From 518225c077cdeb719c998384d69a077d4b1b16bb Mon Sep 17 00:00:00 2001
From: ClementMabileau <mabileau.clement@gmail.com>
Date: Fri, 17 May 2024 22:32:48 +0200
Subject: [PATCH] Introduce a new subdomain dev.iscsc.fr to publish
 in-development features from opened PRs (#53)

* Add nginx config and docker updates for dev.iscsc.fr

* Update build folder hierarchy: build/blog -> build/blog/prod

* Add deploy dev wokflow: a github action to be manually deploy a PR to remote

* Fix builder container volume on host: default to production

* Name production build artifact

* Fix deploy_dev workflow URL and build location

* TO BE REVERTED: Add fake article to test the workflow

* Make deploy_dev workflow trigger on pull_request and need a maintainer approval

* Test passing secrets as environment variables

* TO BE REVERTED: Test without environment

* TO REVERT: Add Debug secrets step

* TO REVERT: Add Debug secrets step to existing workflows

* Revert "TO REVERT: Add Debug secrets step to existing workflows"

This reverts commit 230656644c306b930211f608ef716d077080dc9f.

* Revert "TO REVERT: Add Debug secrets step"

This reverts commit f5943ddb11957e1cde86279640c6df11c2818060.

* Revert "TO BE REVERTED: Test without environment"

This reverts commit 776a3761e623d6d64d24bcaa7800c087cc1bdf4b.

* Revert "Test passing secrets as environment variables"

This reverts commit ab53aefa566c66831703e095a580b47e4a2e97db.

* Revert "Make deploy_dev workflow trigger on pull_request and need a maintainer approval"

This reverts commit b45155a216baa86cb38f5bc1dcc620e946d9c043.

* Revert "TO BE REVERTED: Add fake article to test the workflow"

This reverts commit bc73f3d916af8335bf128d615423db1e766f4268.

* Revert "Fix deploy_dev workflow URL and build location"

This reverts commit f624bf619960248b4e3322666de5093d25659a7c.

* Revert "Add deploy dev wokflow: a github action to be manually deploy a PR to remote"

This reverts commit a95b787c87bfb0a69f644c2871b698703ffd6c8e.
---
 .github/workflows/build_and_deploy.yml | 12 +++++------
 README.md                              |  9 ++++----
 docker-compose.yml                     |  9 ++++++--
 nginx.conf                             | 30 +++++++++++++++++++++++---
 4 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
index 10bd4a2..e0a6f06 100644
--- a/.github/workflows/build_and_deploy.yml
+++ b/.github/workflows/build_and_deploy.yml
@@ -40,8 +40,8 @@ jobs:
       - name: 🚀 Upload Artifacts
         uses: actions/upload-artifact@v3
         with:
-          name: build
-          path: ./build/blog
+          name: prod-build
+          path: ./build/blog/prod
 
   # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/
   # /!\ only triggers on (push events AND NOT fork repos) OR manually triggered
@@ -65,12 +65,12 @@ jobs:
     steps:
       - name: 🛠️ Setup build directory
         run: |
-          mkdir -p build/blog
+          mkdir -p build/blog/prod
       - name: 📥 Download build Artifacts
         uses: actions/download-artifact@v3
         with:
-          name: build
-          path: build/blog
+          name: prod-build
+          path: build/blog/prod
 
       # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host)
       - name: 🔐 Create Key File
@@ -88,7 +88,7 @@ jobs:
       # Upload the build to the remote server location: the volume shared by the nginx container serving http requests
       - name: 🚀 Upload
         run: |
-          rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog
+          rsync --archive --stats --verbose --delete ./build/blog/prod/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/prod
 
       - name: ⏬ Remote git pull
         run: |
diff --git a/README.md b/README.md
index 855004a..c6d6892 100644
--- a/README.md
+++ b/README.md
@@ -70,11 +70,11 @@ docker compose run --rm certbot renew
 
 #### Deploy the website itself
 
-Create the blog directory, **it must be writable by users that will write to it: you, builder target, CI user...**
+Create the blog/prod directory, **it must be writable by users that will write to it: you, builder target, CI user...**
 ```sh
-mkdir build/blog
+mkdir -p build/blog/prod
 chmod <make it writable by the appropriate user/group>
-chmown <make it owned by the appropriate user/group>
+chown <make it owned by the appropriate user/group>
 ```
 
 > you should check first the consistency of the server name (iscsc.fr/localhost) in those files: `nginx.conf`, ...
@@ -87,8 +87,7 @@ docker compose up --detach blog
 
 > Note: before the next step make sure that when cloning the repository you also updated the git submodule!
 
-Then builds the static website, `./build/blog` is a volume shared with both containers so 
-building the website will automatically "update" it for nginx.
+Then builds the static website, `./build/blog/prod` is a volume shared with both containers so building the website will automatically "update" it for nginx.
 ```sh
 docker compose up builder
 ```
diff --git a/docker-compose.yml b/docker-compose.yml
index 85235eb..1fa6df1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,9 @@ services:
       - HUGO_ENVIRONMENT=production
     volumes:
       - ./src:/src:rw
-      - ./build/blog:/build/blog:rw
+      # The container is mode-agnostique: it always builds in /build/blog
+      # the volume shared on the host side determines where it should go
+      - ./build/blog/prod:/build/blog:rw
 
   blog:
     build:
@@ -25,7 +27,10 @@ services:
       - ./certbot/www:/var/www/certbot/:ro
       - ./certbot/conf/:/etc/nginx/ssl/:ro
       - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./build/blog:/blog:rw
+      # serves      iscsc.fr ;
+      - ./build/blog/prod:/blog/prod:rw
+      # serves  dev.iscsc.fr :
+      - ./build/blog/dev:/blog/dev:rw
 
   certbot:
     image: certbot/certbot:latest
diff --git a/nginx.conf b/nginx.conf
index d298048..1a90c3b 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -17,7 +17,7 @@ http {
         listen 80;
         listen [::]:80;
 
-        server_name www.iscsc.fr iscsc.fr;
+        server_name dev.iscsc.fr www.iscsc.fr iscsc.fr;
 
         location /.well-known/acme-challenge/ {
             root /var/www/certbot;
@@ -28,17 +28,41 @@ http {
         }
     }
 
+    server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+        http2 on;
+
+        server_name dev.iscsc.fr;
+
+        ssl_certificate /etc/nginx/ssl/live/dev.iscsc.fr/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/live/dev.iscsc.fr/privkey.pem;
+
+        root /blog/dev; #Absolute path to where your hugo site is
+        index index.html; # Hugo generates HTML
+
+        location / {
+            try_files $uri $uri/ =404;
+        }
+
+        # redirect server error pages to the static page /50x.html
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+            root /usr/share/nginx/html;
+        }
+    }
+
 
     server {
         listen 443 default_server ssl http2;
         listen [::]:443 ssl http2;
 
-        server_name www.iscsc.fr iscsc.fr;
+        server_name iscsc.fr;
 
         ssl_certificate /etc/nginx/ssl/live/iscsc.fr/fullchain.pem;
         ssl_certificate_key /etc/nginx/ssl/live/iscsc.fr/privkey.pem;
 
-        root /blog; #Absolute path to where your hugo site is
+        root /blog/prod; #Absolute path to where your hugo site is
         index index.html; # Hugo generates HTML
 
         location / {