Changed pod runtime to sysbox

.jenkins/Jenkinsfile

@@ -0,0 +1,50 @@
+pipeline {
+    agent {
+        kubernetes {
+            label 'kubernetes-agent'
+            yamlFile 'podTemplate.yaml'
+        }
+    }
+
+    environment {
+        ACR_NAME = 'marcin00'
+        CLIENT_ID = 'c302726f-fafb-4143-94c1-67a70975574a'
+        DOCKER_REGISTRY_URL = 'marcin00.azurecr.io'
+        DOCKER_IMAGE = "${DOCKER_REGISTRY_URL}/user-microservice:${GIT_COMMIT}"
+    }
+
+    stages {
+        stage('Code Tests') {
+            steps {
+                container('python') {
+                    dir('api') {
+                        sh '''
+                            python3 -m venv env
+                            source env/bin/activate
+                            pip install -r requirements.txt pytest
+                            python3 -m pytest --junit-xml=pytest_junit.xml
+                        '''
+                    }
+                }
+            }
+            post {
+                always {
+                    junit testResults: '**/*pytest_junit.xml'
+                }
+            }
+        }
+
+        stage('Build & Push Docker') {
+            steps {
+                container('docker') {
+                    sh '''
+                    docker build -t ${DOCKER_IMAGE} .
+                    az login --identity --client-id ${CLIENT_ID}
+                    az acr login --name ${ACR_NAME}
+                    docker push ${DOCKER_IMAGE}
+                    '''
+                }
+            }
+        }
+    }
+}

.jenkins/podTemplate.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    jenkins: "slave"
+    jenkins/label: "kubernetes-agent"
+spec:
+  runtimeClassName: sysbox-runc
+  containers:
+    - name: jnlp
+      image: jenkins/inbound-agent:alpine
+      tty: false
+      workingDir: /home/jenkins/agent
+      volumeMounts:
+        - name: workspace-volume
+          mountPath: /home/jenkins/agent
+      env:
+        - name: JENKINS_WEB_SOCKET
+          value: "true"
+        - name: REMOTING_OPTS
+          value: "-noReconnectAfter 1d"
+
+    - name: python
+      image: python:3.11.7-alpine
+      command:
+        - cat
+      tty: true
+      workingDir: /home/jenkins/agent
+      volumeMounts:
+        - name: workspace-volume
+          mountPath: /home/jenkins/agent
+
+    - name: docker
+      image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
+      tty: true
+      workingDir: /home/jenkins/agent
+      volumeMounts:
+        - name: workspace-volume
+          mountPath: /home/jenkins/agent
+
+  nodeSelector:
+    kubernetes.io/os: linux
+
+  restartPolicy: Never
+
+  volumes:
+    - name: workspace-volume
+      emptyDir: {}

.woodpecker/build.yaml

@@ -1,71 +0,0 @@
-when:
-  - event: [push, manual]
-    branch: woodpecker
-
-steps:
-  - name: code-tests
-    image: python:3.11.7-alpine
-    commands:
-      - cd api
-      - python3 -m venv env
-      - source env/bin/activate
-      - pip install -r requirements.txt pytest
-      - python3 -m pytest --junit-xml=pytest_junit.xml
-
-  - name: build-and-push
-    image: marcin00.azurecr.io/azure-cli-docker:slim-bookworm
-    environment:
-      ACR_NAME: marcin00
-      CLIENT_ID: c302726f-fafb-4143-94c1-67a70975574a
-    commands:
-      - dockerd &
-      - export DOCKER_IMAGE=marcin00.azurecr.io/user-microservice:${CI_COMMIT_SHA}
-      - docker build -t $DOCKER_IMAGE --build-arg APP_VERSION=${CI_COMMIT_SHA} --build-arg BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") .
-      - az login --identity --client-id $CLIENT_ID
-      - az acr login --name $ACR_NAME
-      - docker push $DOCKER_IMAGE
-    backend_options:
-      kubernetes:
-        annotations:
-          io.kubernetes.cri-o.userns-mode: "auto:size=65536"
-        runtimeClassName: sysbox-runc
-
-  - name: gitops-commit
-    image: alpine/git
-    environment:
-      DEPLOY_REPO_URL: ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git
-      DEPLOY_REPO_BRANCH: woodpecker-fluxcd-deploy
-      GITEA_DEPLOY_KEY:
-        from_secret: gitea-deploy-key
-      GITEA_KNOWN_HOST:
-        from_secret: gitea-known-host
-    commands:
-      - mkdir -p ~/.ssh
-
-      - echo "$GITEA_KNOWN_HOST" >> ~/.ssh/known_hosts
-      - chmod 644 ~/.ssh/known_hosts
-
-      - echo "$GITEA_DEPLOY_KEY" > ~/.ssh/id_rsa
-      - chmod 600 ~/.ssh/id_rsa
-
-      - git config --global user.name "woodpecker[bot]"
-      - git config --global user.email "woodpecker@marcin00.pl"
-
-      - git clone $DEPLOY_REPO_URL --branch $DEPLOY_REPO_BRANCH
-      - cd user-microservice-deploy/apps/user-microservice
-      
-      - |
-        awk -v commit="$CI_COMMIT_SHA" '
-        $0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next }
-        in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ {
-            sub(/:[^:[:space:]]+$/, ":" commit)
-            in_api_container = 0
-            print
-            next
-        }
-        { print }
-        ' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml
-      
-      - git add deploy.yaml
-      - 'git diff-index --quiet HEAD || git commit -m "WOODPECKER: Changed deployed version to $CI_COMMIT_SHA"'
-      - git push origin $DEPLOY_REPO_BRANCH

