2024 updates

.github/workflows/client-cd.yml

@@ -24,12 +24,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: checkout current repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: set up Node.js 18.x
-        uses: actions/setup-node@v3
+      - name: set up Node.js LTS
+        uses: actions/setup-node@v4
         with:
-          node-version: '18'
+          node-version: '20'
 
       - name: npm install
         run: npm ci
@@ -48,13 +48,18 @@ jobs:
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
+      - name: set up WARP (workaround for IPv6 on GitHub Actions)
+        uses: fscarmen/warp-on-actions@v1.1
+        with:
+          stack: ipv6
+
       - name: checkout current repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: set up Node.js 18.x
-        uses: actions/setup-node@v3
+      - name: set up Node.js LTS
+        uses: actions/setup-node@v4
         with:
-          node-version: '18.x'
+          node-version: '20'
 
       - name: npm install
         working-directory: ./client
@@ -66,13 +71,19 @@ jobs:
         working-directory: ./client
         run: npm run build
 
-      - name: deploy assets to server
-        uses: appleboy/scp-action@v0.1.3
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          source: "client/build/**"
-          target: "/var/www/stonks"
-          strip_components: 2
+      - name: setup SSH for Ansible
+        shell: bash
+        run: |
+          eval `ssh-agent -s`
+          mkdir -p /home/runner/.ssh/
+          touch /home/runner/.ssh/id_rsa
+          echo -e "${{secrets.SSH_KEY}}" > /home/runner/.ssh/id_rsa
+          chmod 700 /home/runner/.ssh/id_rsa
+          ssh-keyscan -t rsa,dsa,ecdsa,ed25519 ${{ secrets.SSH_HOST }} >> /home/runner/.ssh/known_hosts
+
+      - name: run Ansible deployment playbook
+        shell: bash
+        working-directory: ./ansible
+        run: |
+          ansible-playbook -vv --private-key /home/runner/.ssh/id_rsa -u ${{secrets.SSH_USER}} -i ${{ secrets.SSH_HOST }}, frontend.yml
+

.github/workflows/server-cd.yml

@@ -19,24 +19,24 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: checkout current repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: set up Java 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'
 
       - name: build application jar
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v3
         with:
           gradle-version: wrapper
           arguments: build
           build-root-directory: server
 
       - name: create server artifact from jar
         if: github.ref == 'refs/heads/main'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: server
           path: server/build
@@ -46,51 +46,50 @@ jobs:
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
+      - name: set up WARP (workaround for IPv6 on GitHub Actions)
+        uses: fscarmen/warp-on-actions@v1.1
+        with:
+          stack: ipv6
+
       - name: checkout current repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: download server artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: server
           path: server/build
 
       - name: set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: log in to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: build and publish server Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           context: server
           file: server/docker/Dockerfile
           platforms: linux/amd64,linux/arm64
           push: true
           tags: stenal/baltic-stock-server:latest
 
-      - name: deploy production docker-compose.yml
-        uses: appleboy/scp-action@v0.1.3
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          source: "server/docker/prod/docker-compose.yml"
-          target: "~"
-          strip_components: 3
+      - name: setup SSH for Ansible
+        shell: bash
+        run: |
+          eval `ssh-agent -s`
+          mkdir -p /home/runner/.ssh/
+          touch /home/runner/.ssh/id_rsa
+          echo -e "${{secrets.SSH_KEY}}" > /home/runner/.ssh/id_rsa
+          chmod 700 /home/runner/.ssh/id_rsa
+          ssh-keyscan -t rsa,dsa,ecdsa,ed25519 ${{ secrets.SSH_HOST }} >> /home/runner/.ssh/known_hosts
 
-      - name: Deploy published images
-        uses: appleboy/ssh-action@v0.1.7
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USER }}
-          key: ${{ secrets.SSH_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          script: |
-            docker compose pull
-            docker compose up -d
+      - name: run Ansible deployment playbook
+        working-directory: ./ansible
+        shell: bash
+        run: |
+          ansible-playbook -vv --private-key /home/runner/.ssh/id_rsa -u ${{secrets.SSH_USER}} -i ${{ secrets.SSH_HOST }}, backend.yml

README.md

@@ -8,7 +8,7 @@ https://laane.xyz/stonks
 [![MIT license](https://img.shields.io/badge/License-MIT-blue.svg)](./LICENSE.md) 
 
 ## Tools
-Baltic Stocks uses Java and MariaDB for its backend and a React and TypeScript for frontend.
+Baltic Stocks uses Java and MariaDB for its backend and React and TypeScript for the frontend.
 Deployment is automated using GitHub Actions and AWS. The deployed backend is
 containerized using Docker.
 
@@ -20,7 +20,7 @@ To locally run this you need [Java](https://adoptium.net/),
 
 ### Backend
 The following instructions use `server` as their root directory
-1. Run `docker-compose up` in `docker/dev/docker-compose.yml` to start a preconfigured
+1. Run `docker compose up` in `docker/dev/docker-compose.yml` to start a preconfigured
  database in a Docker container. Alternatively set up the database manually using MariaDB.
 2. Insert sample data to DB from `data` directory `.sql` files
 3. Start the backend using `gradle bootRun` (local Gradle installation) 
@@ -35,7 +35,7 @@ The following instructions use `client` as their root directory
 
 ## Contributing and Issues
 Contributions are always welcome. Anyone can open issues and
- pull requests on [GitHub](https://github.com/StenAL/baltic-stocks) 
+pull requests on [GitHub](https://github.com/StenAL/baltic-stocks) 
 
