VBV-133: Aufbau Stage- und Prod-Umgebung auf CapRover

README.md

@@ -71,11 +71,28 @@ npm install
 
 ## Deployment to CapRover
 
+### CapRover Dev (vbv-lernwelt.control.iterativ.ch)
+
 ```
 # run deploy script
+./caprover_deploy.sh vbv-lernwelt
+
+# of vbv-lernwelt is default value
 ./caprover_deploy.sh
 ```
 
+### CapRover Stage (myvbv-stage.iterativ.ch)
+
+```
+./caprover_deploy.sh myvbv-stage
+```
+
+### CapRover Prod (myvbv.iterativ.ch)
+
+```
+./caprover_deploy.sh myvbv
+```
+
 ## IntelliJ Configuration
 
 * In the .idea/vbv_lernwelt.iml file change the module type to "PYTHON_MODULE".

caprover_create_app.py

@@ -3,7 +3,7 @@ import sys
 
 from environs import Env
 
-# TODO: I use a locally patched caprover api for no
+# TODO: I use a locally patched caprover api for now
 sys.path.append(r'/Users/daniel/workspace/iterativ-caprover/Caprover-API')
 from caprover_api import caprover_api
 
@@ -12,7 +12,8 @@ logging.basicConfig(level=logging.DEBUG)
 
 
 env = Env()
-env.read_env("./env_secrets/caprover.env")
+env.read_env("./env_secrets/caprover_stage.env", recurse=False, override=True)
+app_name = "myvbv-stage"
 
 cap = caprover_api.CaproverAPI(
     dashboard_url=env.str('CAPROVER_DOMAIN'),
@@ -25,7 +26,7 @@ db_name = env.str('POSTGRES_DB')
 
 cap.deploy_one_click_app(
     one_click_app_name='postgres',
-    namespace='vbv-lernwelt',
+    namespace=app_name,
     # check https://github.com/caprover/one-click-apps/blob/master/public/v4/apps/postgres.yml
     app_variables={
         '$$cap_postgres_version': '14.2',
@@ -37,23 +38,43 @@ cap.deploy_one_click_app(
 )
 
 cap.create_and_update_app(
-    app_name='vbv-lernwelt',
+    app_name=app_name,
     enable_ssl=True,
     force_ssl=True,
     expose_as_web_app=True,
     image_name='docker.io/iterativ/vbv-lernwelt-django',
     environment_variables={
         # 'DJANGO_SETTINGS_MODULE': 'config.settings.base',
-        'IT_DJANGO_SECRET_KEY': env.str('IT_DJANGO_SECRET_KEY'),
+        'IT_APP_ENVIRONMENT': env.str('IT_APP_ENVIRONMENT'),
-        'IT_DJANGO_ADMIN_URL': env.str('IT_DJANGO_ADMIN_URL'),
+
-        'IT_DJANGO_ALLOWED_HOSTS': env.str('IT_DJANGO_ALLOWED_HOSTS'),
+        'POSTGRES_HOST': f'srv-captain--{app_name}-postgres-db',
-        'IT_DJANGO_DEBUG': 'false',
-        'IT_SENTRY_DSN': env.str('IT_SENTRY_DSN'),
-        'IT_APP_ENVIRONMENT': 'caprover',
-        'POSTGRES_HOST': 'srv-captain--vbv-lernwelt-postgres-db',
         'POSTGRES_PORT': 5432,
         'POSTGRES_DB': db_name,
         'POSTGRES_USER': db_user,
         'POSTGRES_PASSWORD': db_pass,
+
+        'IT_ALLOW_LOCAL_LOGIN': env.str('IT_ALLOW_LOCAL_LOGIN'),
+
+        'IT_DJANGO_SECRET_KEY': env.str('IT_DJANGO_SECRET_KEY'),
+        'IT_DJANGO_ADMIN_URL': env.str('IT_DJANGO_ADMIN_URL'),
+        'IT_DJANGO_ALLOWED_HOSTS': env.str('IT_DJANGO_ALLOWED_HOSTS'),
+
+        'IT_DJANGO_DEBUG': 'false',
+        'IT_SERVE_VUE': 'false',
+
+        'IT_SENTRY_DSN': env.str('IT_SENTRY_DSN'),
+
+        'IT_OAUTH_CLIENT_NAME': env.str('IT_OAUTH_CLIENT_NAME'),
+        'IT_OAUTH_CLIENT_ID': env.str('IT_OAUTH_CLIENT_ID'),
+        'IT_OAUTH_CLIENT_SECRET': env.str('IT_OAUTH_CLIENT_SECRET'),
+        'IT_OAUTH_ACCESS_TOKEN_URL': env.str('IT_OAUTH_ACCESS_TOKEN_URL'),
+        'IT_OAUTH_AUTHORIZE_URL': env.str('IT_OAUTH_AUTHORIZE_URL'),
+        'IT_OAUTH_API_BASE_URL': env.str('IT_OAUTH_API_BASE_URL'),
+        'IT_OAUTH_LOCAL_DIRECT_URI': env.str('IT_OAUTH_LOCAL_DIRECT_URI'),
+        'IT_OAUTH_TENANT_ID': env.str('IT_OAUTH_TENANT_ID'),
+        'IT_OAUTH_SCOPE': env.str('IT_OAUTH_SCOPE'),
+        'IT_OAUTH_SERVER_METADATA_URL': env.str('IT_OAUTH_SERVER_METADATA_URL'),
+        'IT_OAUTH_TOKEN_NAME': env.str('IT_OAUTH_TOKEN_NAME'),
+        'IT_OAUTH_LOGOUT_URL': env.str('IT_OAUTH_LOGOUT_URL'),
     },
 )