Dockerfile

@@ -1,18 +1,5 @@
-FROM python:3.11.7-alpine
+FROM python:3.11.7-slim-bookworm
-
-# Wersja i data builda jako build-arg
-ARG APP_VERSION=unknown
-ARG BUILD_DATE=unknown
-
-# Ustawiamy zmienne w ENV, by były dostępne w kontenerze
-ENV APP_VERSION=$APP_VERSION
-ENV BUILD_DATE=$BUILD_DATE
-
 WORKDIR /app
-
 COPY api .
-
-RUN apk add --no-cache curl
 RUN pip install -r requirements.txt
-
 CMD python3 app.py

api/app.py

@@ -4,8 +4,7 @@ from flask_jwt_extended import JWTManager
 from jwt import ExpiredSignatureError
 from models import db, RevokedToken
 import os
-from tech_views import tech_bp
+from utils import init_db
-from utils import init_db, wait_for_db
 from views import user_bp
 from werkzeug.exceptions import HTTPException
 
@@ -27,7 +26,6 @@ def create_app(config_name="default"):
 
     # Blueprints registration
     app.register_blueprint(user_bp)
-    app.register_blueprint(tech_bp)
 
     # Database and JWT initialization
     db.init_app(app)
@@ -55,7 +53,6 @@ def create_app(config_name="default"):
 
     # Fill database by initial values (only if we are not testing)
     with app.app_context():
-        wait_for_db(max_retries=100)
         db.create_all()
         if config_name != "testing":
             init_db()

api/tech_views.py

@@ -1,20 +0,0 @@
-from flask import Blueprint, jsonify
-from models import db
-from sqlalchemy import text
-from utils import db_ready
-
-# Blueprint with technical endpoints
-tech_bp = Blueprint('tech_bp', __name__)
-
-@tech_bp.route('/health', methods=['GET'])
-def health_check():
-    "Check if service works and database is functional"
-    try:
-        with db.engine.connect() as connection:
-            connection.execute(text("SELECT 1"))
-        return jsonify(status="healthy"), 200
-    except Exception:
-        if db_ready:
-            return jsonify(status="unhealthy"), 500
-        else:
-            return jsonify(status="starting"), 503

api/utils.py

@@ -2,22 +2,17 @@ from flask import abort
 from flask_jwt_extended import get_jwt_identity
 from models import User, db
 import os
-from sqlalchemy import text
-from sqlalchemy.exc import DatabaseError, InterfaceError
-import time
 from werkzeug.security import generate_password_hash
 
-db_ready = False
 
 def admin_required(user_id, message='Access denied.'):
-    "Check if common user try to make administrative action."
     user = db.session.get(User, user_id)
     if user is None or user.role != "Administrator":
         abort(403, message)
 
 
 def validate_access(owner_id, message='Access denied.'):
-    "Check if user try to access or edit resource that does not belong to them."
+    # Check if user try to access or edit resource that does not belong to them 
     logged_user_id = int(get_jwt_identity())
     logged_user_role = db.session.get(User, logged_user_id).role
     if logged_user_role != "Administrator" and logged_user_id != owner_id:
@@ -32,20 +27,6 @@ def get_user_or_404(user_id):
     return user
 
