMINS), github.actor)
+ )
  runs-on: ubuntu-latest
  steps:
  - name: Checkout
  uses: actions/checkout@v3
-
- - name: Decode private key file
+ - name: Generate .env for staging vm from github secrets
  run: |
  echo "${{secrets.PRODUCTION_DOT_ENV_FILE}}" > .env
+ - name: Decode private key file for OpenSSH access over Ansible
+ run: |
  echo "${{secrets.SSH_PRIVATE_KEY}}" | base64 --decode > "private.pem"
  chmod 400 private.pem
-
- - name: Run CD playbook
+ - name: Run playbook for deployment
  uses: dawidd6/action-ansible-playbook@v2
  with:
  playbook: deploy.yml
@@ -24,6 +33,7 @@ jobs:
  hosts:
  staging:
  ansible_host: staging.pycon.tw
- ansible_user: changchaishi
+ ansible_user: "${{secrets.GCE_USERNAME}}"
+ # secret file generated from previous step
  ansible_ssh_private_key_file: private.pem
  ansible_python_interpreter: /home/dev/.pyenv/shims/python

deploy.yml

@@ -1,25 +1,26 @@
 ---
-- name: Check services
+- name: Deploy project to staging machine
  hosts: staging
- # need to use become since I'm connecting using personal private key
+ # escalate privilege
  become: true
- # switch user as dev
  become_user: dev
  vars:
  project_dir: /home/dev/web-projects/pycontw-2023-ansible
 
  tasks:
- - name: Ensure that Docker for python is present (docker in pip)
+ - name: Dependencies check dor docker and docker-compose in remote server
  community.general.python_requirements_info:
  dependencies:
  - docker
+ - docker-compose
 
- - name: Create a directory if it does not exist
+ - name: Create project directory (if not exist)
  ansible.builtin.file:
  path: "{{ project_dir }}"
  state: directory
 
- - name: Copy entire project files to remote server
+ # Copy project files to remote server (.env is included)
+ - name: Copy project files to remote server
  ansible.posix.synchronize:
  src: ./
  dest: "{{ project_dir }}"
@@ -33,5 +34,4 @@
  community.docker.docker_compose:
  project_src: "{{ project_dir }}"
  build: true
- # try to build first, without up the service
- state: absent
+ state: present

docker-compose-staging.yml

@@ -0,0 +1,47 @@
+version: "3.5"
+services:
+ web:
+ build: .
+ container_name: pycontw-2023-ansible
+ image: pycontw-2023_web-ansible
+ hostname: pycontw-2023
+ entrypoint: ""
+ command:
+ # Hacky script for quick demonstration purpose
+ - bash
+ - -c
+ - |
+ set -o errexit -o nounset -o pipefail
+ python3 manage.py compilemessages
+ python3 manage.py migrate
+ python3 manage.py collectstatic --no-input
+
+ exec uwsgi --http-socket :8000 \
+ --master \
+ --hook-master-start "unix_signal:15 gracefully_kill_them_all" \
+ --static-map /static=assets \
+ --static-map /media=media \
+ --mount /prs=pycontw2016/wsgi.py \
+ --manage-script-name \
+ --offload-threads 2
+ restart: always
+ environment:
+ # Save us from having to type `--setting=pycontw2016.settings.production`
+ DJANGO_SETTINGS_MODULE: pycontw2016.settings.production.pycontw2023
+ SCRIPT_NAME: /prs
+ SECRET_KEY: ${SECRET_KEY}
+ DATABASE_URL: ${DATABASE_URL}
+ EMAIL_URL: ${EMAIL_URL}
+ DSN_URL: ${DSN_URL}
+ GTM_TRACK_ID: ${GTM_TRACK_ID}
+ SLACK_WEBHOOK_URL: ${SLACK_WEBHOOK_URL}
+
+ volumes:
+ - ${MEDIA_ROOT}:/usr/local/app/src/media
+ networks:
+ - network
+
+networks:
+ network:
+ external: true
+ name: network-2023

docker-compose.yml

@@ -2,8 +2,7 @@ version: "3.5"
 services:
  web:
  build: .
- container_name: pycontw-2023-ansible
- image: pycontw-2023_web-ansible
+ container_name: pycontw-2023
  hostname: pycontw-2023
  entrypoint: ""
  command: