From 922ebf46ae01e090b45497730972daf6a699b5e2 Mon Sep 17 00:00:00 2001 From: ribardej Date: Wed, 15 Oct 2025 16:25:28 +0200 Subject: [PATCH 01/27] feat(docs): Catch up on report.md --- 7project/report.md | 302 +++++++++++++++++++++++++++++---------------- 1 file changed, 197 insertions(+), 105 deletions(-) diff --git a/7project/report.md b/7project/report.md index 1fc4231..ad53df0 100644 --- a/7project/report.md +++ b/7project/report.md @@ -7,126 +7,211 @@ ## Project Overview -**Project Name**: [Your project name] +**Project Name**: Personal Finance Tracker **Group Members**: -- Student number, Name, GitHub username -- Student number, Name, GitHub username -- Student number, Name, GitHub username +- Student number, Lukáš Trkan, lukastrkan +- 289258, Dejan Ribarovski, derib2613 **Brief Description**: -[2-3 sentences describing what your application does and its main purpose] +Our application is a finance tracker, so a person can easily track his cash flow +through multiple bank accounts. Person can label transactions with custom categories +and later filter by them. ## Architecture Overview +Our system is a full‑stack web application composed of a React frontend, a FastAPI backend, a PostgreSQL database, and asynchronous background workers powered by Celery with RabbitMQ. Redis is available for caching/kv and may be used by Celery as a result backend. The backend exposes REST endpoints for authentication (email/password and OAuth), users, categories, and transactions. A thin controller layer (FastAPI routers) lives under app/api. Infrastructure for Kubernetes is provided via OpenTofu (Terraform‑compatible) modules and the application is packaged via a Helm chart. ### High-Level Architecture -[Describe the overall system architecture. Consider including a diagram using mermaid or linking to an image] - ```mermaid -graph TD - A[Component A] --> B[Component B] - B --> C[Component C] +flowchart LR + proc_queue[Message Queue] --> proc_queue_worker[Worker Service] + proc_queue_worker --> ext_mail[(Email Service)] + proc_cron[Task planner] --> proc_queue + proc_queue_worker --> ext_bank[(Bank API)] + proc_queue_worker --> db + client[Client/Frontend] <--> svc[Backend API] + svc --> proc_queue + svc <--> db[(Database)] + svc <--> cache[(Cache)] ``` ### Components -- **Component 1**: [Description of what this component does] -- **Component 2**: [Description of what this component does] -- **Component 3**: [Description of what this component does] +- Frontend (frontend/): React + TypeScript app built with Vite. Talks to the backend via REST, handles login/registration, shows latest transactions, filtering, and allows adding transactions. +- Backend API (backend/app): FastAPI app with routers under app/api for auth, categories, and transactions. Uses FastAPI Users for auth (JWT + OAuth), SQLAlchemy ORM, and Pydantic v2 schemas. +- Worker service (backend/app/workers): Celery worker handling asynchronous tasks (e.g., sending verification emails, future background processing). +- Database (PostgreSQL): Persists users, categories, transactions; schema managed by Alembic migrations. +- Message Queue (RabbitMQ): Transports background jobs from the API to the worker. +- Cache/Result Store (Redis): Available for caching or Celery result backend. +- Infrastructure as Code (tofu/): OpenTofu modules provisioning cluster services (RabbitMQ, Redis, Argo CD, cert-manager, Cloudflare tunnel, etc.). +- Deployment Chart (charts/myapp-chart/): Helm chart to deploy the application to Kubernetes. ### Technologies Used -- **Backend**: [e.g., Go, Node.js, Python] -- **Database**: [e.g., PostgreSQL, MongoDB, Redis] -- **Cloud Services**: [e.g., AWS EC2, Google Cloud Run, Azure Functions] -- **Container Orchestration**: [e.g., Docker, Kubernetes] -- **Other**: [List other significant technologies] +- Backend: Python, FastAPI, FastAPI Users, SQLAlchemy, Pydantic, Alembic, Celery +- Frontend: React, TypeScript, Vite +- Database: PostgreSQL +- Messaging: RabbitMQ +- Cache: Redis +- Containerization/Orchestration: Docker, Docker Compose (dev), Kubernetes, Helm +- IaC/Platform: OpenTofu (Terraform), Argo CD, cert-manager, MetalLB, Cloudflare Tunnel, Prometheus ## Prerequisites ### System Requirements -- Operating System: [e.g., Linux, macOS, Windows] -- Minimum RAM: [e.g., 8GB] -- Storage: [e.g., 10GB free space] +- Operating System: Linux, macOS, or Windows +- Minimum RAM: 4 GB (8 GB recommended for running backend, frontend, and database together) +- Storage: 2 GB free (Docker images may require additional space) ### Required Software -- [Software 1] (version X.X or higher) -- [Software 2] (version X.X or higher) -- [etc.] +- Docker Desktop or Docker Engine 24+ +- Docker Compose v2+ +- Node.js 20+ and npm 10+ (for local frontend dev/build) +- Python 3.12+ (for local backend dev outside Docker) +- PostgreSQL 15+ (optional if running DB outside Docker) +- Helm 3.12+ and kubectl 1.29+ (for Kubernetes deployment) +- OpenTofu 1.7+ (for infrastructure provisioning) -### Dependencies +### Environment Variables (common) -```bash -# List key dependencies that need to be installed -# For example: -# Docker Engine 20.10+ -# Node.js 18+ -# Go 1.25+ -``` +- Backend: SECRET, FRONTEND_URL, BACKEND_URL, DATABASE_URL, RABBITMQ_URL, REDIS_URL +- OAuth vars (Backend): MOJEID_CLIENT_ID/SECRET, BANKID_CLIENT_ID/SECRET (optional) +- Frontend: VITE_BACKEND_URL + +### Dependencies (key libraries) +I am not sure what is meant by "key libraries" + +Backend: FastAPI, fastapi-users, SQLAlchemy, pydantic v2, Alembic, Celery +Frontend: React, TypeScript, Vite +Services: PostgreSQL, RabbitMQ, Redis ## Build Instructions -### 1. Clone the Repository +You can run the project with Docker Compose (recommended for local development) or run services manually. + +### 1) Clone the Repository ```bash -git clone [your-repository-url] -cd [repository-name] +git clone https://github.com/dat515-2025/Group-8.git +cd 7project ``` -### 2. Install Dependencies - +### 2) Install dependencies +Backend ```bash -# Provide step-by-step commands -# For example: -# npm install -# go mod download +# In 7project/backend +python3.12 -m venv .venv +source .venv/bin/activate # Windows: .venv\Scripts\activate +pip install -r requirements.txt ``` - -### 3. Build the Application - +Frontend ```bash -# Provide exact build commands -# For example: -# make build -# docker build -t myapp . +# In 7project/frontend +npm install ``` -### 4. Configuration +### 3) Manual Local Run +Backend ```bash -# Any configuration steps needed -# Environment variables to set -# Configuration files to create +# From the 7project/ directory +docker compose up --build +# This starts: PostgreSQL, RabbitMQ/Redis (if defined) + +# Set environment variables (or create .env file) +export SECRET=CHANGE_ME_SECRET +export BACKEND_URL=http://127.0.0.1:8000 +export FRONTEND_URL=http://localhost:5173 +export DATABASE_URL=postgresql+asyncpg://user:password@127.0.0.1:5432/app +export RABBITMQ_URL=amqp://guest:guest@127.0.0.1:5672/ +export REDIS_URL=redis://127.0.0.1:6379/0 + +# Apply DB migrations (Alembic) +# From 7project/backend +alembic upgrade head + +# Run API +uvicorn app.app:fastApi --reload --host 0.0.0.0 --port 8000 + +# Run Celery worker (optional, for emails/background tasks) +celery -A app.celery_app.celery_app worker -l info ``` +Frontend +```bash +# Configure backend URL for dev +echo 'VITE_BACKEND_URL=http://127.0.0.1:8000' > .env +npm run dev +# Open http://localhost:5173 +``` + +- Backend default: http://127.0.0.1:8000 (OpenAPI at /docs) +- Frontend default: http://localhost:5173 + +If needed, adjust compose services/ports in compose.yml. + + ## Deployment Instructions -### Local Deployment +### Local (Docker Compose) +Described in the previous section (Manual Local Run) + +### Kubernetes (via OpenTofu + Helm) + +1) Provision platform services (RabbitMQ/Redis/ingress/tunnel/etc.) with OpenTofu ```bash -# Step-by-step commands for local deployment -# For example: -# docker-compose up -d -# kubectl apply -f manifests/ +cd tofu +# copy and edit variables +cp terraform.tfvars.example terraform.tfvars +# authenticate to your cluster/cloud as needed, then: +tofu init +tofu plan +tofu apply ``` -### Cloud Deployment - +2) Deploy the app using Helm ```bash -# Commands for cloud deployment -# Include any cloud-specific setup +# Set the namespace +kubectl create namespace myapp || true + +# Install/upgrade the chart with required values +helm upgrade --install myapp charts/myapp-chart \ + -n myapp \ + -f charts/myapp-chart/values.yaml \ + --set image.backend.repository=myorg/myapp-backend \ + --set image.backend.tag=latest \ + --set env.BACKEND_URL="https://myapp.example.com" \ + --set env.FRONTEND_URL="https://myapp.example.com" \ + --set env.SECRET="CHANGE_ME_SECRET" +``` +Adjust values to your registry and domain. The chart’s NOTES.txt includes additional examples. + +3) Expose and access +- If using Cloudflare Tunnel or an ingress, configure DNS accordingly (see tofu/modules/cloudflare and deployment/tunnel.yaml). +- For quick testing without