feat(infrastructure): add basic project deployment

2026-03-22 15:12:08 +01:00 · 2025-09-23 23:47:17 +02:00
parent c7d33465ca
commit f4c2b28864
16 changed files with 241 additions and 24 deletions
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -3,6 +3,8 @@ name: Build, Push and Update Image in Manifest
 on:
  push:
    branches: [ "main" ]
    paths:
      - 'backend/**'
  workflow_dispatch:
 jobs:
@@ -26,9 +28,9 @@ jobs:
        id: build
        uses: docker/build-push-action@v5
        with:
-          context: ./cd-test
+          context: ./backend
          push: true
-          tags: ${{ secrets.DOCKER_USER }}/cd-test:latest
+          tags: ${{ secrets.DOCKER_USER }}/cc-app-demo:latest
      - name: Get image digest
        run: echo "IMAGE_DIGEST=${{ steps.build.outputs.digest }}" >> $GITHUB_ENV
@@ -36,9 +38,9 @@ jobs:
      - name: Update manifest with new image digest
        uses: OpsVerseIO/image-updater-action@0.1.0
        with:
-          valueFile: 'cd-test/guestbook-ui-deployment.yaml'
+          valueFile: 'deployment/guestbook-ui-deployment.yaml'
          propertyPath: 'spec.template.spec.containers[0].image'
-          value: ${{ secrets.DOCKER_USER }}/cd-test@${{ env.IMAGE_DIGEST }}
+          value: ${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}
          commitChange: true
          message: "${{ github.event.head_commit.message }}"
          createPR: 'false'
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -0,0 +1,7 @@
 FROM python:3.11-slim
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY . .
 EXPOSE 8000
 CMD ["uvicorn", "app.app:app", "--host", "0.0.0.0", "--port", "8000"]
--- a/backend/app/app.py
+++ b/backend/app/app.py
@@ -1,11 +1,24 @@
 from fastapi import Depends, FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 from .db import User, create_db_and_tables
 from .schemas import UserCreate, UserRead, UserUpdate
-from .users import auth_backend, current_active_user, fastapi_users
+from .users import auth_backend, current_active_verified_user, fastapi_users
 app = FastAPI()
 # CORS for frontend dev server
 app.add_middleware(
    CORSMiddleware,
    allow_origins=[
        "http://localhost:5173",
        "http://127.0.0.1:5173",
    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )
 app.include_router(
    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
 )
@@ -32,7 +45,7 @@ app.include_router(
@app.get("/authenticated-route")
-async def authenticated_route(user: User = Depends(current_active_user)):
+async def authenticated_route(user: User = Depends(current_active_verified_user)):
    return {"message": f"Hello {user.email}!"}
--- a/backend/app/queue.py
+++ b/backend/app/queue.py
@@ -0,0 +1,47 @@
 import json
 import os
 from typing import Any, Dict
 import asyncio
 RABBITMQ_URL = os.getenv("RABBITMQ_URL") or (
    f"amqp://{os.getenv('RABBITMQ_USERNAME', 'user')}:"
    f"{os.getenv('RABBITMQ_PASSWORD', 'bitnami123')}@"
    f"{os.getenv('RABBITMQ_HOST', 'localhost')}:"
    f"{os.getenv('RABBITMQ_PORT', '5672')}"
 )
 QUEUE_NAME = os.getenv("MAIL_QUEUE", "mail_queue")
 async def _publish_async(message: Dict[str, Any]) -> None:
    # Import locally to avoid hard dependency at import-time
    import aio_pika
    connection = await aio_pika.connect_robust(RABBITMQ_URL)
    try:
        channel = await connection.channel()
        await channel.declare_queue(QUEUE_NAME, durable=True)
        body = json.dumps(message).encode("utf-8")
        await channel.default_exchange.publish(
            aio_pika.Message(body=body, delivery_mode=aio_pika.DeliveryMode.PERSISTENT),
            routing_key=QUEUE_NAME,
        )
    finally:
        await connection.close()
 def enqueue_email(to: str, subject: str, body: str) -> None:
    """
    Enqueue an email to RabbitMQ. If RabbitMQ or aio_pika is not available,
    this function will raise ImportError/ConnectionError. The caller may
    implement fallback (e.g., direct send).
    """
    message = {"type": "email", "to": to, "subject": subject, "body": body}
    try:
        loop = asyncio.get_running_loop()
        # Fire-and-forget task so we don't block the request path
        loop.create_task(_publish_async(message))
    except RuntimeError:
        # No running loop (e.g., called from sync context) – run a short loop
        asyncio.run(_publish_async(message))
--- a/backend/app/users.py
+++ b/backend/app/users.py
@@ -1,3 +1,4 @@
 import os
 import uuid
 from typing import Optional
@@ -12,7 +13,9 @@ from fastapi_users.db import SQLAlchemyUserDatabase
 from .db import User, get_user_db
-SECRET = "SECRET"
+SECRET = os.getenv("SECRET", "CHANGE_ME_SECRET")
 FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:5173")
 BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:8000")
 class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
@@ -20,7 +23,8 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
    verification_token_secret = SECRET
    async def on_after_register(self, user: User, request: Optional[Request] = None):
-        print(f"User {user.id} has registered.")
