Compare commits
22 Commits
1b7204c2ba
...
jenkins-pi
| Author | SHA1 | Date | |
|---|---|---|---|
| 1de32691c6 | |||
| f05d3940fa | |||
| 023daf1d4b | |||
| e91273888a | |||
| 247798abc8 | |||
| 600b5aeba8 | |||
| c9b1dac864 | |||
| a79ae2d50f | |||
| cd4ab3fd27 | |||
| 301cf5922e | |||
| 479ec4f917 | |||
| 3f40a6126c | |||
| dd9e9ce110 | |||
| d3d3c98f99 | |||
| 9e010ed389 | |||
| d9fe927832 | |||
| 636a382cf5 | |||
| 99cfdfddd0 | |||
| f579e440f8 | |||
| ba69728c81 | |||
| 5366e313c5 | |||
| 283be1a1ec |
83
.jenkins/Jenkinsfile
vendored
Normal file
83
.jenkins/Jenkinsfile
vendored
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
pipeline {
|
||||||
|
agent {
|
||||||
|
kubernetes {
|
||||||
|
yamlFile '.jenkins/podTemplate.yaml'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
environment {
|
||||||
|
ACR_NAME = 'marcin00'
|
||||||
|
CLIENT_ID = 'c302726f-fafb-4143-94c1-67a70975574a'
|
||||||
|
DOCKER_REGISTRY_URL = 'marcin00.azurecr.io'
|
||||||
|
DOCKER_IMAGE = "${DOCKER_REGISTRY_URL}/user-microservice:${GIT_COMMIT}"
|
||||||
|
DEPLOY_REPO = 'https://gitea.marcin00.pl/pikram/user-microservice-deploy.git'
|
||||||
|
}
|
||||||
|
|
||||||
|
stages {
|
||||||
|
stage('Code Tests') {
|
||||||
|
steps {
|
||||||
|
container('python') {
|
||||||
|
dir('api') {
|
||||||
|
sh '''
|
||||||
|
python3 -m venv env
|
||||||
|
source env/bin/activate
|
||||||
|
pip install -r requirements.txt pytest
|
||||||
|
python3 -m pytest --junit-xml=pytest_junit.xml
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
post {
|
||||||
|
always {
|
||||||
|
junit testResults: '**/*pytest_junit.xml'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Build & Push Docker') {
|
||||||
|
steps {
|
||||||
|
container('docker') {
|
||||||
|
sh '''
|
||||||
|
docker build -t ${DOCKER_IMAGE} .
|
||||||
|
az login --identity --client-id ${CLIENT_ID}
|
||||||
|
az acr login --name ${ACR_NAME}
|
||||||
|
docker push ${DOCKER_IMAGE}
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
stage('Commit new version to GitOps repo') {
|
||||||
|
steps {
|
||||||
|
container('git') {
|
||||||
|
sh '''
|
||||||
|
git config --global user.name "jenkins[bot]"
|
||||||
|
git config --global user.email "jenkins@marcin00.pl"
|
||||||
|
'''
|
||||||
|
sh 'git clone ${DEPLOY_REPO} --branch jenkins-kubernetes'
|
||||||
|
dir('user-microservice-deploy') {
|
||||||
|
sh '''
|
||||||
|
# Podmień tag obrazu w pliku deploy.yaml
|
||||||
|
awk -v commit="ssh-creds-id$GIT_COMMIT" '
|
||||||
|
$0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next }
|
||||||
|
in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ {
|
||||||
|
sub(/:[^:[:space:]]+$/, ":" commit)
|
||||||
|
in_api_container = 0
|
||||||
|
print
|
||||||
|
next
|
||||||
|
}
|
||||||
|
{ print }
|
||||||
|
' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml
|
||||||
|
'''
|
||||||
|
sh 'git commit -am "JENKINS: Changed deployed version to $GIT_COMMIT"'
|
||||||
|
sshagent(['gitea-deploy-key']) {
|
||||||
|
sh '''
|
||||||
|
git remote set-url origin ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git
|
||||||
|
git push
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -1,10 +1,13 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
io.kubernetes.cri-o.userns-mode: "auto:size=65536"
|
||||||
labels:
|
labels:
|
||||||
jenkins: "slave"
|
jenkins: "slave"
|
||||||
jenkins/label: "kubernetes-agent"
|
jenkins/label: "kubernetes-agent"
|
||||||
spec:
|
spec:
|
||||||
|
runtimeClassName: sysbox-runc
|
||||||
containers:
|
containers:
|
||||||
- name: jnlp
|
- name: jnlp
|
||||||
image: jenkins/inbound-agent:alpine
|
image: jenkins/inbound-agent:alpine
|
||||||
@ -33,8 +36,16 @@ spec:
|
|||||||
image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
|
image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
|
||||||
tty: true
|
tty: true
|
||||||
workingDir: /home/jenkins/agent
|
workingDir: /home/jenkins/agent
|
||||||
securityContext:
|
volumeMounts:
|
||||||
privileged: true
|
- name: workspace-volume
|
||||||
|
mountPath: /home/jenkins/agent
|
||||||
|
|
||||||
|
- name: git
|
||||||
|
image: alpine/git:latest
|
||||||
|
command:
|
||||||
|
- cat
|
||||||
|
tty: true
|
||||||
|
workingDir: /home/jenkins/agent
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: workspace-volume
|
- name: workspace-volume
|
||||||
mountPath: /home/jenkins/agent
|
mountPath: /home/jenkins/agent
|
||||||
@ -1,5 +1,6 @@
|
|||||||
FROM python:3.11.7-slim-bookworm
|
FROM python:3.11.7-alpine
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY api .
