diff --git a/.github/workflows/deploy_stage.yaml b/.github/workflows/deploy_stage.yaml index 1972290e..596d8077 100644 --- a/.github/workflows/deploy_stage.yaml +++ b/.github/workflows/deploy_stage.yaml @@ -71,7 +71,7 @@ jobs: host: ${{ secrets.HOST }} username: ${{ secrets.SSH_USERNAME }} password: ${{ secrets.SSH_PASSWORD }} - source: "infra/docker-compose.staging.yml,infra/nginx/nginx.local.conf" + source: "infra/docker-compose.swag.yml, infra/swag_nginx.conf" target: ${{ env.DEPLOY_PATH }} - name: Create .env file @@ -82,7 +82,7 @@ jobs: password: ${{ secrets.SSH_PASSWORD }} script: | cd ${{ env.DEPLOY_PATH }} - mv infra/docker-compose.staging.yml infra/docker-compose.yaml + mv infra/docker-compose.swag.yml infra/docker-compose.yaml rm -f .env cat > .env <<- EOM POSTGRES_DB=${{ secrets.POSTGRES_DB }} @@ -111,11 +111,9 @@ jobs: password: ${{ secrets.SSH_PASSWORD }} script: | cd ${{ env.DEPLOY_PATH }}/infra - docker image prune -f - docker pull ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest - docker compose --file docker-compose.yaml stop - docker compose --file docker-compose.yaml rm backend - docker compose --file docker-compose.yaml up -d + docker pull ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest + docker compose --file docker-compose.yaml --env-file ../.env up -d + docker system prune -a -f - name: Making migrations uses: appleboy/ssh-action@master with: @@ -124,7 +122,7 @@ jobs: password: ${{ secrets.SSH_PASSWORD }} script: | cd ${{ env.DEPLOY_PATH }}/infra - docker compose exec -T -w ${{ env.WORK_DIR }} backend alembic upgrade head + docker compose --env-file ../.env exec -T -w ${{ env.WORK_DIR }} backend alembic upgrade head - name: Sleep for 30 seconds run: sleep 30s shell: bash diff --git a/infra/docker-compose.swag.yml b/infra/docker-compose.swag.yml new file mode 100644 index 00000000..9850f377 --- /dev/null +++ b/infra/docker-compose.swag.yml @@ -0,0 +1,62 @@ +version: "3.8" + + + +services: + backend: + image: ghcr.io/studio-yandex-practicum/procharity_back_2.0_backend:latest + container_name: procharity_bot_backend + restart: always + depends_on: + postgres: + condition: service_healthy + ports: + - "8000:8000" + env_file: + - ../.env + + postgres: + image: postgres:13.2 + container_name: procharity_postgres + restart: always + ports: + - "5432:5432" + volumes: + - postgres_data:/var/lib/postgresql/data/ + env_file: + - ../.env + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER}" ] + interval: 10s + timeout: 5s + retries: 5 + + swag: + image: lscr.io/linuxserver/swag:2.4.0 + container_name: procharity_swag + cap_add: + - NET_ADMIN + environment: + - TZ=Europe/Moscow + - URL=${APPLICATION_URL} + - VALIDATION=http + - CERTPROVIDER=zerossl + - EMAIL=yandex-practicum@yandex.ru + env_file: + - ../.env + volumes: + - ../nginx_logs:/var/log/nginx + - ./swag_nginx.conf:/config/nginx/site-confs/default.conf + - keys:/config/keys + ports: + - "443:443" + - "80:80" + restart: unless-stopped + depends_on: + - backend + +volumes: + postgres_data: + keys: + + diff --git a/infra/swag_nginx.conf b/infra/swag_nginx.conf new file mode 100644 index 00000000..65fc27f8 --- /dev/null +++ b/infra/swag_nginx.conf @@ -0,0 +1,29 @@ +server { + listen 80; + listen [::]:80; + server_name _; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name _; + + include /config/nginx/ssl.conf; + + root /var/www/; + + client_max_body_size 25M; + + server_tokens off; + + location /api/ { + proxy_pass http://backend:8000; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + } +} +