Merge branch 'feature/35-kredits_github' of kosmos/chef into master

2019-04-25 14:03:15 +00:00
parent 3566184277 2cf611279b
commit ec067d4b80
12 changed files with 296 additions and 0 deletions
--- a/site-cookbooks/kredits-github/CHANGELOG.md
+++ b/site-cookbooks/kredits-github/CHANGELOG.md
@@ -0,0 +1,6 @@
+kredits-github CHANGELOG
+========================
+
+0.1.0
+-----
+- [Râu Cao] - Initial release of kredits-github
--- a/site-cookbooks/kredits-github/LICENSE
+++ b/site-cookbooks/kredits-github/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2019 Kosmos Developers
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/site-cookbooks/kredits-github/README.md
+++ b/site-cookbooks/kredits-github/README.md
@@ -0,0 +1,35 @@
+kredits-github Cookbook
+=======================
+
+This cookbook installs [kredits-github](https://github.com/67P/kredits-github).
+
+Attributes
+----------
+
+#### kredits-github::default
+<table>
+  <tr>
+    <th>Key</th>
+    <th>Type</th>
+    <th>Description</th>
+    <th>Default</th>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['port']</tt></td>
+    <td>String</td>
+    <td>The local port that kredits-github is running on</td>
+    <td><tt>3000</tt></td>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['revision']</tt></td>
+    <td>String</td>
+    <td>Git revision/branch to deploy</td>
+    <td><tt>master</tt></td>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['domain']</tt></td>
+    <td>String</td>
+    <td>Domain name for requests to the app</td>
+    <td><tt>kredits-github.kosmos.org</tt></td>
+  </tr>
+</table>
--- a/site-cookbooks/kredits-github/attributes/default.rb
+++ b/site-cookbooks/kredits-github/attributes/default.rb
@@ -0,0 +1,3 @@
+node.default['kredits-github']['port']          = '3000'
+node.default['kredits-github']['revision']      = 'master'
+node.default['kredits-github']['domain']        = 'kredits-github.kosmos.org'
--- a/site-cookbooks/kredits-github/metadata.rb
+++ b/site-cookbooks/kredits-github/metadata.rb
@@ -0,0 +1,11 @@
+name             'kredits-github'
+maintainer       'Kosmos'
+maintainer_email 'mail@kosmos.org'
+license          'MIT'
+description      'Installs/Configures kredits-github'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          '0.1.0'
+
+depends 'application_javascript'
+depends 'kosmos-nodejs'
+depends 'kosmos-nginx'
--- a/site-cookbooks/kredits-github/recipes/default.rb
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -0,0 +1,95 @@
+#
+# Cookbook Name:: kredits-github
+# Recipe:: default
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe 'kosmos-nodejs'
+
+app_name     = "kredits-github"
+deploy_user  = "deploy"
+deploy_group = "deploy"
+credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+group deploy_group
+
+user deploy_user do
+  group       deploy_group
+  manage_home true
+  shell       "/bin/bash"
+  comment     "deploy user"
+end
+
+path_to_deploy = "/opt/#{app_name}"
+application path_to_deploy do
+  owner deploy_user
+  group deploy_group
+
+  git do
+    user  deploy_user
+    group deploy_group
+    repository "https://github.com/67P/#{app_name}.git"
+    revision   node[app_name]['revision']
+  end
+
+  npm_install do
+    user deploy_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  file "#{path_to_deploy}/github_app_key.pem" do
+    content credentials['private_key']
+    owner deploy_user
+    group deploy_group
+    mode '0440'
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0640'
+    variables(
+      user: deploy_user,
+      group: deploy_group,
+      app_dir: path_to_deploy,
+      entry: "/usr/bin/node /usr/bin/npm start",
+      environment: {
+        'LOG_LEVEL'        => "info",
+        'APP_ID'           => credentials['app_id'],
+        'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
+        'WEBHOOK_SECRET'   => credentials['webhook_secret'],
+      }
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
--- a/site-cookbooks/kredits-github/recipes/nginx.rb
+++ b/site-cookbooks/kredits-github/recipes/nginx.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook Name:: kredits-github
+# Recipe:: nginx
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe 'kosmos-nginx'
+server_name = node['kredits-github']['domain']
+
+template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
+  source 'nginx_conf.erb'
+  owner 'www-data'
+  mode 0640
+  variables app_name:    "kredits-github",
+            nodejs_port: node['kredits-github']['port'],
+            server_name: server_name,
+            ssl_cert:    "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{server_name}/privkey.pem"
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site server_name do
+  action :enable
+end
+
+nginx_certbot_site server_name unless node.chef_environment == "development"
--- a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
+++ b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
@@ -0,0 +1,26 @@
+# Generated by Chef
+upstream _<%= @app_name %> {
+  server   localhost:<%= @nodejs_port %>;
+}
+
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+server {
+  listen 443 ssl http2;
+  server_name <%= @server_name %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
+
+  gzip on;
+
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  location / {
+    proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
+    proxy_pass http://_<%= @app_name %>;
+  }
+
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+}
+<% end -%>
--- a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
+++ b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
@@ -0,0 +1,15 @@
+[Unit]
+Description=Start nodejs app
+
+[Service]
+ExecStart=<%= @entry %>
+WorkingDirectory=<%= @app_dir %>
+User=<%= @user %>
+Group=<%= @group %>
+<% unless @environment.empty? -%>
+Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
+<% end -%>
+Restart=always
+
+[Install]
+WantedBy=multi-user.target