Merge pull request #21 from SkinSightYnov/devopsing

Add Dockerignore and Kubernetes configuration files

.dockerignore

@@ -0,0 +1,11 @@
+# Ignore the node modules
+/node_modules
+
+# Ignore the build directory
+/dist
+
+# Ignore the coverage directory
+/coverage
+
+# Ignore the prisma migrations
+/prisma/migrations

.github/workflows/snyk-container.yml

@@ -2,10 +2,9 @@ name: Snyk Container
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [main, dev, 'release/*']
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches: [main, dev, 'release/*']
   schedule:
     - cron: '45 21 * * 3'
 
@@ -15,28 +14,22 @@ permissions:
 jobs:
   snyk:
     permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read
+      # security-events: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - name: Build a Docker image
-      run: docker build -t your/image-to-test .
+      run: docker build -t r0ht/skinsight .
     - name: Run Snyk to check Docker image for vulnerabilities
-      # Snyk can be used to break the build when it detects vulnerabilities.
-      # In this case we want to upload the issues to GitHub Code Scanning
       continue-on-error: true
       uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
       env:
-        # In order to use the Snyk Action you will need to have a Snyk API token.
-        # More details in https://github.com/snyk/actions#getting-your-snyk-token
-        # or you can signup for free at https://snyk.io/login
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
-        image: your/image-to-test
+        image: r0ht/skinsight
         args: --file=Dockerfile
-    - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: snyk.sarif
+    # - name: Upload result to GitHub Code Scanning
+    #   uses: github/codeql-action/upload-sarif@v2
+    #   with:
+    #     sarif_file: snyk.sarif

Dockerfile

@@ -88,5 +88,5 @@ EXPOSE 3000
 # Set Docker as non-root user
 USER node
 
-# Execute prisma migration and Run the app with PM2
-CMD ["sh", "-c","echo $DATABASE_URL $DIRECT_URL && npx prisma migrate deploy --preview-feature --schema prisma/schema.prisma && pm2-runtime start dist/main.js --name nest-app"]
+# Push the prisma schema if possible and Run the app with PM2
+CMD ["sh", "-c","npx prisma migrate deploy && pm2-runtime start dist/main.js --name nest-app"]

docker-compose.yaml

@@ -14,8 +14,10 @@ services:
       # This ensures that the NestJS container manages the node_modules folder
       # rather than synchronizes it with the host machine
       - /app/node_modules
-    env_file:
-      - docker.env
+    environment:
+      # Prisma
+      DATABASE_URL: "postgres://postgres:postgres@postgres:5432/postgres"
+      DIRECT_URL: "postgres://postgres:postgres@postgres:5432/postgres"
     ports:
       - 3000:3000
     networks:
@@ -30,8 +32,11 @@ services:
     container_name: postgres
     image: postgres:13.1-alpine
     restart: unless-stopped
-    env_file:
-      - docker.env
+    environment:
+      # postgres
+      POSTGRES_USER: "postgres"
+      POSTGRES_PASSWORD: "postgres"
+      POSTGRES_DB: "postgres"
     volumes:
       - postgres:/var/lib/postgresql/data
     ports:
@@ -44,8 +49,10 @@ services:
     container_name: pgadmin
     image: dpage/pgadmin4:4.30
     restart: unless-stopped
-    env_file:
-      - docker.env
+    environment:
+      # pgadmin
+      PGADMIN_DEFAULT_EMAIL: "[email protected]"
+      PGADMIN_DEFAULT_PASSWORD: "skinsight"
     ports:
       - 5050:80
     networks:
@@ -62,8 +69,6 @@ services:
     container_name: prometheus
     image: prom/prometheus:v2.22.0
     restart: unless-stopped
-    env_file:
-      - docker.env
     ports:
       - 9090:9090
     networks:
@@ -97,6 +102,16 @@ services:
       - "3333:3000"
     networks:
       - grafana
+    environment:
+      # grafana
+      GF_SECURITY_ADMIN_USER: "admin"
+      GF_SECURITY_ADMIN_PASSWORD: "admin"
+      GF_USERS_ALLOW_SIGN_UP: false
+      GF_AUTH_ANONYMOUS_ENABLED: true
+      GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
+      GF_AUTH_BASIC_ENABLED: false
+      GF_AUTH_DISABLE_LOGIN_FORM: true
+      GF_AUTH_DISABLE_SIGNOUT_MENU: true
     volumes:
       - grafana:/var/lib/grafana
       # datasources in ./grafana/datasources.yaml

