fix: include constants from /sso/ in Dockerfile

ristekoss · Jun 17, 2024 · 4a965dd · 4a965dd
1 parent 3f45a9f
commit 4a965dd
Show file tree

Hide file tree

Showing 6 changed files with 153 additions and 36 deletions.
diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
@@ -40,19 +40,23 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
+        id: checkout-sources
         uses: actions/checkout@v4
 
       - name: Setup Python
+        id: setup-python
         uses: actions/setup-python@v5
         with:
           python-version: 3.11.3
 
-      - name: Install dependencies
+      - name: Install Python Dependencies
+        id: install-py-dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r deploy-stg/requirements.txt
 
       - name: Setup Infisical
+        id: setup-infisical
         run: |
           curl -1sLf \
             'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
@@ -66,29 +70,32 @@ jobs:
           echo "infisical-token=$INFISICAL_TOKEN" >> "$GITHUB_OUTPUT"
 
       - name: Load Infisical Secrets
-        run: python3 ./deploy-stg/new_setup.py
+        id: load-infisical-secrets
+        run: python3 ./deploy-stg/infisical.py
         env:
           INFISICAL_TOKEN: ${{ steps.get-infisical-token.outputs.infisical-token }}
           SSH_TIMEOUT: 20
 
       - name: SSH and Prepare Working Directory
+        id: ssh-prep-directory
         uses: appleboy/ssh-action@master
         with:
           host: ${{ secrets.SSH_IP_ADDRESS }}
           username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_KEY}}
+          key: ${{ secrets.SSH_KEY_OVERRIDE }}
           port: ${{ secrets.SSH_PORT }}
           script: |
             ls -al
             mkdir -pv susunjadwal/susunjadwal-backend-stg
 
       - name: RSync Files to Server
+        id: rsync-to-server
         uses: burnett01/[email protected]
         with:
           switches: -avzr --progress
           path: deploy-stg/
           remote_path: susunjadwal/susunjadwal-backend-stg
           remote_host: ${{ secrets.SSH_IP_ADDRESS }}
           remote_user: ${{ secrets.SSH_USER }}
-          remote_key: ${{ secrets.SSH_KEY }}
+          remote_key: ${{ secrets.SSH_KEY_OVERRIDE }}
 
diff --git a/Dockerfile b/Dockerfile
@@ -6,6 +6,10 @@ ENV APP_ENV="container"
 
 COPY . .
 
+COPY sso/additional-info.json /opt/app/sso/additional-info.json
+COPY sso/faculty-base-additional-info.json /opt/app/sso/faculty-base-additional-info.json
+COPY sso/faculty_exchange_route.json /opt/app/sso/faculty_exchange_route.json
+
 RUN apk add -u --no-cache tzdata gcc musl-dev libxml2 libxslt-dev && \
     pip install wheel && \
     pip install -r requirements.txt

diff --git a/deploy-stg/docker-compose.yml b/deploy-stg/docker-compose.yml
@@ -1,50 +1,34 @@
 version: "3.9"
 
 services:
-  susunjadwal-rmq-stg:
-    restart: unless-stopped
+  rmq-stg:
     image: rabbitmq:management-alpine
+    restart: unless-stopped
     ports:
       - "15671-15672:15671-15672"
 
-  susunjadwal-mongo-stg:
+  mongo-stg:
     image: mongo:7
     restart: unless-stopped
     environment:
-      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USERNAME}
-      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
-      MONGO_INITDB_USERNAME: ${MONGODB_USERNAME}
-      MONGO_INITDB_PASSWORD: ${MONGODB_PASSWORD}
-      MONGO_INITDB_DATABASE: ${MONGODB_DB}
+      MONGO_INITDB_ROOT_USERNAME: root-user
+      MONGO_INITDB_ROOT_PASSWORD: root-user
+      MONGO_INITDB_USERNAME: user
+      MONGO_INITDB_PASSWORD: user
+      MONGO_INITDB_DATABASE: backend
     volumes:
-      - susunjadwal-mongo-stg:/data/db
-    ports:
-      - 27017:27017
-    networks:
-      - public-web
+      - sunjad_db:/data/db
 
