Skip to content

Commit

Permalink
CI: Add and use Ansible playbook to deploy frontend
Browse files Browse the repository at this point in the history
This avoids a bunch of manual one-time set-up for the server, e.g.
installing and configuring Nginx. This also removes a dependency on some
third party GitHub actions.
  • Loading branch information
StenAL committed Jul 7, 2024
1 parent a06d82c commit b6374de
Show file tree
Hide file tree
Showing 4 changed files with 121 additions and 10 deletions.
31 changes: 21 additions & 10 deletions .github/workflows/client-cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,11 @@ jobs:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: set up WARP (workaround for IPv6 on GitHub Actions)
uses: fscarmen/warp-on-actions@v1.1
with:
stack: ipv6

- name: checkout current repository
uses: actions/checkout@v4

Expand All @@ -66,13 +71,19 @@ jobs:
working-directory: ./client
run: npm run build

- name: deploy assets to server
uses: appleboy/scp-action@v0.1.7
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.SSH_PORT }}
source: "client/build/**"
target: "/var/www/stonks"
strip_components: 2
- name: setup SSH for Ansible
shell: bash
run: |
eval `ssh-agent -s`
mkdir -p /home/runner/.ssh/
touch /home/runner/.ssh/id_rsa
echo -e "${{secrets.SSH_KEY}}" > /home/runner/.ssh/id_rsa
chmod 700 /home/runner/.ssh/id_rsa
ssh-keyscan -t rsa,dsa,ecdsa,ed25519 ${{ secrets.SSH_HOST }} >> /home/runner/.ssh/known_hosts
- name: run Ansible deployment playbook
shell: bash
working-directory: ./ansible
run: |
ansible-playbook -vv --private-key /home/runner/.ssh/id_rsa -u ${{secrets.SSH_USER}} -i ${{ secrets.SSH_HOST }}, frontend.yml
8 changes: 8 additions & 0 deletions ansible/files/baltic-stocks-location.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
location /stonks {
alias /var/www/stonks/;
try_files $uri $uri/index.html /index.html;
}

location ~ ^/stonks/api(/?.*) {
proxy_pass http://stonks-api/api$1$is_args$args;
}
3 changes: 3 additions & 0 deletions ansible/files/baltic-stocks-upstream.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
upstream stonks-api {
server localhost:12345;
}
89 changes: 89 additions & 0 deletions ansible/frontend.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
---

- name: deploy frontend
hosts: all
tasks:
- name: apt update && apt upgrade
become: true
apt:
update_cache: yes
upgrade: yes

- name: install dependencies
become: true
apt:
pkg:
- curl
- gnupg2
- ca-certificates
- ubuntu-keyring
- rsync

- name: download Nginx apt repository key
become: true
ansible.builtin.get_url:
url: https://nginx.org/keys/nginx_signing.key
dest: /etc/apt/keyrings/nginx.asc

- name: add Nginx apt repository
become: true
ansible.builtin.apt_repository:
repo: deb [{% if ansible_architecture == "aarch64" %}arch=arm64{% endif %} signed-by=/etc/apt/keyrings/nginx.asc] https://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} stable
state: present
filename: nginx-test

- name: increase Nginx repository priority
become: true
ansible.builtin.copy:
dest: /etc/apt/preferences.d/99nginx
content: |
Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 900
- name: install Nginx
become: true
apt:
pkg:
- nginx

- name: deploy frontend files
ansible.posix.synchronize:
src: ../client/build/
dest: /var/www/stonks

- name: deploy Nginx conf fragments
copy:
src: '{{item}}'
dest: '/etc/nginx/conf.d/'
loop:
- baltic-stocks-upstream.conf
- baltic-stocks-location.conf
tags: this


- name: include upstream block in nginx.conf
become: true
lineinfile:
path: /etc/nginx/nginx.conf
search_string: "include /etc/nginx/conf.d/baltic-stocks-upstream.conf;"
insertafter: "http {"
line: " include /etc/nginx/conf.d/baltic-stocks-upstream.conf;"
tags: this

- name: include location block in nginx.conf
become: true
lineinfile:
path: /etc/nginx/nginx.conf
search_string: "include /etc/nginx/conf.d/baltic-stocks-location.conf;"
insertafter: 'listen\s*\[::\]:443 ssl default_server;'
line: " include /etc/nginx/conf.d/baltic-stocks-location.conf;"
tags: this

- name: enable and run Nginx
become: true
ansible.builtin.systemd_service:
name: nginx.service
enabled: true
state: reloaded

0 comments on commit b6374de

Please sign in to comment.