Skip to content

Commit

Permalink
Introduce a new subdomain dev.iscsc.fr to publish in-development feat…
Browse files Browse the repository at this point in the history
…ures from opened PRs (#53)

* Add nginx config and docker updates for dev.iscsc.fr

* Update build folder hierarchy: build/blog -> build/blog/prod

* Add deploy dev wokflow: a github action to be manually deploy a PR to remote

* Fix builder container volume on host: default to production

* Name production build artifact

* Fix deploy_dev workflow URL and build location

* TO BE REVERTED: Add fake article to test the workflow

* Make deploy_dev workflow trigger on pull_request and need a maintainer approval

* Test passing secrets as environment variables

* TO BE REVERTED: Test without environment

* TO REVERT: Add Debug secrets step

* TO REVERT: Add Debug secrets step to existing workflows

* Revert "TO REVERT: Add Debug secrets step to existing workflows"

This reverts commit 2306566.

* Revert "TO REVERT: Add Debug secrets step"

This reverts commit f5943dd.

* Revert "TO BE REVERTED: Test without environment"

This reverts commit 776a376.

* Revert "Test passing secrets as environment variables"

This reverts commit ab53aef.

* Revert "Make deploy_dev workflow trigger on pull_request and need a maintainer approval"

This reverts commit b45155a.

* Revert "TO BE REVERTED: Add fake article to test the workflow"

This reverts commit bc73f3d.

* Revert "Fix deploy_dev workflow URL and build location"

This reverts commit f624bf6.

* Revert "Add deploy dev wokflow: a github action to be manually deploy a PR to remote"

This reverts commit a95b787.
  • Loading branch information
ctmbl authored May 17, 2024
1 parent c4ba0ca commit 518225c
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 16 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/build_and_deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ jobs:
- name: 🚀 Upload Artifacts
uses: actions/upload-artifact@v3
with:
name: build
path: ./build/blog
name: prod-build
path: ./build/blog/prod

# Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/
# /!\ only triggers on (push events AND NOT fork repos) OR manually triggered
Expand All @@ -65,12 +65,12 @@ jobs:
steps:
- name: 🛠️ Setup build directory
run: |
mkdir -p build/blog
mkdir -p build/blog/prod
- name: 📥 Download build Artifacts
uses: actions/download-artifact@v3
with:
name: build
path: build/blog
name: prod-build
path: build/blog/prod

# Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host)
- name: 🔐 Create Key File
Expand All @@ -88,7 +88,7 @@ jobs:
# Upload the build to the remote server location: the volume shared by the nginx container serving http requests
- name: 🚀 Upload
run: |
rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog
rsync --archive --stats --verbose --delete ./build/blog/prod/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/prod
- name: ⏬ Remote git pull
run: |
Expand Down
9 changes: 4 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,11 @@ docker compose run --rm certbot renew

#### Deploy the website itself

Create the blog directory, **it must be writable by users that will write to it: you, builder target, CI user...**
Create the blog/prod directory, **it must be writable by users that will write to it: you, builder target, CI user...**
```sh
mkdir build/blog
mkdir -p build/blog/prod
chmod <make it writable by the appropriate user/group>
chmown <make it owned by the appropriate user/group>
chown <make it owned by the appropriate user/group>
```

> you should check first the consistency of the server name (iscsc.fr/localhost) in those files: `nginx.conf`, ...
Expand All @@ -87,8 +87,7 @@ docker compose up --detach blog

> Note: before the next step make sure that when cloning the repository you also updated the git submodule!
Then builds the static website, `./build/blog` is a volume shared with both containers so
building the website will automatically "update" it for nginx.
Then builds the static website, `./build/blog/prod` is a volume shared with both containers so building the website will automatically "update" it for nginx.
```sh
docker compose up builder
```
Expand Down
9 changes: 7 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ services:
- HUGO_ENVIRONMENT=production
volumes:
- ./src:/src:rw
- ./build/blog:/build/blog:rw
# The container is mode-agnostique: it always builds in /build/blog
# the volume shared on the host side determines where it should go
- ./build/blog/prod:/build/blog:rw

blog:
build:
Expand All @@ -25,7 +27,10 @@ services:
- ./certbot/www:/var/www/certbot/:ro
- ./certbot/conf/:/etc/nginx/ssl/:ro
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./build/blog:/blog:rw
# serves iscsc.fr ;
- ./build/blog/prod:/blog/prod:rw
# serves dev.iscsc.fr :
- ./build/blog/dev:/blog/dev:rw

certbot:
image: certbot/certbot:latest
Expand Down
30 changes: 27 additions & 3 deletions nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ http {
listen 80;
listen [::]:80;

server_name www.iscsc.fr iscsc.fr;
server_name dev.iscsc.fr www.iscsc.fr iscsc.fr;

location /.well-known/acme-challenge/ {
root /var/www/certbot;
Expand All @@ -28,17 +28,41 @@ http {
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;

server_name dev.iscsc.fr;

ssl_certificate /etc/nginx/ssl/live/dev.iscsc.fr/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/dev.iscsc.fr/privkey.pem;

root /blog/dev; #Absolute path to where your hugo site is
index index.html; # Hugo generates HTML

location / {
try_files $uri $uri/ =404;
}

# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}


server {
listen 443 default_server ssl http2;
listen [::]:443 ssl http2;

server_name www.iscsc.fr iscsc.fr;
server_name iscsc.fr;

ssl_certificate /etc/nginx/ssl/live/iscsc.fr/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/iscsc.fr/privkey.pem;

root /blog; #Absolute path to where your hugo site is
root /blog/prod; #Absolute path to where your hugo site is
index index.html; # Hugo generates HTML

location / {
Expand Down

0 comments on commit 518225c

Please sign in to comment.