Merge pull request #24 from LukeeeeBennett/autodeploy

Autodeploy

.dockerignore

@@ -6,3 +6,4 @@
 /APIs.md
 /README.md
 /benchmarking.cpp
+/.github

.github/workflows/build.yaml

@@ -0,0 +1,41 @@
+name: Build
+on:
+  push:
+    branches:
+      - main
+jobs:
+  release:
+    name: Push Docker image to GitHub Packages
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v2
+      - name: Login to GitHub Docker Registry
+        uses: docker/login-action@v1
+        with:
+          registry: docker.pkg.github.com
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Format repository
+        run: |
+          echo IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+      - name: Build container image
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: |
+            docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:${{ github.sha }}
+            docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest
+  trigger-deploy:
+    needs: release
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          curl -X POST \
+          -H 'Accept: application/vnd.github.v3+json' \
+          -H 'Authorization: Bearer ${{ secrets.CCASH_DEPLOY_TOKEN }}' \
+          https://api.github.com/repos/${{ github.repository }}/actions/workflows/deploy.yaml/dispatches \
+          -d '{"ref":"main"}'

.github/workflows/deploy.yaml

@@ -1,31 +1,59 @@
-name: Publish Staging
-on:
-  push:
-    branches:
-      - main
+name: Deploy
+on: workflow_dispatch
 jobs:
   release:
-    name: Push Docker image to GitHub Packages
+    name: Deploy Docker image to remote machine
     runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
     steps:
-      - name: Checkout the repo
-        uses: actions/checkout@v2
-      - name: Login to GitHub Docker Registry
-        uses: docker/login-action@v1
+      - name: Write CCASH_CONFIG_JSON to remote filesystem
+        uses: appleboy/ssh-action@master
         with:
-          registry: docker.pkg.github.com
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "echo '${{ secrets.CCASH_CONFIG_JSON }}' > $(pwd)/config.json"
+      - name: Write CCASH_USERS_JSON to remote filesystem if it doesn't already exist
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "[[ -f $(pwd)/users.json ]] && echo 'users.json already exists' || echo '${{ secrets.CCASH_USERS_JSON }}' > $(pwd)/users.json"
+      - name: Authenticate Docker Engine with GitHub Packages container registry
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "docker login -u '${{ github.actor }}' -p '${{ secrets.GITHUB_TOKEN }}' docker.pkg.github.com"
+      - name: Prune docker system
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "docker system prune -af"
       - name: Format repository
         run: |
           echo IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
-      - name: Build container image
-        uses: docker/build-push-action@v2
+      - name: Pull latest image
+        uses: appleboy/ssh-action@master
         with:
-          push: true
-          tags: |
-            docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:${{ github.sha }}
-            docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "docker pull docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest"
+      - name: Stop previous container
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "curl -X POST -H 'Password: ${{ secrets.CCASH_ADMIN_PASSWORD }}' https://${{ secrets.CCASH_DOMAIN }}/BankF/close && docker kill $(docker ps -q)"
+      - name: Run CCash Docker image
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.CCASH_DOMAIN }}
+          username: root
+          key: ${{ secrets.CCASH_SSH_KEY }}
+          script: "docker run -d -p 80:80 -p 443:443 -v $(pwd)/config.json:/ccash/config.json -v $(pwd)/users.json:/ccash/users.json -v ${{ secrets.CCASH_TLS_CERT_PATH }}:/ccash/cert -v ${{ secrets.CCASH_TLS_KEY_PATH }}:/ccash/key docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest ${{ secrets.CCASH_ADMIN_PASSWORD }} ${{ secrets.CCASH_SAVE_FREQUENCY }} ${{ secrets.CCASH_THREAD_COUNT }}"

Dockerfile

@@ -11,6 +11,6 @@ RUN mkdir build
 WORKDIR /ccash/build
 
 RUN cmake ..
-RUN make -j$(nprov)
+RUN make -j$(nproc)
 
-CMD ["/ccash/build/bank", "$CCASH_ADMIN_PASSWORD", "$CCASH_SAVE_FREQUENCY", "$CCASH_THREAD_COUNT"]
+ENTRYPOINT ["/ccash/build/bank"]

README.md

@@ -48,12 +48,12 @@ sudo ./bank <admin password> <saving frequency in minutes> <threads>
 
 ## Connected Services
 
-Using the Bank's API allows (you/others) to (make/use) connected services that utilize the bank, a couple ideas can be found [here](services.md)
+Using the Bank's API allows (you/others) to (make/use) connected services that utilize the bank, a couple ideas can be found [here](docs/services.md)
 