ingress: +```bash +kubectl -n myapp port-forward deploy/myapp-backend 8000:8000 +kubectl -n myapp port-forward deploy/myapp-frontend 5173:80 ``` ### Verification ```bash -# Commands to verify deployment worked -# How to check if services are running -# Example health check endpoints +# Check pods +kubectl -n myapp get pods + +# Backend health +curl -i http://127.0.0.1:8000/ +# OpenAPI +open http://127.0.0.1:8000/docs + +# Frontend (if port-forwarded) +open http://localhost:5173 ``` ## Testing Instructions @@ -156,19 +241,38 @@ cd [repository-name] ## Usage Examples -### Basic Usage +All endpoints are documented at OpenAPI: http://127.0.0.1:8000/docs + +### Auth: Register and Login (JWT) ```bash -# Examples of how to use the application -# Common commands or API calls -# Sample data or test scenarios +# Register +curl -X POST http://127.0.0.1:8000/auth/register \ + -H 'Content-Type: application/json' \ + -d '{ + "email": "user@example.com", + "password": "StrongPassw0rd", + "first_name": "Jane", + "last_name": "Doe" + }' + +# Login (JWT) +TOKEN=$(curl -s -X POST http://127.0.0.1:8000/auth/jwt/login \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + -d 'username=user@example.com&password=StrongPassw0rd' | jq -r .access_token) + +echo $TOKEN + +# Call a protected route +curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route ``` -### Advanced Features +### Frontend -```bash -# Examples showcasing advanced functionality -``` +- Start with: npm run dev in 7project/frontend +- Ensure VITE_BACKEND_URL is set to the backend URL (e.g., http://127.0.0.1:8000) +- Open http://localhost:5173 +- Login, view latest transactions, filter, and add new transactions from the UI. --- @@ -215,18 +319,18 @@ cd [repository-name] > This information is used for individual grading. > Link to the specific commit on GitHub for each contribution. -| Task/Component | Assigned To | Status | Time Spent | Difficulty | Notes | -| ------------------------------------------------------------------- | ----------- | ------------- | ---------- | ---------- | ----------- | -| Project Setup & Repository | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] | -| [Design Document](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] | -| [Backend API Development](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Hard | [Any notes] | -| [Database Setup & Models](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] | -| [Frontend Development](https://github.com/dat515-2025/group-name) | [Name] | 🔄 In Progress | [X hours] | Medium | [Any notes] | -| [Docker Configuration](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] | -| [Cloud Deployment](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Hard | [Any notes] | -| [Testing Implementation](https://github.com/dat515-2025/group-name) | [Name] | ⏳ Pending | [X hours] | Medium | [Any notes] | -| [Documentation](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] | -| [Presentation Video](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] | +| Task/Component | Assigned To | Status | Time Spent | Difficulty | Notes | +|-----------------------------------------------------------------------|-------------| ------------- |----------------|------------| ----------- | +| [Project Setup & Repository](https://github.com/dat515-2025/Group-8#) | Lukas | ✅ Complete | [X hours] | Medium | [Any notes] | +| [Design Document](https://github.com/dat515-2025/Group-8/blob/main/6design/design.md) | Both | ✅ Complete | 2 Hours | Easy | [Any notes] | +| [Backend API Development](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/api) | Dejan | ✅ Complete | 10 hours | Medium | [Any notes] | +| [Database Setup & Models](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/models) | Lukas | ✅ Complete | [X hours] | Medium | [Any notes] | +| [Frontend Development](https://github.com/dat515-2025/Group-8/tree/main/7project/frontend) | Dejan | 🔄 In Progress | 7 hours so far | Medium | [Any notes] | +| [Docker Configuration](https://github.com/dat515-2025/Group-8/blob/main/7project/compose.yml) | Lukas | ✅ Complete | [X hours] | Easy | [Any notes] | +| [Cloud Deployment](https://github.com/dat515-2025/Group-8/blob/main/7project/deployment/app-demo-deployment.yaml) | Lukas | ✅ Complete | [X hours] | Hard | [Any notes] | +| [Testing Implementation](https://github.com/dat515-2025/group-name) | Dejan | ❌ Not Started | [X hours] | Medium | [Any notes] | +| [Documentation](https://github.com/dat515-2025/group-name) | Both | ❌ Not Started | [X hours] | Easy | [Any notes] | +| [Presentation Video](https://github.com/dat515-2025/group-name) | Both | ❌ Not Started | [X hours] | Medium | [Any notes] | **Legend**: ✅ Complete | 🔄 In Progress | ⏳ Pending | ❌ Not Started @@ -244,25 +348,16 @@ cd [repository-name] | [Date] | Documentation | [X.X] | Updated README and design doc | | **Total** | | **[XX.X]** | | -### [Team Member 2 Name] +### Dejan -| Date | Activity | Hours | Description | -| --------- | -------------------- | ---------- | ----------------------------------------- | -| [Date] | Frontend Development | [X.X] | Created user interface mockups | -| [Date] | Integration | [X.X] | Connected frontend to backend API | -| [Date] | Deployment | [X.X] | Docker configuration and cloud deployment | -| [Date] | Testing | [X.X] | End-to-end testing | -| **Total** | | **[XX.X]** | | +| Date | Activity | Hours | Description | +|-------------|----------------------|--------|--------------------------------| +| 25.9. | Design | 1.5 | 6design | +| 9-11.10. | Backend APIs | 10 | Implemented Backend APIs | +| 13-15.10. | Frontend Development | 6.5 | Created user interface mockups | +| Continually | Documantation | 3 | Documenting the dev process | +| **Total** | | **21** | | -### [Team Member 3 Name] (if applicable) - -| Date | Activity | Hours | Description | -| --------- | ------------------------ | ---------- | -------------------------------- | -| [Date] | Database Design | [X.X] | Schema design and implementation | -| [Date] | Cloud Configuration | [X.X] | AWS/GCP setup and configuration | -| [Date] | Performance Optimization | [X.X] | Caching and query optimization | -| [Date] | Monitoring | [X.X] | Logging and monitoring setup | -| **Total** | | **[XX.X]** | | ### Group Total: [XXX.X] hours @@ -292,11 +387,8 @@ cd [repository-name] [Personal reflection on growth, challenges, and learning] -#### [Team Member 3 Name] (if applicable) - -[Personal reflection on growth, challenges, and learning] --- **Report Completion Date**: [Date] -**Last Updated**: [Date] \ No newline at end of file +**Last Updated**: 15.10.2025 \ No newline at end of file From 14516a808b3b8c30d65eb47594be2bc31b397583 Mon Sep 17 00:00:00 2001 From: ribardej Date: Thu, 16 Oct 2025 11:15:54 +0200 Subject: [PATCH 02/27] feat(docs): this week meeting.md --- 7project/meetings/meeting-16-10.md | 50 ++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 7project/meetings/meeting-16-10.md diff --git a/7project/meetings/meeting-16-10.md b/7project/meetings/meeting-16-10.md new file mode 100644 index 0000000..df957d0 --- /dev/null +++ b/7project/meetings/meeting-16-10.md @@ -0,0 +1,50 @@ +# Weekly Meeting Notes + +- Group 8 - Personal finance tracker +- Mentor: Jaychander + +Keep all meeting notes in the `meetings.md` file in your project folder. +Just copy the template below for each weekly meeting and fill in the details. + +## Administrative Info + +- Date: 2025-10-08 +- Attendees: Dejan Ribarovski, Lukas Trkan +- Notetaker: Dejan Ribarovski + +## Progress Update (Before Meeting) + +Summary of what has been accomplished since the last meeting in the following categories. + +## Action Items from Last Week (During Meeting) + +- [x] start coding the app logic +- [x] start writing the report so it matches the actual progress +- [x] redo the system diagram so it includes a response flow + +### Coding +Implemented initial functioning version of the app, added OAuth with BankId and MojeID, +added database snapshots. + +### Documentation +report.md is up to date + +## Questions and Topics for Discussion (Before Meeting) + +Prepare 3-5 questions and topics you want to discuss with your mentor. + +1. What other functionality should be added to the app +2. Priority for the next week (Testing maybe?) +3. Question 3 + +## Discussion Notes (During Meeting) + +## Action Items for Next Week (During Meeting) + +Last 3 minutes of the meeting, summarize action items. + +- [ ] Action Item 1 +- [ ] Action Item 2 +- [ ] Action Item 3 + +--- \ No newline at end of file From 9bc543a5fa91d0b6d73b15862a6f235e1c955491 Mon Sep 17 00:00:00 2001 From: ribardej Date: Thu, 16 Oct 2025 13:27:53 +0200 Subject: [PATCH 03/27] feat(docs): weekly meeting --- .../meetings/{meeting-16-10.md => 2025-10-16-meeting.md} | 9 ++++++--- .../meetings/{meeting-9-10.md => 2025-10-9-meeting.md} | 0 7project/report.md | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) rename 7project/meetings/{meeting-16-10.md => 2025-10-16-meeting.md} (86%) rename 7project/meetings/{meeting-9-10.md => 2025-10-9-meeting.md} (100%) diff --git a/7project/meetings/meeting-16-10.md b/7project/meetings/2025-10-16-meeting.md similarity index 86% rename from 7project/meetings/meeting-16-10.md rename to 7project/meetings/2025-10-16-meeting.md index df957d0..ae5a448 100644 --- a/7project/meetings/meeting-16-10.md +++ b/7project/meetings/2025-10-16-meeting.md @@ -43,8 +43,11 @@ Prepare 3-5 questions and topics you want to discuss with your mentor. Last 3 minutes of the meeting, summarize action items. -- [ ] Action Item 1 -- [ ] Action Item 2 -- [ ] Action Item 3 +- [ ] OAuth +- [ ] CI/CD fix +- [ ] Database local (multiple bank accounts) +- [ ] Add tests and set up github pipeline +- [ ] Frontend imporvment - user experience +- [ ] make the report more clear --- \ No newline at end of file diff --git a/7project/meetings/meeting-9-10.md b/7project/meetings/2025-10-9-meeting.md similarity index 100% rename from 7project/meetings/meeting-9-10.md rename to 7project/meetings/2025-10-9-meeting.md diff --git a/7project/report.md b/7project/report.md index ad53df0..3621ae3 100644 --- a/7project/report.md +++ b/7project/report.md @@ -1,4 +1,4 @@ -# Project Report +# Personal finance tracker > **Instructions**: > This template provides the structure for your project report. @@ -12,7 +12,7 @@ **Group Members**: - Student number, Lukáš Trkan, lukastrkan -- 289258, Dejan Ribarovski, derib2613 +- 289258, Dejan Ribarovski, derib2613, ribardej **Brief Description**: Our application is a finance tracker, so a person can easily track his cash flow From 3b6b64d472c919ee8045ffe6c2a8e6d75e6f0bc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 13:51:52 +0200 Subject: [PATCH 04/27] update report.md --- 7project/report.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/7project/report.md b/7project/report.md index 3621ae3..efb9b97 100644 --- a/7project/report.md +++ b/7project/report.md @@ -11,7 +11,7 @@ **Group Members**: -- Student number, Lukáš Trkan, lukastrkan +- 289229, Lukáš Trkan, lukastrkan - 289258, Dejan Ribarovski, derib2613, ribardej **Brief Description**: From c4991ea3c4eff4928a69f5380f75bc59267a8602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 14:47:16 +0200 Subject: [PATCH 05/27] fix(infrastructure): add env variables to deployment --- .github/workflows/deploy-pr.yaml | 33 +++++----- .github/workflows/deploy-prod.yaml | 27 ++++---- .github/workflows/frontend-pages.yml | 61 +++---------------- .github/workflows/url_generator.yml | 43 +++++++++++++ .../charts/myapp-chart/templates/NOTES.txt | 54 ---------------- .../myapp-chart/templates/app-deployment.yaml | 16 +++++ 7project/charts/myapp-chart/values.yaml | 12 ++++ 7 files changed, 116 insertions(+), 130 deletions(-) create mode 100644 .github/workflows/url_generator.yml delete mode 100644 7project/charts/myapp-chart/templates/NOTES.txt diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 54b6b33..314fc53 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -29,6 +29,14 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit + get_urls: + if: github.event.action != 'closed' + uses: ./.github/workflows/url_generator.yml + with: + mode: pr + pr_number: ${{ github.event.pull_request.number }} + secrets: inherit + deploy: if: github.event.action != 'closed' name: Helm upgrade/install (PR preview) @@ -36,7 +44,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -64,23 +72,23 @@ jobs: DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} + DOMAIN: ${{ needs.get_urls.outputs.backend_url }} + DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} + FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | PR=${{ github.event.pull_request.number }} - if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi - if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi - if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi - if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR - DOMAIN=pr-$PR.$DEV_BASE_DOMAIN - if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \ -n "$NAMESPACE" --create-namespace \ -f 7project/charts/myapp-chart/values-dev.yaml \ --set prNumber="$PR" \ --set deployment="pr-$PR" \ --set domain="$DOMAIN" \ - --set image.repository="$IMAGE_REPO" \ + --set domain_scheme="$DOMAIN_SCHEME" \ + --set frontend_domain="$FRONTEND_DOMAIN" \ + --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ --set-string database.password="$DB_PASSWORD" @@ -88,17 +96,14 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} - FRONTEND_URL: ${{ needs.frontend.outputs.deployed_url }} + BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; if (!pr) { core.setFailed('No pull_request context'); return; } const prNumber = pr.number; - const domainBase = process.env.DEV_BASE_DOMAIN; - if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; } - const backendDomain = `pr-${prNumber}.${domainBase}`; - const backendUrl = `https://${backendDomain}`; + const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index 91fda92..dfaf21d 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -37,10 +37,17 @@ jobs: mode: prod secrets: inherit + get_urls: + name: Get URLs + uses: ./.github/workflows/url_generator.yml + with: + mode: prod + secrets: inherit + deploy: name: Helm upgrade/install (prod) runs-on: vhs - needs: [build, frontend] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -63,25 +70,23 @@ jobs: - name: Helm upgrade/install prod env: - DOMAIN: ${{ secrets.PROD_DOMAIN }} + DOMAIN: ${{ needs.get_urls.outputs.backend_url }} + DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} + FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} run: | - if [ -z "$DOMAIN" ]; then - echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi - if [ -z "$RABBITMQ_PASSWORD" ]; then - echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi - if [ -z "$DB_PASSWORD" ]; then - echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi - if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi helm upgrade --install myapp ./7project/charts/myapp-chart \ -n prod --create-namespace \ -f 7project/charts/myapp-chart/values-prod.yaml \ --set deployment="prod" \ --set domain="$DOMAIN" \ - --set image.repository="$IMAGE_REPO" \ + --set domain_scheme="$DOMAIN_SCHEME" \ + --set frontend_domain="$FRONTEND_DOMAIN" \ + --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" + --set-string database.password="$DB_PASSWORD" diff --git a/.github/workflows/frontend-pages.yml b/.github/workflows/frontend-pages.yml index cf47997..d5c91f6 100644 --- a/.github/workflows/frontend-pages.yml +++ b/.github/workflows/frontend-pages.yml @@ -25,18 +25,18 @@ on: description: 'URL of deployed frontend' value: ${{ jobs.deploy.outputs.deployed_url }} -# Required repository secrets: -# CLOUDFLARE_API_TOKEN - API token with Pages:Edit (or Account:Workers Scripts:Edit) permissions -# CLOUDFLARE_ACCOUNT_ID - Your Cloudflare account ID -# Optional repository variables: -# CF_PAGES_PROJECT_NAME - Default Cloudflare Pages project name -# PROD_DOMAIN - App domain for prod releases (e.g., api.example.com or https://api.example.com) -# BACKEND_URL_PR_TEMPLATE - Template for PR backend URL. Use {PR} placeholder for PR number (e.g., https://api-pr-{PR}.example.com) - jobs: + get_urls: + uses: ./.github/workflows/url_generator.yml + with: + mode: ${{ inputs.mode }} + pr_number: ${{ inputs.pr_number }} + secrets: inherit + build: name: Build frontend runs-on: ubuntu-latest + needs: [get_urls] defaults: run: working-directory: 7project/frontend @@ -54,50 +54,9 @@ jobs: - name: Install dependencies run: npm ci - - name: Compute backend URL for Vite - id: be - env: - EVENT_NAME: ${{ github.event_name }} - PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }} - PR_TEMPLATE: ${{ vars.BACKEND_URL_PR_TEMPLATE }} - DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} - PROD_DOMAIN_VAR: ${{ vars.PROD_DOMAIN }} - PROD_DOMAIN_SECRET: ${{ secrets.PROD_DOMAIN }} - BACKEND_URL_OVERRIDE: ${{ vars.BACKEND_URL || secrets.BACKEND_URL }} - MODE: ${{ inputs.mode }} + - name: Set backend URL from url_generator run: | - set -euo pipefail - URL="" - # 1) Explicit override wins (from repo var or secret) - if [ -n "${BACKEND_URL_OVERRIDE:-}" ]; then - if echo "$BACKEND_URL_OVERRIDE" | grep -Eiq '^https?://'; then - URL="$BACKEND_URL_OVERRIDE" - else - URL="https://${BACKEND_URL_OVERRIDE}" - fi - else - # 2) PR-specific URL when building for PR - if [ "${MODE:-}" = "pr" ] || [ "${EVENT_NAME}" = "pull_request" ]; then - if [ -n "${PR_TEMPLATE:-}" ] && [ -n "${PR_NUMBER:-}" ] ; then - URL="${PR_TEMPLATE//\{PR\}/${PR_NUMBER}}" - elif [ -n "${DEV_BASE_DOMAIN:-}" ] && [ -n "${PR_NUMBER:-}" ]; then - URL="https://pr-${PR_NUMBER}.