feat(infrastructure): add basic project deployment

2026-03-22 23:20:56 +01:00 · 2025-09-23 23:47:17 +02:00
parent c7d33465ca
commit f4c2b28864
16 changed files with 241 additions and 24 deletions
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -3,6 +3,8 @@ name: Build, Push and Update Image in Manifest
 on:
  push:
    branches: [ "main" ]
+    paths:
+      - 'backend/**'
  workflow_dispatch:

 jobs:
@@ -26,9 +28,9 @@ jobs:
        id: build
        uses: docker/build-push-action@v5
        with:
-          context: ./cd-test
+          context: ./backend
          push: true
-          tags: ${{ secrets.DOCKER_USER }}/cd-test:latest
+          tags: ${{ secrets.DOCKER_USER }}/cc-app-demo:latest

      - name: Get image digest
        run: echo "IMAGE_DIGEST=${{ steps.build.outputs.digest }}" >> $GITHUB_ENV
@@ -36,9 +38,9 @@ jobs:
      - name: Update manifest with new image digest
        uses: OpsVerseIO/image-updater-action@0.1.0
        with:
-          valueFile: 'cd-test/guestbook-ui-deployment.yaml'
+          valueFile: 'deployment/guestbook-ui-deployment.yaml'
          propertyPath: 'spec.template.spec.containers[0].image'
-          value: ${{ secrets.DOCKER_USER }}/cd-test@${{ env.IMAGE_DIGEST }}
+          value: ${{ secrets.DOCKER_USER }}/cc-app-demo@${{ env.IMAGE_DIGEST }}
          commitChange: true
          message: "${{ github.event.head_commit.message }}"
          createPR: 'false'
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -0,0 +1,7 @@
+FROM python:3.11-slim
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY . .
+EXPOSE 8000
+CMD ["uvicorn", "app.app:app", "--host", "0.0.0.0", "--port", "8000"]
--- a/backend/app/app.py
+++ b/backend/app/app.py
@@ -1,11 +1,24 @@
 from fastapi import Depends, FastAPI
+from fastapi.middleware.cors import CORSMiddleware

 from .db import User, create_db_and_tables
 from .schemas import UserCreate, UserRead, UserUpdate
-from .users import auth_backend, current_active_user, fastapi_users
+from .users import auth_backend, current_active_verified_user, fastapi_users

 app = FastAPI()

+# CORS for frontend dev server
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[
+        "http://localhost:5173",
+        "http://127.0.0.1:5173",
+    ],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 app.include_router(
    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
 )
@@ -32,7 +45,7 @@ app.include_router(


@app.get("/authenticated-route")
-async def authenticated_route(user: User = Depends(current_active_user)):
+async def authenticated_route(user: User = Depends(current_active_verified_user)):
    return {"message": f"Hello {user.email}!"}


--- a/backend/app/queue.py
+++ b/backend/app/queue.py
@@ -0,0 +1,47 @@
+import json
+import os
+from typing import Any, Dict
+
+import asyncio
+
+RABBITMQ_URL = os.getenv("RABBITMQ_URL") or (
+    f"amqp://{os.getenv('RABBITMQ_USERNAME', 'user')}:"
+    f"{os.getenv('RABBITMQ_PASSWORD', 'bitnami123')}@"
+    f"{os.getenv('RABBITMQ_HOST', 'localhost')}:"
+    f"{os.getenv('RABBITMQ_PORT', '5672')}"
+)
+QUEUE_NAME = os.getenv("MAIL_QUEUE", "mail_queue")
+
+
+async def _publish_async(message: Dict[str, Any]) -> None:
+    # Import locally to avoid hard dependency at import-time
+    import aio_pika
+
+    connection = await aio_pika.connect_robust(RABBITMQ_URL)
+    try:
+        channel = await connection.channel()
+        await channel.declare_queue(QUEUE_NAME, durable=True)
+        body = json.dumps(message).encode("utf-8")
+        await channel.default_exchange.publish(
+            aio_pika.Message(body=body, delivery_mode=aio_pika.DeliveryMode.PERSISTENT),
+            routing_key=QUEUE_NAME,
+        )
+    finally:
+        await connection.close()
+
+
+def enqueue_email(to: str, subject: str, body: str) -> None:
+    """
+    Enqueue an email to RabbitMQ. If RabbitMQ or aio_pika is not available,
+    this function will raise ImportError/ConnectionError. The caller may
+    implement fallback (e.g., direct send).
+    """
+    message = {"type": "email", "to": to, "subject": subject, "body": body}
+
+    try:
+        loop = asyncio.get_running_loop()
+        # Fire-and-forget task so we don't block the request path
+        loop.create_task(_publish_async(message))
+    except RuntimeError:
+        # No running loop (e.g., called from sync context) – run a short loop
+        asyncio.run(_publish_async(message))
--- a/backend/app/users.py
+++ b/backend/app/users.py
@@ -1,3 +1,4 @@
+import os
 import uuid
 from typing import Optional

@@ -12,7 +13,9 @@ from fastapi_users.db import SQLAlchemyUserDatabase

 from .db import User, get_user_db

-SECRET = "SECRET"
+SECRET = os.getenv("SECRET", "CHANGE_ME_SECRET")
+FRONTEND_URL = os.getenv("FRONTEND_URL", "http://localhost:5173")
+BACKEND_URL = os.getenv("BACKEND_URL", "http://localhost:8000")


 class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
@@ -20,7 +23,8 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
    verification_token_secret = SECRET

    async def on_after_register(self, user: User, request: Optional[Request] = None):
-        print(f"User {user.id} has registered.")
+        # Ask FastAPI Users to generate a verification token and trigger the hook below
+        await self.request_verify(user, request)

    async def on_after_forgot_password(
            self, user: User, token: str, request: Optional[Request] = None
@@ -30,7 +34,26 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
    async def on_after_request_verify(
            self, user: User, token: str, request: Optional[Request] = None
    ):
-        print(f"Verification requested for user {user.id}. Verification token: {token}")
+        # Build verification email and send through RabbitMQ (with direct SMTP fallback)
+        verify_frontend_link = f"{FRONTEND_URL}/verify?token={token}"
+        verify_backend_link = f"{BACKEND_URL}/auth/verify?token={token}"
+        subject = "Ověření účtu"
+        body = (
+            "Ahoj,\n\n"
+            "děkujeme za registraci. Prosíme, ověř svůj účet kliknutím na tento odkaz:\n"
+            f"{verify_frontend_link}\n\n"
+            "Pokud by odkaz nefungoval, můžeš použít i přímý odkaz na backend:\n"
+            f"{verify_backend_link}\n\n"
+            "Pokud jsi registraci neprováděl(a), tento email ignoruj.\n"
+        )
+        try:
+            from .queue import enqueue_email
+            enqueue_email(to=user.email, subject=subject, body=body)
+        except Exception:
+            # Fallback: if queue is unavailable, log the email content (dev fallback)
+            print("[Email Fallback] To:", user.email)
+            print("[Email Fallback] Subject:", subject)
+            print("[Email Fallback] Body:\n", body)


 async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
@@ -53,3 +76,4 @@ auth_backend = AuthenticationBackend(
 fastapi_users = FastAPIUsers[User, uuid.UUID](get_user_manager, [auth_backend])

