From 457b61e25eebb4bdd1cef17182ace46e26b3c87a Mon Sep 17 00:00:00 2001
From: fan-tastic-z <fantastic.fun.zf@gmail.com>
Date: Thu, 30 May 2024 16:16:09 +0800
Subject: [PATCH] feat: support deployment

---
 Cargo.toml                                    |  3 ++
 Dockerfile                                    | 30 ++++++++++++++
 _typos.toml                                   |  7 +++-
 deployment/config/development.yaml            | 40 +++++++++++++++++++
 deployment/docker-compose.yaml                | 25 ++++++++++++
 deployment/env/app.env                        |  5 +++
 deployment/env/postgres.env                   |  3 ++
 migration/src/lib.rs                          |  6 +--
 ...20240417_015641_create_vuln_information.rs |  1 +
 src/push/dingding.rs                          |  4 +-
 10 files changed, 118 insertions(+), 6 deletions(-)
 create mode 100644 Dockerfile
 create mode 100644 deployment/config/development.yaml
 create mode 100644 deployment/docker-compose.yaml
 create mode 100644 deployment/env/app.env
 create mode 100644 deployment/env/postgres.env

diff --git a/Cargo.toml b/Cargo.toml
index 8816228..4ed800b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -5,6 +5,9 @@ edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
+[workspace]
+members = ["./migration", "."]
+
 [dependencies]
 thiserror = "1"
 clap = { version = "4.5.4", features = ["derive"] }
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..9feeebc
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,30 @@
+ARG BASE_IMAGE=rust:1.78.0-slim-buster
+
+FROM $BASE_IMAGE as planner
+WORKDIR /app
+RUN cargo install cargo-chef
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM $BASE_IMAGE as cacher
+WORKDIR /app
+RUN cargo install cargo-chef \
+    && apt update -y \
+    && apt install pkg-config libssl-dev -y
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook  --release --recipe-path recipe.json
+
+FROM $BASE_IMAGE as builder
+WORKDIR /app
+COPY . .
+RUN apt update -y \
+    && apt install pkg-config libssl-dev -y
+# Copy over the cached dependencies
+COPY --from=cacher /app/target target
+COPY --from=cacher $CARGO_HOME $CARGO_HOME
+RUN cargo build --release
+
+FROM gcr.io/distroless/cc-debian10
+WORKDIR /app
+COPY --from=builder /app/target/release/watchvuln-rs .
+CMD ["./watchvuln-rs"]
diff --git a/_typos.toml b/_typos.toml
index 203ed0d..7aeff92 100644
--- a/_typos.toml
+++ b/_typos.toml
@@ -2,7 +2,12 @@
 
 
 [files]
-extend-exclude = ["CHANGELOG.md", "notebooks/*", "config/development.yaml"]
+extend-exclude = [
+    "CHANGELOG.md",
+    "notebooks/*",
+    "config/development.yaml",
+    "migration",
+]
 
