CI/CD na Github Actions maka Flask+Angular project
N'isiokwu a, m ga-ekekọrịta ahụmahụ m nke ịtọlite CI/CD site na iji Plesk Control Panel na Github Actions. Taa, anyị ga-amụta otu esi ebuga ọrụ dị mfe na aha na-enweghị mgbagwoju anya "Helloworld". Edere ya na Frask Python framework, ya na ndị ọrụ Celery na ihu Angular 8.
N'akụkụ mbụ nke isiokwu ahụ, anyị ga-eleba anya na ọrụ anyị na akụkụ ya. N'ime nke abụọ, anyị ga-achọpụta otu esi edozi Plesk ma wụnye ihe mgbakwunye na ihe ndị dị mkpa (DB, RabbitMQ, Redis, Docker, wdg).
N'akụkụ nke atọ, anyị ga-emesị chọpụta ka esi edozi pipeline maka ibuga ọrụ anyị na ihe nkesa na mpaghara dev na prod. Mgbe ahụ, anyị ga-amalite saịtị na ihe nkesa.
Ma ee, echefuru m iwebata onwe m. Aha m bụ Oleg Borzov, abụ m onye nrụpụta zuru oke na otu CRM maka ndị njikwa nnyefe na Domclick.
Nchịkọta oru ngo
Nke mbụ, ka anyị leba anya na ebe nchekwa ọrụ abụọ - azụ azụ na ihu - wee gafee koodu ahụ.
Azụ: Flask+Celery
Maka akụkụ azụ, ewerere m ụyọkọ na-ewu ewu nke ukwuu n'etiti ndị mmepe Python: Flask framework (maka API) na Celery (maka ọrụ kwụ n'ahịrị). A na-eji SQLAchemy dị ka ORM. A na-eji Alembic eme njem. Maka nkwado JSON na aka - Marshmallow.
В ebe nchekwa enwere faịlụ Readme.md nwere nkọwa zuru ezu nke nhazi na ntuziaka maka ịrụ ọrụ a.
Isi ibe nwere fọm maka izipu email na bọtịnụ ọpụpụ.
Nbanye ibe.
Ibe ndebanye aha.
Ibe isi na-ele anya ascetic:
Enwere faịlụ abụọ na mgbọrọgwụ Dockerfile и docker-compose.yml, yana folda a maara nke ọma .ci-cd nwere script dị ntakịrị karịa na ebe nchekwa azụ (edemede ewepụrụ maka ule na-agba ọsọ).
Ịmalite ọrụ na Plesk
Ka anyị bido site na ịtọlite Plesk na ịmepụta ndenye aha maka saịtị anyị.
Ịwụnye ndọtị
Na Plesk, anyị chọrọ mgbatị anọ:
Docker iji jikwaa na anya na-egosipụta ọnọdụ nke containers na Plesk admin panel;
Git iji hazie nzọụkwụ ntinye na ihe nkesa;
Let's Encrypt iji wepụta (na megharịa akpaaka) asambodo TLS efu;
Firewall iji hazie nzacha okporo ụzọ na-abata.
Ị nwere ike iwunye ha site na Plesk admin panel na Extensions ngalaba:
Anyị agaghị atụle ntọala zuru ezu maka ndọtị, ntọala ndabara ga-eme maka ebumnuche ngosi anyị.
Mepụta ndenye aha na saịtị
Ọzọ, anyị kwesịrị ịmepụta ndenye aha maka webụsaịtị helloworld.ru anyị wee gbakwunye subdomain dev.helloworld.ru ebe ahụ.
Mepụta ndenye aha maka ngalaba helloworld.ru wee kọwapụta paswọọdụ nbanye maka onye ọrụ sistemụ:
Lelee igbe dị n'okpuru ibe ahụ Chekwaa ngalaba ahụ na Ka anyị ezoro ezoọ bụrụ na anyị chọrọ ịtọ HTTPS maka saịtị:
Na-esote, na ndenye aha a, mepụta subdomain dev.helloworld.ru (nke ị nwekwara ike ịnye asambodo TLS efu):
Ịwụnye ihe nkesa
Anyị nwere ihe nkesa Os Debian Stretch 9.12 na arụnyere njikwa panel Plesk Obsidian 18.0.27.
Anyị kwesịrị ịwụnye na hazie maka ọrụ anyị:
PostgreSQL (n'ọnọdụ anyị, a ga-enwe otu ihe nkesa nwere ọdụ data abụọ maka gburugburu dev na prod).