-  susunjadwal-backend-stg:
-    image: 638207107223.dkr.ecr.ap-southeast-1.amazonaws.com/susunjadwal-backend:latest
-    container_name: "${APP_NAME}_app"
-    labels:
-      caddy: stg.api.susunjadwal.ristek.cs.ui.ac.id
-      caddy.handle: /v1/*
-      caddy.handle.reverse_proxy: "{{upstreams 8005}}"
+  server-stg:
+    image: ristekoss/susunjadwal-backend:staging
     restart: unless-stopped
+    depends_on:
+      - rmq-stg
+      - mongo-stg
     env_file:
       - .env
     ports:
-      - 8005:8000
-    networks:
-      - public-web
-    depends_on:
-      - susunjadwal-mongo-stg
-      - susunjadwal-rmq-stg
-
-networks:
-  public-web:
-    external: true
+      - "8000:8000"
 
 volumes:
-  susunjadwal-mongo-stg:
-    external: true
+  sunjad_db:
diff --git a/deploy-stg/infisical.py b/deploy-stg/infisical.py
@@ -0,0 +1,86 @@
+# An extract of RistekCSUI/Infra repository
+# This code extract is only for Infisical secrets
+
+import os
+import sys
+import subprocess
+import yaml
+
+from dotenv import load_dotenv
+from itertools import chain
+from loguru import logger
+from pathlib import Path
+
+logger.remove(0)  # Remove default logger
+logger.add(
+    sys.stderr,
+    level="INFO",
+    format="{time} | {level} | {module}:{name}:{line} | {message} | {extra}",
+    backtrace=True,
+)
+
+infisical_filepath = Path("deploy-stg") / "infisical.yml"
+if infisical_filepath.is_file():
+  with open(infisical_filepath) as infisical_stream, logger.catch(
+      exception=(yaml.YAMLError, ValueError)
+  ):
+      logger.info("Found infisical.yml file")
+      logger.info("Reading config from file")
+      infisical_config = yaml.safe_load(infisical_stream)
+      if (
+          infisical_config is None
+          or "infisical" not in infisical_config
+          or infisical_config["infisical"] is None
+      ):
+          raise ValueError("empty infisical config")
+
+      infisical = infisical_config["infisical"]
+      if "project_id" not in infisical or infisical["project_id"] is None:
+          raise ValueError("missing project_id")
+      if "env" not in infisical or infisical["env"] is None:
+          raise ValueError("missing env")
+      if "path" not in infisical or infisical["path"] is None:
+          raise ValueError("missing path")
+
+      # Our default value for quoted is false
+      if "quoted" not in infisical:
+          infisical["quoted"] = False
+      elif not isinstance(infisical["quoted"], bool):
+          raise ValueError(
+              f"expected boolean for quoted, got {type(infisical['quoted'])}"
+          )
+
+      project_id = infisical["project_id"]
+      env = infisical["env"]
+      path = infisical["path"]
+      quoted = infisical["quoted"]
+
+      # Load secret as .env file
+      logger.info("Loading secrets as .env file")
+
+      subprocess.call(
+          f"infisical export --projectId {project_id} --env {env} --path {path}".split(
+              " "
+          ),
+          stdout=open(Path("deploy-stg") / ".env", "w"),
+          stderr=sys.stderr,
+      )
+
+      # Strip quotes if not quoted (Infisical exports for .env by default is quoted)
+      if not quoted:
+          # Read each variable and strip the quotes
+          with open(Path("deploy-stg") / ".env", "r+") as secret_envs:
+              quoted_vars = []
+              for secret in secret_envs:
+                  secret = secret.strip()
+                  key, value = secret.split("=", maxsplit=1)
+                  if (value[0] == '"' and value[-1] == '"') or (
+                      value[0] == "'" and value[-1] == "'"
+                  ):
+                      value = value[1:-1]
+                  quoted_vars.append(f"{key}={value}")
+
+          # Write the contents of quoted vars to the .env file
+          with open(Path("deploy-stg") / ".env", "w+") as env_file:
+              for var in quoted_vars:
+                  env_file.write(var + "\n")
diff --git a/deploy-stg/new_setup.py b/deploy-stg/new_setup.py
diff --git a/docker-compose-dev-full.yaml b/docker-compose-dev-full.yaml
@@ -0,0 +1,36 @@
+version: "3.9"
+
+services:
+  rmq:
+    image: rabbitmq:management-alpine
+    restart: unless-stopped
+    ports:
+      - "15671-15672:15671-15672"
+
+  mongo:
+    image: mongo:7
+    restart: unless-stopped
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: root-user
+      MONGO_INITDB_ROOT_PASSWORD: root-user
+      MONGO_INITDB_USERNAME: user
+      MONGO_INITDB_PASSWORD: user
+      MONGO_INITDB_DATABASE: backend
+    volumes:
+      - sunjad_db:/data/db
+
+  server:
+    build:
+      dockerfile: Dockerfile
+      context: .
+    restart: unless-stopped
+    depends_on:
+      - rmq
+      - mongo
+    env_file:
+      - .env
+    ports:
+      - "8000:8000"
+
+volumes:
+  sunjad_db: