Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add DigitalOcean Deployment #368

Merged
merged 5 commits into from
Oct 15, 2024
Merged

Add DigitalOcean Deployment #368

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
04d11a7
Add DigitalOcean Deployment
dkarnutsch Sep 23, 2024
8c43afc
Dynamically create site-config via @comet/cli
dkarnutsch Oct 3, 2024
9901a5b
Merge branch 'main' into digitalocean-deployment
dkarnutsch Oct 7, 2024
9e7c137
Add imgproxy do deploy.sh
dkarnutsch Oct 8, 2024
c52e777
Better placeholders for app ids
dkarnutsch Oct 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .digitalocean/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
comet-starter-cms.yaml
comet-starter-site-main.yaml
276 changes: 276 additions & 0 deletions .digitalocean/comet-starter-cms.tpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,276 @@
alerts:
- rule: DEPLOYMENT_FAILED
- rule: DOMAIN_FAILED
features:
- buildpack-stack=ubuntu-22
ingress:
rules:
- component:
name: admin
match:
path:
prefix: /admin-do-not-use
- component:
name: oauth2-proxy
match:
path:
prefix: /
- component:
name: api
match:
path:
prefix: /public-api
name: comet-starter-cms
region: fra
services:
- build_command: |-
cp ../site-configs.d.ts src/site-configs.d.ts &&
npm run build &&
npm prune --omit=dev
environment_slug: node-js
envs:
- key: NODE_ENV
scope: RUN_TIME
value: production
- key: POSTGRESQL_HOST
scope: RUN_AND_BUILD_TIME
value: db-postgresql-fra1-74967-do-user-15310175-0.l.db.ondigitalocean.com
- key: POSTGRESQL_PORT
scope: RUN_AND_BUILD_TIME
value: "25060"
- key: POSTGRESQL_DB
scope: RUN_AND_BUILD_TIME
value: db_starter
- key: POSTGRESQL_PASSWORD
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:VJWKcWvicy4ClCPNzpPOSwiZB0p8/gZq:SZK9hwGdXBqcCEApIdFWuSLWS//rvY/VEfyJ2WWwM/agjP+BLUOiew==]
johnnyomair marked this conversation as resolved.
Show resolved Hide resolved
- key: POSTGRESQL_USER
scope: RUN_AND_BUILD_TIME
value: starter
- key: API_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/public-api/api
- key: API_PORT
scope: RUN_AND_BUILD_TIME
value: "4000"
- key: CORS_ALLOWED_ORIGIN
scope: RUN_AND_BUILD_TIME
value: comet-starter-site-tyqqf\.ondigitalocean\.app
- key: IMGPROXY_SALT
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:DpbiOlcKj5C5taV+27VGP0Wc2GFFu0Cu:I8RNxsSOqaGk12doCtjeIT9hUNWTM6rAr7kMX6X+JlE4VyYH5kd1XFZ9SozGmADqFKEkI//BIJQ00XAq6dkXr6amsH7AtVJSxkl4WjBBs24sW/jnSIjebEYDq4n9oQbptdhrQcNwTYaAy/VZm1KzgzxdXaQHDsLmbtYWXLKUue/VldiCajnRExZjiTdk/x8Y]
- key: IMGPROXY_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-imgproxy-ovgzu.ondigitalocean.app
