lborv/few-line-engine
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Wiki Activity

ci/cd #12

Merged
lborv merged 4 commits from ci/cd into develop 2025-10-14 11:13:44 +00:00
Conversation 0 Commits 4 Files Changed 5 +813
4 changed files with 813 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ff664c2086 - Show all commits

30
.gitea/workflows/deploy-testing.yml
View File

@ -10,7 +10,7 @@ jobs:
deploy: deploy:
name: Deploy to Testing Server name: Deploy to Testing Server
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event.pull_request.merged == false # Только для открытых PR if: github.event.pull_request.merged == false # Only for open PRs
steps: steps:
- name: Checkout code - name: Checkout code
@ -49,14 +49,14 @@ jobs:
key: ${{ secrets.TESTING_SERVER_SSH_KEY }} key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
port: ${{ secrets.TESTING_SERVER_PORT || 22 }} port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
script: | script: |
# Создаем директорию для приложения если её нет # Create application directory if it doesn't exist
mkdir -p /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }} mkdir -p /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }}
cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }} cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }}
# Останавливаем существующие контейнеры если они есть # Stop existing containers if they exist
docker-compose down || true docker-compose down || true
# Удаляем старые образы # Remove old images
docker image prune -f || true docker image prune -f || true
- name: Copy files to server - name: Copy files to server
@ -79,10 +79,10 @@ jobs:
script: | script: |
cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }} cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }}
# Загружаем Docker образ # Load Docker image
gunzip -c low-code-engine-testing.tar.gz | docker load gunzip -c low-code-engine-testing.tar.gz | docker load
# Создаем .env файл для тестового окружения # Create .env file for testing environment
cat > .env << EOF cat > .env << EOF
NODE_ENV=testing NODE_ENV=testing
DB_ROOT_PASSWORD=${{ secrets.TESTING_DB_ROOT_PASSWORD }} DB_ROOT_PASSWORD=${{ secrets.TESTING_DB_ROOT_PASSWORD }}
@ -95,7 +95,7 @@ jobs:
REDIS_PORT=6379 REDIS_PORT=6379
EOF EOF
# Создаем docker-compose.override.yml для тестового окружения # Create docker-compose.override.yml for testing environment
cat > docker-compose.override.yml << EOF cat > docker-compose.override.yml << EOF
version: "3.8" version: "3.8"
services: services:
@ -125,16 +125,16 @@ jobs:
- "${{ vars.TESTING_BASE_REDIS_PORT || 6379 }}${{ github.event.pull_request.number }}:6379" - "${{ vars.TESTING_BASE_REDIS_PORT || 6379 }}${{ github.event.pull_request.number }}:6379"
EOF EOF
# Запускаем контейнеры # Start containers
docker-compose up -d docker-compose up -d
# Ждем пока база данных запустится # Wait for database to start
sleep 30 sleep 30
# Запускаем миграции # Run migrations
docker-compose exec -T app yarn migration:run || true docker-compose exec -T app yarn migration:run || true
# Проверяем статус контейнеров # Check container status
docker-compose ps docker-compose ps
- name: Health check - name: Health check
@ -147,7 +147,7 @@ jobs:
script: | script: |
cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }} cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }}
# Проверяем доступность приложения # Check application availability
APP_PORT=${{ vars.TESTING_BASE_PORT || 3000 }}${{ github.event.pull_request.number }} APP_PORT=${{ vars.TESTING_BASE_PORT || 3000 }}${{ github.event.pull_request.number }}
for i in {1..10}; do for i in {1..10}; do
@ -213,13 +213,13 @@ jobs:
script: | script: |
cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }} cd /opt/low-code-engine/testing-pr-${{ github.event.pull_request.number }}
# Останавливаем и удаляем контейнеры # Stop and remove containers
docker-compose down -v || true docker-compose down -v || true
# Удаляем Docker образ # Remove Docker image
docker rmi low-code-engine:testing-${{ github.event.pull_request.number }} || true docker rmi low-code-engine:testing-${{ github.event.pull_request.number }} || true
# Удаляем директорию развертывания # Remove deployment directory
cd .. cd ..
