Digital Forms - Deployment / CI-CD - Notes

Readme.md

Prepare docker-compose.yaml

Domain

Replace {YOUR_DOMAIN} with your Domain

If you use hetzner you may simply provide your API Key If not, Please update for your DNS Provider

Network

docker network create -d bridge proxy

Config Deplyment

Place FRONTEND_DOMAIN, AUTH_DOMAIN, BACKEND_DOMAIN into ~/Deployment/ Replace the Contents to Match your Setup

Prepare DeployFromGit.sh

replace {USER} with your Username The full path is reqierd for the execution of the GitHub Action

Deploy

./DeployFromGit.sh

AUTH_DOMAIN

auth.YourDomain

BACKEND_DOMAIN

back.YourDomain

DeployFromGit.sh

#!/bin/bash

whoami > log.txt

cd ~
mkdir Git
cd Git

git clone https://github.com/MaxTrautwein/AStA-Digital-Forms.git

cd AStA-Digital-Forms/

/home/debian/bin/docker compose --profile server down

cp -r ~/Git/AStA-Digital-Forms/secrets ~/Deployment/secrets

# Cleanup Git REPO
git reset --hard
git clean -xdf
git pull

chmod o+x Backend/mvnw
chmod o+x init_secrets.sh

# Apply Patches

## Prepare Patch
AUTH_DOMAIN=$(cat ~/Deployment/AUTH_DOMAIN)
BACKEND_DOMAIN=$(cat ~/Deployment/BACKEND_DOMAIN)
FRONTEND_DOMAIN=$(cat ~/Deployment/FRONTEND_DOMAIN)

sed -i "s/{AUTH_DOMAIN}/$AUTH_DOMAIN/g" ./Deploy.patch
sed -i "s/{BACKEND_DOMAIN}/$BACKEND_DOMAIN/g" ./Deploy.patch
sed -i "s/{FRONTEND_DOMAIN}/$FRONTEND_DOMAIN/g" ./Deploy.patch

git apply Deploy.patch

chmod o+x Auth/initEnv.sh

./init_secrets.sh

cp -r ~/Deployment/secrets ~/Git/AStA-Digital-Forms/.

# Genertae OpenAPI for the Frontend
cd ./Frontend
pwd
# npm  list -g
# Get install Path
# <YourPath>/node_modules/@openapitools/openapi-generator-cli/main.js 
/home/debian/.nvm/versions/node/v22.2.0/bin/node /home/debian/.nvm/versions/node/v22.2.0/lib/node_modules/@openapitools/openapi-generator-cli/main.js  generate -i ../Backend/src/main/resources/openapi.yaml -g typescript-angular -o ./src/app/api-client

cd ..

/home/debian/bin/docker compose --profile server up -d --build

docker-compose.yaml

version: '3'
secrets:
  HETZNER_API_KEY:
    file: ${PWD}/../.key/api

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:latest
    # Enables the web UI and tells Traefik to listen to docker
    ports:
      - 80:80
      - 443:443
    restart: always
    volumes:
      # So that Traefik can listen to the Docker events
      - $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock
      - ./config:/etc/traefik
    networks:
      - proxy
    command: 
      - '--providers.docker'
      - '--api'
      - '--providers.docker.exposedByDefault=false'
      - '--entrypoints.http=true'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.http.http.redirections.entrypoint.to=https'
      - '--entrypoints.http.http.redirections.entrypoint.scheme=https'
      - '--entrypoints.https=true'
      - '--entrypoints.https.address=:443'
      - '--certificatesResolvers.letsencrypt.acme.email=webmaster@{YOUR_DOMAIN}'
      - '--certificatesResolvers.letsencrypt.acme.storage=/etc/traefik/acme.json'
      - '--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=hetzner'
      - '--log=true'
      - '--log.level=DEBUG'
    secrets: [HETZNER_API_KEY]
    environment:
      HETZNER_API_KEY_FILE: /run/secrets/HETZNER_API_KEY
     
    labels:
      - 'traefik.enable=false'
      - 'traefik.http.routers.api.rule=Host(`traefik_df.{YOUR_DOMAIN}`)'
      - 'traefik.http.routers.api.entrypoints=https'
      - 'traefik.http.routers.api.service=api@internal'
      - 'traefik.http.routers.api.tls=true'
      - 'traefik.http.routers.api.tls.certresolver=letsencrypt'

networks:
  proxy:
    external: true
    

FRONTEND_DOMAIN

front.YourDomain