 ## Developing for
 as a dev check out 
-* [APIs](https://github.com/EntireTwix/CCash/blob/main/APIs.md)
-* [endpoints](https://github.com/EntireTwix/CCash/blob/main/help.md)
+* [APIs](https://github.com/EntireTwix/CCash/blob/main/docs/APIs.md)
+* [endpoints](https://github.com/EntireTwix/CCash/blob/main/docs/help.md)
 
 ## FAQ
 **Q:** how is money initially injected into the economy

config.json

@@ -9,8 +9,8 @@
         "address": "0.0.0.0",
         "port": 443,
         "https": true,
-        "cert": "",
-        "key": ""
+        "cert": "/ccash/cert",
+        "key": "/ccash/key"
       }
   ]
 }

docs/deploy.md

@@ -0,0 +1,47 @@
+# Deploying CCash
+
+CCash can deployed to a remote machine pretty simply.
+
+A pre-built docker image is supplied in the repos [GitHub Packages](https://github.com/features/packages) container registry [EntireTwix/CCash](https://github.com/EntireTwix/CCash/packages/851105).
+
+It can be run with docker like so:
+
+```
+docker pull docker.pkg.github.com/entiretwix/ccash/ccash:latest
+```
+
+## Build
+
+The CCash repo provides a GitHub Workflow to build, release and publish the docker image in [.github/workflows/build.yaml](https://github.com/EntireTwix/CCash/blob/main/.github/workflows/build.yaml) to the GitHub Packages container registry.
+
+You can build and publish your own images using this workflow by forking [EntireTwix/CCash](https://github.com/EntireTwix/CCash).
+
+## Deploy
+
+You can deploy this docker image to be run on a remote machine in a few steps. In this case we are using [Debian OS](https://www.debian.org/) running on the [Linode](https://www.linode.com/) cloud provider, but most OS and cloud providers will work, assuming the machine can run an SSH server and Docker.
+
+Similarly, the CCash repo also provides a GitHub Workflow to deploy the latest docker image to a remote machine in [.github/workflows/deploy.yaml](https://github.com/EntireTwix/CCash/blob/main/.github/workflows/deploy.yaml).
+
+### Configure the machine
+
+1. Create a machine using your chosen cloud provider
+1. Configure DNS to point your chosen domain name to the machines IP address. _(Without this, TLS/SSL will not work)_
+1. Create an SSH key-pair by running `ssh-keygen` locally. Make sure you **don't** set a password
+1. Add the `*.pub` public key to the servers `~/.ssh/authorized_keys` file
+1. Install Docker Engine on the remote machine following [official docs](https://docs.docker.com/engine/install/)
+1. Generate SSL/TLS certificate (Using [certbot](https://certbot.eff.org/lets-encrypt/debianbuster-other) is recommended)
+1. Configure [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) for the repo
+  * `CCASH_SSH_KEY` - The private key _(not `*.pub`)_ created earlier
+  * `CCASH_DOMAIN` - The domain name pointing to the remote machine
+  * `CCASH_CONFIG_JSON` - A config.json file that will be written every deploy _(https config cert path should be `/ccash/cert` and key path should be `/ccash/key`)_
+  * `CCASH_USERS_JSON` - A users.json file that will be written only on first deploy
+  * `CCASH_ADMIN_PASSWORD` - A CCash server admin account password
+  * `CCASH_SAVE_FREQUENCY` - A number representing the frequency to save to users.json (in minutes)
+  * `CCASH_THREAD_COUNT` - A number representing the number of threads to use
+  * `CCASH_TLS_CERT_PATH` - The path to the TLS/SSL certificate on the host machine
+  * `CCASH_TLS_KEY_PATH` - The path to the TLS/SSL key on the host machine
+  * `CCASH_DEPLOY_TOKEN` - A [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token), used to trigger the deploy workflow automatically when the build workflow is successful. _(Leave empty to disable automatic deploys.)_
+
+You are now ready to run the "Deploy" workflow mentioned above. This workflow will SSH in to the `CCASH_DOMAIN` machine, using the `CCASH_SSH_KEY` and `docker run` the latest `entiretwix/ccash` image, binding to port 80 and 443, setting the appropriate volumes and environment variables.
+
+Run `curl https://$CCASH_DOMAIN/BankF/ping` to verify that the server has been deployed correctly.