created action for gauzy api stage on digitalOcean droplet

.deploy/ssh/docker-compose.api.demo.pre.yml

@@ -0,0 +1,30 @@
+version: '3.8'
+
+services:
+  nginx:
+    image: nginx:latest
+    volumes:
+      - ./nginx.demo.pre.conf:/etc/nginx/nginx.conf:ro
+      - ./ingress.api.crt:/etc/nginx/ssl/fullchain.pem
+      - ./ingress.api.key:/etc/nginx/ssl/privkey.pem
+      - ./etc/letsencrypt:/etc/letsencrypt:ro 
+      - ./certbot/data:/var/www/certbot
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    networks:
+      - overlay
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes: 
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    command: certonly --webroot -w /var/www/certbot --force-renewal --email ever@ever.tech -d apidemodts.gauzy.co --agree-tos
+volumes:
+  certificates: {}
+
+networks:
+  overlay:
+    driver: bridge

.deploy/ssh/nginx.conf

@@ -43,4 +43,53 @@ http {
         }
     }
 
+    ########### with letsencrypt #################################
+        server {
+        listen 80;
+        server_name apistagedts.gauzy.co;
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+    }
+    server {
+        listen 80;
+        server_name apidemodts.gauzy.co;
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name apistagedts.gauzy.co;
+
+        # use the certificates
+        ssl_certificate     /etc/letsencrypt/live/apistagedts.gauzy.co/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/apistagedts.gauzy.co/privkey.pem;
+
+        location / {
+           proxy_pass http://api:3000;
+        }
+    }
+    server {
+        listen 443 ssl;
+        server_name apidemodts.gauzy.co;
+
+        # use the certificates
+        ssl_certificate     /etc/letsencrypt/live/apidemodts.gauzy.co/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/apidemodts.gauzy.co/privkey.pem;
+
+        location / {
+           proxy_pass http://api-demo:3000;
+        }
+    }
 }

.deploy/ssh/nginx.demo.pre.conf

@@ -0,0 +1,52 @@
+user nginx;
+events {
+    worker_connections 1024;
+}
+http {
+    server {
+        listen 80;
+        server_name apidemodt.gauzy.co;
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+    server {
+        listen 443 ssl;
+        server_name apidemodt.gauzy.co;
+
+        ssl_certificate /etc/nginx/ssl/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+        location / {
+           proxy_pass http://api:3000;
+        }
+    }
+
+    ############## using letsencrypt ##########################
+    server {
+        listen 80;
+        server_name apidemodts.gauzy.co;
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name apidemodts.gauzy.co;
+
+        # use the certificates
+        ssl_certificate     /etc/letsencrypt/live/apidemodts.gauzy.co/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/apidemodts.gauzy.co/privkey.pem;
+
+        location / {
+           proxy_pass http://api:3000;
+        }
+    }    
+
+}

.deploy/ssh/docker-compose.api-demo.template.yml → .deploy/ssh/with-cloudflare/docker-compose.api.demo.template.yml

@@ -1,7 +1,7 @@
 version: '3.8'
 
 services:
-  api-demo:
+  api:
     #container_name: api-${ENV_NAME}
     image: ghcr.io/ever-co/gauzy-api-demo:latest
     deploy:
@@ -115,21 +115,6 @@ services:
     networks:
       - overlay
 
-  # nginx-demo:
-  #   image: nginx:latest
-  #   volumes:
-  #     - ./nginx-demo.conf:/etc/nginx/nginx.conf:ro
-  #     - ./ingress.api.crt:/etc/nginx/ssl/fullchain.pem
-  #     - ./ingress.api.key:/etc/nginx/ssl/privkey.pem
-  #   depends_on:
-  #     - api-demo
-  #   restart: unless-stopped
-  #   ports:
-  #     - "80:80"
-  #     - "443:443"
-  #   networks:
-  #     - overlay
-
 volumes:
   certificates: {}
 

.deploy/ssh/docker-compose.api.template.yml → .deploy/ssh/with-cloudflare/docker-compose.api.stage.template.yml

@@ -115,21 +115,6 @@ services:
     networks:
       - overlay
 
-  nginx:
-    image: nginx:latest
-    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./ingress.api.crt:/etc/nginx/ssl/fullchain.pem
-      - ./ingress.api.key:/etc/nginx/ssl/privkey.pem
-    depends_on:
-      - api
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "443:443"
-    networks:
-      - overlay
-
 volumes:
   certificates: {}
 

