feat: move to new infra

.env.example

@@ -3,11 +3,8 @@
 
 # ------------------------------------------------
 # API
-
-API_DOMAIN=localhost
 API_PORT=3200
-API_PORT_PUBLIC=3200
-API_SCHEME=http
+POSTGREST_URI=http://postgrest:3000
 
 # ------------------------------------------------
 # Web
@@ -23,12 +20,6 @@ APP_SCHEME=http
 CDTN_API_URL=https://cdtn-api.fabrique.social.gouv.fr
 # CDTN_API_URL=http://localhost:3300
 
-# ------------------------------------------------
-# Development & test variables
-
-DEV_DB_PORT=5433
-DEV_POSTGREST_PORT=3001
-
 ##################################################
 # PostgreSQL
 

.github/workflows/review.yml

@@ -0,0 +1,32 @@
+name: Review
+
+on:
+  push:
+    branches-ignore:
+      - master
+    tags-ignore:
+      - v*
+
+concurrency:
+  cancel-in-progress: true
+  group: review-${{ github.ref }}
+
+jobs:
+  register:
+    name: Register images
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - images: "cdtn-contrib-api"
+            path: "./packages/api"
+          - images: "cdtn-contrib-app"
+            path: "./packages/app"
+    steps:
+      - name: Register docker images
+        uses: SocialGouv/actions/autodevops-build-register@v1
+        with:
+          imagePackage: ${{ matrix.images }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          dockerfile: "${{ matrix.path }}/Dockerfile"

.github/workflows/sync-gitlab.yml

@@ -0,0 +1,15 @@
+name: Gitlab mirroring
+
+on:
+  - push
+  - delete
+
+jobs:
+  mirror_gitlab:
+    name: 🪞 Gitlab
+    runs-on: ubuntu-latest
+    steps:
+      - uses: SocialGouv/actions/mirror-gitlab@master
+        with:
+          project: SocialGouv/cdtn/code-du-travail-backoffice
+          token: ${{ secrets.SOCIALGROOVYBOT_GITLAB_TOKEN }}

.kube-workflow/dev/templates/api.configmap.yaml

@@ -0,0 +1,8 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: api
+data:
+  API_PORT: 80
+  NODE_ENV: "production"
+  POSTGREST_URI: ""

.kube-workflow/dev/templates/api.sealed-secret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: "bitnami.com/v1alpha1"
+kind: "SealedSecret"
+metadata:
+  annotations: &a1
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  name: api
+  namespace: null
+spec:
+  encryptedData:
+    DB_URI: HERE
+  template:
+    metadata:
+      annotations: *a1
+      name: api
+    type: "Opaque"

.kube-workflow/dev/templates/postgrest.configmap.yaml

@@ -0,0 +1,7 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: postgrest
+data:
+  PGRST_DB_ANON_ROLE: "anonymous"
+  PGRST_DB_SCHEMA: "api"

.kube-workflow/dev/templates/postgrest.sealed-secret.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: "bitnami.com/v1alpha1"
+kind: "SealedSecret"
+metadata:
+  annotations: &a1
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  name: postgrest
+  namespace: null
+spec:
+  encryptedData:
+    # It must be at least 32 characters long:
+    # https://github.com/PostgREST/postgrest/issues/977#issuecomment-329917367
+    PGRST_JWT_SECRET: a_test_only_postgrest_jwt_secret
+  template:
+    metadata:
+      annotations: *a1
+      name: postgrest
+    type: "Opaque"

.kube-workflow/dev/templates/www.configmap.yaml

@@ -0,0 +1,10 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: www
+data:
+  APP_PORT: 80
+  CDTN_API_URL: "https://cdtn-api.fabrique.social.gouv.fr"
+  API_URI_DOCKER: ""
+  API_URI: ""
+  NODE_ENV: "production"

.kube-workflow/dev/templates/www.sealed-secret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: "bitnami.com/v1alpha1"
+kind: "SealedSecret"
+metadata:
+  annotations: &a1
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  name: www
+  namespace: null
+spec:
+  encryptedData:
+    DB_URI: HERE
+  template:
+    metadata:
+      annotations: *a1
+      name: www
+    type: "Opaque"

.kube-workflow/prod/templates/api.configmap.yaml

@@ -0,0 +1,8 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: api
+data:
+  API_PORT: 80
+  NODE_ENV: "production"
+  POSTGREST_URI: ""

.kube-workflow/prod/templates/api.sealed-secret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: "bitnami.com/v1alpha1"
+kind: "SealedSecret"
+metadata:
+  annotations: &a1
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  name: api
+  namespace: null
+spec:
+  encryptedData:
+    DB_URI: HERE
+  template:
+    metadata:
+      annotations: *a1
+      name: api
+    type: "Opaque"

.kube-workflow/prod/templates/www.configmap.yaml

@@ -0,0 +1,10 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: www
+data:
+  APP_PORT: 80
+  CDTN_API_URL: "https://cdtn-api.fabrique.social.gouv.fr"
+  API_URI_DOCKER: ""
+  API_URI: ""
+  NODE_ENV: "production"

.kube-workflow/prod/templates/www.sealed-secret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: "bitnami.com/v1alpha1"
+kind: "SealedSecret"
+metadata:
+  annotations: &a1
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  name: www
+  namespace: null
+spec:
+  encryptedData:
+    DB_URI: HERE
+  template:
+    metadata:
+      annotations: *a1
+      name: www
+    type: "Opaque"

