add swag

.github/workflows/deploy_stage.yaml

@@ -71,7 +71,7 @@ jobs:
           host: ${{ secrets.HOST }}
           username: ${{ secrets.SSH_USERNAME }}
           password: ${{ secrets.SSH_PASSWORD }}
-          source: "infra/docker-compose.staging.yml,infra/nginx/nginx.local.conf"
+          source: "infra/docker-compose.swag.yml, infra/swag_nginx.conf"
           target: ${{ env.DEPLOY_PATH }}
 
       - name: Create .env file
@@ -82,7 +82,7 @@ jobs:
           password: ${{ secrets.SSH_PASSWORD }}
           script: |
             cd ${{ env.DEPLOY_PATH }}
-            mv infra/docker-compose.staging.yml infra/docker-compose.yaml
+            mv infra/docker-compose.swag.yml infra/docker-compose.yaml
             rm -f .env
             cat > .env <<- EOM
             POSTGRES_DB=${{ secrets.POSTGRES_DB }}
@@ -111,11 +111,9 @@ jobs:
           password: ${{ secrets.SSH_PASSWORD }}
           script: |
             cd ${{ env.DEPLOY_PATH }}/infra
-            docker image prune -f
-            docker pull  ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest
-            docker compose --file docker-compose.yaml stop
-            docker compose --file docker-compose.yaml rm backend
-            docker compose --file docker-compose.yaml up -d
+            docker pull  ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest 
+            docker compose --file docker-compose.yaml --env-file ../.env up -d
+            docker system prune -a -f
       - name: Making migrations
         uses: appleboy/ssh-action@master
         with:
@@ -124,7 +122,7 @@ jobs:
           password: ${{ secrets.SSH_PASSWORD }}
           script: |
             cd ${{ env.DEPLOY_PATH }}/infra
-            docker compose exec -T -w ${{ env.WORK_DIR }} backend alembic upgrade head
+            docker compose --env-file ../.env exec -T -w ${{ env.WORK_DIR }} backend alembic upgrade head
       - name: Sleep for 30 seconds
         run: sleep 30s
         shell: bash

infra/docker-compose.swag.yml

@@ -0,0 +1,62 @@
+version: "3.8"
+
+
+
+services:
+  backend:
+    image: ghcr.io/studio-yandex-practicum/procharity_back_2.0_backend:latest
+    container_name: procharity_bot_backend
+    restart: always
+    depends_on:
+        postgres:
+          condition: service_healthy
+    ports:
+        - "8000:8000"
+    env_file:
+        - ../.env
+
+  postgres:
+    image: postgres:13.2
+    container_name: procharity_postgres
+    restart: always
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data/
+    env_file:
+      - ../.env
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  swag:
+    image: lscr.io/linuxserver/swag:2.4.0
+    container_name: procharity_swag
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - TZ=Europe/Moscow
+      - URL=${APPLICATION_URL}
+      - VALIDATION=http
+      - CERTPROVIDER=zerossl
+      - [email protected]
+    env_file:
+      - ../.env
+    volumes:
+      - ../nginx_logs:/var/log/nginx
+      - ./swag_nginx.conf:/config/nginx/site-confs/default.conf
+      - keys:/config/keys
+    ports:
+      - "443:443"
+      - "80:80"
+    restart: unless-stopped
+    depends_on:
+      - backend
+
+volumes:
+  postgres_data:
+  keys:
+
+

infra/swag_nginx.conf

@@ -0,0 +1,29 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name _;
+
+    include /config/nginx/ssl.conf;
+
+    root /var/www/;
+
+    client_max_body_size 25M;
+
+    server_tokens off;
+
+    location /api/ {
+        proxy_pass http://backend:8000;
+        proxy_set_header    Host                 $host;
+        proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Real-IP            $remote_addr;
+    }
+}
+