 current_active_user = fastapi_users.current_user(active=True)
+current_active_verified_user = fastapi_users.current_user(active=True, verified=True)
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1,3 +1,6 @@
+aio-pika==9.5.6
+aiormq==6.8.1
+aiosqlite==0.21.0
 annotated-types==0.7.0
 anyio==4.11.0
 argon2-cffi==23.1.0
@@ -18,6 +21,9 @@ h11==0.16.0
 httptools==0.6.4
 idna==3.10
 makefun==1.16.0
+multidict==6.6.4
+pamqp==3.3.0
+propcache==0.3.2
 pwdlib==0.2.1
 pycparser==2.23
 pydantic==2.11.9
@@ -35,3 +41,4 @@ uvicorn==0.37.0
 uvloop==0.21.0
 watchfiles==1.1.0
 websockets==15.0.1
+yarl==1.20.1
--- a/backend/worker/init.py
+++ b/backend/worker/init.py
--- a/backend/worker/email_worker.py
+++ b/backend/worker/email_worker.py
@@ -0,0 +1,57 @@
+import asyncio
+import json
+import os
+from typing import Any, Dict
+
+
+RABBITMQ_URL = os.getenv("RABBITMQ_URL") or (
+    f"amqp://{os.getenv('RABBITMQ_USERNAME', 'user')}:"
+    f"{os.getenv('RABBITMQ_PASSWORD', 'bitnami123')}@"
+    f"{os.getenv('RABBITMQ_HOST', 'localhost')}:"
+    f"{os.getenv('RABBITMQ_PORT', '5672')}"
+)
+QUEUE_NAME = os.getenv("MAIL_QUEUE", "mail_queue")
+
+
+async def handle_message(message_body: bytes) -> None:
+    try:
+        data: Dict[str, Any] = json.loads(message_body.decode("utf-8"))
+    except Exception as e:
+        print(f"[email_worker] Failed to decode message: {e}")
+        return
+
+    if data.get("type") != "email":
+        print(f"[email_worker] Unknown message type: {data}")
+        return
+
+    to = data.get("to")
+    subject = data.get("subject")
+    body = data.get("body")
+    if not (to and subject and body):
+        print(f"[email_worker] Incomplete email message: {data}")
+        return
+
+    try:
+        await send_email(to=to, subject=subject, body=body)
+        print(f"[email_worker] Sent email to {to}")
+    except Exception as e:
+        print(f"[email_worker] Error sending email to {to}: {e}")
+
+
+async def main() -> None:
+    import aio_pika
+
+    print(f"[email_worker] Connecting to RabbitMQ at {RABBITMQ_URL}")
+    connection = await aio_pika.connect_robust(RABBITMQ_URL)
+    channel = await connection.channel()
+    queue = await channel.declare_queue(QUEUE_NAME, durable=True)
+    print(f"[email_worker] Waiting for messages in queue '{QUEUE_NAME}' ...")
+
+    async with queue.iterator() as queue_iter:
+        async for message in queue_iter:
+            async with message.process(requeue=False):
+                await handle_message(message.body)
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
--- a/cd-test/Dockerfile
+++ b/cd-test/Dockerfile
@@ -1,2 +0,0 @@
-FROM httpd
-RUN echo "<html><body><h1>Current Skibidi Date and Skibidi Time</h1><p>$(date)</p></body></html>" > /usr/local/apache2/htdocs/index.html
--- a/deployment/app-demo-database-grant.yaml
+++ b/deployment/app-demo-database-grant.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: grant
+spec:
+  mariaDbRef:
+    name: mariadb
+  privileges:
+    - "ALL PRIVILEGES"
+  database: "app-demo-database"
+  table: "*"
+  username: "app-demo-user"
+  grantOption: true
+  host: "%"
+  # Delete the resource in the database whenever the CR gets deleted.
+  # Alternatively, you can specify Skip in order to omit deletion.
+  cleanupPolicy: Skip
+  requeueInterval: 10h
+  retryInterval: 30s
--- a/deployment/app-demo-database-secret.yaml
+++ b/deployment/app-demo-database-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: app-demo-database-secret
+type: kubernetes.io/basic-auth
+stringData:
+  password: "strongpassword"
--- a/deployment/app-demo-database-user.yaml
+++ b/deployment/app-demo-database-user.yaml
@@ -0,0 +1,19 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: app-demo-user
+spec:
+  # If you want the user to be created with a different name than the resource name
+  # name: user-custom
+  mariaDbRef:
+    name: mariadb
+  passwordSecretKeyRef:
+    name: app-demo-database-secret
+    key: password
+  maxUserConnections: 20
+  host: "%"
+  # Delete the resource in the database whenever the CR gets deleted.
+  # Alternatively, you can specify Skip in order to omit deletion.
+  cleanupPolicy: Skip
+  requeueInterval: 10h
+  retryInterval: 30s
--- a/deployment/app-demo-database.yaml
+++ b/deployment/app-demo-database.yaml
@@ -0,0 +1,14 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: app-demo-database
+spec:
+  mariaDbRef:
+    name: mariadb
+  characterSet: utf8
+  collate: utf8_general_ci
+  # Delete the resource in the database whenever the CR gets deleted.
+  # Alternatively, you can specify Skip in order to omit deletion.
+  cleanupPolicy: Skip
+  requeueInterval: 10h
+  retryInterval: 30s
--- a/cd-test/guestbook-ui-deployment.yaml
+++ b/cd-test/guestbook-ui-deployment.yaml
@@ -1,34 +1,37 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: guestbook-ui
+  name: app-demo
 spec:
  replicas: 2
  revisionHistoryLimit: 3
  selector:
    matchLabels:
-      app: guestbook-ui
+      app: app-demo
  template:
    metadata:
      labels:
-        app: guestbook-ui
+        app: app-demo
    spec:
      containers:
-        - image: lukastrkan/cd-test@sha256:10590db789cef5f1a58bb603cce0b502ce2b4054af956d9b71d60e3f02045894
-          name: guestbook-ui
+        - image: lukastrkan/cc-app-demo@sha256:10590db789cef5f1a58bb603cce0b502ce2b4054af956d9b71d60e3f02045894
+          name: app-demo
          ports:
-            - containerPort: 80
+            - containerPort: 8000
          livenessProbe:
            httpGet:
              path: /
-              port: 80
+              port: 8000
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /
-              port: 80
+              port: 8000
            initialDelaySeconds: 60
            periodSeconds: 10
            failureThreshold: 3
+        - image: lukastrkan/cc-app-demo
+          name: app-demo-worker
+          command: [ "python3", "worker/email_worker.py" ]
--- a/cd-test/guestbook-ui-svc.yaml
+++ b/cd-test/guestbook-ui-svc.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: guestbook-ui
+  name: app-demo
 spec:
  ports:
  - port: 80
-    targetPort: 80
+    targetPort: 8000
  selector:
-    app: guestbook-ui
+    app: app-demo
--- a/deployment/tunnel.yaml
+++ b/deployment/tunnel.yaml
@@ -6,8 +6,8 @@ metadata:
 subjects:
  - name: app-server
    spec:
-      target: http://guestbook-ui.group-project.svc.cluster.local
-      fqdn: guestbook.ltrk.cz
+      target: http://app-demo.group-project.svc.cluster.local
+      fqdn: demo.ltrk.cz
      noTlsVerify: true
 tunnelRef:
  kind: ClusterTunnel