 
-def wait_for_db(max_retries):
-    "Try to connect with database <max_retries> times."
-    global db_ready
-    for _ in range(max_retries):
-        try:
-            with db.engine.connect() as connection:
-                connection.execute(text("SELECT 1"))
-            db_ready = True
-            return
-        except DatabaseError | InterfaceError:
-            time.sleep(3)
-    raise Exception("Failed to connect to database.")
-
-
 def init_db():
     """Create default admin account if database is empty"""
     with db.session.begin():

api/views.py

@@ -2,7 +2,6 @@ from flask import Blueprint, jsonify, request, abort
 from flask_jwt_extended import create_access_token, set_access_cookies, jwt_required, \
 verify_jwt_in_request, get_jwt_identity, unset_jwt_cookies, get_jwt
 from models import db, RevokedToken, User
-import os
 from utils import admin_required, validate_access, get_user_or_404
 from werkzeug.security import check_password_hash, generate_password_hash
 
@@ -111,10 +110,3 @@ def user_logout():
     response = jsonify({"msg": "User logged out successfully."})
     unset_jwt_cookies(response)
     return response
-
-@user_bp.route('/version', methods=['GET'])
-def version():
-    return jsonify({
-        "version": os.getenv("APP_VERSION", "unknown"),
-        "build_time": os.getenv("BUILD_DATE", "unknown")
-    })

deployment_timer.sh

@@ -1,65 +0,0 @@
-#!/bin/bash
-
-# === KONFIGURACJA ===
-APP_URL="https://user-microservice.marcin00.pl/version"
-MARKER_FILE="version_marker.txt"
-OUTPUT_FILE="deployment_times.csv"
-CHECK_INTERVAL=1  # sekundy
-
-# === POBRANIE AKTUALNEJ WERSJI APLIKACJI ===
-echo "[INFO] Pobieranie aktualnej wersji z /version..."
-OLD_VERSION=$(curl -s "$APP_URL" | jq -r '.version')
-
-if [[ -z "$OLD_VERSION" ]]; then
-  echo "[ERROR] Nie udało się pobrać aktualnej wersji aplikacji."
-  exit 1
-fi
-
-echo "[INFO] Aktualna wersja: $OLD_VERSION"
-
-# === Modyfikacja pliku, commit i push ===
-TIMESTAMP=$(date +%s)
-echo "$TIMESTAMP" > "$MARKER_FILE"
-
-git add "$MARKER_FILE"
-git commit -m "Automatyczna zmiana: $TIMESTAMP"
-START_TIME=$(date +%s)
-
-echo "[INFO] Wykonuję git push..."
-git push
-
-if [[ $? -ne 0 ]]; then
-  echo "[ERROR] Push nie powiódł się."
-  exit 1
-fi
-
-echo "[INFO] Oczekiwanie na wdrożenie nowej wersji..."
-
-# === Odpytywanie endpointa /version ===
-WAITED=0
-echo "[WAIT] Oczekiwanie na nową wersję..."
-
-while true; do
-  sleep $CHECK_INTERVAL
-  WAITED=$((WAITED + CHECK_INTERVAL))
-
-  NEW_VERSION=$(curl -s "$APP_URL" | jq -r '.version')
-
-  if [[ "$NEW_VERSION" != "$OLD_VERSION" ]]; then
-    END_TIME=$(date +%s)
-    DURATION=$((END_TIME - START_TIME))
-
-    # Nadpisujemy linię z licznikiem
-    printf "\r[INFO] Nowa wersja wdrożona po %ds: %s\n" "$WAITED" "$NEW_VERSION"
-    echo "[INFO] Czas wdrożenia: $DURATION sekund"
-
-    echo "$START_TIME,$END_TIME,$DURATION,$OLD_VERSION,$NEW_VERSION" >> "$OUTPUT_FILE"
-    break
-  else
-    # Nadpisujemy TYLKO linię z licznikiem
-    printf "\r[WAIT] Czekam... %ds" "$WAITED"
-  fi
-done
-
-# Żeby kursor przeszedł do nowej linii po zakończeniu
-echo ""

docker-compose.yml

@@ -7,24 +7,9 @@ services:
     build: .
     env_file:
       - api/.env
-    ports:
-      - 80:80
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/health"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 15s
   db:
     container_name: db
     hostname: db
     image: mysql:latest
     env_file:
       - db/.env
-    ports:
-      - 3306:3306
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
-      interval: 10s
-      timeout: 5s
-      retries: 5

version_marker.txt

@@ -1 +0,0 @@
-1753736103