From f9db293f52daab697bc101a39497a65a26566f8a Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 13 Feb 2025 12:46:18 -0500 Subject: [PATCH] feat: faster deployment options using Gitea OCI registry --- Taskfile.yml | 25 ++++------------ playbooks/fast-build.yml | 29 +++++++++++++++++++ playbooks/fast-deploy.yml | 60 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 95 insertions(+), 19 deletions(-) create mode 100644 playbooks/fast-build.yml create mode 100644 playbooks/fast-deploy.yml diff --git a/Taskfile.yml b/Taskfile.yml index 5a84d35..afbafc1 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -1,11 +1,6 @@ version: 3 # silent: true -vars: - DOMAIN: { sh: jq -r .domain < config/variables.secret.tf.json } - SUB_DOMAIN: { sh: jq -r .subdomain < config/variables.secret.tf.json } - FULL_DOMAIN: '{{.SUB_DOMAIN}}.{{.DOMAIN}}' - includes: tf: { taskfile: terraform, dir: terraform } @@ -13,12 +8,13 @@ tasks: dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps - build: ansible-playbook playbooks/build.yml - deploy: ansible-playbook playbooks/deploy.yml + build:slow: ansible-playbook playbooks/build.yml + deploy:slow: ansible-playbook playbooks/deploy.yml + build:fast: ansible-playbook playbooks/fast-build.yml + deploy:fast: ansible-playbook playbooks/fast-deploy.yml restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}" - run: - - task: build - - task: deploy + run:slow: [task: build:slow, task: deploy:slow] + run:fast: [task: build:fast, task: deploy:fast] enter: cmd: aws ssm start-session --target $INSTANCE_ID @@ -27,12 +23,3 @@ tasks: AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json } AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json } AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json } - - push: - dir: gitea - vars: - TAG: '{{.FULL_DOMAIN}}/web/gitea:latest' - cmds: - - docker login '{{.FULL_DOMAIN}}' -u max - - defer: docker logout - - docker buildx build -t {{.TAG}} -f Dockerfile --platform linux/amd64,linux/arm64 --push --provenance=false . diff --git a/playbooks/fast-build.yml b/playbooks/fast-build.yml new file mode 100644 index 0000000..303e27c --- /dev/null +++ b/playbooks/fast-build.yml @@ -0,0 +1,29 @@ +- name: Make build artifact. + hosts: localhost + vars_files: + - ../config/ansible.secret.json + - ../config/infrastructure.secret.tf.json + gather_facts: false + tasks: + - name: Log into Docker. + community.docker.docker_login: + registry_url: '{{ full_domain.value }}' + username: '{{ username }}' + password: '{{ api_key }}' + reauthorize: true + + - name: Build image. + community.docker.docker_image_build: + name: "{{ full_domain.value }}/{{ image_name }}:latest" + path: ../gitea + nocache: true + rebuild: always + pull: true + outputs: [{ type: image, push: true }] + platform: + - linux/amd64 + - linux/arm64/v8 + + - name: Log out of Docker. + community.docker.docker_login: + state: absent diff --git a/playbooks/fast-deploy.yml b/playbooks/fast-deploy.yml new file mode 100644 index 0000000..a662305 --- /dev/null +++ b/playbooks/fast-deploy.yml @@ -0,0 +1,60 @@ +- name: Deploy artifact to instance. + hosts: localhost + become: true + gather_facts: false + vars_files: + - ../config/ansible.secret.json + - ../config/infrastructure.secret.tf.json + vars: + ansible_connection: aws_ssm + ansible_python_interpreter: /usr/bin/python3 + ansible_aws_ssm_plugin: "{{ ssm_plugin }}" + ansible_aws_ssm_bucket_name: "{{ image_bucket }}" + ansible_aws_ssm_instance_id: "{{ instance_id.value }}" + + ansible_aws_ssm_region: "{{ aws_region }}" + ansible_aws_ssm_access_key_id: "{{ aws_access_key }}" + ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}" + tasks: + - name: Run image. + community.docker.docker_container: + name: server + image: "{{ full_domain.value }}/{{ image_name }}:latest" + state: started + recreate: true + restart_policy: unless-stopped + memory: 425m + memory_swap: 900m + ports: [80:80, 2222:2222, 443:443, "22:22"] + env: + GITEA__security__INTERNAL_TOKEN: "{{ internal_secret }}" + GITEA__server__LFS_JWT_SECRET: "{{ lfs_secret }}" + GITEA__oauth2__JWT_SECRET: "{{ jwt_secret }}" + GITEA__server__ACME_EMAIL: "{{ email }}" + GITEA__server__SSH_DOMAIN: "{{ full_domain.value }}" + GITEA__server__DOMAIN: "{{ full_domain.value }}" + GITEA__server__ROOT_URL: "https://{{ full_domain.value }}/" + labels: + docker-volume-backup.stop-during-backup: "true" + volumes: + - /home/ssm-user/data:/var/lib/gitea + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + + - name: Run backup. + community.docker.docker_container: + name: backup + image: offen/docker-volume-backup:v2 + state: started + recreate: true + restart_policy: unless-stopped + volumes: + - /home/ssm-user/data:/backup/my-app-backup:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + env: + AWS_S3_BUCKET_NAME: "{{ boot_bucket }}" + AWS_S3_PATH: "{{ boot_key }}" + AWS_REGION: "{{ boot_region.value }}" + AWS_ACCESS_KEY_ID: "{{ boot_id.value }}" + AWS_SECRET_ACCESS_KEY: "{{ boot_secret.value }}" + BACKUP_CRON_EXPRESSION: "0 0 * * *"