 [default.extend-identifiers]
 vuln_informations = "vuln_informations"
diff --git a/deployment/config/development.yaml b/deployment/config/development.yaml
new file mode 100644
index 0000000..9272f4e
--- /dev/null
+++ b/deployment/config/development.yaml
@@ -0,0 +1,40 @@
+database:
+  # Database connection URI
+  uri: {{ get_env(name="DATABASE_URL", default="postgres://postgres:123456@localhost:5432/watchvuln") }}
+  # When enabled, the sql query will be logged.
+  enable_logging: false
+  # Set the timeout duration when acquiring a connection.
+  connect_timeout: 500
+  # Set the idle duration before closing a connection.
+  idle_timeout: 500
+  # Minimum number of connections for a pool.
+  min_connections: 1
+  # Maximum number of connections for a pool.
+  max_connections: 1
+
+task:
+  # every day 7:00-22:00 interval 30 minute Execute task
+  cron_config: "0 */1 7-21 * * *"
+
+# Application logging configuration
+logger:
+  # Enable or disable logging.
+  enable: true
+  # Enable pretty backtrace (sets RUST_BACKTRACE=1)
+  pretty_backtrace: true
+  # Log level, options: trace, debug, info, warn or error.
+  level: info
+  # Define the logging format. options: compact, pretty or Json
+  format: compact
+  # By default the logger has filtering only logs that came from your code or logs that came from `loco` framework. to see all third party libraries
+  # Uncomment the line below to override to see all third party libraries you can enable this config and override the logger filters.
+  # override_filter: trace
+
+# Application push message configuration, Now just support tg bot
+tg_bot:
+  chat_id: {{ get_env(name="TG_CHAT_ID", default=0) }}
+  token: {{ get_env(name="TG_TOKEN", default="") }}
+
+ding_bot:
+  access_token: {{ get_env(name="DING_ACCESS_TOKEN", default="") }}
+  secret_token: {{ get_env(name="DING_SECRET_TOKEN", default="") }}
diff --git a/deployment/docker-compose.yaml b/deployment/docker-compose.yaml
new file mode 100644
index 0000000..f6eab89
--- /dev/null
+++ b/deployment/docker-compose.yaml
@@ -0,0 +1,25 @@
+version: "3"
+services:
+  app:
+    restart: always
+    image: fantasticzf/watchvuln-rs:latest
+    env_file:
+      - env/app.env
+    volumes:
+      - "./config:/app/config"
+    networks:
+      - vuln
+    depends_on:
+      - db
+
+  db:
+    image: postgres:15.3-alpine
+    restart: unless-stopped
+    # ports:
+    #   - 5432:5432
+    networks:
+      - vuln
+    volumes:
+      - "./data:/var/lib/postgresql/data"
+    env_file:
+      - env/postgres.env
diff --git a/deployment/env/app.env b/deployment/env/app.env
new file mode 100644
index 0000000..3f66807
--- /dev/null
+++ b/deployment/env/app.env
@@ -0,0 +1,5 @@
+DATABASE_URL=postgres://watchvuln:watchvuln@db:5432/watchvuln
+DING_ACCESS_TOKEN=
+DING_SECRET_TOKEN=
+TG_CHAT_ID=0
+TG_TOKEN=
diff --git a/deployment/env/postgres.env b/deployment/env/postgres.env
new file mode 100644
index 0000000..f94496e
--- /dev/null
+++ b/deployment/env/postgres.env
@@ -0,0 +1,3 @@
+POSTGRES_DB=watchvuln
+POSTGRES_USER=watchvuln
+POSTGRES_PASSWORD=watchvuln
diff --git a/migration/src/lib.rs b/migration/src/lib.rs
index 1cd4b68..2d0d53b 100644
--- a/migration/src/lib.rs
+++ b/migration/src/lib.rs
@@ -7,8 +7,8 @@ pub struct Migrator;
 #[async_trait::async_trait]
 impl MigratorTrait for Migrator {
     fn migrations() -> Vec<Box<dyn MigrationTrait>> {
-        vec![
-            Box::new(m20240417_015641_create_vuln_information::Migration),
-        ]
+        vec![Box::new(
+            m20240417_015641_create_vuln_information::Migration,
+        )]
     }
 }
diff --git a/migration/src/m20240417_015641_create_vuln_information.rs b/migration/src/m20240417_015641_create_vuln_information.rs
index 1b8afb9..dc6ab04 100644
--- a/migration/src/m20240417_015641_create_vuln_information.rs
+++ b/migration/src/m20240417_015641_create_vuln_information.rs
@@ -64,6 +64,7 @@ impl MigrationTrait for Migration {
     }
 }
 
+#[allow(clippy::upper_case_acronyms)]
 #[derive(DeriveIden)]
 enum VulnInformations {
     Table,
diff --git a/src/push/dingding.rs b/src/push/dingding.rs
index 0739b69..e9784a0 100644
--- a/src/push/dingding.rs
+++ b/src/push/dingding.rs
@@ -36,7 +36,7 @@ impl MessageBot for DingDing {
         });
 
         let sign = self.generate_sign()?;
-        println!("{:?}", self);
+
         let res: DingResponse = help
             .http_client
             .post(DING_API_URL)
@@ -46,7 +46,7 @@ impl MessageBot for DingDing {
             .await?
             .json()
             .await?;
-        println!("{:?}", res);
+
         if res.errcode != 0 {
             warn!(
                 "ding push markdown message error, err msg is {}",