PROD.2026/RekomenciBackend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

afnzsljdghskjerlg

Browse Source 
Signed-off-by: ITQ <itq.dev@ya.ru>
This commit is contained in:
ITQ
2025-11-21 19:29:00 +03:00
parent 44df678c82
commit f334e1f2cc
2 changed files with 109 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+65 -55
View File
@@ -191,13 +191,14 @@ ansible-initvm:
ANSIBLE_HOST_KEY_CHECKING: false ANSIBLE_HOST_KEY_CHECKING: false
before_script: before_script:
- echo $ENV_PRIVATE_KEY_BASE64 | base64 -d > /id.pem - echo $ENV_PRIVATE_KEY_BASE64 | base64 -d > /id.pem
- chmod 0600 /id.pem
- mv "$INVENTORY_ALPHA_VM" ./infrastructure/iac/ansible/inventory/host_vars/alpha.yaml - mv "$INVENTORY_ALPHA_VM" ./infrastructure/iac/ansible/inventory/host_vars/alpha.yaml
- printf "[servers]\nalpha\n" > infrastructure/iac/ansible/inventory/hosts - printf "[servers]\nalpha\n" > infrastructure/iac/ansible/inventory/hosts
script: script:
- cd ./infrastructure/iac/ansible - cd ./infrastructure/iac/ansible
- ansible-galaxy collection install -r requirements.yaml - ansible-galaxy collection install -r requirements.yaml
- ansible-galaxy install -r requirements.yaml - ansible-galaxy install -r requirements.yaml
- ansible-playbook -i inventory/hosts apps.yaml - ansible-playbook -i inventory/hosts site.yaml
when: manual when: manual
build-runtime: build-runtime:
@@ -235,61 +236,70 @@ lint:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event' - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG - if: $CI_COMMIT_TAG
# test: test:
# <<: *docker-job <<: *buildah-job
# stage: test stage: test
# variables: variables:
# COMPOSE_PROFILES: | COMPOSE_PROFILES: |
# --profile migrations --profile migrations
# --profile tests --profile tests
# script: script:
# - apk add --no-cache docker-compose - apk add --no-cache podman podman-compose
# - export PROFILES="$(printf '%s ' $COMPOSE_PROFILES)" - export PROFILES="$(printf '%s ' $COMPOSE_PROFILES)"
# - cp "$TEST_STAGE_FIREBASE_CONF" ./infrastructure/configs/backend/firebase.json - cp "$TEST_STAGE_FIREBASE_CONF" ./infrastructure/configs/backend/firebase.json
# - | - |
# ( (
# while true; do while true; do
# docker compose -f compose.yaml $PROFILES logs -f 2>&1 podman-compose -f compose.yaml $PROFILES logs -f 2>&1
# sleep 1 sleep 1
# done done
# ) | tee -a compose.log & ) | tee -a compose.log &
# - LOGS_PID=$! - LOGS_PID=$!
# - | - |
# REGISTRY_PREFIX=$CI_REGISTRY_IMAGE IMAGE_TAG=$CI_COMMIT_SHA \ REGISTRY_PREFIX=$CI_REGISTRY_IMAGE IMAGE_TAG=$CI_COMMIT_SHA \
# docker compose -f compose.yaml -f compose.prod.yaml \ podman-compose -f compose.yaml -f compose.prod.yaml \
# $PROFILES up -d --quiet-pull --quiet-build 2>&1 | tee compose.log $PROFILES up -d 2>&1 | tee compose.log
# - | - |
# TEST_CONTAINER_ID=$(docker compose -f compose.yaml $PROFILES ps -q tests -a) TEST_CONTAINER_ID=$(
# timeout 600 docker wait $TEST_CONTAINER_ID podman-compose ps --all --format json \
# TEST_EXIT_CODE=$(docker inspect --format "{{.State.ExitCode}}" $TEST_CONTAINER_ID) | jq -r '.[] | select(.Labels["io.podman.compose.service"] == "tests") | .Id'
)
