From b4f733a01d1e8ca27d64115e01e4743f54ec8a0a Mon Sep 17 00:00:00 2001 From: Spencer Lepine <60903378+spencerlepine@users.noreply.github.com> Date: Thu, 24 Oct 2024 21:19:27 +0300 Subject: [PATCH] save progress --- .dockerignore | 8 ++ .github/workflows/manual-deploy.yml | 43 +++++++++++ COMMITS | 9 +++ bootstrap.sh | 62 +++++++++++++++ docker/development/Dockerfile | 52 +++++++++++++ docker/development/docker-compose.yml | 8 ++ docker/production/Dockerfile | 50 ++++++++++++ docker/production/docker-compose.yml | 105 ++++++++++++++++++++++++++ requests.md | 26 +++++++ 9 files changed, 363 insertions(+) create mode 100644 .dockerignore create mode 100644 .github/workflows/manual-deploy.yml create mode 100644 COMMITS create mode 100644 bootstrap.sh create mode 100644 docker/development/Dockerfile create mode 100644 docker/development/docker-compose.yml create mode 100644 docker/production/Dockerfile create mode 100644 docker/production/docker-compose.yml create mode 100644 requests.md diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..4c7db2f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +Dockerfile +.dockerignore +node_modules +npm-debug.log +README.md +.next +docker +.git \ No newline at end of file diff --git a/.github/workflows/manual-deploy.yml b/.github/workflows/manual-deploy.yml new file mode 100644 index 0000000..66b4cc6 --- /dev/null +++ b/.github/workflows/manual-deploy.yml @@ -0,0 +1,43 @@ +# .github/workflows/manual-deploy.yml +# TODO_PRODUCTION + +name: Manually Deploy + +on: + push: + branches: + - main + +jobs: + #bootstrap: + # run bootstrap.ssh? + # PUBLIC_KEY="your_ssh_public_key_here" DOMAIN="your_domain_here" bash bootstrap.sh + + deploy: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: Re-deploy, update secrets + env: + # secure: only stored in memory during the remote-ssh session + API_KEY: ${{ secrets.API_KEY }} + DB_PASSWORD: ${{ secrets.DB_PASSWORD }} + run: | + ssh user@your-vm-ip << 'EOF' + # Authenticate with GitHub CLI using the passed PAT + echo "$GITHUB_TOKEN" | gh auth login --with-token + + # Create the .env file with secrets + { + echo "API_KEY=$API_KEY" + echo "DB_PASSWORD=$DB_PASSWORD" + } > .env + + # Run docker-compose with the .env file + docker-compose --env-file .env up -d + + # Remove the .env file immediately + rm .env + EOF \ No newline at end of file diff --git a/COMMITS b/COMMITS new file mode 100644 index 0000000..ba8b01d --- /dev/null +++ b/COMMITS @@ -0,0 +1,9 @@ +(update the changelog each time) +feat: e2e stripe checkout functionality +feat: printify order integration +feat: passwordless email login +cleanup: retry logic, error handling, logging + +checklist: +https://nextjs.org/docs/app/building-your-application/deploying/production-checklist + diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100644 index 0000000..f709934 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +# bootstrap.sh +# script to install/configure software on ubuntu LTS virtual machine +# TODO_PRODUCTION - test this ubuntu LTS + +# Check if PUBLIC_KEY is set +if [ -z "$PUBLIC_KEY" ]; then + echo "Error: PUBLIC_KEY environment variable is not set." + exit 1 +fi + +# Check if DOMAIN is set +if [ -z "$DOMAIN" ]; then + echo "Error: DOMAIN environment variable is not set." + exit 1 +fi + +# Check if EMAIL is set +if [ -z "$EMAIL" ]; then + echo "Error: EMAIL environment variable is not set." + exit 1 +fi + +# Update and install necessary packages +apt update && apt upgrade -y +apt install -y software-properties-common + +# Install Docker +apt install -y docker.io +systemctl enable docker +systemctl start docker + +# Install Docker Compose +DOCKER_COMPOSE_VERSION="v2.16.0" # Change to the desired version +curl -SL "https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose + +# Configure UFW +ufw allow OpenSSH +ufw enable + +# Install Certbot and Nginx +apt install -y certbot + +# Obtain the SSL certificate using standalone mode +certbot certonly --standalone -d "$DOMAIN" --non-interactive --agree-tos --email "$EMAIL" + + +# Disable password authentication +sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config +systemctl restart ssh + +# Add SSH public key +mkdir -p ~/.ssh +echo "$PUBLIC_KEY" >> ~/.ssh/authorized_keys +chmod 600 ~/.ssh/authorized_keys + +# Restart UFW to apply changes +systemctl restart ufw + +echo "Bootstrap script completed successfully." \ No newline at end of file diff --git a/docker/development/Dockerfile b/docker/development/Dockerfile new file mode 100644 index 0000000..079d6b9 --- /dev/null +++ b/docker/development/Dockerfile @@ -0,0 +1,52 @@ +FROM node:20.16-alpine3.19 AS base + +# 1. Install dependencies only when needed +FROM base AS deps +# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed. +RUN apk add --no-cache libc6-compat + +WORKDIR /app + +# Install dependencies based on the preferred package manager +COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./ +RUN \ + if [ -f yarn.lock ]; then yarn --frozen-lockfile; \ + elif [ -f package-lock.json ]; then npm ci; \ + elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i; \ + else echo "Lockfile not found." && exit 1; \ + fi + +# 2. Rebuild the source code only when needed +FROM base AS builder +WORKDIR /app +COPY --from=deps /app/node_modules ./node_modules +COPY . . + +# Use the corresponding env file for each environment. +COPY .env.development .env.production +RUN npm run build + +# 3. Production image, copy all the files and run next +FROM base AS runner +WORKDIR /app + +ENV NODE_ENV=production + +RUN addgroup -g 1001 -S nodejs +RUN adduser -S nextjs -u 1001 + +COPY --from=builder /app/public ./public + +# Automatically leverage output traces to reduce image size +# https://nextjs.org/docs/advanced-features/output-file-tracing +COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ +COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static + + +USER nextjs + +EXPOSE 3000 + +ENV PORT=3000 + +CMD HOSTNAME="0.0.0.0" node server.js \ No newline at end of file diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml new file mode 100644 index 0000000..917e078 --- /dev/null +++ b/docker/development/docker-compose.yml @@ -0,0 +1,8 @@ +services: + nextjs-app-local: + build: + context: ../../ + dockerfile: docker/development/Dockerfile + image: with-docker-multi-env-development + ports: + - "3001:3000" \ No newline at end of file diff --git a/docker/production/Dockerfile b/docker/production/Dockerfile new file mode 100644 index 0000000..6cb9a11 --- /dev/null +++ b/docker/production/Dockerfile @@ -0,0 +1,50 @@ +FROM node:20.16-alpine3.19 AS base + +# 1. Install dependencies only when needed +FROM base AS deps +# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed. +RUN apk add --no-cache libc6-compat + +WORKDIR /app + +# Install dependencies based on the preferred package manager +COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./ +RUN \ + if [ -f yarn.lock ]; then yarn --frozen-lockfile; \ + elif [ -f package-lock.json ]; then npm ci; \ + elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i; \ + else echo "Lockfile not found." && exit 1; \ + fi + + +# 2. Rebuild the source code only when needed +FROM base AS builder +WORKDIR /app +COPY --from=deps /app/node_modules ./node_modules +COPY . . +RUN npm run build + +# 3. Production image, copy all the files and run next +FROM base AS runner +WORKDIR /app + +ENV NODE_ENV=production + +RUN addgroup -g 1001 -S nodejs +RUN adduser -S nextjs -u 1001 + +COPY --from=builder /app/public ./public + +# Automatically leverage output traces to reduce image size +# https://nextjs.org/docs/advanced-features/output-file-tracing +COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ +COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static + + +USER nextjs + +EXPOSE 3000 + +ENV PORT=3000 + +CMD HOSTNAME="0.0.0.0" node server.js \ No newline at end of file diff --git a/docker/production/docker-compose.yml b/docker/production/docker-compose.yml new file mode 100644 index 0000000..1f6f84f --- /dev/null +++ b/docker/production/docker-compose.yml @@ -0,0 +1,105 @@ +# TODO_PRODUCTION + +services: + watchtower: + image: containrrr/watchtower + command: + - "--label-enable" + - "--interval" + - "30" + - "--rolling-restart" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + reverse-proxy: + image: traefik:v3.1 + command: + - "--log.level=ERROR" + - "--accesslog=true" + - "--providers.docker" + - "--providers.docker.exposedbydefault=false" + - "--entryPoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + - "--certificatesresolvers.myresolver.acme.email=elliott@zenful.cloud" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entryPoints.web.forwardedHeaders.insecure" + - "--entryPoints.websecure.forwardedHeaders.insecure" + ports: + - "80:80" + - "443:443" + volumes: + - letsencrypt:/letsencrypt + - /var/run/docker.sock:/var/run/docker.sock + nextjs-app: + image: ghcr.io/spencerlepine/nextjs-app:prod + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.nextjs-app-ratelimit.ratelimit.average=20" + - "traefik.http.routers.nextjs-app.rule=Host(`zenful.cloud`) && !Method(`POST`)" + - "traefik.http.routers.nextjs-app.entrypoints=websecure" + - "traefik.http.routers.nextjs-app.tls.certresolver=myresolver" + - "traefik.http.routers.nextjs-app.middlewares=nextjs-app-ratelimit" + # Define separate router for POST methods + - "traefik.http.middlewares.nextjs-app-ratelimit-post.ratelimit.average=1" + - "traefik.http.middlewares.nextjs-app-ratelimit-post.ratelimit.period=1m" + - "traefik.http.routers.nextjs-app-post.rule=Host(`zenful.cloud`) && Method(`POST`)" + - "traefik.http.routers.nextjs-app-post.middlewares=nextjs-app-ratelimit-post" + - "traefik.http.routers.nextjs-app-post.entrypoints=websecure" + - "traefik.http.routers.nextjs-app-post.tls.certresolver=myresolver" + # Proxy + - "traefik.http.routers.proxy.rule=Host(`proxy.dreamsofcode.io`)" + - "traefik.http.routers.proxy.entrypoints=websecure" + - "traefik.http.routers.proxy.tls.certresolver=myresolver" + # Enable watchtower + - "com.centurylinklabs.watchtower.enable=true" + environment: + - POSTGRES_HOST=db + - POSTGRES_USER=postgres + - POSTGRES_DB=nextjs-app + - POSTGRES_PORT=5432 + - POSTGRES_SSLMODE=disable + - POSTGRES_PASSWORD=${DATABASE_PASSWORD} + deploy: + mode: replicated + replicas: 3 + restart: always + depends_on: + db: + condition: service_healthy + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000"] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s + db: + image: postgres + restart: always + user: postgres + volumes: + - db-data:/var/lib/postgresql/data + environment: + - POSTGRES_DB=nextjs-app + - POSTGRES_PASSWORD=${DATABASE_PASSWORD} + expose: + - 5432 + healthcheck: + test: [ "CMD", "pg_isready" ] + interval: 10s + timeout: 5s + retries: 5 + + dragonfly: + image: 'docker.dragonflydb.io/dragonflydb/dragonfly' + ulimits: + memlock: -1 + network_mode: "host" + volumes: + - dragonflydata:/data + +volumes: + db-data: + letsencrypt: + dragonflydata: diff --git a/requests.md b/requests.md new file mode 100644 index 0000000..1f4f1d5 --- /dev/null +++ b/requests.md @@ -0,0 +1,26 @@ +curl -X GET https://api.printify.com/v1/shops.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN" [{"id":1234567,"title":"StoreName Etsy","sales_channel":"etsy"}] + +curl -X GET https://api.printify.com/v1/catalog/blueprints/1268/print_providers/1/variants.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN" + +curl -X GET https://api.printify.com/v1/catalog/blueprints/1268/print_providers.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN" + +curl -X GET https://api.printify.com/v1/catalog/blueprints/1268/print_providers/215/variants.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN" {"id":215,"title":"Stickers & +Posters","variants":[ {"id":95743,"title":"3\" x 4\" \/ Kiss-Cut \/ Satin","options":{"size":"3\" x +4\"","shape":"Kiss-Cut","paper":"Satin"},"placeholders":[{"position":"front","height":800,"width":600}]}, {"id":95744,"title":"4\" x 6\" \/ Kiss-Cut \/ +Satin","options":{"size":"4\" x 6\"","shape":"Kiss-Cut","paper":"Satin"},"placeholders":[{"position":"front","height":1200,"width":800}]}, {"id":95745,"title":"6\" x 8\" \/ +Kiss-Cut \/ Satin","options":{"size":"6\" x 8\"","shape":"Kiss-Cut","paper":"Satin"},"placeholders":[{"position":"front","height":1600,"width":1200}]}, {"id":95746,"title":"8\" x +10\" \/ Kiss-Cut \/ Satin","options":{"size":"8\" x 10\"","shape":"Kiss-Cut","paper":"Satin"},"placeholders":[{"position":"front","height":2000,"width":1600}]} ] } + +curl -X GET https://api.printify.com/v1/catalog/blueprints/1268/print_providers/215/shipping.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN" { "handling_time": { "value": +10, "unit": "day" }, "profiles": [ { "variant_ids": [95743, 95744, 95745, 95746], "first_item": { "cost": 469, "currency": "USD" }, "additional_items": { "cost": 9, "currency": +"USD" }, "countries": ["US"] }, { "variant_ids": [95743, 95744, 95745, 95746], "first_item": { "cost": 839, "currency": "USD" }, "additional_items": { "cost": 49, "currency": "USD" +}, "countries": ["CA"] }, { "variant_ids": [95743, 95744, 95745, 95746], "first_item": { "cost": 1049, "currency": "USD" }, "additional_items": { "cost": 59, "currency": "USD" }, +"countries": ["REST_OF_THE_WORLD"] } ] } + +curl -X https://api.printify.com/v1/shops/{shop_id}/orders.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN" + +{ "external_id": "2750e210-39bb-11e9-a503-452618153e4a", "label": "00012", "line_items": [ { "product_id": "5bfd0b66a342bcc9b5563216", "variant_id": 17887, "quantity": 1 } ], +"shipping_method": 1, "is_printify_express": false, "is_economy_shipping": false, "send_shipping_notification": false, "address_to": { "first_name": "John", "last_name": "Smith", +"email": "example@msn.com", "phone": "0574 69 21 90", "country": "BE", "region": "", "address1": "ExampleBaan 121", "address2": "45", "city": "Retie", "zip": "2470" } } + +curl -X GET https://api.printify.com/v1/shops/{shop_id}/orders/18739212.4/send_to_production.json --header "Authorization: Bearer $PRINTIFY_API_TOKEN"