+        # Ask FastAPI Users to generate a verification token and trigger the hook below
        await self.request_verify(user, request)
    async def on_after_forgot_password(
            self, user: User, token: str, request: Optional[Request] = None
@@ -30,7 +34,26 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
    async def on_after_request_verify(
            self, user: User, token: str, request: Optional[Request] = None
    ):
-        print(f"Verification requested for user {user.id}. Verification token: {token}")
+        # Build verification email and send through RabbitMQ (with direct SMTP fallback)
        verify_frontend_link = f"{FRONTEND_URL}/verify?token={token}"
        verify_backend_link = f"{BACKEND_URL}/auth/verify?token={token}"
        subject = "Ověření účtu"
        body = (
            "Ahoj,\n\n"
            "děkujeme za registraci. Prosíme, ověř svůj účet kliknutím na tento odkaz:\n"
            f"{verify_frontend_link}\n\n"
            "Pokud by odkaz nefungoval, můžeš použít i přímý odkaz na backend:\n"
            f"{verify_backend_link}\n\n"
            "Pokud jsi registraci neprováděl(a), tento email ignoruj.\n"
        )
        try:
            from .queue import enqueue_email
            enqueue_email(to=user.email, subject=subject, body=body)
        except Exception:
            # Fallback: if queue is unavailable, log the email content (dev fallback)
            print("[Email Fallback] To:", user.email)
            print("[Email Fallback] Subject:", subject)
            print("[Email Fallback] Body:\n", body)
 async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
@@ -53,3 +76,4 @@ auth_backend = AuthenticationBackend(
 fastapi_users = FastAPIUsers[User, uuid.UUID](get_user_manager, [auth_backend])
 current_active_user = fastapi_users.current_user(active=True)
 current_active_verified_user = fastapi_users.current_user(active=True, verified=True)
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1,3 +1,6 @@
 aio-pika==9.5.6
 aiormq==6.8.1
 aiosqlite==0.21.0
 annotated-types==0.7.0
 anyio==4.11.0
 argon2-cffi==23.1.0
@@ -18,6 +21,9 @@ h11==0.16.0
 httptools==0.6.4
 idna==3.10
 makefun==1.16.0
 multidict==6.6.4
 pamqp==3.3.0
 propcache==0.3.2
 pwdlib==0.2.1
 pycparser==2.23
 pydantic==2.11.9
@@ -35,3 +41,4 @@ uvicorn==0.37.0
 uvloop==0.21.0
 watchfiles==1.1.0
 websockets==15.0.1
 yarl==1.20.1
--- a/backend/worker/init.py
+++ b/backend/worker/init.py
--- a/backend/worker/email_worker.py
+++ b/backend/worker/email_worker.py
@@ -0,0 +1,57 @@
 import asyncio
 import json
 import os
 from typing import Any, Dict
 RABBITMQ_URL = os.getenv("RABBITMQ_URL") or (
    f"amqp://{os.getenv('RABBITMQ_USERNAME', 'user')}:"
    f"{os.getenv('RABBITMQ_PASSWORD', 'bitnami123')}@"
    f"{os.getenv('RABBITMQ_HOST', 'localhost')}:"
    f"{os.getenv('RABBITMQ_PORT', '5672')}"
 )
 QUEUE_NAME = os.getenv("MAIL_QUEUE", "mail_queue")
 async def handle_message(message_body: bytes) -> None:
    try:
        data: Dict[str, Any] = json.loads(message_body.decode("utf-8"))
    except Exception as e:
        print(f"[email_worker] Failed to decode message: {e}")
        return
    if data.get("type") != "email":
        print(f"[email_worker] Unknown message type: {data}")
        return
    to = data.get("to")
    subject = data.get("subject")
    body = data.get("body")
    if not (to and subject and body):
        print(f"[email_worker] Incomplete email message: {data}")
        return
    try:
        await send_email(to=to, subject=subject, body=body)
        print(f"[email_worker] Sent email to {to}")
    except Exception as e:
        print(f"[email_worker] Error sending email to {to}: {e}")
 async def main() -> None:
    import aio_pika
    print(f"[email_worker] Connecting to RabbitMQ at {RABBITMQ_URL}")
    connection = await aio_pika.connect_robust(RABBITMQ_URL)
    channel = await connection.channel()
    queue = await channel.declare_queue(QUEUE_NAME, durable=True)
    print(f"[email_worker] Waiting for messages in queue '{QUEUE_NAME}' ...")
