Compare commits
	
		
			12 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 18f77530ec | |||
| f21d05f404 | |||
| ff447292f0 | |||
| da4545c6d8 | |||
| e0ff8c89fb | |||
| 5579637995 | |||
| 1816b6e14a | |||
| 8dedc9303b | |||
| 94c6db9b72 | |||
| 0afb57789b | |||
| 02a0f479dc | |||
| 841a5a492c | 
| @@ -29,7 +29,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Python ${{ matrix.python-version }} | ||||
|       uses: actions/setup-python@v4 | ||||
| @@ -101,7 +101,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Python | ||||
|       uses: actions/setup-python@v4 | ||||
| @@ -139,7 +139,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Docker Buildx | ||||
|       uses: docker/setup-buildx-action@v3 | ||||
| @@ -200,7 +200,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Wait for VictoriaMetrics | ||||
|       run: | | ||||
| @@ -253,7 +253,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Deploy to staging | ||||
|       run: | | ||||
| @@ -280,7 +280,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Deploy to production | ||||
|       run: | | ||||
| @@ -309,7 +309,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Install Apache Bench | ||||
|       run: | | ||||
|   | ||||
| @@ -28,7 +28,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Python | ||||
|       uses: actions/setup-python@v4 | ||||
| @@ -130,7 +130,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Python | ||||
|       uses: actions/setup-python@v4 | ||||
| @@ -229,7 +229,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Python | ||||
|       uses: actions/setup-python@v4 | ||||
|   | ||||
| @@ -30,7 +30,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|         fetch-depth: 0 | ||||
|          | ||||
|     - name: Get version | ||||
| @@ -77,7 +77,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Python ${{ matrix.python-version }} | ||||
|       uses: actions/setup-python@v4 | ||||
| @@ -117,7 +117,7 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Set up Docker Buildx | ||||
|       uses: docker/setup-buildx-action@v3 | ||||
| @@ -126,8 +126,8 @@ jobs: | ||||
|       uses: docker/login-action@v3 | ||||
|       with:  | ||||
|         registry: ${{ env.REGISTRY }} | ||||
|         username: ${{ github.actor }} | ||||
|         password: ${{ secrets.GITEA_TOKEN }} | ||||
|         username: ${{ vars.WORKER_USERNAME}} | ||||
|         password: ${{ secrets.CI_BOT_TOKEN }} | ||||
|          | ||||
|     - name: Build and push release images | ||||
|       uses: docker/build-push-action@v5 | ||||
| @@ -147,7 +147,7 @@ jobs: | ||||
|         cache-from: type=gha | ||||
|         cache-to: type=gha,mode=max | ||||
|       env: | ||||
|         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||||
|         GITHUB_TOKEN: ${{ secrets.GITEA_TOKEN }} | ||||
|  | ||||
|   # Security scan for release | ||||
|   security-scan: | ||||
| @@ -159,133 +159,126 @@ jobs: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN}} | ||||
|        | ||||
|  | ||||
|  | ||||
|   # Deploy release to production | ||||
|   # Test release deployment locally | ||||
|   deploy-release: | ||||
|     name: Deploy Release | ||||
|     name: Test Release Deployment | ||||
|     runs-on: ubuntu-latest | ||||
|     needs: [create-release, build-release, security-scan] | ||||
|     environment: | ||||
|       name: production | ||||
|       url: https://ping-river-monitor.b4l.co.th | ||||
|       name: testing | ||||
|       url: http://localhost:8080 | ||||
|        | ||||
|     steps: | ||||
|     - name: Checkout code | ||||
|       uses: actions/checkout@v4 | ||||
|       with: | ||||
|         token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|         token: ${{ secrets.GITEA_TOKEN }} | ||||
|        | ||||
|     - name: Deploy to production | ||||
|     - name: Log in to Container Registry | ||||
|       uses: docker/login-action@v3 | ||||
|       with:  | ||||
|         registry: ${{ env.REGISTRY }} | ||||
|         username: ${{ vars.WORKER_USERNAME}} | ||||
|         password: ${{ secrets.CI_BOT_TOKEN }} | ||||
|          | ||||
|     - name: Deploy to production (Local Test) | ||||
|       run: | | ||||
|         echo "🚀 Deploying ${{ needs.create-release.outputs.version }} to production..." | ||||
|         echo "🚀 Testing ${{ needs.create-release.outputs.version }} deployment locally..." | ||||
|          | ||||
|         # Example deployment commands (customize for your infrastructure) | ||||
|         # kubectl set image deployment/ping-river-monitor app=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }} | ||||
|         # docker-compose pull && docker-compose up -d | ||||