rm -rf testing-pr-${{ github.event.pull_request.number }} rm -rf testing-pr-${{ github.event.pull_request.number }}

237
.gitea/workflows/test-deployment.yml
View File

@ -1,237 +0,0 @@
name: Test Deployment Workflow
# Этот workflow можно запустить вручную для тестирования процесса развертывания
on:
workflow_dispatch:
inputs:
pr_number:
description: "PR number to simulate"
required: true
default: "999"
type: string
cleanup:
description: "Run cleanup after deployment"
required: false
default: false
type: boolean
jobs:
test-deployment:
name: Test Deployment Process
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "18"
cache: "yarn"
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Run tests
run: |
# Add your test commands here
echo "Running tests..."
yarn lint:check || echo "Linting completed with warnings"
- name: Build application
run: yarn build
- name: Build Docker image
run: |
docker build -t low-code-engine:test-${{ inputs.pr_number }} .
echo "Docker image built successfully"
- name: Test Docker image
run: |
# Test that the image runs correctly
docker run -d --name test-app -p 3000:3000 low-code-engine:test-${{ inputs.pr_number }}
sleep 10
# Try to connect to the app
if curl -f http://localhost:3000/health > /dev/null 2>&1; then
echo "✅ Application is responding"
else
echo "❌ Application is not responding"
docker logs test-app
fi
docker stop test-app
docker rm test-app
- name: Save Docker image
run: |
docker save low-code-engine:test-${{ inputs.pr_number }} | gzip > low-code-engine-test.tar.gz
ls -lh low-code-engine-test.tar.gz
- name: Test SSH connection
if: ${{ secrets.TESTING_SERVER_HOST }}
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.TESTING_SERVER_HOST }}
username: ${{ secrets.TESTING_SERVER_USER }}
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
script: |
echo "✅ SSH connection successful"
echo "Server info:"
uname -a
docker --version
docker-compose --version
df -h /opt/low-code-engine
echo "Available ports for testing:"
netstat -tln | grep ":30[0-9][0-9]" | head -5 || echo "No testing ports in use"
- name: Test file transfer
if: ${{ secrets.TESTING_SERVER_HOST }}
uses: appleboy/scp-action@v0.1.7
with:
host: ${{ secrets.TESTING_SERVER_HOST }}
username: ${{ secrets.TESTING_SERVER_USER }}
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
source: "low-code-engine-test.tar.gz"
target: "/tmp/"
- name: Test deployment simulation
if: ${{ secrets.TESTING_SERVER_HOST }}
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.TESTING_SERVER_HOST }}
username: ${{ secrets.TESTING_SERVER_USER }}
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
script: |
echo "Testing deployment simulation for PR #${{ inputs.pr_number }}"
# Create test directory
mkdir -p /opt/low-code-engine/test-pr-${{ inputs.pr_number }}
cd /opt/low-code-engine/test-pr-${{ inputs.pr_number }}
# Copy test file
cp /tmp/low-code-engine-test.tar.gz .
# Test image loading
gunzip -c low-code-engine-test.tar.gz | docker load
echo "✅ Test deployment simulation completed"
# Cleanup test files
rm -f low-code-engine-test.tar.gz /tmp/low-code-engine-test.tar.gz
docker rmi low-code-engine:test-${{ inputs.pr_number }} || true
cd ..
rm -rf test-pr-${{ inputs.pr_number }}
- name: Cleanup on failure
if: failure() && secrets.TESTING_SERVER_HOST
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.TESTING_SERVER_HOST }}
username: ${{ secrets.TESTING_SERVER_USER }}
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
script: |
# Cleanup any test artifacts
rm -f /tmp/low-code-engine-test.tar.gz
rm -rf /opt/low-code-engine/test-pr-${{ inputs.pr_number }}
docker rmi low-code-engine:test-${{ inputs.pr_number }} || true
echo "🧹 Cleanup completed"
test-health-endpoints:
name: Test Health Endpoints
runs-on: ubuntu-latest
needs: test-deployment
if: ${{ secrets.TESTING_SERVER_HOST }}
steps:
- name: Test server health endpoints
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.TESTING_SERVER_HOST }}
username: ${{ secrets.TESTING_SERVER_USER }}
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
script: |
echo "Testing health check endpoints..."