${DEV_BASE_DOMAIN}" - fi - fi - # 3) Fallback to PROD_DOMAIN (prefer repo var, then secret) - if [ -z "$URL" ]; then - PROD_DOMAIN="${PROD_DOMAIN_VAR:-${PROD_DOMAIN_SECRET:-}}" - if [ -n "$PROD_DOMAIN" ]; then - if echo "$PROD_DOMAIN" | grep -Eiq '^https?://'; then - URL="$PROD_DOMAIN" - else - URL="https://${PROD_DOMAIN}" - fi - fi - fi - fi - echo "Using backend URL: ${URL:-}" - echo "VITE_BACKEND_URL=${URL}" >> $GITHUB_ENV + echo "VITE_BACKEND_URL=${{ needs.get_urls.outputs.backend_url_scheme }}" >> $GITHUB_ENV - name: Build run: npm run build diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml new file mode 100644 index 0000000..02fa084 --- /dev/null +++ b/.github/workflows/url_generator.yml @@ -0,0 +1,43 @@ +name: url_generator +on: + workflow_call: + inputs: + mode: + description: "Mode: 'prod' or 'pr'" + required: true + type: string + pr_number: + description: 'PR number (required when mode=pr)' + required: false + type: string + +jobs: + get_urls: + runs-on: ubuntu-latest + outputs: + backend_url: ${{ steps.urls.outputs.backend_url }} + frontend_url: ${{ steps.urls.outputs.frontend_url }} + frontend_url_scheme: ${{ steps.urls.outputs.frontend_url_scheme }} + backend_url_scheme: ${{ steps.urls.outputs.backend_url_scheme }} + + steps: + - name: Compute URLs PROD + id: urls + run: | + set -euo pipefail + + if [ "${{ inputs.mode }}" = "prod" ]; then + BACKEND_URL="api.${{ secrets.PROD_DOMAIN }}" + FRONTEND_URL="finance.${{ secrets.PROD_DOMAIN }}" + + else + FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" + BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + + FRONTEND_URL_SCHEME="https://$FRONTEND_URL" + BACKEND_URL_SCHEME="https://$BACKEND_URL" + + echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT + echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT + echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT + echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT diff --git a/7project/charts/myapp-chart/templates/NOTES.txt b/7project/charts/myapp-chart/templates/NOTES.txt deleted file mode 100644 index 9eeb1e5..0000000 --- a/7project/charts/myapp-chart/templates/NOTES.txt +++ /dev/null @@ -1,54 +0,0 @@ -Thank you for installing myapp-chart. - -This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access. - -Namespaces per developer (important): -- Install each developer's environment into their own namespace using Helm's -n/--namespace flag. -- No hardcoded namespace is used in templates; resources are created in .Release.Namespace. -- Example namespaces: dev-alice, dev-bob, pr-123, etc. - -Key values: -- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER) -- image.repository/tag or image.digest -> container image -- domain -> public FQDN used by TunnelBinding (required to expose app) -- app/worker names, replicas, ports - -Examples: -- Dev install (Alice): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-alice --create-namespace \ - -f values-dev.yaml \ - --set domain=alice.demo.example.com \ - --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" - -- Dev install (Bob): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-bob --create-namespace \ - -f values-dev.yaml \ - --set domain=bob.demo.example.com - -- Prod install (different cleanupPolicy): - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n prod --create-namespace \ - -f values-prod.yaml \ - --set domain=app.example.com - -- PR (preview) install with DB name containing PR number (also its own namespace): - PR=123 - helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \ - -n pr-$PR --create-namespace \ - -f values-dev.yaml \ - --set prNumber=$PR \ - --set deployment=preview-$PR \ - --set domain=pr-$PR.example.com - -- Use a custom deployment identifier to suffix DB name, DB username and Secret name: - helm upgrade --install myapp ./7project/charts/myapp-chart \ - -n dev-alice --create-namespace \ - -f values-dev.yaml \ - --set deployment=alice \ - --set domain=alice.demo.example.com - -Render locally (dry run): - helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30 diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml index 1d264ab..499c1e4 100644 --- a/7project/charts/myapp-chart/templates/app-deployment.yaml +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -52,6 +52,22 @@ spec: value: {{ .Values.rabbitmq.vhost | default "/" | quote }} - name: MAIL_QUEUE value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }} + - name: MOJEID_CLIENT_ID + value: {{ .Values.oauth.mojeid.clientId | quote }} + - name: MOJEID_CLIENT_SECRET + value: {{ .Values.oauth.mojeid.clientSecret | quote }} + - name: BANKID_CLIENT_ID + value: {{ .Values.oauth.bankid.clientId | quote }} + - name: BANKID_CLIENT_SECRET + value: {{ .Values.oauth.bankid.clientSecret | quote }} + - name: DOMAIN + value: {{ required "Set .Values.domain" .Values.domain | quote }} + - name: DOMAIN_SCHEME + value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }} + - name: FRONTEND_DOMAIN + value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }} + - name: FRONTEND_DOMAIN_SCHEME + value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }} livenessProbe: httpGet: path: / diff --git a/7project/charts/myapp-chart/values.yaml b/7project/charts/myapp-chart/values.yaml index 4b36e35..6186a32 100644 --- a/7project/charts/myapp-chart/values.yaml +++ b/7project/charts/myapp-chart/values.yaml @@ -11,6 +11,10 @@ deployment: "" # Public domain to expose the app under (used by TunnelBinding fqdn) # Set at install time: --set domain=example.com domain: "" +domain_scheme: "" + +frontend_domain: "" +frontend_domain_scheme: "" image: repository: lukastrkan/cc-app-demo @@ -33,6 +37,14 @@ worker: service: port: 80 +oauth: + bankid: + clientId: "" + clientSecret: "" + mojeid: + clientId: "" + clientSecret: "" + rabbitmq: create: true replicas: 1 From 7c161f6f37f89d75bd9ca0ea893a412fa1d57201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 14:49:26 +0200 Subject: [PATCH 06/27] fix(infrastructure): add env variables to deployment --- .github/workflows/url_generator.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 02fa084..360fa2d 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -33,6 +33,7 @@ jobs: else FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + fi FRONTEND_URL_SCHEME="https://$FRONTEND_URL" BACKEND_URL_SCHEME="https://$BACKEND_URL" @@ -40,4 +41,4 @@ jobs: echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT - echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT + echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT \ No newline at end of file From c290a109b64c776fdcbe4aa09a48cd3096839712 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 15:01:53 +0200 Subject: [PATCH 07/27] fix(infrastructure): use variables, not secrets --- .github/workflows/url_generator.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 360fa2d..33d2098 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -27,12 +27,12 @@ jobs: set -euo pipefail if [ "${{ inputs.mode }}" = "prod" ]; then - BACKEND_URL="api.${{ secrets.PROD_DOMAIN }}" - FRONTEND_URL="finance.${{ secrets.PROD_DOMAIN }}" + BACKEND_URL="api.${{ vars.PROD_DOMAIN }}" + FRONTEND_URL="finance.${{ vars.PROD_DOMAIN }}" else - FRONTEND_URL="pr-${{inputs.pr_number}}.${{ secrets.DEV_FRONTEND_BASE_DOMAIN }}" - BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ secrets.DEV_BASE_DOMAIN }}" + FRONTEND_URL="pr-${{inputs.pr_number}}.${{ vars.DEV_FRONTEND_BASE_DOMAIN }}" + BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ vars.DEV_BASE_DOMAIN }}" fi FRONTEND_URL_SCHEME="https://$FRONTEND_URL" From c4afdf5ad2616de3b16828205e391429813580a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 15:10:33 +0200 Subject: [PATCH 08/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 2 +- .github/workflows/deploy-prod.yaml | 2 +- .github/workflows/url_generator.yml | 6 +++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 314fc53..abbd002 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -33,6 +33,7 @@ jobs: if: github.event.action != 'closed' uses: ./.github/workflows/url_generator.yml with: + runner: vhs mode: pr pr_number: ${{ github.event.pull_request.number }} secrets: inherit @@ -70,7 +71,6 @@ jobs: DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} - IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} DOMAIN: ${{ needs.get_urls.outputs.backend_url }} DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index dfaf21d..e092706 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -42,6 +42,7 @@ jobs: uses: ./.github/workflows/url_generator.yml with: mode: prod + runner: vhs secrets: inherit deploy: @@ -76,7 +77,6 @@ jobs: FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} - IMAGE_REPO: ${{ needs.build.outputs.image_repo }} DIGEST: ${{ needs.build.outputs.digest }} run: | helm upgrade --install myapp ./7project/charts/myapp-chart \ diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 33d2098..936d117 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -10,10 +10,14 @@ on: description: 'PR number (required when mode=pr)' required: false type: string + runner: + description: 'Runner to use (default: ubuntu-latest)' + required: false + type: string jobs: get_urls: - runs-on: ubuntu-latest + runs-on: ${{inputs.runner || 'ubuntu-latest'}} outputs: backend_url: ${{ steps.urls.outputs.backend_url }} frontend_url: ${{ steps.urls.outputs.frontend_url }} From 810f1ccb32b54eaba02636ca6c5c37b5f92aadc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:01:38 +0200 Subject: [PATCH 09/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index