|         # Or webhook call to your deployment system | ||||
|         # Pull the built image | ||||
|         docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }} | ||||
|          | ||||
|         echo "✅ Deployment initiated" | ||||
|         # Stop any existing containers | ||||
|         docker stop ping-river-monitor-test || true | ||||
|         docker rm ping-river-monitor-test || true | ||||
|          | ||||
|         # Start the container for testing | ||||
|         docker run -d \ | ||||
|           --name ping-river-monitor-test \ | ||||
|           -p 8080:8000 \ | ||||
|           -e LOG_LEVEL=INFO \ | ||||
|           -e DB_TYPE=sqlite \ | ||||
|           ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }} | ||||
|          | ||||
|         echo "✅ Container started for testing" | ||||
|          | ||||
|     - name: Health check after deployment | ||||
|       run: | | ||||
|         echo "⏳ Waiting for deployment to stabilize..." | ||||
|         sleep 60 | ||||
|         echo "⏳ Waiting for application to start..." | ||||
|         sleep 30 | ||||
|          | ||||
|         echo "🔍 Running health checks..." | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/health | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/stations | ||||
|         echo "🔍 Running health checks against local container..." | ||||
|          | ||||
|         echo "✅ Health checks passed!" | ||||
|         # Wait for the application to be ready | ||||
|         for i in {1..12}; do | ||||
|           if curl -f http://localhost:8080/health; then | ||||
|             echo "✅ Health endpoint responding" | ||||
|             break | ||||
|           else | ||||
|             echo "⏳ Waiting for health endpoint... (attempt $i/12)" | ||||
|             sleep 10 | ||||
|           fi | ||||
|         done | ||||
|          | ||||
|     - name: Update deployment status | ||||
|         # Test API endpoints | ||||
|         echo "🧪 Testing API endpoints..." | ||||
|         curl -f http://localhost:8080/health || exit 1 | ||||
|         curl -f http://localhost:8080/docs || exit 1 | ||||
|         curl -f http://localhost:8080/stations || exit 1 | ||||
|         curl -f http://localhost:8080/metrics || exit 1 | ||||
|          | ||||
|         echo "✅ All health checks passed!" | ||||
|          | ||||
|     - name: Container logs and cleanup | ||||
|       if: always() | ||||
|       run: | | ||||
|         echo "📊 Deployment Summary:" | ||||
|         echo "📋 Container logs:" | ||||
|         docker logs ping-river-monitor-test || true | ||||
|          | ||||
|         echo "🧹 Cleaning up test container..." | ||||
|         docker stop ping-river-monitor-test || true | ||||
|         docker rm ping-river-monitor-test || true | ||||
|          | ||||
|         echo "📊 Deployment Test Summary:" | ||||
|         echo "Version: ${{ needs.create-release.outputs.version }}" | ||||
|         echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }}" | ||||
|         echo "URL: https://ping-river-monitor.b4l.co.th" | ||||
|         echo "Grafana: https://grafana.ping-river-monitor.b4l.co.th" | ||||
|         echo "API Docs: https://ping-river-monitor.b4l.co.th/docs" | ||||
|         echo "Status: Container tested successfully" | ||||
|         echo "Ready for production deployment" | ||||
|  | ||||
|   # Post-release validation | ||||
|   validate-release: | ||||
|     name: Validate Release | ||||
|     runs-on: ubuntu-latest | ||||
|     needs: deploy-release | ||||
|  | ||||
|     steps: | ||||
|     - name: Comprehensive API test | ||||
|       run: | | ||||
|         echo "🧪 Running comprehensive API tests..." | ||||
|          | ||||
|         # Test all major endpoints | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/health | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/metrics | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/stations | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/measurements/latest?limit=5 | ||||
|         curl -f https://ping-river-monitor.b4l.co.th/scraping/status | ||||
|          | ||||
|         echo "✅ All API endpoints responding correctly" | ||||
|          | ||||
|     - name: Performance validation | ||||
|       run: | | ||||
|         echo "⚡ Running performance validation..." | ||||
|          | ||||
|         # Install Apache Bench | ||||
|         sudo apt-get update && sudo apt-get install -y apache2-utils | ||||
|          | ||||
|         # Test response times | ||||
|         ab -n 10 -c 2 https://ping-river-monitor.b4l.co.th/health | ||||
|         ab -n 10 -c 2 https://ping-river-monitor.b4l.co.th/stations | ||||
|          | ||||
|         echo "✅ Performance validation completed" | ||||
