feat: faster deployment options using Gitea OCI registry

2025-02-13 12:46:18 -05:00
parent aa9810d0a8
commit f9db293f52
3 changed files with 95 additions and 19 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -1,11 +1,6 @@
 version: 3
 # silent: true

-vars:
-  DOMAIN: { sh: jq -r .domain < config/variables.secret.tf.json }
-  SUB_DOMAIN: { sh: jq -r .subdomain < config/variables.secret.tf.json }
-  FULL_DOMAIN: '{{.SUB_DOMAIN}}.{{.DOMAIN}}'
-
 includes:
  tf: { taskfile: terraform, dir: terraform }

@@ -13,12 +8,13 @@ tasks:
  dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps


-  build: ansible-playbook playbooks/build.yml
-  deploy: ansible-playbook playbooks/deploy.yml
+  build:slow: ansible-playbook playbooks/build.yml
+  deploy:slow: ansible-playbook playbooks/deploy.yml
+  build:fast: ansible-playbook playbooks/fast-build.yml
+  deploy:fast: ansible-playbook playbooks/fast-deploy.yml
  restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
-  run:
-     - task: build
-     - task: deploy
+  run:slow: [task: build:slow, task: deploy:slow]
+  run:fast: [task: build:fast, task: deploy:fast]

  enter:
    cmd: aws ssm start-session --target $INSTANCE_ID
@@ -27,12 +23,3 @@ tasks:
      AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
      AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
      AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }
-  
-  push:
-    dir: gitea
-    vars:
-      TAG: '{{.FULL_DOMAIN}}/web/gitea:latest'
-    cmds:
-      - docker login '{{.FULL_DOMAIN}}' -u max
-      - defer: docker logout
-      - docker buildx build -t {{.TAG}} -f Dockerfile --platform linux/amd64,linux/arm64 --push --provenance=false .
--- a/playbooks/fast-build.yml
+++ b/playbooks/fast-build.yml
@@ -0,0 +1,29 @@
+- name: Make build artifact.
+  hosts: localhost
+  vars_files:
+    - ../config/ansible.secret.json
+    - ../config/infrastructure.secret.tf.json
+  gather_facts: false
+  tasks:
+    - name: Log into Docker.
+      community.docker.docker_login:
+        registry_url: '{{ full_domain.value }}'
+        username: '{{ username }}'
+        password: '{{ api_key }}'
+        reauthorize: true
+
+    - name: Build image.
+      community.docker.docker_image_build:
+        name: "{{ full_domain.value }}/{{ image_name }}:latest"
+        path: ../gitea
+        nocache: true
+        rebuild: always
+        pull: true
+        outputs: [{ type: image, push: true }]
+        platform:
+          - linux/amd64
+          - linux/arm64/v8
+
+    - name: Log out of Docker.
+      community.docker.docker_login:
+        state: absent
--- a/playbooks/fast-deploy.yml
+++ b/playbooks/fast-deploy.yml
@@ -0,0 +1,60 @@
+- name: Deploy artifact to instance.
+  hosts: localhost
+  become: true
+  gather_facts: false
+  vars_files:
+    - ../config/ansible.secret.json
+    - ../config/infrastructure.secret.tf.json
+  vars:
+    ansible_connection: aws_ssm
+    ansible_python_interpreter: /usr/bin/python3
+    ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
+    ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
+    ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
+
+    ansible_aws_ssm_region: "{{ aws_region }}"
+    ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
+    ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"
+  tasks:
+    - name: Run image.
+      community.docker.docker_container:
+        name: server
+        image: "{{ full_domain.value }}/{{ image_name }}:latest"
+        state: started
+        recreate: true
+        restart_policy: unless-stopped
+        memory: 425m
+        memory_swap: 900m
+        ports: [80:80, 2222:2222, 443:443, "22:22"]
+        env:
+          GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}"
+          GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}"
+          GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}"
+          GITEA__server__ACME_EMAIL: "{{ email }}"
+          GITEA__server__SSH_DOMAIN: "{{ full_domain.value }}"
+          GITEA__server__DOMAIN: "{{ full_domain.value }}"
+          GITEA__server__ROOT_URL: "https://{{ full_domain.value }}/"
+        labels:
+          docker-volume-backup.stop-during-backup: "true"
+        volumes:
+          - /home/ssm-user/data:/var/lib/gitea
+          - /etc/timezone:/etc/timezone:ro
+          - /etc/localtime:/etc/localtime:ro
+
+    - name: Run backup.
+      community.docker.docker_container:
+        name: backup
+        image: offen/docker-volume-backup:v2
+        state: started
+        recreate: true
+        restart_policy: unless-stopped
+        volumes:
+          - /home/ssm-user/data:/backup/my-app-backup:ro
+          - /var/run/docker.sock:/var/run/docker.sock:ro
+        env:
+          AWS_S3_BUCKET_NAME: "{{ boot_bucket }}"
+          AWS_S3_PATH: "{{ boot_key }}"
+          AWS_REGION: "{{ boot_region.value }}"
+          AWS_ACCESS_KEY_ID: "{{ boot_id.value }}"
+          AWS_SECRET_ACCESS_KEY: "{{ boot_secret.value }}"
+          BACKUP_CRON_EXPRESSION: "0 0 * * *"