From 5b76d1827ce5438463260f5e00b460cc7503d82b Mon Sep 17 00:00:00 2001 From: Felipe Alvarado Date: Tue, 30 Jul 2024 12:55:53 +0200 Subject: [PATCH] Fix CI docker deploy --- .dockerignore | 12 +++++ .github/workflows/ci.yml | 8 ++-- docker-compose.yml | 20 +++++++- docker/nginx/nginx.conf | 73 +++++++++++++++++++++++++++++ Dockerfile => docker/web/Dockerfile | 6 ++- docker/web/run_web.sh | 11 +++++ 6 files changed, 123 insertions(+), 7 deletions(-) create mode 100644 .dockerignore create mode 100644 docker/nginx/nginx.conf rename Dockerfile => docker/web/Dockerfile (87%) create mode 100755 docker/web/run_web.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..0a407ba --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +.cache +.dockerignore +.gitignore +.git +.github +.env +.pylintrc +__pycache__ +*.pyc +*.egg-info +.idea/ +.vscode diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d10a60a..18e03f7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,7 +82,7 @@ jobs: context: . file: docker/web/Dockerfile push: true - tags: safeglobal/safe-transaction-service:staging + tags: safeglobal/safe-auth-service:staging platforms: | linux/amd64 linux/arm64 @@ -95,7 +95,7 @@ jobs: context: . file: docker/web/Dockerfile push: true - tags: safeglobal/safe-transaction-service:develop + tags: safeglobal/safe-auth-service:develop platforms: | linux/amd64 linux/arm64 @@ -109,8 +109,8 @@ jobs: file: docker/web/Dockerfile push: true tags: | - safeglobal/safe-transaction-service:${{ github.event.release.tag_name }} - safeglobal/safe-transaction-service:latest + safeglobal/safe-auth-service:${{ github.event.release.tag_name }} + safeglobal/safe-auth-service:latest platforms: | linux/amd64 linux/arm64 diff --git a/docker-compose.yml b/docker-compose.yml index b903b7a..4716f78 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,26 @@ +volumes: + nginx-shared: + services: + nginx: + image: nginx:alpine + hostname: nginx + ports: + - "8000:8000" + volumes: + - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - nginx-shared:/nginx + depends_on: + - web web: build: context: . - dockerfile: Dockerfile + dockerfile: docker/web/Dockerfile + env_file: + - .env working_dir: /app ports: - "8888:8888" + volumes: + - nginx-shared:/nginx + command: docker/web/run_web.sh \ No newline at end of file diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf new file mode 100644 index 0000000..b9a4ff8 --- /dev/null +++ b/docker/nginx/nginx.conf @@ -0,0 +1,73 @@ +# https://github.com/KyleAMathews/docker-nginx/blob/master/nginx.conf +# https://linode.com/docs/web-servers/nginx/configure-nginx-for-optimized-performance/ +# https://www.uvicorn.org/deployment/ + +worker_processes 1; + +events { + worker_connections 2000; # increase if you have lots of clients + accept_mutex off; # set to 'on' if nginx worker_processes > 1 + use epoll; # Enable epoll for Linux 2.6+ + # 'use kqueue;' to enable for FreeBSD, OSX +} + +http { + include mime.types; + # fallback in case we can't determine a type + default_type application/octet-stream; + sendfile on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + upstream app_server { + # ip_hash; # For load-balancing + # + # fail_timeout=0 means we always retry an upstream even if it failed + # to return a good HTTP response + server unix:/nginx/uvicorn.socket fail_timeout=0; + + # for a TCP configuration + # server web:8000 fail_timeout=0; + keepalive 32; + } + + server { + access_log off; + listen 8000 deferred; + charset utf-8; + keepalive_timeout 75s; + + # https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765 + # tcp_nopush on; + # tcp_nodelay on; + + gzip on; + gzip_min_length 1000; + gzip_comp_level 2; + # text/html is always included by default + gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml; + gzip_disable "MSIE [1-6]\."; + + location /static { + alias /nginx/static; + expires 365d; + } + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://app_server/; + + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Real-IP $remote_addr; + add_header Front-End-Https on; + } + } +} diff --git a/Dockerfile b/docker/web/Dockerfile similarity index 87% rename from Dockerfile rename to docker/web/Dockerfile index c75a0a7..9169052 100644 --- a/Dockerfile +++ b/docker/web/Dockerfile @@ -3,6 +3,7 @@ FROM python:3.12-slim EXPOSE 8888/tcp ARG APP_HOME=/app WORKDIR ${APP_HOME} +ENV PYTHONUNBUFFERED=1 COPY requirements/prod.txt ./requirements.txt RUN set -ex \ @@ -23,5 +24,6 @@ RUN set -ex \ -o \( -type f -a -name '*.pyc' -o -name '*.pyo' \) \ -exec rm -rf '{}' + -COPY . . -CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8888", "--proxy-headers"] + +RUN mkdir -p /nginx +COPY . . \ No newline at end of file diff --git a/docker/web/run_web.sh b/docker/web/run_web.sh new file mode 100755 index 0000000..e098785 --- /dev/null +++ b/docker/web/run_web.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euo pipefail + +echo "==> $(date +%H:%M:%S) ==> Collecting statics... " +DOCKER_SHARED_DIR=/nginx +rm -rf $DOCKER_SHARED_DIR/* +cp -r static/ $DOCKER_SHARED_DIR/ + +echo "==> $(date +%H:%M:%S) ==> Running Uvicorn... " +exec uvicorn app.main:app --host 0.0.0.0 --port 8888 --proxy-headers --uds $DOCKER_SHARED_DIR/uvicorn.socket \ No newline at end of file