|          | ||||
|     - name: Data validation | ||||
|       run: | | ||||
|         echo "📊 Validating data collection..." | ||||
|          | ||||
|         # Check if recent data is available | ||||
|         response=$(curl -s https://ping-river-monitor.b4l.co.th/measurements/latest?limit=1) | ||||
|         echo "Latest measurement: $response" | ||||
|          | ||||
|         # Validate data structure (basic check) | ||||
|         if echo "$response" | grep -q "water_level"; then | ||||
|           echo "✅ Data structure validation passed" | ||||
|         else | ||||
|           echo "❌ Data structure validation failed" | ||||
|           exit 1 | ||||
|         fi | ||||
|  | ||||
|   # Notify stakeholders | ||||
|   notify: | ||||
|     name: Notify Release | ||||
|     runs-on: ubuntu-latest | ||||
|     needs: [create-release, validate-release] | ||||
|     needs: [create-release, deploy-release] | ||||
|     if: always() | ||||
|      | ||||
|     steps: | ||||
|     - name: Notify success | ||||
|       if: needs.validate-release.result == 'success' | ||||
|       if: needs.deploy-release.result == 'success' | ||||
|       run: | | ||||
|         echo "🎉 Release ${{ needs.create-release.outputs.version }} deployed successfully!" | ||||
|         echo "🌐 Production URL: https://ping-river-monitor.b4l.co.th" | ||||
|         echo "📊 Grafana: https://grafana.ping-river-monitor.b4l.co.th" | ||||
|         echo "📚 API Docs: https://ping-river-monitor.b4l.co.th/docs" | ||||
|         echo "🎉 Release ${{ needs.create-release.outputs.version }} tested successfully!" | ||||
|         echo "🧪 Local Test: Passed all health checks" | ||||
|         echo "<EFBFBD> GDocker Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-release.outputs.version }}" | ||||
|         echo "✅ Ready for production deployment" | ||||
|          | ||||
|         # Add notification to Slack, Discord, email, etc. | ||||
|         # curl -X POST -H 'Content-type: application/json' \ | ||||
|         #   --data '{"text":"🎉 Northern Thailand Ping River Monitor ${{ needs.create-release.outputs.version }} deployed successfully!"}' \ | ||||
|         #   --data '{"text":"🎉 Northern Thailand Ping River Monitor ${{ needs.create-release.outputs.version }} tested and ready for deployment!"}' \ | ||||
|         #   ${{ secrets.SLACK_WEBHOOK_URL }} | ||||
|          | ||||
|     - name: Notify failure | ||||
|       if: needs.validate-release.result == 'failure' | ||||
|       if: needs.deploy-release.result == 'failure' | ||||
|       run: | | ||||
|         echo "❌ Release ${{ needs.create-release.outputs.version }} deployment failed!" | ||||
|         echo "Please check the logs and take corrective action." | ||||
|         echo "❌ Release ${{ needs.create-release.outputs.version }} testing failed!" | ||||
|         echo "Please check the logs and fix issues before production deployment." | ||||
|          | ||||
|         # Add failure notification | ||||
|         # curl -X POST -H 'Content-type: application/json' \ | ||||
|         #   --data '{"text":"❌ Northern Thailand Ping River Monitor ${{ needs.create-release.outputs.version }} deployment failed!"}' \ | ||||
|         #   --data '{"text":"❌ Northern Thailand Ping River Monitor ${{ needs.create-release.outputs.version }} testing failed!"}' \ | ||||
|         #   ${{ secrets.SLACK_WEBHOOK_URL }} | ||||
| @@ -26,7 +26,7 @@ jobs: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         with: | ||||
|           token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|           token: ${{ secrets.GITEA_TOKEN }} | ||||
|  | ||||
|       - name: Set up Python | ||||
|         uses: actions/setup-python@v4 | ||||
| @@ -95,7 +95,7 @@ jobs: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         with: | ||||
|           token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|           token: ${{ secrets.GITEA_TOKEN }} | ||||
|  | ||||
|       - name: Set up Python | ||||
|         uses: actions/setup-python@v4 | ||||
| @@ -142,7 +142,7 @@ jobs: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         with: | ||||
|           token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|           token: ${{ secrets.GITEA_TOKEN }} | ||||
|  | ||||
|       - name: Set up Python | ||||
|         uses: actions/setup-python@v4 | ||||
| @@ -183,7 +183,7 @@ jobs: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         with: | ||||
|           token: ${{ secrets.CI_BOT_TOKEN }} | ||||
|           token: ${{ secrets.GITEA_TOKEN }} | ||||
|  | ||||
|       - name: Set up Python | ||||
|         uses: actions/setup-python@v4 | ||||
|   | ||||
							