# if [ $TEST_EXIT_CODE -eq 0 ]; then if [ -z "$TEST_CONTAINER_ID" ]; then
# echo "Tests passed." echo "Tests container not found."
# else exit 1
# echo "Tests failed with exit code $TEST_EXIT_CODE." fi
# exit 1
# fi timeout 600 podman wait "$TEST_CONTAINER_ID"
# - | TEST_EXIT_CODE=$(podman inspect --format "{{.State.ExitCode}}" "$TEST_CONTAINER_ID")
# docker compose -f compose.yaml $PROFILES down
# - cat .cov/coverage.txt if [ "$TEST_EXIT_CODE" -eq 0 ]; then
# artifacts: echo "Tests passed."
# paths: else
# - ./.cov echo "Tests failed with exit code $TEST_EXIT_CODE."
# - ./compose.log exit 1
# reports: fi
# coverage_report: - |
# coverage_format: cobertura podman-compose -f compose.yaml $PROFILES down
# path: .cov/coverage.xml - cat .cov/coverage.txt
# expire_in: 1 week artifacts:
# when: always paths:
# coverage: /TOTAL.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/ - ./.cov
# rules: - ./compose.log
# - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH reports:
# - if: $CI_PIPELINE_SOURCE == 'merge_request_event' coverage_report:
# dependencies: coverage_format: cobertura
# - build-runtime path: .cov/coverage.xml
# - build-tests expire_in: 1 week
# - build-migrations when: always
coverage: /TOTAL.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
dependencies:
- build-runtime
- build-tests
- build-migrations
sast-filesystem: sast-filesystem:
<<: *trivy-fs-scan <<: *trivy-fs-scan
compose.yaml
+43 -26
View File
@@ -27,6 +27,13 @@ services:
required: true required: true
- path: ./infrastructure/configs/backend/.env - path: ./infrastructure/configs/backend/.env
required: false required: false
healthcheck:
test: [ "CMD", "curl", "-fsS", "http://localhost:8080/healthcheck" ]
interval: 5s
timeout: 4s
start_period: 5s
start_interval: 2s
retries: 5
networks: networks:
- default - default
ports: ports:
@@ -44,13 +51,13 @@ services:
target: /app/config.toml target: /app/config.toml
read_only: true read_only: true
bind: bind:
selinux: Z selinux: z
- type: bind - type: bind
source: ./infrastructure/configs/backend/firebase.json source: ./infrastructure/configs/backend/firebase.json
target: /app/firebase.json target: /app/firebase.json
read_only: true read_only: true
bind: bind:
selinux: Z selinux: z
tests: tests:
build: build:
@@ -60,28 +67,35 @@ services:
tags: tags:
- template-project-tests:latest - template-project-tests:latest
pull: true pull: true
# depends_on: depends_on:
# backend: backend:
# restart: false restart: false
# condition: service_healthy condition: service_healthy
# required: true required: true
# migrations: migrations:
# restart: false restart: false
# condition: service_completed_successfully condition: service_completed_successfully
# required: true required: true
# postgres: postgres:
# restart: false restart: false
# condition: service_healthy condition: service_healthy
# required: true required: true
# redis: redis:
# restart: false restart: false
# condition: service_healthy condition: service_healthy
# required: true required: true
env_file: env_file:
- path: ./infrastructure/configs/backend/.env.template - path: ./infrastructure/configs/backend/.env.template
required: true required: true
- path: ./infrastructure/configs/backend/.env - path: ./infrastructure/configs/backend/.env
required: false required: false
healthcheck:
test: [ "CMD", "pg_isready", "-U", "postgres", "--dbname=postgres" ]
interval: 5s
timeout: 4s
start_period: 5s
start_interval: 2s
retries: 5
networks: networks:
- default - default
profiles: profiles:
@@ -91,12 +105,15 @@ services:
- type: bind - type: bind
source: ./infrastructure/configs/backend/config.toml source: ./infrastructure/configs/backend/config.toml
target: /app/config.toml target: /app/config.toml
read_only: false read_only: true
bind: bind:
selinux: Z selinux: z
- type: bind - type: bind
source: ./.cov source: ./.cov
target: /app/cov target: /app/cov
read_only: false
bind:
selinux: z
migrations: migrations:
build: build:
@@ -127,13 +144,13 @@ services:
target: /app/config.toml target: /app/config.toml
read_only: false read_only: false
bind: bind:
selinux: Z selinux: z
- type: bind - type: bind
source: ./alembic.ini source: ./alembic.ini
target: /app/alembic.ini target: /app/alembic.ini
read_only: true read_only: true
bind: bind:
selinux: Z selinux: z
postgres: postgres:
image: docker.io/postgres:17-alpine image: docker.io/postgres:17-alpine
@@ -160,7 +177,7 @@ services:
target: /etc/postgresql/postgresql.conf target: /etc/postgresql/postgresql.conf
read_only: true read_only: true
bind: bind:
selinux: Z selinux: z
- type: volume - type: volume
source: postgres_data source: postgres_data
target: /var/lib/postgresql/data target: /var/lib/postgresql/data
@@ -203,7 +220,7 @@ services:
target: /pgadmin4/servers.json target: /pgadmin4/servers.json
read_only: true read_only: true
bind: bind:
selinux: Z selinux: z
- type: volume - type: volume
source: pgadmin_data source: pgadmin_data
target: /var/lib/pgadmin target: /var/lib/pgadmin
@@ -233,7 +250,7 @@ services:
target: /usr/local/etc/redis/redis.conf target: /usr/local/etc/redis/redis.conf
read_only: true read_only: true
bind: bind:
selinux: Z selinux: z
- type: volume - type: volume
source: redis_data source: redis_data
target: /data target: /data