RabbitMQ (otu ihe atụ na vhosts dị iche iche maka gburugburu).
Ihe atụ abụọ Redis (maka gburugburu dev na prod).
Ndebanye aha Docker (maka nchekwa mpaghara nke onyonyo Docker wuru).
UI maka ndekọ Docker.
PostgreSQL
Plesk abịala na PostgreSQL DBMS, mana ọ bụghị ụdị kachasị ọhụrụ (n'oge edere Plesk Obsidian kwadoro Ụdị Postgres 8.4–10.8). Anyị chọrọ ụdị kachasị ọhụrụ maka ngwa anyị (12.3 n'oge ederede), yabụ anyị ga-eji aka tinye ya.
Enwere ọtụtụ ntụziaka zuru ezu maka ịwụnye Postgres na Debian na netwọk (ihe atụ), yabụ agaghị m akọwa ha n'ụzọ zuru ezu, naanị m ga-enye iwu:
N'iburu n'uche na PostgreSQL nwere ntọala ndabara dị obere, ọ dị mkpa iji dozie nhazi ahụ. Nke a ga-enyere anyị aka ihe mgbako: ịkwesịrị ịkwọ ụgbọala na paramita nke ihe nkesa gị ma dochie ntọala na faịlụ ahụ /etc/postgresql/12/main/postgresql.confnye ndị e nyere. Okwesiri iburu n'uche ebe a na ihe mgbako di otu a abughi mgbo anwansi, na a ga-edobe isi ya nke oma, dabere na ngwaike, ngwa, na njuju ajuju gi. Ma nke a zuru ezu ịmalite.
Na mgbakwunye na ntọala ndị mgbako tụrụ aro, anyị na-agbanwekwa postgresql.confọdụ ụgbọ mmiri ndabara 5432 gaa na nke ọzọ (na ihe atụ anyị - 53983).
Mgbe ịgbanwere faịlụ nhazi, malitegharịa postgresql-server na iwu:
service postgresql restart
Anyị etinyela ma hazie PostgreSQL. Ugbu a, ka anyị mepụta nchekwa data, ndị ọrụ maka gburugburu dev na prod, ma nye ndị ọrụ ikike ijikwa nchekwa data:
$ su - postgres
postgres:~$ create database hw_dev_db_name;
CREATE DATABASE
postgres:~$ create user hw_dev_db_user with password 'hw_dev_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_dev_db_name to hw_dev_db_user;
GRANT
postgres:~$ create database hw_prod_db_name;
CREATE DATABASE
postgres:~$ create user hw_prod_db_user with password 'hw_prod_db_password';
CREATE ROLE
postgres:~$ grant ALL privileges ON database hw_prod_db_name to hw_prod_db_user;
GRANT
Oke oyibo
Ka anyị gaa n'ihu ịwụnye RabbitMQ, onye na-ere ahịa ozi maka Celery. Ịwụnye ya na Debian dị nnọọ mfe:
Ugbu a, ka anyị wụnye ma hazie akụkụ ikpeazụ maka ngwa anyị - Redis. A ga-eji ya dị ka ihe ndabere maka ịchekwa nsonaazụ nke ọrụ Celery.
Anyị ga-ebuli akpa Docker abụọ na Redis maka gburugburu dev na prod site na iji ndọtị ahụ Docker maka Plesk.
Anyị na-aga Plesk, gaa na ngalaba Extensions, chọọ ndọtị Docker wee wụnye ya (anyị chọrọ ụdị efu):
Gaa na ndọtị arụnyere, chọta onyonyo site na nchọta redis bitnami ma wụnye ụdị kachasị ọhụrụ:
Anyị na-abanye n'ime akpa ahụ ebudatara ma mezie nhazi ahụ: kọwaa ọdụ ụgbọ mmiri ahụ, oke RAM ekenyela, paswọọdụ na mgbanwe gburugburu ebe obibi, wee bulie olu:
Anyị na-eme usoro 2-3 maka akpa prod, na ntọala anyị na-agbanwe naanị paramita: ọdụ ụgbọ mmiri, paswọọdụ, nha RAM na ụzọ na folda olu na sava ahụ:
Docker ndekọ
Na mgbakwunye na ọrụ ndị bụ isi, ọ ga-adị mma itinye ebe nchekwa ihe onyonyo Docker nke gị na sava ahụ. Ọ dabara nke ọma, oghere ihe nkesa dị ugbu a dị ọnụ ala (n'ezie dị ọnụ ala karịa ndenye aha DockerHub), na usoro ịtọlite ebe nchekwa nkeonwe dị nnọọ mfe.