.deploy/ssh/with-letsencrypt/docker-compose.api-demo.template.yml

@@ -115,21 +115,6 @@ services:
     networks:
       - overlay
 
-  # nginx-demo:
-  #   image: nginx:latest
-  #   volumes:
-  #     - ./nginx-demo.conf:/etc/nginx/nginx.conf:ro
-  #     - ./ingress.api.crt:/etc/nginx/ssl/fullchain.pem
-  #     - ./ingress.api.key:/etc/nginx/ssl/privkey.pem
-  #   depends_on:
-  #     - api-demo
-  #   restart: unless-stopped
-  #   ports:
-  #     - "80:80"
-  #     - "443:443"
-  #   networks:
-  #     - overlay
-
 volumes:
   certificates: {}
 

.deploy/ssh/with-letsencrypt/docker-compose.api.template.yml

@@ -115,28 +115,28 @@ services:
     networks:
       - overlay
 
-  nginx:
-    image: nginx:latest
-    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./etc/letsencrypt:/etc/letsencrypt:ro 
-      - ./certbot/data:/var/www/certbot
-    depends_on:
-      - api
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "443:443"
-    networks:
-      - overlay
+  # nginx:
+  #   image: nginx:latest
+  #   volumes:
+  #     - ./nginx.conf:/etc/nginx/nginx.conf:ro
+  #     - ./etc/letsencrypt:/etc/letsencrypt:ro 
+  #     - ./certbot/data:/var/www/certbot
+  #   depends_on:
+  #     - api
+  #   restart: unless-stopped
+  #   ports:
+  #     - "80:80"
+  #     - "443:443"
+  #   networks:
+  #     - overlay
 
-  certbot:
-    image: certbot/certbot
-    container_name: certbot
-    volumes: 
-      - ./etc/letsencrypt:/etc/letsencrypt
-      - ./certbot/data:/var/www/certbot
-    command: certonly --webroot -w /var/www/certbot --force-renewal --email ever@ever.tech -d apistagedt.gauzy.co --agree-tos
+  # certbot:
+  #   image: certbot/certbot
+  #   container_name: certbot
+  #   volumes: 
+  #     - ./certbot/conf:/etc/letsencrypt
+  #     - ./certbot/www:/var/www/certbot
+  #   command: certonly --webroot -w /var/www/certbot --force-renewal --email ever@ever.tech -d apistagedt.gauzy.co --agree-tos
 volumes:
   certificates: {}
 

.github/workflows/deploy-do-droplet-demo.yml

@@ -17,14 +17,16 @@ jobs:
 
       - name: Inject secrets into .env-template.compose
         run: |
-          envsubst < $GITHUB_WORKSPACE/.deploy/ssh/docker-compose.api-demo.template.yml > temp.yaml && mv temp.yaml $GITHUB_WORKSPACE/.deploy/ssh/docker-compose.api-demo.yml
+          envsubst < $GITHUB_WORKSPACE/.deploy/ssh/with-cloudflare/docker-compose.api.demo.template.yml > temp.yaml && mv temp.yaml $GITHUB_WORKSPACE/.deploy/ssh/with-cloudflare/docker-compose.api.demo.yml
+          envsubst < $GITHUB_WORKSPACE/.deploy/ssh/with-letsencrypt/docker-compose.api.demo.template.yml > temp.yaml && mv temp.yaml $GITHUB_WORKSPACE/.deploy/ssh/with-letsencrypt/docker-compose.api.demo.yml
         env:
+          INGRESS_CERT_TYPE: 'cloudflare'
           ENV_NAME: 'demo'
           DEMO: 'true'
           NODE_ENV: 'development'
           ADMIN_PASSWORD_RESET: 'true'
           API_HOST: $API_HOST
-          API_BASE_URL: 'https://apidemodt.gauzy.co' 
+          API_BASE_URL: ${{ if eq(env.INGRESS_CERT_TYPE, 'cloudflare') }} 'https://apidemodt.gauzy.co' ${{ else if eq(env.INGRESS_CERT_TYPE, 'letsencrypt') }} 'https://apidemodts.gauzy.co' ${{ else }} 'UNKNOWN INGRESS_CERT_TYPE' ${{ endif }}
           CLIENT_BASE_URL: 'https://demo.gauzy.co'
           DB_TYPE: '${{ secrets.DB_TYPE }}'
           DB_URI: '${{ secrets.DB_URI }}'
@@ -118,25 +120,37 @@ jobs:
           COMPANY_LINK: '${{ secrets.COMPANY_LINK }}'
           COMPANY_NAME: '${{ secrets.COMPANY_NAME }}'
 