 ## License
 This project is licensed under the [MIT license](https://github.com/StenAL/baltic-stocks/blob/master/LICENSE)

ansible/backend.yml

@@ -0,0 +1,78 @@
+---
+
+- name: deploy backend
+  hosts: all
+  tasks:
+    - name: apt update && apt upgrade
+      become: true
+      apt:
+        update_cache: yes
+        upgrade: yes
+
+    - name: download Docker apt repository key
+      become: true
+      ansible.builtin.get_url:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        dest: /etc/apt/keyrings/docker.asc
+
+    - name: add Docker apt repository
+      become: true
+      ansible.builtin.apt_repository:
+        repo: deb [{% if ansible_architecture == "aarch64" %}arch=arm64{% endif %} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
+        state: present
+        filename: docker
+
+    - name: install Docker
+      become: true
+      apt:
+        pkg:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+        - docker-buildx-plugin
+        - docker-compose-plugin
+
+    - name: create deployment directory
+      become: true
+      ansible.builtin.file:
+        path: /usr/local/share/baltic-stocks
+        state: directory
+        mode: '0755'
+
+    - name: deploy docker-compose.yml
+      become: true
+      copy:
+        src: ../server/docker/prod/docker-compose.yml
+        dest: /usr/local/share/baltic-stocks/docker-compose.yml
+
+    - name: create baltic-stocks service user
+      become: true
+      ansible.builtin.user:
+        name: baltic-stocks
+        group: docker
+
+    - name: deploy systemd service
+      become: true
+      copy:
+          src: baltic-stocks.service
+          dest: /etc/systemd/system/baltic-stocks.service
+      register: service_deploy_result
+
+    - name: reload systemd daemon if necessary
+      become: true
+      ansible.builtin.systemd_service:
+        daemon_reload: true
+      when: service_deploy_result.changed
+
+
+    - name: docker compose pull
+      command:
+        cmd: "docker compose -f /usr/local/share/baltic-stocks/docker-compose.yml pull"
+
+    # missing manual step: deploy .env file to same directory as docker-compose
+    - name: enable and run systemd service
+      become: true
+      ansible.builtin.systemd_service:
+        name: baltic-stocks.service
+        enabled: true
+        state: restarted

ansible/files/baltic-stocks-location.conf

@@ -0,0 +1,8 @@
+location /stonks {
+    alias /var/www/stonks/;
+    try_files $uri $uri/index.html /index.html;
+}
+
+location ~ ^/stonks/api(/?.*) {
+    proxy_pass http://stonks-api/api$1$is_args$args;
+}

ansible/files/baltic-stocks-upstream.conf

@@ -0,0 +1,3 @@
+upstream stonks-api {
+    server localhost:12345;
+}

ansible/files/baltic-stocks.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Baltic Stocks running in Docker Compose (https://github.com/StenAL/Baltic-stocks)
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+User=baltic-stocks
+RemainAfterExit=true
+WorkingDirectory=/usr/local/share/baltic-stocks
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose down
+
+[Install]
+WantedBy=multi-user.target

ansible/frontend.yml

@@ -0,0 +1,89 @@
+---
+
+- name: deploy frontend
+  hosts: all
+  tasks:
+    - name: apt update && apt upgrade
+      become: true
+      apt:
+        update_cache: yes
+        upgrade: yes
+
+    - name: install dependencies
+      become: true
+      apt:
+        pkg:
+          - curl
+          - gnupg2
+          - ca-certificates
+          - ubuntu-keyring
+          - rsync
+
+    - name: download Nginx apt repository key
+      become: true
+      ansible.builtin.get_url:
+        url: https://nginx.org/keys/nginx_signing.key
+        dest: /etc/apt/keyrings/nginx.asc
+
+    - name: add Nginx apt repository
+      become: true
+      ansible.builtin.apt_repository:
+        repo: deb [{% if ansible_architecture == "aarch64" %}arch=arm64{% endif %} signed-by=/etc/apt/keyrings/nginx.asc] https://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} stable
+        state: present
+        filename: nginx-test
+
+    - name: increase Nginx repository priority
+      become: true
+      ansible.builtin.copy:
+        dest: /etc/apt/preferences.d/99nginx
+        content: |
+          Package: *
+          Pin: origin nginx.org
+          Pin: release o=nginx
+          Pin-Priority: 900
+
+    - name: install Nginx
+      become: true
+      apt:
+        pkg:
+          - nginx
+
+    - name: deploy frontend files
+      ansible.posix.synchronize:
+        src: ../client/build/
+        dest: /var/www/stonks
+
+    - name: deploy Nginx conf fragments
+      copy:
+        src: '{{item}}'
+        dest: '/etc/nginx/conf.d/'
+      loop:
+        - baltic-stocks-upstream.conf
+        - baltic-stocks-location.conf
+      tags: this
+
+
+    - name: include upstream block in nginx.conf
+      become: true
+      lineinfile:
+        path: /etc/nginx/nginx.conf
+        search_string: "include /etc/nginx/conf.d/baltic-stocks-upstream.conf;"
+        insertafter: "http {"
+        line: "    include /etc/nginx/conf.d/baltic-stocks-upstream.conf;"
+      tags: this
+
+    - name: include location block in nginx.conf
+      become: true
+      lineinfile:
+        path: /etc/nginx/nginx.conf
+        search_string: "include /etc/nginx/conf.d/baltic-stocks-location.conf;"
+        insertafter: 'listen\s*\[::\]:443 ssl default_server;'
+        line: "        include /etc/nginx/conf.d/baltic-stocks-location.conf;"
+      tags: this
+
+    - name: enable and run Nginx
+      become: true
+      ansible.builtin.systemd_service:
+        name: nginx.service
+        enabled: true
+        state: reloaded