abbd002..a9a2ea4 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -77,6 +77,8 @@ jobs: FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | + #print env + env | sort PR=${{ github.event.pull_request.number }} RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR From efb454ba999c9bb3815759cb7011161cf6f97f91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:06:06 +0200 Subject: [PATCH 10/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index a9a2ea4..1ec6dd5 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -77,6 +77,10 @@ jobs: FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} run: | + DOMAIN=${{needs.get_urls.outputs.backend_url}} + DOMAIN_SCHEME=${{needs.get_urls.outputs.backend_url_scheme}} + FRONTEND_DOMAIN=${{needs.get_urls.outputs.frontend_url}} + FRONTEND_DOMAIN_SCHEME=${{needs.get_urls.outputs.frontend_url_scheme}} #print env env | sort PR=${{ github.event.pull_request.number }} From d1feafd4efd0ced042a54de5de6c6df46080ff24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:12:01 +0200 Subject: [PATCH 11/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 1ec6dd5..715bb93 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -72,15 +72,11 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} - DOMAIN: ${{ needs.get_urls.outputs.backend_url }} - DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }} - FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }} - FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }} + DOMAIN: "${{ needs.get_urls.outputs.backend_url }}" + DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}" + FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}" + FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}" run: | - DOMAIN=${{needs.get_urls.outputs.backend_url}} - DOMAIN_SCHEME=${{needs.get_urls.outputs.backend_url_scheme}} - FRONTEND_DOMAIN=${{needs.get_urls.outputs.frontend_url}} - FRONTEND_DOMAIN_SCHEME=${{needs.get_urls.outputs.frontend_url_scheme}} #print env env | sort PR=${{ github.event.pull_request.number }} From 49c96187c921e0016a3f5bd41e6d8ad140c767c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:17:41 +0200 Subject: [PATCH 12/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 715bb93..484622a 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -29,7 +29,7 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit - get_urls: + get_urls_2: if: github.event.action != 'closed' uses: ./.github/workflows/url_generator.yml with: @@ -45,7 +45,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend, get_urls] + needs: [build, frontend, get_urls_2] steps: - name: Checkout uses: actions/checkout@v4 @@ -72,10 +72,10 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} - DOMAIN: "${{ needs.get_urls.outputs.backend_url }}" - DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}" - FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}" - FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}" + DOMAIN: "${{ needs.get_urls_2.outputs.backend_url }}" + DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.backend_url_scheme }}" + FRONTEND_DOMAIN: "${{ needs.get_urls_2.outputs.frontend_url }}" + FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.frontend_url_scheme }}" run: | #print env env | sort @@ -98,8 +98,8 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} - FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} + BACKEND_URL: ${{ needs.get_urls_2.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls_2.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; From 4f7d30daf6c6543dbd89b3451bc6612f3f94335f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:32:00 +0200 Subject: [PATCH 13/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 43 ++++++++++++++-------------- .github/workflows/frontend-pages.yml | 18 +++++------- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 484622a..2bf2f79 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -20,17 +20,9 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit - frontend: - if: github.event.action != 'closed' - name: Frontend - Build and Deploy to Cloudflare Pages (PR) - uses: ./.github/workflows/frontend-pages.yml - with: - mode: pr - pr_number: ${{ github.event.pull_request.number }} - secrets: inherit - - get_urls_2: + get_urls: if: github.event.action != 'closed' + name: Generate Preview URLs uses: ./.github/workflows/url_generator.yml with: runner: vhs @@ -38,6 +30,17 @@ jobs: pr_number: ${{ github.event.pull_request.number }} secrets: inherit + frontend: + if: github.event.action != 'closed' + name: Frontend - Build and Deploy to Cloudflare Pages (PR) + needs: [get_urls] + uses: ./.github/workflows/frontend-pages.yml + with: + mode: pr + pr_number: ${{ github.event.pull_request.number }} + backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }} + secrets: inherit + deploy: if: github.event.action != 'closed' name: Helm upgrade/install (PR preview) @@ -45,7 +48,7 @@ jobs: concurrency: group: pr-${{ github.event.pull_request.number }} cancel-in-progress: false - needs: [build, frontend, get_urls_2] + needs: [build, frontend, get_urls] steps: - name: Checkout uses: actions/checkout@v4 @@ -72,13 +75,11 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} - DOMAIN: "${{ needs.get_urls_2.outputs.backend_url }}" - DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.backend_url_scheme }}" - FRONTEND_DOMAIN: "${{ needs.get_urls_2.outputs.frontend_url }}" - FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls_2.outputs.frontend_url_scheme }}" + DOMAIN: "${{ needs.get_urls.outputs.backend_url }}" + DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}" + FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}" + FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}" run: | - #print env - env | sort PR=${{ github.event.pull_request.number }} RELEASE=myapp-pr-$PR NAMESPACE=pr-$PR @@ -98,8 +99,8 @@ jobs: - name: Post preview URLs as PR comment uses: actions/github-script@v7 env: - BACKEND_URL: ${{ needs.get_urls_2.outputs.backend_url_scheme }} - FRONTEND_URL: ${{ needs.get_urls_2.outputs.frontend_url_scheme }} + BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }} + FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }} with: script: | const pr = context.payload.pull_request; @@ -107,7 +108,7 @@ jobs: const prNumber = pr.number; const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; - const marker = ''; + const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; const { owner, repo } = context.repo; const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 }); @@ -146,4 +147,4 @@ jobs: NAMESPACE=pr-$PR helm uninstall "$RELEASE" -n "$NAMESPACE" || true # Optionally delete the namespace if empty - kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true + kubectl delete namespace "$NAMESPACE" --ignore-not-found=true || true \ No newline at end of file diff --git a/.github/workflows/frontend-pages.yml b/.github/workflows/frontend-pages.yml index d5c91f6..7b46a6f 100644 --- a/.github/workflows/frontend-pages.yml +++ b/.github/workflows/frontend-pages.yml @@ -15,6 +15,10 @@ on: description: 'Cloudflare Pages project name (overrides default)' required: false type: string + backend_url_scheme: + description: 'The full scheme URL for the backend (e.g., https://api.example.com)' + required: true + type: string secrets: CLOUDFLARE_API_TOKEN: required: true @@ -26,17 +30,9 @@ on: value: ${{ jobs.deploy.outputs.deployed_url }} jobs: - get_urls: - uses: ./.github/workflows/url_generator.yml - with: - mode: ${{ inputs.mode }} - pr_number: ${{ inputs.pr_number }} - secrets: inherit - build: name: Build frontend runs-on: ubuntu-latest - needs: [get_urls] defaults: run: working-directory: 7project/frontend @@ -54,9 +50,9 @@ jobs: - name: Install dependencies run: npm ci - - name: Set backend URL from url_generator + - name: Set backend URL from workflow input run: | - echo "VITE_BACKEND_URL=${{ needs.get_urls.outputs.backend_url_scheme }}" >> $GITHUB_ENV + echo "VITE_BACKEND_URL=${{ inputs.backend_url_scheme }}" >> $GITHUB_ENV - name: Build run: npm run build @@ -136,4 +132,4 @@ jobs: else URL="https://${PBRANCH}.