wn/numbers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deployment
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2025-01-27 18:35:04 +01:00
parent f96da3f8d4
commit ff63d88c04
8 changed files with 130 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,2 +1,5 @@
.venv/ .venv/
ENV ENV
deployment/secrets.txt
src/__pycache__

36
.woodpecker.yml Normal file
View File

@ -0,0 +1,36 @@
steps:
build:
image: plugins/kaniko
settings:
repo: ${FORGE_NAME}/${CI_REPO}
registry:
from_secret: container_registry
tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
username:
from_secret: container_registry_username
password:
from_secret: container_registry_password
dockerfile: Dockerfile
when:
- event: [push, tag]
scan_image:
image: aquasec/trivy
commands:
- trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
when:
- event: [push, tag]
deploy:
image: quay.io/wollud1969/k8s-admin-helper:0.1.3
environment:
KUBE_CONFIG_CONTENT:
from_secret: kube_config
GPG_PASSPHRASE:
from_secret: gpg_passphrase
commands:
- export IMAGE_TAG=$CI_COMMIT_TAG
- printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig
- export KUBECONFIG=/tmp/kubeconfig
- ./deployment/deploy.sh
when:
- event: tag

18
Dockerfile
View File

@ -1,8 +1,15 @@
FROM python:3.12-alpine3.21 FROM python:3.12-alpine3.21
ENV REDIS_URL=""
ENV SECRET_KEY=""
ENV OIDC_CLIENT_SECRETS=""
ENV PGHOST=""
ENV PGDATABASE=""
ENV PGSSLMODE=""
ENV PGUSER=""
ENV PGPASSWORD=""
ARG APP_DIR="/opt/app" ARG APP_DIR="/opt/app"
ARG VERSION_ID1="x"
ARG VERSION_ID2="alpha"
COPY ./src/ ${APP_DIR}/ COPY ./src/ ${APP_DIR}/
COPY start.sh ${APP_DIR}/ COPY start.sh ${APP_DIR}/
@ -10,12 +17,9 @@ COPY start.sh ${APP_DIR}/
WORKDIR ${APP_DIR} WORKDIR ${APP_DIR}
RUN \ RUN \
apk add --no-cache build-base libpq-dev npm && \ apk add --no-cache libpq && \
pip install --upgrade pip && \ pip install --upgrade pip && \
pip install -r requirements.txt && \ pip install -r requirements.txt
if [ "${VERSION_ID2}" != "" ]; then VERSION_ID=${VERSION_ID2}; else VERSION_ID=${VERSION_ID1}; fi && \
sed -i -e 's/VERSION_ID/'$VERSION_ID'/' ${APP_DIR}/templates/index.html && \
sed -i -e 's/VERSION_ID/'"$VERSION_ID"'/' ${APP_DIR}/templates/nutrition.html
EXPOSE 8080 EXPOSE 8080

17
deployment/deploy-yml.tmpl Normal file
View File

@ -0,0 +1,17 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: pv-energy-calculator
spec:
schedule: "15 * * * *"
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- name: pv-energy-calculator
image: %IMAGE%
envFrom:
- secretRef:
name: pv-energy-calculator

39
deployment/deploy.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
if [ "$IMAGE_TAG" == "" ]; then
echo "Make sure IMAGE_TAG is set"
exit 1
fi
if [ "$GPG_PASSPHRASE" == "" ]; then
echo "Make sure GPG_PASSPHRASE is set"
exit 1
fi
IMAGE_NAME=gitea.hottis.de/wn/mini_flask
NAMESPACE=homepages
DEPLOYMENT_DIR=$PWD/deployment
pushd $DEPLOYMENT_DIR > /dev/null
kubectl create namespace $NAMESPACE \
--dry-run=client \
-o yaml | \
kubectl -f - apply
SECRETS_FILE=`mktemp`
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
kubectl create secret generic mini_flask \
--dry-run=client \
-o yaml \
--save-config \
--from-env-file=<(sed 's/^export //g' $SECRETS_FILE) | \
kubectl apply -f - -n $NAMESPACE
rm $SECRETS_FILE
# cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \
# sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \
# kubectl apply -f - -n $NAMESPACE
popd > /dev/null