# Test monitoring script
if [ -f /usr/local/bin/monitor-deployments ]; then
echo "✅ Monitor script exists"
/usr/local/bin/monitor-deployments | head -20
else
echo "❌ Monitor script not found"
fi
# Test cleanup script
if [ -f /usr/local/bin/cleanup-old-deployments ]; then
echo "✅ Cleanup script exists"
else
echo "❌ Cleanup script not found"
fi
# Test nginx configuration
if command -v nginx &> /dev/null; then
echo "✅ Nginx is installed"
nginx -t 2>&1 | head -5
else
echo "❌ Nginx not installed"
fi
# Test docker access
docker ps | head -5
echo "Docker system info:"
docker system df
security-check:
name: Security Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run security audit
run: |
echo "Running security checks..."
# Check for secrets in code
if grep -r "password\|secret\|key" --include="*.ts" --include="*.js" --include="*.json" src/ | grep -v "// TODO\|console.log"; then
echo "❌ Potential secrets found in code"
exit 1
else
echo "✅ No secrets found in source code"
fi
# Check Docker image for security issues
echo "Building secure Docker image..."
docker build -t security-test .
# Basic security checks
echo "Checking Docker image user..."
docker run --rm security-test whoami | grep -v root || echo "✅ Not running as root"
docker rmi security-test
- name: Check workflow security
run: |
echo "Checking workflow file security..."
# Check that secrets are properly referenced
if grep -E '\$\{\{\s*secrets\.' .github/workflows/*.yml > /dev/null; then
echo "✅ Secrets properly referenced"
else
echo "❌ No secrets found in workflows"
fi
# Check for hardcoded values
if grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' .github/workflows/*.yml; then
echo "❌ Hardcoded IP addresses found"
exit 1
else
echo "✅ No hardcoded IP addresses"
fi

146
DEPLOYMENT.md
View File

@ -1,86 +1,86 @@
# GitHub Actions Deployment Setup # GitHub Actions Deployment Setup
Этот документ описывает настройку автоматического развертывания на тестовом сервере при создании Pull Request в ветку `develop`. This document describes the setup for automatic deployment to a testing server when creating a Pull Request to the `develop` branch.
## Требуемые GitHub Secrets ## Required GitHub Secrets
Перейдите в настройки репозитория → Settings → Secrets and variables → Actions и добавьте следующие секреты: Go to repository settings → Settings → Secrets and variables → Actions and add the following secrets:
### SSH Connection ### SSH Connection
- `TESTING_SERVER_HOST` - IP адрес или домен тестового сервера - `TESTING_SERVER_HOST` - IP address or domain of the testing server
- `TESTING_SERVER_USER` - Пользователь для SSH подключения (например: `deploy`) - `TESTING_SERVER_USER` - User for SSH connection (e.g., `deploy`)
- `TESTING_SERVER_SSH_KEY` - Приватный SSH ключ для подключения к серверу - `TESTING_SERVER_SSH_KEY` - Private SSH key for server connection
- `TESTING_SERVER_PORT` - (опционально) Порт SSH (по умолчанию 22) - `TESTING_SERVER_PORT` - (optional) SSH port (default: 22)
### Database Configuration ### Database Configuration
- `TESTING_DB_ROOT_PASSWORD` - Root пароль для MariaDB - `TESTING_DB_ROOT_PASSWORD` - Root password for MariaDB
- `TESTING_DB_USERNAME` - Пользователь базы данных - `TESTING_DB_USERNAME` - Database user
- `TESTING_DB_PASSWORD` - Пароль пользователя базы данных - `TESTING_DB_PASSWORD` - Database user password
## Требуемые GitHub Variables ## Required GitHub Variables
Перейдите в настройки репозитория → Settings → Secrets and variables → Actions → Variables и добавьте: Go to repository settings → Settings → Secrets and variables → Actions → Variables and add:
- `TESTING_BASE_PORT` - Базовый порт для приложений (по умолчанию: 3000) - `TESTING_BASE_PORT` - Base port for applications (default: 3000)
- `TESTING_BASE_DB_PORT` - Базовый порт для баз данных (по умолчанию: 3306) - `TESTING_BASE_DB_PORT` - Base port for databases (default: 3306)
- `TESTING_BASE_REDIS_PORT` - Базовый порт для Redis (по умолчанию: 6379) - `TESTING_BASE_REDIS_PORT` - Base port for Redis (default: 6379)
## Настройка тестового сервера ## Testing Server Setup
### 1. Установка Docker и Docker Compose ### 1. Installing Docker and Docker Compose
```bash ```bash