- key: IMGPROXY_KEY
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:wD77N9Aop33RXd8qv/pUCyIyItqY877u:DeExUMZXlI96dabfE09kuc/Kj54FZmVrjuTb2VMLajK1B+fxuNIHecelUdFX1wo1lrYm+jRFBotC8nWh4uhEYfC4KVS6QdjeKIXAxhuZ7cGI848/VAzkWKoEgYoSUYTXNTbpETptNFWQ1XFzJxDKZiYFaW8LmknvxUixuaxULsobxjFhH/S+fTlHt6j9DN9K]
- key: DAM_SECRET
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:cN8JQAPIBnJqXpO8RGBqx9tvzArnSMFz:tQ2EW+BE5XWg2rPUvXqCjbXKNxIYLRGLdsAKk+CVhaDRWhc=]
- key: BLOB_STORAGE_DRIVER
scope: RUN_AND_BUILD_TIME
value: s3
- key: BLOB_STORAGE_DIRECTORY_PREFIX
scope: RUN_AND_BUILD_TIME
value: starter
- key: S3_REGION
scope: RUN_AND_BUILD_TIME
value: fra1
- key: S3_ENDPOINT
scope: RUN_AND_BUILD_TIME
value: https://fra1.digitaloceanspaces.com
- key: S3_BUCKET
scope: RUN_AND_BUILD_TIME
value: comet-starter
- key: S3_ACCESS_KEY_ID
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:MoPtts0J/3qbPVcLpNbJDQncPsvQBWmG:sseL7FpcEps7IV5v/uqBctUwp+tSMBAzJl3XkZjMCLZ69PUt]
- key: S3_SECRET_ACCESS_KEY
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:GNjlve0WqXUtZr2TVaxvI9UTcv6a0Mta:zK4fpoWTpwDHO6MfYEWLoOsw3Kq3W3N9FvGAIuHRc1I6FF6zeZOULOIxzOXgLJPb6xIIiUKB8dAOu7Y=]
- key: POSTGRESQL_CA_CERT
scope: RUN_AND_BUILD_TIME
value: |-
-----BEGIN CERTIFICATE-----
MIIEQTCCAqmgAwIBAgIUFbJ/dvvfKgsSSRZ1WB3LZ5OiEWQwDQYJKoZIhvcNAQEM
BQAwOjE4MDYGA1UEAwwvYjNjZTRjMWYtZWUyOS00MDQ4LWE2ZmItZTFlNDU0MTIy
MTk1IFByb2plY3QgQ0EwHhcNMjMxMjA0MTQ1NDIxWhcNMzMxMjAxMTQ1NDIxWjA6
MTgwNgYDVQQDDC9iM2NlNGMxZi1lZTI5LTQwNDgtYTZmYi1lMWU0NTQxMjIxOTUg
UHJvamVjdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKRtK5Ud
nFGKdoyjGssagR9vMRQw73tpuNeZG4OmewPwKdgDhsjH+ZLfgJOI2wSoclBkWFQj
dIg0GuXkFVwO4SZ0a/7uBtJLYh9z8U4N14pOa+xrBISE7zshGjJjKjHhbCT7VYhc
l6OK2CZZzXZk+xoh5o1JwLxkc1l2rzG5l3CrZnL43L93h6KEGY4VWe8QBoxqUCxG
2aDuyYpqjlHJhS4imRxbJ9R++t3UBPVpaebU4jwWw91DujYD86LMmq9WEVNfnrno
8SNNYRS6ojay/WUphKTfK3VqwUw7OGAIHxAzQPc6nx8mdNa++Y51J6IOL4O7bBp5
gxb46TVlHeH0GXZEu+m2AUnPT8tmPgzHzDAI7UQ2NN2kTxrUGZ2aV/f1lxIhij6o
sfwoSJZzt98dvp02Cg9zqgXxxyv04YUeK7PDoS9aP7uXrj81dLl84MIdbqJOZNd1
XwfIhu0hKlAi2H5PuPBwn++aJ9Htjhbte4Bp2QJF6hcqfW0chpZPupQOmwIDAQAB
oz8wPTAdBgNVHQ4EFgQUZm7RuycpRchnPp3PzsK3vPORT4AwDwYDVR0TBAgwBgEB
/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggGBABmGDsdgEKDGS4wU
v+170Nl3JFDySE3DwcYEUFQCm9/gLW6dpHV5S5Vghiq3oTtmUAB/atXYjS6FlFTx
lWkyW4j9m9YbbzW+SX5rPiO01Hu3sUae0s2kjRWpFnoZWirphCS4JZ24wLtWBkyl
1pthVhUg4qh4zOfeWvVmd8MENkieFf0mhWyY2gvbcvPgYRrsVoNDzm72vvRnhjtG
81+MMudCLUKtYg+oNIbBwzu2JZ2tdr6lrxTCwlnepyPAQfxF3oC7FbxfMirf/Rp+
eibIi9DYfjschlTe0BW1afYn1cradTsH0uFrSV6UCYjhN7aYCLYBJoL+c/raEA0u
avwdD47sHsIhse+1HjF2VRVPDP+ZGTvqkAuiLAXEi4eht0rluX/j/Rnc+peq21al
bamtaNx6H7l4QlXegUXaxxAmeW2FR5nBUb2tiFBF70KA+rl4hRa7FuxcPmkNOtRO
EokFG4nQ9lh/mN5vpkdxCA438Ur3yBqzaSI1NvGpb8/8gBG0Gg==
-----END CERTIFICATE-----
- key: PRIVATE_SITE_CONFIGS
scope: RUN_AND_BUILD_TIME
value: "{{ site://configs/private/dev }}"
- key: POSTGRESQL_USE_SSL
scope: RUN_AND_BUILD_TIME
value: "true"
- key: USE_AUTHPROXY
scope: RUN_AND_BUILD_TIME
value: "true"
- key: BASIC_AUTH_SYSTEM_USER_PASSWORD
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:RRBCV3yOi07TjXxGcad36RGJAJ2DnHbw:mmzqyMwl9gtfoiNigjj/0GrZTduEp6LtgJKV/5a3geMwKSk=]
- key: IDP_CLIENT_ID
scope: RUN_AND_BUILD_TIME
value: 59e44de5-0431-4413-b50b-7e52740a6d7b
- key: IDP_JWKS_URI
scope: RUN_AND_BUILD_TIME
value: https://auth-sso.vivid-planet.cloud/.well-known/jwks.json
- key: IDP_END_SESSION_ENDPOINT
scope: RUN_AND_BUILD_TIME
value: https://auth-sso.vivid-planet.cloud/oauth2/sessions/logout
- key: POST_LOGOUT_REDIRECT_URI
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/oauth2/sign_out?rd=%2F
github:
branch: main
deploy_on_push: false
repo: vivid-planet/comet-starter
http_port: 4000
instance_count: 1
instance_size_slug: apps-s-1vcpu-0.5gb
name: api
run_command: npm run db:migrate:prod && npm run start:prod
source_dir: /api
- envs:
- key: OAUTH2_PROXY_API_ROUTES
scope: RUN_AND_BUILD_TIME
value: /api
- key: OAUTH2_PROXY_CODE_CHALLENGE_METHOD
scope: RUN_AND_BUILD_TIME
value: S256
- key: OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_PASS_ACCESS_TOKEN
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_COOKIE_SECURE
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_COOKIE_SAMESITE
scope: RUN_AND_BUILD_TIME
value: lax
- key: OAUTH2_PROXY_COOKIE_HTTPONLY
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_SKIP_PROVIDER_BUTTON
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_SILENCE_PING_LOGGING_true
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_REQUEST_LOGGING
scope: RUN_AND_BUILD_TIME
value: "false"
- key: OAUTH2_PROXY_AUTH_LOGGING
scope: RUN_AND_BUILD_TIME
value: "true"
- key: OAUTH2_PROXY_COOKIE_REFRESH
scope: RUN_AND_BUILD_TIME
value: 23h
- key: OAUTH2_PROXY_EMAIL_DOMAINS
scope: RUN_AND_BUILD_TIME
value: "*"
- key: OAUTH2_PROXY_CLIENT_SECRET
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:uQi0YzdSCPn4w2obTTkdFOiUmYC0onNR:NEwKBNspvye4T0NkL6QpCP5PiTduvpyfnF/JjvKbX8Aec0s=]
- key: OAUTH2_PROXY_CLIENT_ID
scope: RUN_AND_BUILD_TIME
value: 59e44de5-0431-4413-b50b-7e52740a6d7b
- key: OAUTH2_PROXY_COOKIE_SECRET
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:nG0XBGrISwLqRYdFFELwYeszfQ0vMCjC:XBISzF+YWffV1LA25rTvp4v6iLhjVL4a3VGkd2v7Iiw=]