k8s/api/api-deployment.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: api
+  name: api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: api
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        io.kompose.network/backend-nest: "true"
+        io.kompose.service: api
+    spec:
+      containers:
+        - env:
+            - name: DATABASE_URL
+              value: postgres://postgres:[email protected]:5432/postgres
+            - name: DIRECT_URL
+              value: postgres://postgres:[email protected]:5432/postgres
+            - name: JWT_SECRET
+              value: "mySecretKey"
+            - name: ROUND_OF_HASHING
+              value: "10"
+          image: r0ht/skinsight:latest
+          name: nestjs
+          ports:
+            - containerPort: 3000
+              hostPort: 3000
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /usr/src/app
+              name: api-storage
+            - mountPath: /usr/src/app/node_modules
+              name: api-dependencies
+      restartPolicy: Always
+      volumes:
+        - name: api-storage
+          persistentVolumeClaim:
+            claimName: api-storage-claim
+        - name: api-dependencies
+          persistentVolumeClaim:
+            claimName: api-dependencies-claim

k8s/api/api-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: api
+  name: api
+spec:
+  ports:
+    - name: "3000"
+      port: 3000
+      targetPort: 3000
+  selector:
+    io.kompose.service: api

k8s/api/api-volume-dependencies-claim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: api-dependencies-claim
+  name: api-dependencies-claim
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

k8s/api/api-volume-storage-claim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: api-storage-claim
+  name: api-storage-claim
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

k8s/api/cleanup.sh

@@ -0,0 +1,7 @@
+# nest_cleanup.sh
+echo "Starting cleanup of Nest JS Kubernetes setup..."
+
+echo "Deleting namespace api..."
+kubectl delete namespace api
+
+echo "Nest JS Kubernetes setup cleanup completed."

k8s/api/deploy.sh

@@ -0,0 +1,60 @@
+# nest_deploy.sh
+echo "Starting Nest JS Kubernetes setup..."
+
+echo "Creating namespace api..."
+kubectl create namespace api
+kubetcl config set-context --current --namespace=api
+
+echo "Creating Service..."
+kubectl apply -f ./api-service.yaml
+
+echo "Creating Volume Claims..."
+kubectl apply -f ./api-volume-dependencies-claim.yaml
+kubectl apply -f ./api-volume-storage-claim.yaml
+
+echo "Creating Deployment..."
+kubectl apply -f ./api-deployment.yaml
+
+echo "Nest JS Kubernetes setup completed."
+
+kubectl config set-context --current --namespace=default
+
+# get the pod name
+pod=$(kubectl get pods -n api | grep api | awk '{print $1}')
+echo "Pod name: $pod"
+
+ip=$(kubectl describe pod $pod -n api | grep "IP:" | awk '{print $2}')
+echo "Pod IP: $ip"
+
+# wait for the pod to be ready
+echo "Waiting for the pod to be ready..."
+# animate the waiting process (. => .. => ...) with a sleep of 1 second
+kubectl wait --for=condition=ready pod -l app=api -n api --timeout=20s > /dev/null &
+pid=$! # Process Id of the previous running command
+
+# while the process is still running...
+spin='-\|/'
+
+i=0
+while kill -0 $pid 2>/dev/null
+do
+  i=$(( (i+1) %4 ))
+  printf "\r${spin:$i:1}"
+  sleep .1
+done
+
+# if the process has ended...
+# with 0 exit code, the pod is ready
+# with 1 exit code, the pod is not ready
+
+# get the exit code
+wait $pid
+exit_code=$?
+
+# if the pod is not ready
+if [ $exit_code -eq 1 ]; then
+  echo "Pod is not ready. Exiting..."
+  exit 1
+fi
+
+echo "Pod is ready."

k8s/db/db-volume-claim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: postgres
+  name: postgres
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

k8s/db/db.deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: postgres
+  name: postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: postgres
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        io.kompose.network/backend-nest: "true"
+        io.kompose.service: postgres
+    spec:
+      containers:
+        - env:
+            - name: POSTGRES_DB
+              value: postgres
+            - name: POSTGRES_PASSWORD
+              value: postgres
+            - name: POSTGRES_USER
+              value: postgres
+          image: postgres:13.1-alpine
+          name: postgres
+          ports:
+            - containerPort: 5432
+              hostPort: 5432
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgres
+      restartPolicy: Always
+      volumes:
+        - name: postgres
+          persistentVolumeClaim:
+            claimName: postgres

k8s/db/db.service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.kompose.service: postgres
+  name: postgres
+spec:
+  ports:
+    - name: "5432"
+      port: 5432
+      targetPort: 5432
+  selector:
+    io.kompose.service: postgres