.kube-workflow/values.yaml

@@ -0,0 +1,33 @@
+app-api:
+  probesPath: /healthz
+  imagePackage: cdtn-contrib-api
+  envFrom:
+    - configMapRef:
+        name: api
+    - secretRef:
+        name: api
+  resources:
+    limits:
+      cpu: "1000m"
+      memory: "560Mi"
+    requests:
+      cpu: "5m"
+      memory: "128Mi"
+
+app-www:
+  probesPath: /
+  imagePackage: cdtn-contrib-app
+  envFrom:
+    - configMapRef:
+        name: www
+    - secretRef:
+        name: www
+
+postgrest:
+  imagePackage: postgrest/postgrest:v6.0.2
+  containerPort: 3000
+  envFrom:
+    - configMapRef:
+        name: postgrest
+    - secretRef:
+        name: postgrest

docker-compose.yml

@@ -5,12 +5,10 @@ services:
     container_name: cdtn_backoffice_db
     image: postgres:12-alpine
     restart: always
-    environment:
-      # The JWT secret is used whithin the api.login() function:
-      PGRST_JWT_SECRET: ${PGRST_JWT_SECRET}
-      POSTGRES_DB: ${POSTGRES_DB}
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    env_file:
+      - .env
+    ports:
+      - 3300:5432
     volumes:
       - postgre-data:/var/lib/postgresql/data
       - ./backups:/backups
@@ -21,45 +19,40 @@ services:
     image: postgrest/postgrest:v6.0.2
     # image: hughjfchen/hughjfchen:postgrest-aarch64-6.0.2 # for arm64
     restart: always
+    env_file:
+      - .env
     environment:
-      PGRST_DB_ANON_ROLE: ${PGRST_DB_ANON_ROLE}
-      PGRST_DB_SCHEMA: ${PGRST_DB_SCHEMA}
       PGRST_DB_URI: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
-      PGRST_JWT_SECRET: ${PGRST_JWT_SECRET}
     depends_on:
       - db
 
   api:
     container_name: cdtn_backoffice_api
     build:
       context: ./packages/api
-      args:
-        API_PORT: ${API_PORT}
-        DB_URI: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
-        NODE_ENV: ${NODE_ENV}
-        POSTGREST_URI: http://postgrest:3000
     restart: always
     ports:
       - ${API_PORT}:${API_PORT}
+    env_file:
+      - .env
+    environment:
+      DB_URI: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
     depends_on:
       - postgrest
 
   app:
     container_name: cdtn_backoffice_app
     build:
       context: ./packages/app
-      args:
-        API_DOMAIN: ${API_DOMAIN}
-        API_PORT_PUBLIC: ${API_PORT_PUBLIC}
-        API_SCHEME: ${API_SCHEME}
-        API_URI_DOCKER: http://api:${API_PORT}
-        CDTN_API_URL: ${CDTN_API_URL}
-        DB_URI: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
-        NODE_ENV: ${NODE_ENV}
-        APP_PORT: ${APP_PORT}
     restart: always
     ports:
       - ${APP_PORT}:${APP_PORT}
+    env_file:
+      - .env
+    environment:
+      API_URI_DOCKER: http://api:${API_PORT}
+      API_URI: http://localhost:${API_PORT}
+      DB_URI: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
     depends_on:
       - api
 

knexfile.js

@@ -1,11 +1,4 @@
-let { DB_URI } = process.env;
-if (DB_URI === undefined) {
-  const dotenv = require("dotenv");
-  dotenv.config();
-  const { DEV_DB_PORT, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_USER } = process.env;
-
-  DB_URI = `postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:${DEV_DB_PORT}/${POSTGRES_DB}`;
-}
+const { DB_URI } = process.env;
 
 module.exports = {
   development: {

package.json

@@ -15,8 +15,8 @@
     "db:snapshot:update": "node -r dotenv/config ./scripts/db/updateSnapshot.js",
     "dev": "yarn dev:docker && yarn dev:packages",
     "dev:standalone": "yarn dev:docker:standalone && yarn dev:packages",
-    "dev:docker": "docker-compose down && docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d postgrest",
-    "dev:docker:standalone": "docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d cdtn_api postgrest",
+    "dev:docker": "docker-compose down && docker-compose -f docker-compose.yml up -d postgrest",
+    "dev:docker:standalone": "docker-compose -f docker-compose.yml up -d cdtn_api postgrest",
     "dev:packages": "lerna run --parallel --scope \"@socialgouv/code-du-travail-backoffice__api\" --scope \"@socialgouv/code-du-travail-backoffice__app\" dev",
     "preinstall": "node ./scripts/ci/removeWorkspaces.js && node ./scripts/ci/deleteYarnLock.js",
     "setup": "yarn setup:env && node -r dotenv/config ./scripts/dev/setup.js",

packages/api/Dockerfile

@@ -1,16 +1,7 @@
 # API Image
+ARG NODE_VERSION=16.13.1-alpine
 
-FROM node:16.13.1-alpine
-
-ARG API_PORT
-ARG DB_URI
-ARG NODE_ENV
-ARG POSTGREST_URI
-
-ENV API_PORT=$API_PORT
-ENV DB_URI=$DB_URI
-ENV NODE_ENV=$NODE_ENV
-ENV POSTGREST_URI=$POSTGREST_URI
+FROM node:$NODE_VERSION
 
 WORKDIR /app