From 8fd6c236b8037327b84ea8083a4a9c07cc9e0f1c Mon Sep 17 00:00:00 2001
From: larrykwon <koallarry11@kaist.ac.kr>
Date: Fri, 29 Nov 2024 18:41:42 +0000
Subject: [PATCH] deploy dev

---
 .github/workflows/cd-dev.yml               |  33 +++++++-----------
 .gitignore                                 |   1 +
 __pycache__/server_webhook.cpython-312.pyc | Bin 0 -> 2046 bytes
 deploy.sh                                  |   2 +-
 docker/docker-compose.dev.yml              |   5 ++-
 server_webhook.py                          |  37 +++++++++++++++++++++
 src/modules/auth/utils/sparcs-sso.ts       |   2 ++
 src/settings.ts                            |   2 +-
 8 files changed, 58 insertions(+), 24 deletions(-)
 create mode 100644 __pycache__/server_webhook.cpython-312.pyc
 create mode 100644 server_webhook.py

diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml
index cf0325a9..f17a5cb7 100644
--- a/.github/workflows/cd-dev.yml
+++ b/.github/workflows/cd-dev.yml
@@ -1,27 +1,18 @@
-name: dev branch auto ci process script
+name: Deploy to Development
 
-on: # 아래 job을 실행시킬 상황
+on:
   push:
-    branches: [dev]
+    branches:
+      - dev
 
 jobs:
   deploy:
-    name: deploy
-    runs-on: ubuntu-latest # 실행될 인스턴스 OS와 버전
-
+    runs-on: ubuntu-latest
     steps:
-      - name: excuting remote ssh commands
-        uses: appleboy/ssh-action@v0.1.6 # ssh 접속하는 오픈소스
-        with:
-          host: ${{ secrets.REMOTE_IP_DEV }} # 인스턴스 IP
-          username: ${{ secrets.REMOTE_USER_DEV }} # 우분투 아이디
-          key: ${{ secrets.REMOTE_PRIVATE_KEY_DEV }} # ec2 instance pem key
-          port: ${{ secrets.REMOTE_SSH_PORT_DEV }} # 접속포트
-          passphrase: ${{ secrets.REMOTE_PASSPHRASE_DEV }}
-          script: | # 실행할 스크립트
-            cd otlplus-nest-server
-            git pull origin dev
-            sudo docker stop otlplus-server-nest-dev
-            sudo docker rm otlplus-server-nest-dev
-            sudo docker rmi otlplus-server-nest-dev
-            sudo ./deploy.sh -e dev
+      - name: Send Deployment Webhook
+        env:
+          WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
+        run: |
+          curl -X POST \
+          -H "X-Hub-Signature-256: sha256=$(echo -n '{}' | openssl dgst -sha256 -hmac $WEBHOOK_SECRET)" \
+          http://webhook.otl.dev.sparcs.org/server-webhook
diff --git a/.gitignore b/.gitignore
index 8172d406..7d3fa593 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
 
 #
 /env/*
+.venv
 
 # Logs
 logs
diff --git a/__pycache__/server_webhook.cpython-312.pyc b/__pycache__/server_webhook.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..b217714b23098116da7e296ed8d747da28c68fb1
GIT binary patch
literal 2046
zcmaJ>U2IcT96$G?_qJ=-b!^=-D6#|ri&@K1m}GneWFHmMAzPd@b2qm=hko7m)_ZTa
zwt?715=MeyM3Z6EI1{5In~5eS`rwO+2`0X54zqa(i9}v_D;ZBbc}{OHEr_0*`#=BB
zbN=W2fB*Aab8{0QBjb1@{vHp&-&C-MSYtLP835)11dvg{H!MRrR$(%1#N;`Ji*Q88
zD}2Tlu~qGyB18nD;}kI>vH)=@kF{)lhBhcHv8Ehx5HA}Pk>eBa8M{Pwq=NxO+k~8!
z9B~nuMXuCV)80s--TamvOEy!FTvD^;L1MOBe0_#Z&>3fzT~-#b`4U*FnIkR#5#xp}
zPsMl|Vm!zRThlKApm|C3&iYOk2e-gB*uLyt;!F(#id>QNcRZk?pTW#tLhNTWwNM;P
z7Q#euDyj@6s2V6cg&l*ZkB^>`2EuP)Cqz?7QF9rTHA=Psu?8N{YxDEiR*=rC8Wsyu
zPE!pP3k4~m>ISw`1v;NBlv;v1(x#BsGmWANRZV05%*f~%*-gwKBcVb)W~OISflM^t
z&9ACRFlyBSAXTegqcdczYNcv*XtY|ldy!zsun-1P_C_C*zW|IXHmQ_y{o8K1E#335
zW!-P8&GM?xRt_biy2wDTVW0N8m&Hvn`ksbNJ1l*DzQFwd3Xtm}&KAaWr$NQ)fV_2A
z3~0F3=b+oLLO{y*gnh!0PNKa;I+zZEDba5aWB2&LiQ$ovQ_|?b>t_eXN}`^S_a8WT
zq}29y&u~84Gn$NNWh1Yl9->WtNUB<L1f$7pFe>Yb(ym}a&7h!aC^;ps*YFaAD5t2!
zfS%~?LEQv_H(AV|RI}*8uViC?3uaXv3vpBhtAMgG6(Y<hGI9)aSu~AB4ZWL31d2SA
z4H=6GvXhdGV!=!eI})e>lX2=HCXft~rek+Z&E#YaNi~B_j;fkLLUQtSRw2zIg-6DZ
zhsOLYcGuu6=_sZl13Pr<h&n}TclYDn&pnmd3{ovRkSk(O?c9=v%p+^N$pREi`UixR
z!F_M%{JHDrR(1r}y!+O@eXHKSHSeKvc*E26>B-NBKOSC~{C@n0iSH(U>AQ9G=c8-B
zv+KTzRo}##Z*tW$Sq^Q8zAuNq9{FNqRea^ASJ(T)tNq~(d+SGi^T)0qTiN;AYTKbl
z9D7)JBmjqdHg>h?J}+Dj&4jK-ucfb~Z}cxZR}M_v=HJ<Hc5IS_K&j)ImhRCFQd}K#
zLjz+^bu;y@b~A;`JSZ}LHmtQ0{wC1&l1bY`$u2^0drZkkb&0GLNA;U{nV5EvU#I<B
z1{DFgI;%n0E=d_VnU$oHqj!H_U?2H<$C9(;+WZ`WLG=wX5*jTm#C(pF(Z2=T&MUH>
z#@nZnmM)=uJdjC3sGw<5@&I|i3Pp*$SQ<@MqwR?W^DWfq>!Nj1vW*fiCG@4jw!!Lx
zB$=$7L6U?yIhVusX+55lC}-2uyn(6()#zC;r{%NH9R0EVa7KlB1s&B65f}R6>9+`}
za16tcnlSBm!TvkIaTmOB2RQEl_g^mW?1^ikE1|jc!jUysZ`tuDaL%H+&|LqDYsYQS
zeNS-C4!^IKxqB_08@zb=^vvlS%tG(tn?JUaLVMUUcga<;1J-uAYo=?(>06juNR+$Q
znBYU!!E|nNfZbQ2T&3fQ&(1}(I8J>IJY-qZ=U|0$WF6i$Tl$^rqB{-E49#s@Fur}U
QJoE?OSK$D^wOX!!0PIlK0RR91

