Deploy to kitconcept cluster

.dockerignore

@@ -0,0 +1,2 @@
+.github
+devops

.github/workflows/image.yml

@@ -0,0 +1,58 @@
+name: Build Docker Image
+
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: ghcr.io/kitconcept/pastanaga-io
+
+jobs:
+ release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+          labels: |
+            org.label-schema.docker.cmd=docker run -d -p 80:80 ${{ env.IMAGE_NAME }}:latest
+          flavor:
+            latest=false
+          tags: |
+            type=ref,event=branch
+            type=sha
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          platforms: linux/amd64
+          context: .
+          file: Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: $${{ steps.meta.outputs.labels }}

.github/workflows/manual_deploy.yml

@@ -0,0 +1,49 @@
+name: Manual Deployment of pastanaga.io
+
+on:
+  workflow_dispatch:
+
+
+jobs:
+
+  meta:
+    runs-on: ubuntu-latest
+    outputs:
+      ENVIRONMENT: ${{ steps.vars.outputs.ENVIRONMENT }}
+      STACK_NAME: ${{ steps.vars.outputs.STACK_NAME }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set Env Vars
+        id: vars
+        run: |
+          ENVIRONMENT=${{ vars.LIVE_ENV }}
+          echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_OUTPUT
+          echo "STACK_NAME=${ENVIRONMENT//./-}" >> $GITHUB_OUTPUT
+
+  deploy:
+    if: ${{ github.ref == 'refs/heads/main' }}
+    needs:
+      - meta
+    runs-on: ubuntu-latest
+    environment: ${{ needs.meta.outputs.ENVIRONMENT }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Deploy to cluster
+        uses: kitconcept/docker-stack-deploy@v1.2.0
+        with:
+          registry: "ghcr.io"
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          remote_host: ${{ secrets.DEPLOY_HOST }}
+          remote_port: ${{ secrets.DEPLOY_PORT }}
+          remote_user: ${{ secrets.DEPLOY_USER }}
+          remote_private_key: ${{ secrets.DEPLOY_SSH }}
+          stack_file: devops/stacks/${{ needs.meta.outputs.ENVIRONMENT }}.yml
+          stack_name: ${{ needs.meta.outputs.STACK_NAME }}
+          stack_param: ${{ github.ref_name }}
+          env_file: ${{ secrets.ENV_FILE }}
+          deploy_timeout: 480

Dockerfile

@@ -0,0 +1,55 @@
+# syntax=docker/dockerfile:1
+FROM node:14-slim as base
+RUN <<EOT
+    set -e
+    apt update
+    apt install -y --no-install-recommends python2.7 unzip curl build-essential git ca-certificates
+    mkdir /app
+    chown -R node:node /app
+    rm -rf /var/lib/apt/lists/*
+EOT
+
+FROM base as builder-site
+
+WORKDIR /app
+USER node
+ENV PYTHON=python2.7
+
+COPY --chown=node:node . /app/
+
+RUN <<EOT
+    set -e
+    yarn
+    yarn build
+EOT
+
+
+FROM base as builder-icons
+
+WORKDIR /app
+USER node
+ENV PYTHON=python2.7
+
+RUN <<EOT
+    set -e
+    curl -L -o icons.zip https://github.com/plone/pastanaga-icons/archive/refs/heads/master.zip
+    unzip icons.zip
+EOT
+
+RUN <<EOT
+    set -e
+    cd pastanaga-icons-master/react-icons
+    yarn
+    yarn build
+    mv build /app/public
+EOT
+
+FROM caddy:2.7-alpine
+
+LABEL maintainer="kitconcept GmbH <info@kitconcept.io>" \
+      org.label-schema.name="pastanaga-io" \
+      org.label-schema.description="Pastanaga Public Site" \
+      org.label-schema.vendor="kitconcept GmbH"
+
+COPY --from=builder-site /app/public/ /usr/share/caddy/
+COPY --from=builder-icons /app/public/ /usr/share/caddy/icons/

Makefile

@@ -0,0 +1,29 @@
+## Defensive settings for make:
+#     https://tech.davis-hansson.com/p/make/
+SHELL:=bash
+.ONESHELL:
+.SHELLFLAGS:=-xeu -o pipefail -O inherit_errexit -c
+.SILENT:
+.DELETE_ON_ERROR:
+MAKEFLAGS+=--warn-undefined-variables
+MAKEFLAGS+=--no-builtin-rules
+
+IMAGE_NAME=ghcr.io/kitconcept/pastanaga-io
+IMAGE_TAG=latest
+
+# We like colors
+# From: https://coderwall.com/p/izxssa/colored-makefile-for-golang-projects
+RED=`tput setaf 1`
+GREEN=`tput setaf 2`
+RESET=`tput sgr0`
+YELLOW=`tput setaf 3`
+
+.PHONY: build-image
+build-image:  ## Build Site Image
+	@echo "Building $(IMAGE_NAME):$(IMAGE_TAG)"
+	@docker buildx build . --progress=plain -t $(IMAGE_NAME):$(IMAGE_TAG) -f Dockerfile --load
+
+.PHONY: run-image
+run-image:  ## Run Site Image
+	@echo "Running $(IMAGE_NAME):$(IMAGE_TAG) on port 8080"
+	@docker run -it -p 8080:80 $(IMAGE_NAME):$(IMAGE_TAG)

devops/stack/pastanaga-io.yml

@@ -0,0 +1,34 @@
+---
+version: '3.8'
+services:
+
+  pastanaga:
+    image: ghcr.io/kitconcept/pastanaga-io:latest
+    networks:
+      - public
+    deploy:
+      replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.type == app
+          - node.labels.env == production
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=public
+        - traefik.constraint-label=public
+        # Service
+        - traefik.http.services.svc-pastanaga-io-web.loadbalancer.server.port=80
+        # Router: Main
+        - traefik.http.routers.rt-pastanaga-io-web.rule=Host(`pastanaga.io`)
+        - traefik.http.routers.rt-pastanaga-io-web.entrypoints=https
+        - traefik.http.routers.rt-pastanaga-io-web.tls=true
+        - traefik.http.routers.rt-pastanaga-io-web.tls.certresolver=le
+        - traefik.http.routers.rt-pastanaga-io-web.service=svc-pastanaga-io-web
+        - traefik.http.routers.rt-pastanaga-io-web.middlewares=gzip
+
+networks:
+  public:
+    external: true