								
								
									
										11
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								Dockerfile
									
									
									
									
									
								
							| @@ -22,26 +22,27 @@ FROM python:3.11-slim | ||||
| # Set working directory | ||||
| WORKDIR /app | ||||
|  | ||||
| # Install runtime dependencies | ||||
| # Install runtime dependencies and create user | ||||
| RUN apt-get update && apt-get install -y \ | ||||
|     wget \ | ||||
|     curl \ | ||||
|     && rm -rf /var/lib/apt/lists/* \ | ||||
|     && groupadd -r appuser && useradd -r -g appuser appuser | ||||
|     && groupadd -r appuser && useradd -r -g appuser appuser \ | ||||
|     && mkdir -p /home/appuser/.local | ||||
|  | ||||
| # Copy Python packages from builder stage | ||||
| COPY --from=builder /root/.local /root/.local | ||||
| COPY --from=builder /root/.local /home/appuser/.local | ||||
|  | ||||
| # Copy application code | ||||
| COPY . . | ||||
|  | ||||
| # Create logs directory and set permissions | ||||
| RUN mkdir -p logs && chown -R appuser:appuser /app | ||||
| RUN mkdir -p logs && chown -R appuser:appuser /app /home/appuser/.local | ||||
|  | ||||
| # Set environment variables | ||||
| ENV PYTHONUNBUFFERED=1 | ||||
| ENV TZ=Asia/Bangkok | ||||
| ENV PATH=/root/.local/bin:$PATH | ||||
| ENV PATH=/home/appuser/.local/bin:$PATH | ||||
|  | ||||
| # Switch to non-root user | ||||
| USER appuser | ||||
|   | ||||
		Reference in New Issue
	
	Block a user