- key: OAUTH2_PROXY_PROVIDER
scope: RUN_AND_BUILD_TIME
value: oidc
- key: OAUTH2_PROXY_OIDC_ISSUER_URL
scope: RUN_AND_BUILD_TIME
value: https://auth-sso.vivid-planet.cloud
- key: OAUTH2_PROXY_UPSTREAMS
scope: RUN_AND_BUILD_TIME
value: http://admin:80,http://api:80/api/
- key: OAUTH2_PROXY_WHITELIST_DOMAIN
scope: RUN_AND_BUILD_TIME
value: auth-sso.vivid-planet.cloud
- key: OAUTH2_PROXY_SCOPE
scope: RUN_AND_BUILD_TIME
value: openid profile email offline_access
- key: OAUTH2_PROXY_HTTP_ADDRESS
scope: RUN_AND_BUILD_TIME
value: 0.0.0.0:4180
- key: OAUTH2_PROXY_SKIP_AUTH_PREFLIGHT
scope: RUN_AND_BUILD_TIME
value: "true"
http_port: 4180
image:
registry: dkarnutsch
registry_type: DOCKER_HUB
repository: oauth2-proxy
tag: latest
instance_count: 1
instance_size_slug: apps-s-1vcpu-0.5gb
name: oauth2-proxy
- build_command: |-
./intl-update.sh &&
cp ../api/schema.gql schema.gql &&
cp ../api/block-meta.json block-meta.json &&
cp ../api/src/comet-config.json src/comet-config.json &&
cp ../site-configs.d.ts src/site-configs.d.ts &&
npm run build &&
rm -rf ./node_modules
environment_slug: node-js
envs:
- key: NODE_ENV
scope: RUN_TIME
value: production
- key: API_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/api
- key: ADMIN_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/
- key: PUBLIC_SITE_CONFIGS
scope: RUN_AND_BUILD_TIME
value: "{{ site://configs/public/dev }}"
- key: PREVIEW_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-site-preview-jespg.ondigitalocean.app # TODO
github:
branch: main
deploy_on_push: false
repo: vivid-planet/comet-starter
http_port: 3000
instance_count: 1
instance_size_slug: apps-s-1vcpu-0.5gb
name: admin
run_command: npm run serve
source_dir: admin
50 changes: 50 additions & 0 deletions .digitalocean/comet-starter-imgproxy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
alerts:
- rule: DEPLOYMENT_FAILED
- rule: DOMAIN_FAILED
features:
- buildpack-stack=ubuntu-22
ingress:
rules:
- component:
name: darthsim-imgproxy
match:
path:
prefix: /
name: comet-starter-imgproxy
region: fra
services:
- envs:
- key: IMGPROXY_KEY
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:caLHr/u1NkMWvW8NG5nn0+JvpBW+NMNu:yhmQi6RpvAt58666wyk3IzIMFg7ALTeIhruXpPFabcQgSkmAaBXzj08oAYuhv6u0tnWabUIHDkvzyY0CnoYpHD3vE1R5tWLUQwOoEgzGKHqiO7f5zdeuTzFUxG7ctCFfsXedzL2e4R7+u3FmLox0woPk0DhbiYiA8+qSNnVEKWMXJTkAkfQkwdtovgskqdz5]
- key: IMGPROXY_SALT