|
COPY api .
|
||||||
|
RUN apk add --no-cache curl
|
||||||
RUN pip install -r requirements.txt
|
RUN pip install -r requirements.txt
|
||||||
CMD python3 app.py
|
CMD python3 app.py
|
||||||
|
|||||||
50
Jenkinsfile
vendored
50
Jenkinsfile
vendored
@ -1,50 +0,0 @@
|
|||||||
pipeline {
|
|
||||||
agent {
|
|
||||||
kubernetes {
|
|
||||||
label 'kubernetes-agent'
|
|
||||||
yamlFile 'podTemplate.yaml'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
environment {
|
|
||||||
ACR_NAME = 'marcin00'
|
|
||||||
CLIENT_ID = 'c302726f-fafb-4143-94c1-67a70975574a'
|
|
||||||
DOCKER_REGISTRY_URL = 'marcin00.azurecr.io'
|
|
||||||
DOCKER_IMAGE = "${DOCKER_REGISTRY_URL}/user-microservice:${GIT_COMMIT}"
|
|
||||||
}
|
|
||||||
|
|
||||||
stages {
|
|
||||||
stage('Code Tests') {
|
|
||||||
steps {
|
|
||||||
container('python') {
|
|
||||||
dir('api') {
|
|
||||||
sh '''
|
|
||||||
python3 -m venv env
|
|
||||||
source env/bin/activate
|
|
||||||
pip install -r requirements.txt pytest
|
|
||||||
python3 -m pytest --junit-xml=pytest_junit.xml
|
|
||||||
'''
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
post {
|
|
||||||
always {
|
|
||||||
junit testResults: '**/*pytest_junit.xml'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
stage('Build & Push Docker') {
|
|
||||||
steps {
|
|
||||||
container('docker') {
|
|
||||||
sh '''
|
|
||||||
docker build -t ${DOCKER_IMAGE} .
|
|
||||||
az login --identity --client-id ${CLIENT_ID}
|
|
||||||
az acr login --name ${ACR_NAME}
|
|
||||||
docker push ${DOCKER_IMAGE}
|
|
||||||
'''
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -4,7 +4,8 @@ from flask_jwt_extended import JWTManager
|
|||||||
from jwt import ExpiredSignatureError
|
from jwt import ExpiredSignatureError
|
||||||
from models import db, RevokedToken
|
from models import db, RevokedToken
|
||||||
import os
|
import os
|
||||||
from utils import init_db
|
from tech_views import tech_bp
|
||||||
|
from utils import init_db, wait_for_db
|
||||||
from views import user_bp
|
from views import user_bp
|
||||||
from werkzeug.exceptions import HTTPException
|
from werkzeug.exceptions import HTTPException
|
||||||
|
|
||||||
@ -26,6 +27,7 @@ def create_app(config_name="default"):
|
|||||||
|
|
||||||
# Blueprints registration
|
# Blueprints registration
|
||||||
app.register_blueprint(user_bp)
|
app.register_blueprint(user_bp)
|
||||||
|
app.register_blueprint(tech_bp)
|
||||||
|
|
||||||
# Database and JWT initialization
|
# Database and JWT initialization
|
||||||
db.init_app(app)
|
db.init_app(app)
|
||||||
@ -53,6 +55,7 @@ def create_app(config_name="default"):
|
|||||||
|
|
||||||
# Fill database by initial values (only if we are not testing)
|
# Fill database by initial values (only if we are not testing)
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
|
wait_for_db(max_retries=100)
|
||||||
db.create_all()
|
db.create_all()
|
||||||
if config_name != "testing":
|
if config_name != "testing":
|
||||||
init_db()
|
init_db()
|
||||||
|
|||||||
20
api/tech_views.py
Normal file
20
api/tech_views.py
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
from flask import Blueprint, jsonify
|
||||||
|
from models import db
|
||||||
|
from sqlalchemy import text
|
||||||
|
from utils import db_ready
|
||||||
|
|
||||||
|
# Blueprint with technical endpoints
|
||||||
|
tech_bp = Blueprint('tech_bp', __name__)
|
||||||
|
|
||||||
|
@tech_bp.route('/health', methods=['GET'])
|
||||||
|
def health_check():
|
||||||
|
"Check if service works and database is functional"
|
||||||
|
try:
|
||||||
|
with db.engine.connect() as connection:
|
||||||
|
connection.execute(text("SELECT 1"))
|
||||||
|
return jsonify(status="healthy"), 200
|
||||||
|
except Exception:
|
||||||
|
if db_ready:
|
||||||
|
return jsonify(status="unhealthy"), 500
|
||||||
|
else:
|
||||||
|
return jsonify(status="starting"), 503
|
||||||
21
api/utils.py
21
api/utils.py
@ -2,17 +2,22 @@ from flask import abort
|
|||||||
from flask_jwt_extended import get_jwt_identity
|
from flask_jwt_extended import get_jwt_identity
|
||||||
from models import User, db
|
from models import User, db
|
||||||
import os
|
import os
|
||||||
|
from sqlalchemy import text
|
||||||
|
from sqlalchemy.exc import DatabaseError, InterfaceError
|
||||||
|
import time
|
||||||
from werkzeug.security import generate_password_hash
|
from werkzeug.security import generate_password_hash
|
||||||
|
|
||||||
|
db_ready = False
|
||||||
|
|
||||||
def admin_required(user_id, message='Access denied.'):
|
def admin_required(user_id, message='Access denied.'):
|
||||||
|
"Check if common user try to make administrative action."
