Skip to content

Commit 63a35a7

Browse files
committed
Add staging deployment
1 parent 6b0811e commit 63a35a7

19 files changed

+417
-26
lines changed

.dockerignore

+1
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
.env
22
/data
3+
__pycache__

.github/deploy/inventory.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
nest:
2+
hosts:
3+
nest_staging:
4+
ansible_host: '{{ lookup("env", "STAGING_HOST_IP_ADDRESS") }}'
5+
ansible_ssh_private_key_file: '{{ lookup("env", "STAGING_SSH_PRIVATE_KEY_PATH") }}'
6+
ansible_user: staging

.github/deploy/staging.yaml

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
- name: Deploy Nest to Staging
2+
hosts: nest_staging
3+
tasks:
4+
- name: Copy Nginx configuration file
5+
ansible.builtin.copy:
6+
src: '{{ playbook_dir }}/../../nginx/nginx.conf'
7+
dest: ~/nginx/nginx.conf
8+
mode: '0644'
9+
10+
- name: Copy docker-compose.yml
11+
ansible.builtin.copy:
12+
src: '{{ playbook_dir }}/../../docker-compose-staging.yaml'
13+
dest: ~/docker-compose.yaml
14+
mode: '0644'
15+
16+
- name: Stop Services
17+
shell:
18+
cmd: 'docker-compose rm --stop --force'
19+
20+
- name: Update Images
21+
shell:
22+
cmd: 'docker-compose pull'
23+
24+
- name: Start Services
25+
shell:
26+
cmd: 'docker-compose up -d'

.github/workflows/ci-cd.yaml

+54-1
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,60 @@ jobs:
4141
with:
4242
languages: python
4343

44-
- name: Perform CodeQL Analysis
44+
- name: Perform CodeQL analysis
4545
uses: github/codeql-action/analyze@v3
4646
with:
4747
category: '/language:python'
48+
49+
build-docker-images:
50+
environment: staging
51+
name: Build Docker Images
52+
runs-on: ubuntu-latest
53+
needs:
54+
- pre-commit
55+
steps:
56+
- name: Check out repository
57+
uses: actions/checkout@v4
58+
59+
- name: Set up QEMU
60+
uses: docker/setup-qemu-action@v3
61+
62+
- name: Set up Docker buildx
63+
uses: docker/setup-buildx-action@v3
64+
65+
- name: Login to Docker Hub
66+
uses: docker/login-action@v3
67+
with:
68+
username: ${{ secrets.DOCKERHUB_USERNAME }}
69+
password: ${{ secrets.DOCKERHUB_TOKEN }}
70+
71+
- name: Build backend image
72+
uses: docker/build-push-action@v6
73+
with:
74+
context: backend
75+
file: backend/Dockerfile.staging
76+
platforms: linux/amd64
77+
push: true
78+
tags: ${{ secrets.DOCKERHUB_USERNAME }}/owasp-nest-backend:latest
79+
80+
deploy:
81+
environment: staging
82+
name: Deploy Nest Staging
83+
env:
84+
STAGING_SSH_PRIVATE_KEY_PATH: ~/.ssh/nest_staging_private_key
85+
runs-on: ubuntu-latest
86+
needs:
87+
- build-docker-images
88+
steps:
89+
- name: Check out repository
90+
uses: actions/checkout@v4
91+
92+
- name: Prepare SSH key
93+
run: |
94+
mkdir -m 700 ~/.ssh
95+
echo "${{ secrets.STAGING_SSH_PRIVATE_KEY }}" > "${{ env.STAGING_SSH_PRIVATE_KEY_PATH}}"
96+
chmod 400 "${{ env.STAGING_SSH_PRIVATE_KEY_PATH}}"
97+
98+
- name: Run Nest deploy
99+
working-directory: .github/deploy
100+
run: ansible-playbook -i inventory.yaml staging.yaml

.gitignore

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,4 @@ __pycache__
88
.venv
99
.vscode
1010
*.code-workspace
11-
/data
11+
/volumes

Makefile

+3
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ build:
33
@CMD="poetry install" $(MAKE) run-backend-command
44
@CMD="poetry run python manage.py migrate" $(MAKE) run-backend-command
55

6+
collect-static:
7+
@CMD="poetry run python manage.py collectstatic --noinput" $(MAKE) run-backend-command
8+
69
migrate:
710
@CMD="poetry run python manage.py migrate" $(MAKE) run-backend-command
811

backend/Dockerfile.staging

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
FROM python:3.12
2+
3+
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
4+
5+
RUN groupadd owasp && \
6+
useradd --create-home --home-dir /home/owasp -g owasp owasp && \
7+
python -m pip install --no-cache-dir poetry && \
8+
rm -rf /var/lib/apt/lists/*
9+
10+
ENV PYTHONUNBUFFERED 1
11+
12+
WORKDIR /home/owasp
13+
14+
COPY apps apps
15+
COPY manage.py .
16+
COPY poetry.lock .
17+
COPY pyproject.toml .
18+
COPY settings settings
19+
COPY templates templates
20+
COPY wsgi.py wsgi.py
21+
22+
EXPOSE 8000
23+
24+
USER owasp

backend/apps/github/management/commands/github_sync_owasp_organization.py

+10-7
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
from apps.owasp.constants import OWASP_ORGANIZATION_NAME
1111
from apps.owasp.models import Chapter, Committee, Event, Project
1212

13-
BATCH_SIZE = 10
13+
BATCH_SIZE = 100
1414

1515

1616
class Command(BaseCommand):
@@ -75,11 +75,10 @@ def save_data():
7575
(p for p in projects if p.id),
7676
fields=[field.name for field in Project._meta.fields if not field.primary_key], # noqa: SLF001
7777
)
78-
print("Saved to DB.")
7978

8079
gh = github.Github(os.getenv("GITHUB_TOKEN"), per_page=GITHUB_ITEMS_PER_PAGE)
8180
gh_owasp_organization = gh.get_organization(OWASP_ORGANIZATION_NAME)
82-
remote_repositories_count = gh_owasp_organization.public_repos
81+
remote_owasp_repositories_count = gh_owasp_organization.public_repos
8382

8483
owasp_organization = None
8584
owasp_user = None
@@ -147,13 +146,17 @@ def save_data():
147146
# Save remaining data.
148147
save_data()
149148

150-
# Check repo counts.
151-
local_repositories_count = Repository.objects.count()
152-
result = "==" if remote_repositories_count == local_repositories_count else "!="
149+
# Check repository counts.
150+
local_owasp_repositories_count = Repository.objects.filter(
151+
is_owasp_repository=True
152+
).count()
153+
result = (
154+
"==" if remote_owasp_repositories_count == local_owasp_repositories_count else "!="
155+
)
153156
print(
154157
"\n"
155158
f"OWASP GitHub repositories count {result} synced repositories count: "
156-
f"{remote_repositories_count} {result} {local_repositories_count}"
159+
f"{remote_owasp_repositories_count} {result} {local_owasp_repositories_count}"
157160
)
158161

159162
gh.close()

backend/apps/github/management/commands/github_sync_related_repositories.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
logger = logging.getLogger(__name__)
1616

17-
BATCH_SIZE = 10
17+
BATCH_SIZE = 100
1818

1919

2020
class Command(BaseCommand):

0 commit comments

Comments
 (0)