${PNAME}.pages.dev" fi - echo "deployed_url=$URL" >> $GITHUB_OUTPUT + echo "deployed_url=$URL" >> $GITHUB_OUTPUT \ No newline at end of file From 579dda50b901aaccfd264106ed8ce6861280357e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:42:02 +0200 Subject: [PATCH 14/27] fix(infrastructure): use correct runner --- .github/workflows/url_generator.yml | 56 ++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 936d117..ed1a4b8 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -1,9 +1,12 @@ -name: url_generator +# .github/workflows/url_generator.yml + +name: Generate Preview or Production URLs + on: workflow_call: inputs: mode: - description: "Mode: 'prod' or 'pr'" + description: "Build mode: 'prod' or 'pr'" required: true type: string pr_number: @@ -11,37 +14,56 @@ on: required: false type: string runner: - description: 'Runner to use (default: ubuntu-latest)' + description: 'The runner to use for this job' required: false type: string + default: 'ubuntu-latest' + secrets: inherit + + outputs: + backend_url: + description: "The backend URL without scheme (e.g., api.example.com)" + value: ${{ jobs.generate-urls.outputs.backend_url }} + frontend_url: + description: "The frontend URL without scheme (e.g., app.example.com)" + value: ${{ jobs.generate-urls.outputs.frontend_url }} + backend_url_scheme: + description: "The backend URL with scheme (e.g., https://api.example.com)" + value: ${{ jobs.generate-urls.outputs.backend_url_scheme }} + frontend_url_scheme: + description: "The frontend URL with scheme (e.g., https://app.example.com)" + value: ${{ jobs.generate-urls.outputs.frontend_url_scheme }} jobs: - get_urls: - runs-on: ${{inputs.runner || 'ubuntu-latest'}} + generate-urls: + runs-on: ${{ inputs.runner }} outputs: - backend_url: ${{ steps.urls.outputs.backend_url }} - frontend_url: ${{ steps.urls.outputs.frontend_url }} - frontend_url_scheme: ${{ steps.urls.outputs.frontend_url_scheme }} - backend_url_scheme: ${{ steps.urls.outputs.backend_url_scheme }} + backend_url: ${{ steps.set_urls.outputs.backend_url }} + frontend_url: ${{ steps.set_urls.outputs.frontend_url }} + backend_url_scheme: ${{ steps.set_urls.outputs.backend_url_scheme }} + frontend_url_scheme: ${{ steps.set_urls.outputs.frontend_url_scheme }} steps: - - name: Compute URLs PROD - id: urls + - name: Generate URLs + id: set_urls + env: + BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} run: | set -euo pipefail if [ "${{ inputs.mode }}" = "prod" ]; then - BACKEND_URL="api.${{ vars.PROD_DOMAIN }}" - FRONTEND_URL="finance.${{ vars.PROD_DOMAIN }}" - + BACKEND_URL="api.${BASE_DOMAIN}" + FRONTEND_URL="finance.${BASE_DOMAIN}" else - FRONTEND_URL="pr-${{inputs.pr_number}}.${{ vars.DEV_FRONTEND_BASE_DOMAIN }}" - BACKEND_URL="api-pr-${{inputs.pr_number}}.${{ vars.DEV_BASE_DOMAIN }}" + # This is your current logic + FRONTEND_URL="pr-${{ inputs.pr_number }}.group-8-frontend.pages.dev" + BACKEND_URL="api-pr-${{ inputs.pr_number }}.${BASE_DOMAIN}" fi - + FRONTEND_URL_SCHEME="https://$FRONTEND_URL" BACKEND_URL_SCHEME="https://$BACKEND_URL" + # This part correctly writes to GITHUB_OUTPUT for the step echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT From 20d26b7edc5215abb84a1c83ce4713b32c76091e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:42:16 +0200 Subject: [PATCH 15/27] fix(infrastructure): use correct runner --- .github/workflows/url_generator.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index ed1a4b8..96ee890 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -1,5 +1,3 @@ -# .github/workflows/url_generator.yml - name: Generate Preview or Production URLs on: From 85a390565a3e285621471e6892de0e633a87ac1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:43:55 +0200 Subject: [PATCH 16/27] fix(infrastructure): use correct runner --- .github/workflows/url_generator.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 96ee890..a5b7743 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -16,7 +16,9 @@ on: required: false type: string default: 'ubuntu-latest' - secrets: inherit + secrets: + BASE_DOMAIN: + required: false outputs: backend_url: @@ -35,6 +37,7 @@ on: jobs: generate-urls: runs-on: ${{ inputs.runner }} + outputs: backend_url: ${{ steps.set_urls.outputs.backend_url }} frontend_url: ${{ steps.set_urls.outputs.frontend_url }} From 815bf7f06523fe323945551399de41bf27c846dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 17:50:39 +0200 Subject: [PATCH 17/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-pr.yaml | 1 + .github/workflows/url_generator.yml | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 2bf2f79..9a311a2 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -28,6 +28,7 @@ jobs: runner: vhs mode: pr pr_number: ${{ github.event.pull_request.number }} + base_domain: ${{ vars.DEV_BASE_DOMAIN }} secrets: inherit frontend: diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index a5b7743..572d620 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -16,9 +16,10 @@ on: required: false type: string default: 'ubuntu-latest' - secrets: - BASE_DOMAIN: - required: false + base_domain: + description: 'The base domain for production URLs (e.g., example.com)' + required: true + type: string outputs: backend_url: @@ -48,7 +49,7 @@ jobs: - name: Generate URLs id: set_urls env: - BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }} + BASE_DOMAIN: ${{ inputs.base_domain }} run: | set -euo pipefail From 5190e9c48e3671c2d42200aeef4bef5c4955367f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:00:07 +0200 Subject: [PATCH 18/27] fix(infrastructure): use correct runner --- .github/workflows/deploy-prod.yaml | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index e092706..b42ee4a 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -30,19 +30,22 @@ jobs: context: 7project/backend secrets: inherit - frontend: - name: Frontend - Build and Deploy to Cloudflare Pages (prod) - uses: ./.github/workflows/frontend-pages.yml - with: - mode: prod - secrets: inherit - get_urls: - name: Get URLs + name: Generate Production URLs uses: ./.github/workflows/url_generator.yml with: mode: prod runner: vhs + base_domain: ${{ vars.PROD_DOMAIN }} + secrets: inherit + + frontend: + name: Frontend - Build and Deploy to Cloudflare Pages (prod) + needs: [get_urls] + uses: ./.github/workflows/frontend-pages.yml + with: + mode: prod + backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }} secrets: inherit deploy: @@ -78,6 +81,11 @@ jobs: RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }} DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }} DIGEST: ${{ needs.build.outputs.digest }} + BANKID_CLIENT_ID: ${{ secrets.BANKID_CLIENT_ID }} + BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }} + MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }} + MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }} + run: | helm upgrade --install myapp ./7project/charts/myapp-chart \ -n prod --create-namespace \ @@ -90,3 +98,7 @@ jobs: --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ --set-string database.password="$DB_PASSWORD" + --set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \ + --set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \ + --set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \ + --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \ No newline at end of file From cdb6cf5e205ab543af44cc50f0207523636ec66c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:02:09 +0200 Subject: [PATCH 19/27] Update .github/workflows/deploy-pr.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/deploy-pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-pr.yaml b/.github/workflows/deploy-pr.yaml index 9a311a2..c59f484 100644 --- a/.github/workflows/deploy-pr.yaml +++ b/.github/workflows/deploy-pr.yaml @@ -109,7 +109,7 @@ jobs: const prNumber = pr.number; const backendUrl = process.env.BACKEND_URL || '(not available)'; const frontendUrl = process.env.FRONTEND_URL || '(not available)'; - const marker = ''; + const marker = ''; const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`; const { owner, repo } = context.repo; const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 }); From 8929920072681389fed14683b4af4980f57db59e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:04:04 +0200 Subject: [PATCH 20/27] Potential fix for code scanning alert no. 9: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/url_generator.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/url_generator.yml b/.github/workflows/url_generator.yml index 572d620..31121d4 100644 --- a/.github/workflows/url_generator.yml +++ b/.github/workflows/url_generator.yml @@ -37,6 +37,8 @@ on: jobs: generate-urls: + permissions: + contents: none runs-on: ${{ inputs.runner }} outputs: From b6f9ee8fc70c86c849afc867ada4c182cc32e295 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:11:19 +0200 Subject: [PATCH 21/27] fix(infrastructure): add missing slash --- .github/workflows/deploy-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index b42ee4a..0de6907 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -97,7 +97,7 @@ jobs: --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set image.digest="$DIGEST" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ - --set-string database.password="$DB_PASSWORD" + --set-string database.password="$DB_PASSWORD" \ --set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \ --set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \ --set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \ From 60109c4a3537bddc7ff62e891433df216dea0188 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:18:19 +0200 Subject: [PATCH 22/27] fix(infrastructure): add oauth keys as secret --- .../myapp-chart/templates/app-deployment.yaml | 22 ++++++++++++++----- .../charts/myapp-chart/templates/prod.yaml | 10 +++++++++ 2 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 7project/charts/myapp-chart/templates/prod.yaml diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml index 499c1e4..1eeb7df 100644 --- a/7project/charts/myapp-chart/templates/app-deployment.yaml +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: allowPrivilegeEscalation: false capabilities: - drop: ["ALL"] + drop: [ "ALL" ] ports: - containerPort: {{ .Values.app.port }} env: @@ -53,13 +53,25 @@ spec: - name: MAIL_QUEUE value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }} - name: MOJEID_CLIENT_ID - value: {{ .Values.oauth.mojeid.clientId | quote }} + valueFrom: + secretKeyRef: + name: prod + key: MOJEID_CLIENT_ID - name: MOJEID_CLIENT_SECRET - value: {{ .Values.oauth.mojeid.clientSecret | quote }} + valueFrom: + secretKeyRef: + name: prod + key: MOJEID_CLIENT_SECRET - name: BANKID_CLIENT_ID - value: {{ .Values.oauth.bankid.clientId | quote }} + valueFrom: + secretKeyRef: + name: prod + key: BANKID_CLIENT_ID - name: BANKID_CLIENT_SECRET - value: {{ .Values.oauth.bankid.clientSecret | quote }} + valueFrom: + secretKeyRef: + name: prod + key: BANKID_CLIENT_SECRET - name: DOMAIN value: {{ required "Set .Values.domain" .Values.domain | quote }} - name: DOMAIN_SCHEME diff --git a/7project/charts/myapp-chart/templates/prod.yaml b/7project/charts/myapp-chart/templates/prod.yaml new file mode 100644 index 0000000..43147b0 --- /dev/null +++ b/7project/charts/myapp-chart/templates/prod.