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:yCE1f0mZPV+uFFs96/SmFsbvWXH3pfDn:1dt+Waq2vALvR7qXaC3Lh2VONtDjgmBzSuPyn+6kpk3DN9xzmbSPhV3G1pCZ+NRA16TOL3jhfiIgWD4QbCAs5y2JM2EOcptDQKpuQ6YYGvB9Gb2dBgrJS7WG5pKqSIuI3g+YKKa/ns5HWzH/CdIsieVdvmlb4PFasdhdCIMOHCIhwNONChz0yIO7XsV8vLJl]
- key: IMGPROXY_USE_S3
scope: RUN_AND_BUILD_TIME
value: "true"
- key: IMGPROXY_S3_REGION
scope: RUN_AND_BUILD_TIME
value: fra1
- key: IMGPROXY_S3_ENDPOINT
scope: RUN_AND_BUILD_TIME
value: https://comet-starter.fra1.digitaloceanspaces.com
- key: AWS_ACCESS_KEY_ID
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:utFAK7Ej0e07tb6cQhWCCLlRUSKJy6DU:rGoIItdercf5JSs2oSEanA11liimnDjdLxwmhcBjO9UCeHaM]
- key: AWS_SECRET_ACCESS_KEY
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:xupjwXwlpZv8VeQyLx9nKJTrw1BipI3a:Lkws9OWy+b5a20BNHCHiFv8H2M99aYNirhY+eGBZsCoUkLvCYoJvKDaVpHLz7N+CCC3Hfgycd4Ix008=]
http_port: 8080
image:
registry: darthsim
registry_type: DOCKER_HUB
repository: imgproxy
tag: v3
instance_count: 1
instance_size_slug: apps-s-1vcpu-0.5gb
name: darthsim-imgproxy
58 changes: 58 additions & 0 deletions .digitalocean/comet-starter-site-main.tpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
alerts:
- rule: DEPLOYMENT_FAILED
- rule: DOMAIN_FAILED
features:
- buildpack-stack=ubuntu-22
ingress:
rules:
- component:
name: comet-starter-site-main
match:
path:
prefix: /
name: comet-starter-site-main
region: fra
services:
- build_command: |-
./intl-update.sh &&
cp ../api/schema.gql schema.gql &&
cp ../api/block-meta.json block-meta.json &&
cp ../api/src/comet-config.json src/comet-config.json &&
cp ../site-configs.d.ts src/site-configs.d.ts &&
npm run build &&
npm prune --omit=dev
environment_slug: node-js
envs:
- key: NODE_ENV
scope: RUN_TIME
value: production
- key: ADMIN_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/
- key: NEXT_PUBLIC_API_URL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/public-api/api
- key: API_URL_INTERNAL
scope: RUN_AND_BUILD_TIME
value: https://comet-starter-cms-64wfr.ondigitalocean.app/public-api/api
- key: SITE_PREVIEW_SECRET
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:/Nf0VXO5XP5SJY9Y/JAFyZttB4Z1B6po:xL4pWQaF02cU4y1QCahqXdvD94A+QOJxXVVGDea4TYFVPQ==]
- key: PUBLIC_SITE_CONFIGS
scope: RUN_AND_BUILD_TIME
value: "{{ site://configs/public/dev }}"
- key: API_BASIC_AUTH_SYSTEM_USER_PASSWORD
scope: RUN_AND_BUILD_TIME
type: SECRET
value: EV[1:qkU44a+IP3BfIT4YvfGdrOj505b+mdu2:aD7wKJCkMvTng/HGtOjuXg2QjP2KGUn8FHghsVmZpptr4JA=]
github:
branch: main
deploy_on_push: false
repo: vivid-planet/comet-starter
http_port: 3000
instance_count: 1
instance_size_slug: apps-s-1vcpu-0.5gb
name: comet-starter-site-main
run_command: npm run serve
source_dir: site
Loading
Loading