    async with queue.iterator() as queue_iter:
        async for message in queue_iter:
            async with message.process(requeue=False):
                await handle_message(message.body)
 if __name__ == "__main__":
    asyncio.run(main())
--- a/cd-test/Dockerfile
+++ b/cd-test/Dockerfile
@@ -1,2 +0,0 @@
 FROM httpd
 RUN echo "<html><body><h1>Current Skibidi Date and Skibidi Time</h1><p>$(date)</p></body></html>" > /usr/local/apache2/htdocs/index.html
--- a/deployment/app-demo-database-grant.yaml
+++ b/deployment/app-demo-database-grant.yaml
@@ -0,0 +1,19 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Grant
 metadata:
  name: grant
 spec:
  mariaDbRef:
    name: mariadb
  privileges:
    - "ALL PRIVILEGES"
  database: "app-demo-database"
  table: "*"
  username: "app-demo-user"
  grantOption: true
  host: "%"
  # Delete the resource in the database whenever the CR gets deleted.
  # Alternatively, you can specify Skip in order to omit deletion.
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
--- a/deployment/app-demo-database-secret.yaml
+++ b/deployment/app-demo-database-secret.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: app-demo-database-secret
 type: kubernetes.io/basic-auth
 stringData:
  password: "strongpassword"
--- a/deployment/app-demo-database-user.yaml
+++ b/deployment/app-demo-database-user.yaml
@@ -0,0 +1,19 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: User
 metadata:
  name: app-demo-user
 spec:
  # If you want the user to be created with a different name than the resource name
  # name: user-custom
  mariaDbRef:
    name: mariadb
  passwordSecretKeyRef:
    name: app-demo-database-secret
    key: password
  maxUserConnections: 20
  host: "%"
  # Delete the resource in the database whenever the CR gets deleted.
  # Alternatively, you can specify Skip in order to omit deletion.
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
--- a/deployment/app-demo-database.yaml
+++ b/deployment/app-demo-database.yaml
@@ -0,0 +1,14 @@
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Database
 metadata:
  name: app-demo-database
 spec:
  mariaDbRef:
    name: mariadb
  characterSet: utf8
  collate: utf8_general_ci
  # Delete the resource in the database whenever the CR gets deleted.
  # Alternatively, you can specify Skip in order to omit deletion.
  cleanupPolicy: Skip
  requeueInterval: 10h
  retryInterval: 30s
--- a/cd-test/guestbook-ui-deployment.yaml
+++ b/cd-test/guestbook-ui-deployment.yaml
@@ -1,34 +1,37 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: guestbook-ui
+  name: app-demo
 spec:
  replicas: 2
  revisionHistoryLimit: 3
  selector:
    matchLabels:
-      app: guestbook-ui
+      app: app-demo
  template:
    metadata:
      labels:
-        app: guestbook-ui
+        app: app-demo
    spec:
      containers:
-        - image: lukastrkan/cd-test@sha256:10590db789cef5f1a58bb603cce0b502ce2b4054af956d9b71d60e3f02045894
+        - image: lukastrkan/cc-app-demo@sha256:10590db789cef5f1a58bb603cce0b502ce2b4054af956d9b71d60e3f02045894
-          name: guestbook-ui
+          name: app-demo
          ports:
-            - containerPort: 80
+            - containerPort: 8000
          livenessProbe:
            httpGet:
              path: /
-              port: 80
+              port: 8000
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /
-              port: 80
+              port: 8000
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 3
        - image: lukastrkan/cc-app-demo
          name: app-demo-worker
          command: [ "python3", "worker/email_worker.py" ]
--- a/cd-test/guestbook-ui-svc.yaml
+++ b/cd-test/guestbook-ui-svc.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: guestbook-ui
+  name: app-demo
 spec:
  ports:
  - port: 80
-    targetPort: 80
+    targetPort: 8000
  selector:
-    app: guestbook-ui
+    app: app-demo
--- a/deployment/tunnel.yaml
+++ b/deployment/tunnel.yaml
@@ -6,8 +6,8 @@ metadata:
 subjects:
  - name: app-server
    spec:
-      target: http://guestbook-ui.group-project.svc.cluster.local
+      target: http://app-demo.group-project.svc.cluster.local
-      fqdn: guestbook.ltrk.cz
+      fqdn: demo.ltrk.cz
      noTlsVerify: true
 tunnelRef:
  kind: ClusterTunnel
		`@@ -1,2 +0,0 @@`
			`FROM httpd`
			`RUN echo "<html><body><h1>Current Skibidi Date and Skibidi Time</h1><p>$(date)</p></body></html>" > /usr/local/apache2/htdocs/index.html`