Merge branch 'main' of https://github.com/usegalaxy-au/galaxy-labs-en…

…gine

.env.sample

@@ -37,3 +37,6 @@ GITHUB_API_TOKEN=
 # Must be one of DEBUG, INFO, WARNING, ERROR, CRITICAL
 LOG_LEVEL_CONSOLE=INFO
 LOG_LEVEL_CACHE=INFO
+
+# Optional, DNS for Sentry error tracking
+SENTRY_DNS=

.github/workflows/ansible-deploy.yml

@@ -1,24 +1,27 @@
-name: Deploy to prod server with Ansible playbook
+name: Deploy with Ansible playbook
 
 on:
   workflow_run:
-    workflows: ["Django tests"]
+    workflows: ["Build and Push Docker Image"]
     types:
       - completed
     branches:
+      - dev
       - main
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
     environment: deployment
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    concurrency:
+      group: deploy-group
+      cancel-in-progress: true
 
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v2
         with:
-          ref: main
+          ref: ${{ github.ref }}
 
       - name: Set up Python
         uses: actions/setup-python@v2
@@ -30,19 +33,23 @@ jobs:
           python -m pip install --upgrade pip
           pip install ansible
 
-      - name: install ssh keys
-        # check this thread to understand why install is needed:
-        # https://stackoverflow.com/a/70447517
+      - name: Install ssh keys
+        # For reference: https://stackoverflow.com/a/70447517
         run: |
-          install -m 600 -D /dev/null ~/.ssh/id_rsa
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
-          ssh-keyscan -H ${{ secrets.SSH_HOST_DEV }} > ~/.ssh/known_hosts
+          install -m 600 -D /dev/null ~/.ssh/galaxy
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/galaxy
+          echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
 
       - name: Run Ansible Playbook
         run: |
+          if [ $GITHUB_REF == "refs/heads/dev" ]; then
+            PLAYBOOK=dev.yml
+          else
+            PLAYBOOK=prod.yml
+          fi
           cd ansible
-          ansible-playbook -i hosts prod.yml
+          ansible-playbook -i hosts $PLAYBOOK --tags update
         env:
           ANSIBLE_HOST_KEY_CHECKING: 'False'
           ANSIBLE_REMOTE_USER: ${{ secrets.SSH_USER }}
-          ANSIBLE_PRIVATE_KEY_FILE: ~/.ssh/id_rsa
+          ANSIBLE_PRIVATE_KEY_FILE: ~/.ssh/galaxy

.github/workflows/docker-build.yml

@@ -0,0 +1,53 @@
+name: Build and Push Docker Image
+
+on:
+  workflow_run:
+    workflows: ["Django tests"]
+    types:
+      - completed
+    branches:
+      - dev
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    environment: build
+    concurrency:
+      group: deploy-group
+      cancel-in-progress: true
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Check if Dockerfile or requirements.txt was changed
+        id: check_dependencies
+        run: |
+          if git diff --name-only HEAD^ HEAD | grep -q -e 'Dockerfile' -e 'requirements.txt'; then
+            echo "Dockerfile or requirements.txt changed"
+            echo "::set-output name=updated::true"
+          else
+            echo "Dockerfile or requirements.txt not changed"
+            echo "::set-output name=updated::false"
+          fi
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        if: steps.check_dependencies.outputs.updated == 'true'
+
+      - name: Log in to DockerHub
+        uses: docker/login-action@v2
+        if: steps.check_dependencies.outputs.updated == 'true'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build Docker image
+        if: steps.check_dependencies.outputs.updated == 'true'
+        run: docker build -t ${{ secrets.DOCKER_IMAGE }}:latest .
+
+      - name: Push Docker image
+        if: steps.check_dependencies.outputs.updated == 'true'
+        run: docker push ${{ secrets.DOCKER_IMAGE }}:latest

.gitignore

@@ -1,5 +1,7 @@
 # Project paths
 *.sqlite3
+app/app/static/
+app/app/media/
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