|
||||||
user = db.session.get(User, user_id)
|
user = db.session.get(User, user_id)
|
||||||
if user is None or user.role != "Administrator":
|
if user is None or user.role != "Administrator":
|
||||||
abort(403, message)
|
abort(403, message)
|
||||||
|
|
||||||
|
|
||||||
def validate_access(owner_id, message='Access denied.'):
|
def validate_access(owner_id, message='Access denied.'):
|
||||||
# Check if user try to access or edit resource that does not belong to them
|
"Check if user try to access or edit resource that does not belong to them."
|
||||||
logged_user_id = int(get_jwt_identity())
|
logged_user_id = int(get_jwt_identity())
|
||||||
logged_user_role = db.session.get(User, logged_user_id).role
|
logged_user_role = db.session.get(User, logged_user_id).role
|
||||||
if logged_user_role != "Administrator" and logged_user_id != owner_id:
|
if logged_user_role != "Administrator" and logged_user_id != owner_id:
|
||||||
@ -27,6 +32,20 @@ def get_user_or_404(user_id):
|
|||||||
return user
|
return user
|
||||||
|
|
||||||
|
|
||||||
|
def wait_for_db(max_retries):
|
||||||
|
"Try to connect with database <max_retries> times."
|
||||||
|
global db_ready
|
||||||
|
for _ in range(max_retries):
|
||||||
|
try:
|
||||||
|
with db.engine.connect() as connection:
|
||||||
|
connection.execute(text("SELECT 1"))
|
||||||
|
db_ready = True
|
||||||
|
return
|
||||||
|
except DatabaseError | InterfaceError:
|
||||||
|
time.sleep(3)
|
||||||
|
raise Exception("Failed to connect to database.")
|
||||||
|
|
||||||
|
|
||||||
def init_db():
|
def init_db():
|
||||||
"""Create default admin account if database is empty"""
|
"""Create default admin account if database is empty"""
|
||||||
with db.session.begin():
|
with db.session.begin():
|
||||||
|
|||||||
@ -2,6 +2,7 @@ from flask import Blueprint, jsonify, request, abort
|
|||||||
from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required, \
|
from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required, \
|
||||||
verify_jwt_in_request, get_jwt_identity, unset_jwt_cookies, get_jwt
|
verify_jwt_in_request, get_jwt_identity, unset_jwt_cookies, get_jwt
|
||||||
from models import db, RevokedToken, User
|
from models import db, RevokedToken, User
|
||||||
|
import os
|
||||||
from utils import admin_required, validate_access, get_user_or_404
|
from utils import admin_required, validate_access, get_user_or_404
|
||||||
from werkzeug.security import check_password_hash, generate_password_hash
|
from werkzeug.security import check_password_hash, generate_password_hash
|
||||||
|
|
||||||
@ -110,3 +111,10 @@ def user_logout():
|
|||||||
response = jsonify({"msg": "User logged out successfully."})
|
response = jsonify({"msg": "User logged out successfully."})
|
||||||
unset_jwt_cookies(response)
|
unset_jwt_cookies(response)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
@user_bp.route('/version', methods=['GET'])
|
||||||
|
def version():
|
||||||
|
return jsonify({
|
||||||
|
"version": os.getenv("APP_VERSION", "unknown"),
|
||||||
|
"build_time": os.getenv("BUILD_DATE", "unknown")
|
||||||
|
})
|
||||||
@ -7,9 +7,24 @@ services:
|
|||||||
build: .
|
build: .
|
||||||
env_file:
|
env_file:
|
||||||
- api/.env
|
- api/.env
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "http://localhost/health"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
start_period: 15s
|
||||||
db:
|
db:
|
||||||
container_name: db
|
container_name: db
|
||||||
hostname: db
|
hostname: db
|
||||||
image: mysql:latest
|
image: mysql:latest
|
||||||
env_file:
|
env_file:
|
||||||
- db/.env
|
- db/.env
|
||||||
|
ports:
|
||||||
|
- 3306:3306
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
|||||||
Reference in New Issue
Block a user