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: prod +type: Opaque +stringData: + MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }} + MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }} + BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }} + BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }} \ No newline at end of file From ef5b3f2d300bb3d37ad35db73eae6c88effc6b7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:25:06 +0200 Subject: [PATCH 23/27] feat(infrastructure): move to secrets --- .../myapp-chart/templates/app-deployment.yaml | 18 ++++++++++----- .../charts/myapp-chart/templates/prod.yaml | 9 +++++++- .../templates/worker-deployment.yaml | 23 +++++++++++++++++-- 3 files changed, 41 insertions(+), 9 deletions(-) diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml index 1eeb7df..3a516f3 100644 --- a/7project/charts/myapp-chart/templates/app-deployment.yaml +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -29,21 +29,27 @@ spec: - name: MARIADB_PORT value: '3306' - name: MARIADB_DB - value: {{ required "Set .Values.deployment" .Values.deployment | quote }} + valueFrom: + secretKeyRef: + name: prod + key: MARIADB_DB - name: MARIADB_USER - value: {{ required "Set .Values.deployment" .Values.deployment | quote }} + valueFrom: + secretKeyRef: + name: prod + key: MARIADB_USER - name: MARIADB_PASSWORD valueFrom: secretKeyRef: - name: {{ required "Set .Values.database.secretName" .Values.database.secretName }} - key: password + name: prod + key: MARIADB_PASSWORD - name: RABBITMQ_USERNAME value: {{ .Values.rabbitmq.username | quote }} - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }} - key: password + name: prod + key: RABBITMQ_PASSWORD - name: RABBITMQ_HOST value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }} - name: RABBITMQ_PORT diff --git a/7project/charts/myapp-chart/templates/prod.yaml b/7project/charts/myapp-chart/templates/prod.yaml index 43147b0..7ebf596 100644 --- a/7project/charts/myapp-chart/templates/prod.yaml +++ b/7project/charts/myapp-chart/templates/prod.yaml @@ -7,4 +7,11 @@ stringData: MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }} MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }} BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }} - BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }} \ No newline at end of file + BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }} + # Database credentials + MARIADB_DB: {{ .Values.database.name | default "app_db" | quote }} + MARIADB_USER: {{ .Values.database.user | default "app_user" | quote }} + MARIADB_PASSWORD: {{ .Values.database.password | default "" | quote }} + # RabbitMQ credentials + RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }} + RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }} diff --git a/7project/charts/myapp-chart/templates/worker-deployment.yaml b/7project/charts/myapp-chart/templates/worker-deployment.yaml index e4457fe..501c6fa 100644 --- a/7project/charts/myapp-chart/templates/worker-deployment.yaml +++ b/7project/charts/myapp-chart/templates/worker-deployment.yaml @@ -31,13 +31,32 @@ spec: - --loglevel - INFO env: + - name: MARIADB_HOST + value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local" + - name: MARIADB_PORT + value: '3306' + - name: MARIADB_DB + valueFrom: + secretKeyRef: + name: prod + key: MARIADB_DB + - name: MARIADB_USER + valueFrom: + secretKeyRef: + name: prod + key: MARIADB_USER + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: prod + key: MARIADB_PASSWORD - name: RABBITMQ_USERNAME value: {{ .Values.rabbitmq.username | quote }} - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }} - key: password + name: prod + key: RABBITMQ_PASSWORD - name: RABBITMQ_HOST value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }} - name: RABBITMQ_PORT From d593f7a9943b3c47c47c8d2092492473ad38f3c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Thu, 16 Oct 2025 18:30:13 +0200 Subject: [PATCH 24/27] feat(infrastructure): move to secrets --- 7project/charts/myapp-chart/templates/prod.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/7project/charts/myapp-chart/templates/prod.yaml b/7project/charts/myapp-chart/templates/prod.yaml index 7ebf596..3181845 100644 --- a/7project/charts/myapp-chart/templates/prod.yaml +++ b/7project/charts/myapp-chart/templates/prod.yaml @@ -9,8 +9,8 @@ stringData: BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }} BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }} # Database credentials - MARIADB_DB: {{ .Values.database.name | default "app_db" | quote }} - MARIADB_USER: {{ .Values.database.user | default "app_user" | quote }} + MARIADB_DB: {{ required "Set .Values.deployment" .Values.deployment | quote }} + MARIADB_USER: {{ required "Set .Values.deployment" .Values.deployment | quote }} MARIADB_PASSWORD: {{ .Values.database.password | default "" | quote }} # RabbitMQ credentials RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }} From cb9ef5e461fb0be773e75ea2ab16ed910d257c62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Fri, 17 Oct 2025 15:59:18 +0200 Subject: [PATCH 25/27] feat(app): add sentry loging --- .github/workflows/deploy-prod.yaml | 5 +++-- 7project/backend/app/app.py | 16 ++++++++++++++++ 7project/backend/requirements.txt | 2 ++ 7project/charts/myapp-chart/templates/prod.yaml | 1 + 7project/charts/myapp-chart/values.yaml | 2 ++ 5 files changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-prod.yaml b/.github/workflows/deploy-prod.yaml index 0de6907..37f703c 100644 --- a/.github/workflows/deploy-prod.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -85,7 +85,7 @@ jobs: BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }} MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }} MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }} - + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} run: | helm upgrade --install myapp ./7project/charts/myapp-chart \ -n prod --create-namespace \ @@ -101,4 +101,5 @@ jobs: --set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \ --set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \ --set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \ - --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \ No newline at end of file + --set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET" \ + --set-string sentry_dsn="$SENTRY_DSN" \ \ No newline at end of file diff --git a/7project/backend/app/app.py b/7project/backend/app/app.py index 85e18e2..f9a1cb5 100644 --- a/7project/backend/app/app.py +++ b/7project/backend/app/app.py @@ -1,3 +1,5 @@ +import os + from fastapi import Depends, FastAPI from fastapi.middleware.cors import CORSMiddleware @@ -9,6 +11,16 @@ from app.api.categories import router as categories_router from app.api.transactions import router as transactions_router from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users, get_oauth_provider + +from fastapi import FastAPI +import sentry_sdk + +sentry_sdk.init( + dsn=os.getenv("SENTRY_DSN"), + send_default_pii=True, +) + +app = FastAPI() fastApi = FastAPI() # CORS for frontend dev server @@ -59,3 +71,7 @@ async def root(): @fastApi.get("/authenticated-route") async def authenticated_route(user: User = Depends(current_active_verified_user)): return {"message": f"Hello {user.email}!"