# Обновление системы # System update
sudo apt update && sudo apt upgrade -y sudo apt update && sudo apt upgrade -y
# Установка Docker # Docker installation
curl -fsSL https://get.docker.com -o get-docker.sh curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh sudo sh get-docker.sh
# Добавление пользователя в группу docker # Add user to docker group
sudo usermod -aG docker $USER sudo usermod -aG docker $USER
# Установка Docker Compose # Install Docker Compose
sudo apt install docker-compose-plugin -y sudo apt install docker-compose-plugin -y
``` ```
### 2. Создание пользователя для развертывания ### 2. Creating deployment user
```bash ```bash
# Создание пользователя # Create user
sudo useradd -m -s /bin/bash deploy sudo useradd -m -s /bin/bash deploy
sudo usermod -aG docker deploy sudo usermod -aG docker deploy
# Создание директории для SSH ключей # Create SSH keys directory
sudo mkdir -p /home/deploy/.ssh sudo mkdir -p /home/deploy/.ssh
sudo chmod 700 /home/deploy/.ssh sudo chmod 700 /home/deploy/.ssh
# Добавление публичного SSH ключа # Add public SSH key
sudo nano /home/deploy/.ssh/authorized_keys sudo nano /home/deploy/.ssh/authorized_keys
# Вставьте публичный ключ, соответствующий приватному ключу в TESTING_SERVER_SSH_KEY # Insert public key corresponding to private key in TESTING_SERVER_SSH_KEY
sudo chmod 600 /home/deploy/.ssh/authorized_keys sudo chmod 600 /home/deploy/.ssh/authorized_keys
sudo chown -R deploy:deploy /home/deploy/.ssh sudo chown -R deploy:deploy /home/deploy/.ssh
# Создание директории для приложений # Create applications directory
sudo mkdir -p /opt/low-code-engine sudo mkdir -p /opt/low-code-engine
sudo chown deploy:deploy /opt/low-code-engine sudo chown deploy:deploy /opt/low-code-engine
``` ```
### 3. Настройка Nginx (опционально) ### 3. Nginx Setup (Optional)
Если хотите использовать доменные имена вместо портов: If you want to use domain names instead of ports:
```bash ```bash
sudo apt install nginx -y sudo apt install nginx -y
# Создание конфигурации для тестовых приложений # Create configuration for testing applications
sudo nano /etc/nginx/sites-available/testing-apps sudo nano /etc/nginx/sites-available/testing-apps
``` ```
Содержимое файла: File content:
```nginx ```nginx
server { server {
@ -99,76 +99,76 @@ server {
``` ```
```bash ```bash
# Активация конфигурации # Activate configuration
sudo ln -s /etc/nginx/sites-available/testing-apps /etc/nginx/sites-enabled/ sudo ln -s /etc/nginx/sites-available/testing-apps /etc/nginx/sites-enabled/
sudo nginx -t sudo nginx -t
sudo systemctl reload nginx sudo systemctl reload nginx
``` ```
## Как работает развертывание ## How Deployment Works
### Процесс развертывания ### Deployment Process
1. **Trigger**: Создание или обновление Pull Request в ветку `develop` 1. **Trigger**: Creating or updating Pull Request to `develop` branch
2. **Build**: Сборка приложения и создание Docker образа 2. **Build**: Building application and creating Docker image
3. **Deploy**: Копирование файлов на сервер и запуск контейнеров 3. **Deploy**: Copying files to server and starting containers
4. **Health Check**: Проверка доступности приложения 4. **Health Check**: Checking application availability
5. **Comment**: Добавление комментария в PR с информацией о развертывании 5. **Comment**: Adding comment to PR with deployment information
### Структура на сервере ### Server Structure
``` ```
/opt/low-code-engine/ /opt/low-code-engine/
├── testing-pr-123/ # Отдельная директория для каждого PR ├── testing-pr-123/ # Separate directory for each PR
│ ├── docker-compose.yml # Основной docker-compose файл │ ├── docker-compose.yml # Main docker-compose file
│ ├── docker-compose.override.yml # Переопределения для тестинга │ ├── docker-compose.override.yml # Testing overrides
│ ├── .env # Переменные окружения │ ├── .env # Environment variables
│ ├── docker/ # Docker конфигурации │ ├── docker/ # Docker configurations
│ └── low-code-engine-testing.tar.gz # Docker образ │ └── low-code-engine-testing.tar.gz # Docker image
├── testing-pr-124/ ├── testing-pr-124/
└── ... └── ...