Dockerfile

@@ -1,7 +1,6 @@
 FROM python:3.12
 
 RUN apt-get update
-
 WORKDIR /srv/labs-engine/app
 COPY requirements.txt /tmp/requirements.txt
 RUN pip install -r /tmp/requirements.txt

ansible/.gitignore

@@ -1,2 +0,0 @@
-roles/*
-!roles/galaxy_labs_engine

ansible/dev.yml

@@ -9,4 +9,7 @@
   roles:
     - role: geerlingguy.docker
       tags: init
-    - galaxy_labs_engine
+    - role: bashrc
+      tags: init
+    - role: galaxy_labs_engine
+      tags: always

ansible/group_vars/VAULT

@@ -1,26 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-37306236316466396235383061353136313639643635653962383239396264333765666335326166
-3633653430393364313133653365333063323563363035330a356432633761376633363666613365
-66396336626533393238303033643461313664616663646361376230353665383230613565633031
-3063633764366534640a356535373261343633363766616530623335323831326136346566323738
-64383936666262323731653761333135646435303265393065303163613664656438396630373533
-39616231393464316564343065366434373361623264306335626338363139333030663033396233
-30306137303362633739363038613164643333386163633839303235663565353363313765303334
-30306235323062336661643161633062666166303335343032323235396132613062333339393136
-62343736386337333634613434653136616135346161323432383966666665333763363332313136
-64386637663465626465633162303663373935636431396463663165623332313332616432643064
-31653164363761626364633539366638636332383066336131363430326266643461333165373431
-62396566333561373631613531613266346634376234623765383430303832666235363633326665
-37326630663837623235363264633162316539393466353236396539643334363132353937613032
-61346262373033323030643266616137323664633362366564616562633733653735616436323439
-34346231353530306239313966656337656266666438356465323934643338636334396230376562
-36306232373565346536353961336162343334383662323330393866663939326565303163323732
-64303266303862656235316339336465343164373661343333353864396639353637623866343664
-37636239386634616565323739643266383133636230663130356135643131306362323761336136
-33303237306565636238643738333961303262393938653437663866396437393934633539316131
-31626430313365343264656266303835666262666239616337363031356237633662356362393165
-35663264623434396330653438323464396662613737343132393364383430666161313632393238
-35333463633232346134343565313635356338373832626534353466353236343438383666653865
-66636639303232633066316333373637336662636139376337663161393631643534373936663038
-36666134373536613232373932366539333665393765633838346338653733353531633933643930
-36626136613565346538376164316338316630356164346433626539626463623637
+64613732623430643166386634356665303935643435333062663264313661663131303763323933
+3864353665373239646263663938383862373362343362350a393237363264643861396136356334
+38326165656236623161613961306534666333663663353230356634353365343830343630383731
+6337666631656461310a313435616639386330393630346435613131376632303234613639636631
+33633331613239623664343932313638343732653037303532666538653332386634393364663130
+37663931633264643565356165626635373864303433346536363435343664373161303630333434
+30376434623434353162323337643331383730613138353966356433303537343564313934613335
+64333265336433656461653064653163303339303566666537383462666235323438643661343930
+39306239633937613834646638666535616331663030373837383166613265373533356136396466
+64366130346336326537323661393231353562383138643732316232303864353932346134396265
+64353531626663316537336561633964393331363239326266316138663832363166393064303264
+36353866376235353666623936666237616161663165316266323431323762643064613765316330
+62643465313766656131313761373633373137353036393961643034363861393262343237336561
+36333437313836383063396164376465313462326537326437383366376366353661636362323134
+36303234636433623861376561376432323964663961313661333038616166623837383639373233
+39633334353664386132336133383838353366396362383834323361333333316466646130386361
+39653961333565646532383432396135316334363831663237383931386335323335323534313636
+39313331333135656630653834303263363138393262383132356233633338336262313032653838
+38653666653366356235363661316535316661663434646262636462396531343165663038343137
+33623361383363663038323834306139616138383363386138373361323132316366363430313736
+62656463316130643537633835613563353539376161653862613761636333646636643837353662
+35333632656431663364353431663134666262363030616335343236363833616436313463353036
+32656564363232363438626463666664343839393831366463663566313039303262653565643666
+39333034303838306338353064373335303732323962663035396664343634336231616137306330
+65623962623161346562633534393738396335656466613566643737353965636665303232623731
+36383136656232623961643731656236376335636135383336343839613131396462363464653633
+35393366376438353137636134613435636631336335383135636633663535313531646330643330
+32383936323463396561653533613066363361333133666336393734646261323765653039326538
+32653263356262363130393034656436656235326131336264353061346263616532

ansible/group_vars/webservers.yml

@@ -69,3 +69,5 @@ github_api_token: "{{ vault_github_api_token }}"
 django_log_levels:
   console: INFO
   cache: DEBUG
+
+django_sentry_dns: "{{ vault_sentry_dns }}"

ansible/host_vars/dev-labs.gvl.org.au.yml

@@ -1 +1 @@
-git_branch: dev
+labs_engine_branch: dev

ansible/host_vars/labs.usegalaxy.org.au.yml

@@ -1 +1 @@
-git_branch: main
+labs_engine_branch: main

ansible/hosts

@@ -3,4 +3,3 @@ labs.usegalaxy.org.au  ansible_connection=ssh  ansible_user=ubuntu ansible_ssh_p
 