} + +@fastApi.get("/sentry-debug") +async def trigger_error(): + division_by_zero = 1 / 0 \ No newline at end of file diff --git a/7project/backend/requirements.txt b/7project/backend/requirements.txt index 6d41c19..34fc377 100644 --- a/7project/backend/requirements.txt +++ b/7project/backend/requirements.txt @@ -50,6 +50,7 @@ python-dateutil==2.9.0.post0 python-dotenv==1.1.1 python-multipart==0.0.20 PyYAML==6.0.2 +sentry-sdk==2.42.0 six==1.17.0 sniffio==1.3.1 SQLAlchemy==2.0.43 @@ -58,6 +59,7 @@ tomli==2.2.1 typing-inspection==0.4.1 typing_extensions==4.15.0 tzdata==2025.2 +urllib3==2.5.0 uvicorn==0.37.0 uvloop==0.21.0 vine==5.1.0 diff --git a/7project/charts/myapp-chart/templates/prod.yaml b/7project/charts/myapp-chart/templates/prod.yaml index 3181845..062f150 100644 --- a/7project/charts/myapp-chart/templates/prod.yaml +++ b/7project/charts/myapp-chart/templates/prod.yaml @@ -15,3 +15,4 @@ stringData: # RabbitMQ credentials RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }} RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }} + SENTRY_DSN: {{ .Values.sentry_dsn | quote }} diff --git a/7project/charts/myapp-chart/values.yaml b/7project/charts/myapp-chart/values.yaml index 6186a32..01eb8da 100644 --- a/7project/charts/myapp-chart/values.yaml +++ b/7project/charts/myapp-chart/values.yaml @@ -16,6 +16,8 @@ domain_scheme: "" frontend_domain: "" frontend_domain_scheme: "" +sentry_dsn: "" + image: repository: lukastrkan/cc-app-demo # You can use a tag or digest. If digest is provided, it takes precedence. From 2617c640a88d7cce1f61d561df7c286dee0b1acd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Fri, 17 Oct 2025 16:04:52 +0200 Subject: [PATCH 26/27] fix(app): add missing env variables --- 7project/charts/myapp-chart/templates/app-deployment.yaml | 5 +++++ 7project/charts/myapp-chart/templates/worker-deployment.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml index 3a516f3..074c8a6 100644 --- a/7project/charts/myapp-chart/templates/app-deployment.yaml +++ b/7project/charts/myapp-chart/templates/app-deployment.yaml @@ -86,6 +86,11 @@ spec: value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }} - name: FRONTEND_DOMAIN_SCHEME value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }} + - name: SENTRY_DSN + valueFrom: + secretKeyRef: + name: prod + key: SENTRY_DSN livenessProbe: httpGet: path: / diff --git a/7project/charts/myapp-chart/templates/worker-deployment.yaml b/7project/charts/myapp-chart/templates/worker-deployment.yaml index 501c6fa..973628a 100644 --- a/7project/charts/myapp-chart/templates/worker-deployment.yaml +++ b/7project/charts/myapp-chart/templates/worker-deployment.yaml @@ -65,3 +65,8 @@ spec: value: {{ .Values.rabbitmq.vhost | default "/" | quote }} - name: MAIL_QUEUE value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }} + - name: SENTRY_DSN + valueFrom: + secretKeyRef: + name: prod + key: SENTRY_DSN From 607c5eadd7fa98f8bfbafa6f575c898f05fd34da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= Date: Mon, 20 Oct 2025 19:20:56 +0200 Subject: [PATCH 27/27] feat(infrastructure): remove old deployment --- .../deployment/app-demo-database-grant.yaml | 20 -------- .../deployment/app-demo-database-secret.yaml | 7 --- .../deployment/app-demo-database-user.yaml | 20 -------- 7project/deployment/app-demo-database.yaml | 15 ------ 7project/deployment/app-demo-deployment.yaml | 48 ------------------- 7project/deployment/app-demo-svc.yaml | 10 ---- .../app-demo-worker-deployment.yaml | 41 ---------------- 7project/deployment/tunnel.yaml | 14 ------ 8 files changed, 175 deletions(-) delete mode 100644 7project/deployment/app-demo-database-grant.yaml delete mode 100644 7project/deployment/app-demo-database-secret.yaml delete mode 100644 7project/deployment/app-demo-database-user.yaml delete mode 100644 7project/deployment/app-demo-database.yaml delete mode 100644 7project/deployment/app-demo-deployment.yaml delete mode 100644 7project/deployment/app-demo-svc.yaml delete mode 100644 7project/deployment/app-demo-worker-deployment.yaml delete mode 100644 7project/deployment/tunnel.yaml diff --git a/7project/deployment/app-demo-database-grant.yaml b/7project/deployment/app-demo-database-grant.yaml deleted file mode 100644 index d2e2d53..0000000 --- a/7project/deployment/app-demo-database-grant.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Grant -metadata: - name: grant -spec: - mariaDbRef: - name: mariadb-repl - namespace: mariadb-operator - privileges: - - "ALL PRIVILEGES" - database: "app-demo-database" - table: "*" - username: "app-demo-user" - grantOption: true - host: "%" - # Delete the resource in the database whenever the CR gets deleted. - # Alternatively, you can specify Skip in order to omit deletion. - cleanupPolicy: Skip - requeueInterval: 10h - retryInterval: 30s \ No newline at end of file diff --git a/7project/deployment/app-demo-database-secret.yaml b/7project/deployment/app-demo-database-secret.yaml deleted file mode 100644 index d338dca..0000000 --- a/7project/deployment/app-demo-database-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: app-demo-database-secret -type: kubernetes.io/basic-auth -stringData: - password: "strongpassword" \ No newline at end of file diff --git a/7project/deployment/app-demo-database-user.yaml b/7project/deployment/app-demo-database-user.yaml deleted file mode 100644 index 1f41c3a..0000000 --- a/7project/deployment/app-demo-database-user.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: User -metadata: - name: app-demo-user -spec: - # If you want the user to be created with a different name than the resource name - # name: user-custom - mariaDbRef: - name: mariadb-repl - namespace: mariadb-operator - passwordSecretKeyRef: - name: app-demo-database-secret - key: password - maxUserConnections: 20 - host: "%" - # Delete the resource in the database whenever the CR gets deleted. - # Alternatively, you can specify Skip in order to omit deletion. - cleanupPolicy: Skip - requeueInterval: 10h - retryInterval: 30s \ No newline at end of file diff --git a/7project/deployment/app-demo-database.yaml b/7project/deployment/app-demo-database.yaml deleted file mode 100644 index db63b71..0000000 --- a/7project/deployment/app-demo-database.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Database -metadata: - name: app-demo-database -spec: - mariaDbRef: - name: mariadb-repl - namespace: mariadb-operator - characterSet: utf8 - collate: utf8_general_ci - # Delete the resource in the database whenever the CR gets deleted. - # Alternatively, you can specify Skip in order to omit deletion. - cleanupPolicy: Skip - requeueInterval: 10h - retryInterval: 30s \ No newline at end of file diff --git a/7project/deployment/app-demo-deployment.yaml b/7project/deployment/app-demo-deployment.yaml deleted file mode 100644 index 8cb1406..0000000 --- a/7project/deployment/app-demo-deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: app-demo -spec: - replicas: 3 - revisionHistoryLimit: 3 - selector: - matchLabels: - app: app-demo - template: - metadata: - labels: - app: app-demo - spec: - containers: - - image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05 - name: app-demo - ports: - - containerPort: 8000 - env: - - name: MARIADB_HOST - value: mariadb-repl.mariadb-operator.svc.cluster.local - - name: MARIADB_PORT - value: '3306' - - name: MARIADB_DB - value: app-demo-database - - name: MARIADB_USER - value: app-demo-user - - name: MARIADB_PASSWORD - valueFrom: - secretKeyRef: - name: app-demo-database-secret - key: password - livenessProbe: - httpGet: - path: / - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 3 - readinessProbe: - httpGet: - path: / - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 3 diff --git a/7project/deployment/app-demo-svc.yaml b/7project/deployment/app-demo-svc.yaml deleted file mode 100644 index 127ffb0..0000000 --- a/7project/deployment/app-demo-svc.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: app-demo -spec: - ports: - - port: 80 - targetPort: 8000 - selector: - app: app-demo diff --git a/7project/deployment/app-demo-worker-deployment.yaml b/7project/deployment/app-demo-worker-deployment.yaml deleted file mode 100644 index c797ace..0000000 --- a/7project/deployment/app-demo-worker-deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: app-demo-worker -spec: - replicas: 3 - revisionHistoryLimit: 3 - selector: - matchLabels: - app: app-demo-worker - template: - metadata: - labels: - app: app-demo-worker - spec: - containers: - - image: lukastrkan/cc-app-demo@sha256:75634b4d97282b6b8424fe17767c81adf44af5f7359c1d25883073b5629b3e05 - name: app-demo-worker - command: - - celery - - -A - - app.celery_app - - worker - - -Q - - $(MAIL_QUEUE) - - --loglevel - - INFO - env: - - name: RABBITMQ_USERNAME - value: demo-app - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: demo-app-user-credentials - key: password - - name: RABBITMQ_HOST - value: rabbitmq.rabbitmq.svc.cluster.local - - name: RABBITMQ_PORT - value: '5672' - - name: RABBITMQ_VHOST - value: "/" diff --git a/7project/deployment/tunnel.yaml b/7project/deployment/tunnel.yaml deleted file mode 100644 index b0ee35e..0000000 --- a/7project/deployment/tunnel.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: networking.cfargotunnel.com/v1alpha1 -kind: TunnelBinding -metadata: - name: guestbook-tunnel-binding - namespace: group-project -subjects: - - name: app-server - spec: - target: http://app-demo.group-project.svc.cluster.local - fqdn: demo.ltrk.cz - noTlsVerify: true -tunnelRef: - kind: ClusterTunnel - name: cluster-tunnel \ No newline at end of file