15
deployment/secrets.asc Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN PGP MESSAGE-----
jA0ECQMCGiCDDKK8KgP/0sExAeQ99bvndkYa/C1rLsDj14oKDgqea1ylRMTSm3if
jUdbOyaNR0p0R32AS1wVlR9qxE1g/e/dCNmGjYQ0lqpyRwX6uqJFZ8KubZp0rRCV
40VpAfuu4eKE6NsxW8U4wlY5aDR21YUndoaHCwNQDgFV2exCDVeOsF1hyGgurWBG
QeAtlCN+HV6t9Gg6KUXRlr89C/wdZkkYScVGXxqemqetGntGhS96u37EFzyjnDaD
P09d6LKOIuHnKHZgBcKUZSqkYYwlNk05Wum9FqoWQc8KgCMvMv0WQNaaQxkrRah5
DRgyXkNYrDg3WGt7357H3LO+IP1gTVAyjEsZl0OpazXLKGfrsWis+191t9omXk+x
Y9g/dx1aSqgeIQ3SiTpjdHHItSYcJ+ZYvJy+4u6FeKFrk/5Z9nBA0LxEmo5ObGmg
SrMCnzU1/JDCsAEp8mvAMQWFjJUrgUMUHM00uFm32Nq6SOAT50rW4/XIxak2w6/x
Zi7j3kxD6dfEXAeGRqCbDeTPQHNWPlvq0Rez2uaYA8w8S1hNoS8iSOSUbBoMCdFK
k61VApVRty0g35IsemcEuocIBw3YLWLLngHk7/xpKKWjbFO9H5AmxZT6FKcq7BwK
Q4DPHAmHDSCniiMzdcbcH7Y8GvO8q9jFPfQWE5MDETVlQ7Q=
=gOlN
-----END PGP MESSAGE-----

23
src/run.py
View File

@ -1,8 +1,10 @@
from flask import Flask, session, g, render_template_string from flask import Flask, session, g, render_template_string
from flask_session import Session from flask_session import Session
from flask_oidc import OpenIDConnect from flask_oidc import OpenIDConnect
from werkzeug.middleware.proxy_fix import ProxyFix
from loguru import logger from loguru import logger
import redis import redis
import json
import os import os
import plotly.express as px import plotly.express as px
import pandas as pd import pandas as pd
@ -11,7 +13,7 @@ import sqlalchemy
try: try:
redis_url = os.environ['REDIS_URL'] redis_url = os.environ['REDIS_URL']
client_secret = os.environ['CLIENT_SECRET'] oidc_client_secrets = os.environ['OIDC_CLIENT_SECRETS']
secret_key = os.environ['SECRET_KEY'] secret_key = os.environ['SECRET_KEY']
except KeyError as e: except KeyError as e:
logger.error(f"Required environment variable not set ({e})") logger.error(f"Required environment variable not set ({e})")
@ -23,20 +25,8 @@ app = Flask(__name__)
app.config.update({ app.config.update({
'SECRET_KEY': secret_key, 'SECRET_KEY': secret_key,
'SESSION_TYPE': 'redis', 'SESSION_TYPE': 'redis',
'SESSION_REDIS': redis.from_url('redis://172.23.1.111:6379/4'), 'SESSION_REDIS': redis.from_url(redis_url),
'OIDC_CLIENT_SECRETS': { 'OIDC_CLIENT_SECRETS': json.loads(oidc_client_secrets),
"web": {
"issuer": "https://auth2.hottis.de/realms/hottis",
"auth_uri": "https://auth2.hottis.de/ealms/hottis/protocol/openid-connect/auth",
"client_id": "mini_flask",
"client_secret": client_secret,
"redirect_uris": [
"http://localhost:8080/*"
],
"userinfo_uri": "https://auth2.hottis.de/realms/hottis/protocol/openid-connect/userinfo",
"token_uri": "https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token"
}
},
'OIDC_SCOPES': 'openid email', 'OIDC_SCOPES': 'openid email',
'OIDC_USER_INFO_ENABLED': True, 'OIDC_USER_INFO_ENABLED': True,
'SESSION_USE_SIGNER': True, 'SESSION_USE_SIGNER': True,
@ -95,3 +85,6 @@ def plot():
if __name__ == '__main__': if __name__ == '__main__':
app.run(port=8080) app.run(port=8080)
else:
exposed_app = ProxyFix(app, x_for=1, x_host=1)

2
start.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
gunicorn 'Run:exposed_app' --bind 0.0.0.0:8080 --log-level=debug --workers=4 gunicorn 'run:exposed_app' --bind 0.0.0.0:8080 --log-level=debug --workers=4