Ma anyị kwesịrị ibugharị Nginx na arịa anyị. Enwere ike ime nke a site na Plesk.
Ekwesịrị ime usoro ndị a maka docker.helloworld.ru na docker-ui.helloworld.ru subdomains:
ngalaba Ngwaọrụ Dev saịtị anyị gaa na Iwu Docker Proxy:
Ma tinye iwu na okporo ụzọ na-abata proxy na akpa anyị:
Anyị na-enyocha na anyị nwere ike isi na igwe mpaghara banye na akpa anyị:
$ docker login docker.helloworld.ru -u hw_docker_admin -p hw_docker_password
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
Ka anyị leleekwa ọrụ nke subdomain docker-ui.helloworld.ru:
Mgbe ị pịrị na Chọgharịa ebe nchekwa, ihe nchọgharị ahụ ga-egosipụta windo ikike ebe ị ga-achọ itinye aha njirimara na paswọọdụ maka ebe nchekwa ahụ. Mgbe nke ahụ gasịrị, a ga-ebufe anyị na ibe nwere ndepụta ebe nchekwa (ugbu a, ọ ga-abụ ihe efu maka gị):
Imepe ọdụ ụgbọ mmiri na Plesk Firewall
Mgbe ị wụnyechara ma hazie ihe ndị ahụ, anyị kwesịrị imepe ọdụ ụgbọ mmiri ka ihe ndị ahụ wee nweta site na igbe Docker na netwọkụ mpụga.
Ka anyị hụ otu esi eme nke a site na iji ndọtị Firewall maka Plesk nke anyị rụnyere na mbụ.
Gaa na Ngwaọrụ & Ntọala> Ntọala> Firewall:
Gaa na Megharịa Plesk Firewall Iwu> Tinye iwu omenala ma mepee ọdụ ụgbọ mmiri TCP ndị a maka subnet Docker (172.0.0.0 / 8):
RabbitMQ: 1883, 4369, 5671-5672, 25672, 61613-61614
Mgbanwe: 32785, 32786
Anyị ga-agbakwunye iwu nke ga-emepe ọdụ ụgbọ mmiri PostgreSQL na ogwe njikwa RabbitMQ na mpụga ụwa:
Tinye iwu site na iji bọtịnụ Tinye mgbanwe:
Ịtọlite CI/CD na Github Actions
Ka anyị gbadaa na akụkụ kachasị mma - ịtọlite pipe njikọ na-aga n'ihu na ibuga ọrụ anyị na sava ahụ.
Pipeline a ga-enwe akụkụ abụọ:
na-ewu ihe oyiyi na ule na-agba ọsọ (maka azụ azụ) - n'akụkụ Github;
migrations na-agba ọsọ (maka azụ azụ) ma na-ebuga arịa - na ihe nkesa.
Nyefee na Plesk
Ka anyị buru ụzọ leba anya n’isi ihe nke abụọ (n’ihi na nke mbụ dabere na ya).
Anyị ga-ahazi usoro ibunye ya site na iji ndọtị Git maka Plesk.
Tụlee ihe atụ nwere gburugburu Prod maka ebe nchekwa Backend.
Anyị na-aga na ndenye aha nke weebụsaịtị Helloworld wee gaa na ngalaba Git:
Fanye njikọ na ebe nchekwa Github anyị n'ime mpaghara "Remote Git repository" wee gbanwee folda ndabara. httpdocs nye onye ọzọ (dịka. /httpdocs/hw_back):
Detuo igodo Ọhaneze SSH site na nzọụkwụ gara aga na tinye Ọ dị na ntọala Github.
Pịa OK na ihuenyo na nzọụkwụ 2, mgbe nke a gasịrị, a ga-atụgharị anyị na ibe nchekwa na Plesk. Ugbu a, anyị kwesịrị ịhazi ebe nchekwa ahụ ka emelite ya na ntinye aka na ngalaba nna ukwu. Iji mee nke a, gaa na Ntọala nchekwa ma chekwaa uru ahụ Webhook URL (anyị ga-achọ ya ma emechaa mgbe ị na-ahazi Github Actions):
N'ime mpaghara omume dị na ihuenyo site na paragraf gara aga, tinye edemede ka ịmalite ntinye:
cd {REPOSITORY_ABSOLUTE_PATH}
.ci-cd/deploy.sh {ENV} {DOCKER_REGISTRY_HOST} {DOCKER_USER} {DOCKER_PASSWORD} {TG_BOT_TOKEN} {TG_CHAT_ID}
ebe:
{REPOSITORY_ABSOLUTE_PATH} - ụzọ na prod nchekwa nke backend repository na ihe nkesa; {ENV} - gburugburu (dev / prod), n'ọnọdụ anyị prod; {DOCKER_REGISTRY_HOST} - onye ọbịa nke ebe nchekwa docker anyị {TG_BOT_TOKEN} - Telegram bot token; {TG_CHAT_ID} - NJ nke nkata / ọwa maka izipu ọkwa.
