gitea/devops
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Improved Application/DB
Some checks failed
Build and Deploy Demo App / test (push) Failing after 1m14s
Details
Build and Deploy Demo App / build (push) Has been skipped
Details
Build and Deploy Demo App / scan (push) Has been skipped
Details
Build and Deploy Demo App / deploy (push) Has been skipped
Details

Browse Source
This commit is contained in:
gitea
2025-11-26 11:03:01 +03:30
parent c442b16a45
commit fcd328ca2b
9 changed files with 194 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
.gitea/workflows/cicd.yaml
View File

@@ -1,20 +1,67 @@
name: Build and Deploy Demo App
on:
push:
branches:
- main
jobs:
build-and-deploy:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install deps
run: pip install -r requirements.txt
- name: Run tests
run: pytest tests.py
build:
needs: test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile', 'requirements.txt') }}
restore-keys: ${{ runner.os }}-buildx-
- name: Build Docker image
run: docker build -t demo-app:latest .
uses: docker/build-push-action@v6
with:
load: true
tags: demo-app:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
- name: Save Docker image to tar
run: docker save demo-app:latest > demo-app.tar
scan:
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Scan Image
uses: aquasecurity/trivy-action@master
with:
image-ref: demo-app:latest
format: table
exit-code: 1
severity: CRITICAL,HIGH
deploy:
needs: [build, scan]
runs-on: ubuntu-latest
steps:
- name: Set up SSH
run: |
apt update && apt install -y openssh-client
@@ -24,41 +71,19 @@ jobs:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
- name: Copy files to server via SCP
run: |
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} docker-compose.yml ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}docker-compose.yml
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r nginx_user_conf.d ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}nginx_user_conf.d
- name: Deploy on server via SSH
- name: Copy tar to server
run: scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
- name: Deploy on server
run: |
ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
cd ${{ secrets.DEPLOY_PATH }}
# Check and install Docker if not present (Ubuntu/Debian assumed)
if ! command -v docker &> /dev/null; then
sudo apt update -y
sudo apt install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=\$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \$(. /etc/os-release && echo "\$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker
fi
# Ensure docker-compose-plugin is installed (for 'docker compose' command)
if ! docker compose version &> /dev/null; then
sudo apt update -y
sudo apt install -y docker-compose-plugin
fi
# Load image and deploy with Compose
# Create/update .env with secrets
echo "DB_USER=${{ secrets.DB_USER }}" > .env
echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
# Load and deploy
docker load -i demo-app.tar
docker compose down --remove-orphans -v || true # Graceful stop
docker compose up -d --force-recreate
# Cleanup
docker compose down
docker compose --env-file .env up -d --remove-orphans
rm demo-app.tar
EOF

18
Dockerfile
View File

@@ -1,9 +1,19 @@
FROM python:3.12-slim
# Build stage
FROM python:3.12-slim AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY app.py .
# Runtime stage
FROM python:3.12-slim
WORKDIR /app
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY app.py models.py .
COPY templates ./templates
RUN useradd -m appuser
USER appuser
EXPOSE 5000
CMD ["python", "app.py"]
HEALTHCHECK --interval=30s --timeout=3s CMD wget --no-verbose --tries=1 --spider http://localhost:5000/ || exit 1
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app:app"]

19
app.py
View File

@@ -1,12 +1,21 @@
import os
from flask import Flask, render_template
from flask_bootstrap import Bootstrap5 # Updated import for Bootstrap 5 support
from flask_bootstrap import Bootstrap5
from models import db, Feature
app = Flask(__name__)
db_user = os.getenv('DB_USER', 'postgres')
db_pass = os.getenv('DB_PASS', 'password') # Fallback; overridden by env
db_name = os.getenv('DB_NAME', 'demo_db')
app.config['SQLALCHEMY_DATABASE_URI'] = f'postgresql://{db_user}:{db_pass}@db:5432/{db_name}'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
bootstrap = Bootstrap5(app)
db.init_app(app)
@app.route('/')
def index():
return render_template('index.html')
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
with app.app_context():
Feature.seed_db() # Seed on first load if empty
features = Feature.query.all()
return render_template('index.html', features=features)

50
docker-compose.yml
View File

@@ -1,8 +1,37 @@
services:
db:
image: postgres:16-alpine
container_name: demo-db
restart: unless-stopped
environment:
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASS}
POSTGRES_DB: ${DB_NAME}
volumes:
- db-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
interval: 10s
timeout: 5s
retries: 5
app:
image: demo-app:latest
container_name: demo-app
restart: unless-stopped
environment:
- DB_USER=${DB_USER}
- DB_PASS=${DB_PASS}
- DB_NAME=${DB_NAME}
depends_on:
db:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "--spider", "http://localhost:5000"]
interval: 30s
timeout: 10s
retries: 3
nginx:
image: jonasal/nginx-certbot:latest
container_name: demo-nginx
@@ -12,14 +41,25 @@ services:
- 4433:443
environment:
- CERTBOT_EMAIL=the.dark.mist23@gmail.com
- ENVSUBST_TEMPLATE_SUFFIX=.tmpl # Enables template processing if needed
- CERTBOT_DISABLED=true # Disable auto Certbot to use manual certs
- ENVSUBST_TEMPLATE_SUFFIX=.tmpl
- CERTBOT_DISABLED=true
volumes:
- ./nginx_user_conf.d:/etc/nginx/conf.d/
- letsencrypt:/etc/letsencrypt
- /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/origin_cert.pem:ro # Mount cert
- /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/origin_key.key:ro # Mount key
- /home/devroot/demo/certs/fullchain.pem:/etc/nginx/ssl/origin_cert.pem:ro
- /home/devroot/demo/certs/prvkey.pem:/etc/nginx/ssl/origin_key.key:ro
depends_on:
- app
app:
condition: service_healthy
logging:
driver: json-file
options:
max-size: 10m
networks:
default:
driver: bridge
volumes:
letsencrypt:
db-data:

18
models.py Normal file
View File

@@ -0,0 +1,18 @@
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy()
class Feature(db.Model):
id = db.Column(db.Integer, primary_key=True)
title = db.Column(db.String(100), nullable=False)
description = db.Column(db.String(200), nullable=False)
def seed_db():
if Feature.query.count() == 0: # Seed only if empty
features = [
Feature(title="Responsive Design", description="Adapts seamlessly to mobile, tablet, and desktop devices."),
Feature(title="Modern UI", description="Uses Bootstrap 5 for clean, professional styling."),
Feature(title="Easy Deployment", description="Containerized with Docker for quick setup on any server.")
]
db.session.bulk_save_objects(features)
db.session.commit()

10
nginx_user_conf.d/server.conf
View File

@@ -1,8 +1,6 @@
server {
listen 80;
server_name demo.networkwizard.xyz;
# Optional: Redirect HTTP to HTTPS (adjust port if needed)
location / {
return 301 https://$host:4433$request_uri;
}
@@ -11,11 +9,8 @@ server {
server {
listen 443 ssl;
server_name demo.networkwizard.xyz;
ssl_certificate /etc/nginx/ssl/origin_cert.pem;
ssl_certificate_key /etc/nginx/ssl/origin_key.key;
# Optional: Enhance security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
@@ -26,4 +21,9 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

4
requirements.txt
View File

@@ -1,2 +1,6 @@
flask==3.0.3
bootstrap-flask==2.5.0
gunicorn==22.0.0
flask-sqlalchemy==3.1.1
psycopg2-binary==2.9.9 # Postgres driver
pytest==8.3.3 # For tests

57
templates/index.html
View File

@@ -1,18 +1,11 @@
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Professional Demo Site</title>
<!-- Bootstrap CSS -->
{{ bootstrap.load_css() }}
<style>
body { padding-top: 60px; } /* Space for fixed navbar */
</style>
<style> body { padding-top: 60px; } </style>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark fixed-top">
@@ -23,67 +16,39 @@
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav ms-auto">
<li class="nav-item">
<a class="nav-link" href="/">Home</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#features">Features</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#about">About</a>
</li>
<li class="nav-item"><a class="nav-link" href="/">Home</a></li>
<li class="nav-item"><a class="nav-link" href="#features">Features</a></li>
<li class="nav-item"><a class="nav-link" href="#about">About</a></li>
</ul>
</div>
</div>
</nav>
<div class="container">
<!-- Hero Section -->
<div class="bg-primary text-white py-5 mt-4 rounded text-center">
<h1 class="display-4">Welcome to the Professional Demo Site</h1>
<p class="lead">This is a realistic, Bootstrap-powered Flask application for demonstration purposes. It features responsive design and modern UI elements.</p>
<p class="lead">This is a realistic, Bootstrap-powered Flask application with DB integration for demonstration.</p>
<a class="btn btn-light btn-lg" href="#features" role="button">Learn More</a>
</div>
<!-- Features Section -->
<section id="features" class="py-5">
<h2 class="text-center mb-4">Key Features</h2>
<h2 class="text-center mb-4">Key Features (from DB)</h2>
<div class="row">
{% for feature in features %}
<div class="col-md-4">
<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Responsive Design</h5>
<p class="card-text">Adapts seamlessly to mobile, tablet, and desktop devices.</p>
</div>
</div>
</div>
<div class="col-md-4">
<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Modern UI</h5>
<p class="card-text">Uses Bootstrap 5 for clean, professional styling.</p>
</div>
</div>
</div>
<div class="col-md-4">
<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Easy Deployment</h5>
<p class="card-text">Containerized with Docker for quick setup on any server.</p>
<h5 class="card-title">{{ feature.title }}</h5>
<p class="card-text">{{ feature.description }}</p>
</div>
</div>
</div>
{% endfor %}
</div>
</section>
<!-- About Section -->
<section id="about" class="py-5 bg-light">
<h2 class="text-center mb-4">About This Demo</h2>
<p class="text-center">This site serves as a starting point for building more complex web applications. Extend it with databases, APIs, or user authentication as needed.</p>
<p class="text-center">Now with PostgreSQL for data persistence. Extend with more models/queries.</p>
</section>
</div>
<!-- Bootstrap JS -->
{{ bootstrap.load_js() }}
</body>
</html>

24
test.py Normal file
View File

@@ -0,0 +1,24 @@
import pytest
from app import app, db
from models import Feature
@pytest.fixture
def client():
app.config['TESTING'] = True
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:' # In-memory DB for tests
with app.test_client() as client:
with app.app_context():
db.create_all()
yield client
db.drop_all()
def test_index(client):
response = client.get('/')
assert response.status_code == 200
assert b'Professional Demo Site' in response.data
def test_seed_db(client):
with app.app_context():
db.create_all()
Feature.seed_db()
assert Feature.query.count() == 3