``` ```
### Порты ### Ports
Каждому PR назначаются уникальные порты: Each PR is assigned unique ports:
- Приложение: `TESTING_BASE_PORT + PR_NUMBER` (например: 3000 + 123 = 3123) - Application: `TESTING_BASE_PORT + PR_NUMBER` (e.g., 3000 + 123 = 3123)
- База данных: `TESTING_BASE_DB_PORT + PR_NUMBER` (например: 3306 + 123 = 3429) - Database: `TESTING_BASE_DB_PORT + PR_NUMBER` (e.g., 3306 + 123 = 3429)
- Redis: `TESTING_BASE_REDIS_PORT + PR_NUMBER` (например: 6379 + 123 = 6502) - Redis: `TESTING_BASE_REDIS_PORT + PR_NUMBER` (e.g., 6379 + 123 = 6502)
### Cleanup ### Cleanup
При закрытии или мердже PR автоматически происходит: When PR is closed or merged, automatically:
1. Остановка и удаление контейнеров 1. Stop and remove containers
2. Удаление Docker образов 2. Remove Docker images
3. Удаление файлов на сервере 3. Remove files on server
4. Добавление комментария об очистке 4. Add cleanup comment
## Безопасность ## Security
1. **SSH ключи**: Используйте отдельный SSH ключ только для развертывания 1. **SSH Keys**: Use separate SSH key only for deployment
2. **Пользователь**: Создайте отдельного пользователя с минимальными правами 2. **User**: Create separate user with minimal privileges
3. **Firewall**: Настройте фаервол для ограничения доступа к портам 3. **Firewall**: Configure firewall to restrict port access
4. **SSL/TLS**: Рассмотрите использование SSL сертификатов для HTTPS 4. **SSL/TLS**: Consider using SSL certificates for HTTPS
## Мониторинг и логи ## Monitoring and Logs
### Просмотр логов приложения ### View Application Logs
```bash ```bash
cd /opt/low-code-engine/testing-pr-{PR_NUMBER} cd /opt/low-code-engine/testing-pr-{PR_NUMBER}
docker-compose logs -f app docker-compose logs -f app
``` ```
### Просмотр статуса контейнеров ### View Container Status
```bash ```bash
docker-compose ps docker-compose ps
``` ```
### Мониторинг ресурсов ### Resource Monitoring
```bash ```bash
docker stats docker stats
@ -176,33 +176,33 @@ docker stats
## Troubleshooting ## Troubleshooting
### Проблемы с портами ### Port Issues
Если порт занят, проверьте какие приложения его используют: If port is occupied, check which applications are using it:
```bash ```bash
sudo netstat -tulpn | grep :{PORT} sudo netstat -tulpn | grep :{PORT}
``` ```
### Проблемы с Docker ### Docker Issues
Очистка неиспользуемых ресурсов: Clean up unused resources:
```bash ```bash
docker system prune -f docker system prune -f
``` ```
### Проблемы с базой данных ### Database Issues
Проверка подключения к базе данных: Check database connection:
```bash ```bash
docker-compose exec mariadb mysql -u root -p -e "SHOW DATABASES;" docker-compose exec mariadb mysql -u root -p -e "SHOW DATABASES;"
``` ```
### Проблемы с миграциями ### Migration Issues
Ручной запуск миграций: Manual migration run:
```bash ```bash
docker-compose exec app yarn migration:run docker-compose exec app yarn migration:run