Ọmụmaatụ script:
cd /var/www/vhosts/helloworld.ru/httpdocs/hw_back/
.ci-cd/deploy.sh dev docker.helloworld.ru docker_user docker_password 12345678:AAbcdEfghCH1vGbCasdfSAs0K5PALDsaw -1001234567890
Tinye onye ọrụ site na ndenye aha anyị na otu Docker (ka ha nwee ike ijikwa arịa):
sudo usermod -aG docker helloworld_admin
A na-edozi ebe dev maka ebe nchekwa azụ azụ na frontend n'otu ụzọ ahụ.
Pipeline na-ebunye na Github Actions
Ka anyị gaa n'ihu ịtọlite akụkụ mbụ nke pipeline CI/CD na Github Actions.
Mana tupu ịkọwa ya, ka anyị dejupụta mgbanwe nzuzo anyị chọrọ na Github. Iji mee nke a, gaa na Ntọala -> Nzuzo:
DOCKER_REGISTRY - onye ọbịa nke ebe nchekwa Docker anyị (docker.helloworld.ru);
DOCKER_LOGIN - banye na ebe nchekwa Docker;
DOCKER_PASSWORD - paswọọdụ maka ya;
DEPLOY_HOST - nnabata ebe Plesk admin panel dị (ihe atụ: helloworld.com: 8443 ma ọ bụ 123.4.56.78:8443);
DEPLOY_BACK_PROD_TOKEN - akara ngosi maka ntinye na prod-repository na ihe nkesa (anyị nwetara ya na Deployment na Plesk p. 4);
DEPLOY_BACK_DEV_TOKEN - token maka ibuga na ebe nchekwa dev na sava ahụ.
Usoro ntinye ya dị mfe ma nwere usoro atọ bụ isi:
iwulite na ibipụta onyonyo na ebe nchekwa anyị;
na-agba ọsọ ule n'ime akpa dabere na onyonyo ewuru ọhụrụ;
ntinye na gburugburu ebe a chọrọ dabere na alaka ụlọ ọrụ (dev / master).
Ihu njedebe
Faịlụ deploy.yml maka ebe nchekwa n'ihu dịtụ iche na nke Beck. Ọ enweghị nzọụkwụ na-agba ọsọ ule na-agbanwe aha nke tokens maka nkenye. Ihe nzuzo maka ebe nchekwa n'ihu, n'ụzọ, ọ dị mkpa ka ejupụta ya iche.
Ntọlite saịtị
Na-ebugharị okporo ụzọ site na Nginx
Ọfọn, anyị abịala na njedebe. Ọ ka dị naanị ịhazi proxying nke okporo ụzọ mbata na ọpụpụ na akpa anyị site na Nginx. Anyị ekpuchilarị usoro a na nzọụkwụ 5 nke nhazi ndekọ aha Docker. Ekwesịrị ikwugharị otu ihe ahụ maka akụkụ azụ na ihu na mpaghara dev na prod.
M ga-enye nseta ihuenyo nke ntọala.
Backend
Ihu njedebe
Nkọwa dị mkpa. URL niile ga-abụ proxied na akpa ihu, ewezuga ndị na-amalite /api/ - a ga-edobe ha na akpa azụ (ya mere n'ime akpa azụ, ndị ọrụ niile ga-ejirịrị malite /api/).
Nsonaazụ
Ugbu a saịtị anyị kwesịrị ịdị na helloworld.ru na dev.helloworld.ru (prod- na dev-environments, n'otu n'otu).
Na mkpokọta, anyị mụtara ka esi akwadebe ngwa dị mfe na Flask na Angular ma guzobe pipeline na Github Actions iji tụgharịa ya na ihe nkesa na-agba ọsọ Plesk.
M ga-eji koodu ahụ megharịa njikọ ndị ahụ na ebe nchekwa: azụ azụ, ihu njedebe.