caprover_deploy.sh

@@ -6,18 +6,19 @@ LATEST="${REPO}:latest"
 BUILD_TIMESTAMP=$( date '+%F_%H:%M:%S' )
 VERSION_TAG="${REPO}:$VERSION"
 
+APP_NAME=${1:-vbv-lernwelt}
+
+echo "Deploy to $APP_NAME"
+
 # script should fail when any process returns non zero code
 set -ev
 
 # create client
 npm run build
 
-## Note that images build with buildx do not appear in your docker images list, therefore the push true must be set
-
 # create and push new docker container
-docker buildx build --push=true  --platform=linux/amd64 -f compose/django/Dockerfile -t "$REPO" -t "$LATEST" -t "$VERSION_TAG" --build-arg VERSION="$VERSION" --build-arg BUILD_TIMESTAMP="$BUILD_TIMESTAMP" --build-arg GIT_COMMIT=$(git log -1 --format=%h) .
+## Note that images build with buildx do not appear in your docker images list, therefore the push true must be set
-
+docker buildx build --push=true  --platform=linux/amd64 -f compose/django/Dockerfile -t "$REPO" -t "$LATEST" -t "$VERSION_TAG" --build-arg VERSION="$VERSION" --build-arg BUILD_TIMESTAMP="$BUILD_TIMESTAMP" --build-arg GIT_COMMIT="$(git log -1 --format=%h)" .
-
-#deploy to caprover, explicitly use the version tag... so if there is a mismach you get an error message
-caprover deploy -h https://captain.control.iterativ.ch -a vbv-lernwelt -i docker.io/"$VERSION_TAG"
 
+#deploy to caprover, explicitly use the version tag... so if there is a mismatch you get an error message
+caprover deploy -h https://captain.control.iterativ.ch -a "$APP_NAME" -i docker.io/"$VERSION_TAG"

git-crypt-encrypted-files.txt

@@ -1,3 +1,7 @@
-    encrypted: env_secrets/caprover.env
+    encrypted: env_secrets/caprover_dev.env
-    encrypted: env_secrets/production.env
+    encrypted: env_secrets/caprover_prod.env
+    encrypted: env_secrets/caprover_stage.env
+    encrypted: env_secrets/local_chrigu.env
+    encrypted: env_secrets/local_daniel.env
     encrypted: env_secrets/local_lorenz.env
+    encrypted: env_secrets/production.env

server/config/settings/base.py

@@ -574,7 +574,7 @@ if APP_ENVIRONMENT == "development":
     # https://django-extensions.readthedocs.io/en/latest/installation_instructions.html#configuration
     INSTALLED_APPS += ["django_extensions"]  # noqa F405
 
-if APP_ENVIRONMENT in ["production", "caprover"]:
+if APP_ENVIRONMENT in ["production", "caprover"] or APP_ENVIRONMENT.startswith("caprover"):
     # SECURITY
     # ------------------------------------------------------------------------------
     # https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header