-      - name: Generate TLS Secrets for DO Droplet
-        run: |
-          rm -f $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.crt $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.key $GITHUB_WORKSPACE/.deploy/ssh/ingress.webapp.crt $GITHUB_WORKSPACE/.deploy/ssh/ingress.webapp.key
-          echo ${{ secrets.INGRESS_API_CERT }} | base64 --decode > $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.crt
-          echo ${{ secrets.INGRESS_API_CERT_KEY }} | base64 --decode > $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.key
-
-      - name: Copy file via scp
+      - name: Copy file via scp - with-cloudflare
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{secrets.DO_DROPLET_DEMO_HOST}}
+          username: ${{secrets.DO_DROPLET_USERNAME}}
+          key: ${{secrets.DO_DROPLET_KEY}}
+          source: '.deploy/ssh/with-cloudflare/docker-compose.api.demo.yml'
+          target: '.'
+      - name: Copy file via scp - with-letsencrypt
         uses: appleboy/scp-action@master
         with:
-          host: ${{secrets.DO_DROPLET_HOST}}
+          host: ${{secrets.DO_DROPLET_DEMO_HOST}}
           username: ${{secrets.DO_DROPLET_USERNAME}}
           key: ${{secrets.DO_DROPLET_KEY}}
-          source: '.deploy/ssh/docker-compose.api-demo.yml,.deploy/ssh/nginx.conf,.deploy/ssh/ingress.api.crt,.deploy/ssh/ingress.api.key'
+          source: '.deploy/ssh/with-letsencrypt/docker-compose.api.demo.yml'
           target: '.'
       - name: Deploy to DigitalOcean Droplet
         uses: appleboy/ssh-action@master
         with:
-          host: ${{secrets.DO_DROPLET_HOST}}
+          host: ${{secrets.DO_DROPLET_DEMO_HOST}}
           username: ${{secrets.DO_DROPLET_USERNAME}}
           key: ${{secrets.DO_DROPLET_KEY}}
+          envs: INGRESS_CERT_TYPE
           script: |
-            docker-compose -f .deploy/ssh/docker-compose.api-demo.yml up -d
+            if [ '$INGRESS_CERT_TYPE' = 'cloudflare' ]; then
+                docker-compose -f .deploy/ssh/with-cloudflare/docker-compose.api.demo.yml up -d
+            elif [ '$INGRESS_CERT_TYPE' = 'letsencrypt' ]; then
+                
+                docker-compose -f .deploy/ssh/with-letsencrypt/docker-compose.api.demo.yml up -d
+            else
+                echo "Unknown INGRESS_CERT_TYPE: $INGRESS_CERT_TYPE"
+                exit 1
+            fi
+            

.github/workflows/deploy-do-droplet-pre-demo.yml

@@ -0,0 +1,40 @@
+name: Deploy to DigitalOcean Droplet Stage
+
+on:
+  push:
+    branches:
+      - test-do-droplet2
+
+jobs:
+  deploy:
+    runs-on: buildjet-4vcpu-ubuntu-2204
+
+    environment: stage
+
+    steps:
+      - name: checkout out code
+        uses: actions/checkout@v4
+
+      - name: Generate TLS Secrets for DO Droplet
+        run: |
+          rm -f $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.crt $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.key
+          echo ${{ secrets.INGRESS_API_CERT }} | base64 --decode > $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.crt
+          echo ${{ secrets.INGRESS_API_CERT_KEY }} | base64 --decode > $GITHUB_WORKSPACE/.deploy/ssh/ingress.api.key
+
+      - name: Copy file via scp
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{secrets.DO_DROPLET_HOST}}
+          username: ${{secrets.DO_DROPLET_USERNAME}}
+          key: ${{secrets.DO_DROPLET_KEY}}
+          source: '.deploy/ssh/docker-compose.api.demo.pre.yml,.deploy/ssh/nginx.demo.pre.conf,.deploy/ssh/ingress.api.crt,.deploy/ssh/ingress.api.key'
+          target: '.'
+      - name: Deploy to DigitalOcean Droplet
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{secrets.DO_DROPLET_HOST}}
+          username: ${{secrets.DO_DROPLET_USERNAME}}
+          key: ${{secrets.DO_DROPLET_KEY}}
+          script: |
+            docker-compose -f .deploy/ssh/docker-compose.api.demo.pre.yml up -d
+