literal 0
HcmV?d00001

diff --git a/deploy.sh b/deploy.sh
index 8a47ce82..b8ae8671 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -29,7 +29,7 @@ while getopts "e:" opt; do
         exit 1
       fi
 
-      docker-compose -f "$COMPOSE_FILE" up -d
+      docker compose -f "$COMPOSE_FILE" up -d
       ;;
     \?)
       echo "Invalid option: -$OPTARG" 1>&2
diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index e4f0efdf..f43d4f03 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -16,8 +16,11 @@ services:
     restart: always
     tty: true
     ports:
-      - '8080:8000'
+      - '58000:8000'
+    expose:
+      - '8000'
     volumes:
       - '/etc/timezone:/etc/timezone:ro'
+    network_mode: 'host'
     working_dir: /var/www/otlplus-server
     command: node dist/src/bootstrap/bootstrap.js
diff --git a/server_webhook.py b/server_webhook.py
new file mode 100644
index 00000000..8c578ab8
--- /dev/null
+++ b/server_webhook.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python3
+
+from flask import *
+from werkzeug.middleware.proxy_fix import ProxyFix
+import os
+from dotenv import load_dotenv
+import hmac
+import hashlib
+
+FLASK_ENV = os.getenv("FLASK_ENV", "development")
+load_dotenv(f".env.{FLASK_ENV}")
+
+app = Flask(__name__)
+
+app.wsgi_app = ProxyFix(
+    app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1
+)
+
+@app.route('/server-webhook', methods=["POST"])
+def otlplus_redeploy():
+    webhook_secret = os.getenv("WEBHOOK_SECRET").encode()
+    signature = 'sha256=' + hmac.new(webhook_secret, request.data, hashlib.sha256).hexdigest()
+    if 'X-Hub-Signature-256' not in request.headers or not hmac.compare_digest(
+        signature, request.headers['X-Hub-Signature-256']
+    ):
+        abort(403) 
+    
+    os.spawnl(os.P_NOWAIT, "/bin/bash", "/bin/bash", "/home/otlplus/server/deploy.sh -e dev")
+    return "Done", 200
+
+@app.route('/server-webhook-status', methods=["GET"])
+def clubs_stage_redeploy():
+    # os.spawnl(os.P_NOWAIT, "/bin/bash", "/bin/bash", "/home/otlplus/server/deploy.sh -e dev")
+    return "Done", 200
+
+if __name__ == '__main__':
+    app.run(host="127.0.0.1", threaded=True, port=5000)
\ No newline at end of file
diff --git a/src/modules/auth/utils/sparcs-sso.ts b/src/modules/auth/utils/sparcs-sso.ts
index ce2019ee..9e3d8498 100644
--- a/src/modules/auth/utils/sparcs-sso.ts
+++ b/src/modules/auth/utils/sparcs-sso.ts
@@ -137,6 +137,8 @@ export class Client {
     const allowedPreferredUris: { [key: string]: string } = {
       'otl.sparcs.org': 'https://otl.sparcs.org/session/login/callback/',
       'otl.kaist.ac.kr': 'https://otl.kaist.ac.kr/session/login/callback/',
+      'api.otl.dev.sparcs.org':
+        'https://api.otl.dev.sparcs.org/session/login/callback/',
       'otl-stage.sparcsandbox.com':
         'https://otl-stage.sparcsandbox.com/session/login/callback/',
     };
diff --git a/src/settings.ts b/src/settings.ts
index e9a8432d..9408c031 100644
--- a/src/settings.ts
+++ b/src/settings.ts
@@ -35,7 +35,7 @@ const getCorsConfig = () => {
     };
   } else if (NODE_ENV === 'dev') {
     return {
-      origin: 'http://3.37.146.183',
+      origin: ['https://otl.dev.sparcs.org', 'http://localhost:5173'],
       methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
       credentials: true,
       preflightContinue: false,