 [dev_webservers]
 dev-labs.gvl.org.au  ansible_connection=ssh  ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/galaxy
-#labs.neoformit.com  ansible_connection=ssh  ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/qfab

ansible/prod.yml

@@ -9,4 +9,7 @@
   roles:
     - role: geerlingguy.docker
       tags: init
-    - galaxy_labs_engine
+    - role: bashrc
+      tags: init
+    - role: galaxy_labs_engine
+      tags: always

ansible/roles/bashrc/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Add user .bash_aliases
+  ansible.builtin.copy:
+    content: |
+      alias sk='nano ~/.bash_aliases && . ~/.bash_aliases && echo "Sourced new .bash_aliases"'
+      alias l='ls -lh --group-directories-first'
+      alias la='ls -lhXa --group-directories-first'
+      alias c='clear'
+      alias ..='cd ..'
+      alias ...='cd ../..'
+      alias ....='cd ../../..'
+      alias path='echo $PATH | sed "s/:/\n/g"'
+      alias greps='ps aux | grep -v "grep" | grep'
+    dest: /home/{{ ansible_user }}/.bash_aliases

ansible/roles/galaxy_labs_engine/defaults/main.yml

@@ -1,12 +1,13 @@
 ---
-git_branch: main
+
+labs_engine_repo: https://github.com/usegalaxy-au/galaxy-labs-engine.git
+labs_engine_branch: main
+labs_engine_docker_image: neoformit/galaxy-labs-engine:latest
 
 project_root: /home/ubuntu/labs-engine
 config_root: /home/ubuntu/config
 django_root: "{{ project_root }}/app"
 
-labs_engine_docker_image: neoformit/galaxy-labs-engine:latest
-
 labs_engine:
   templates:
     - src: "{{ role_path }}/templates/docker-compose.yml.j2"
@@ -38,3 +39,6 @@ admin_user: null
 django_log_levels:
   console: INFO
   cache: INFO
+
+# Set this to enable logging to sentry
+django_sentry_dns: null

ansible/roles/galaxy_labs_engine/tasks/main.yml

@@ -4,13 +4,20 @@
   ansible.builtin.apt:
     update_cache: yes
 
+- name: Docker pull labs-engine image
+  ansible.builtin.docker_image:
+    name: "{{ labs_engine_docker_image }}"
+    source: pull
+  tags: update
+
 - name: clone git repository for galaxy-labs-engine
   ansible.builtin.git:
-    repo: https://github.com/neoformit/galaxy-labs-engine.git
-    version: "{{ git_branch }}"
+    repo: "{{ labs_engine_repo }}"
+    version: "{{ labs_engine_branch }}"
     dest: "{{ project_root }}"
     clone: yes
     force: yes
+    update: yes
   tags: always
   register: git
 
@@ -50,34 +57,32 @@
   loop: "{{ labs_engine.files }}"
   tags: config
 
-- name: update media file ownership
+- name: Set media file ownership
   file: dest={{ django_root }}/app/media owner=www-data group=www-data mode=u=rwX,g=rwX,o=rwX recurse=yes
   tags:
     - permissions
     - update
 
-- name: update log file ownership
+- name: Set log file ownership
   file: dest={{ django_root }}/app/logs owner=www-data group=www-data mode=u=rwX,g=rwX,o=rwX recurse=yes
   tags:
     - permissions
     - update
 
-- name: update sqlite3 database ownership
+- name: Update sqlite3 database ownership
   file: dest={{ django_root }}/db.sqlite3 owner=www-data group=www-data mode=u=rw,g=rw,o=r
   tags:
     - permissions
-    - update
   ignore_errors: yes
 
-- name: update sqlite3 database directory permissions
+- name: Update sqlite3 database directory permissions
   file:
     dest: "{{ django_root }}"
     owner: root
     group: www-data
     mode: u=rwx,g=rwx,o=rx
   tags:
     - permissions
-    - update
 
 - name: Django create django_cache table with 'manage.py createcachetable'
   shell: >

ansible/roles/galaxy_labs_engine/templates/.env.j2

@@ -20,3 +20,7 @@ GITHUB_API_TOKEN={{ github_api_token }}
 # Must be one of DEBUG, INFO, WARNING, ERROR, CRITICAL
 LOG_LEVEL_CONSOLE={{ django_log_levels.console|upper }}
 LOG_LEVEL_CACHE={{ django_log_levels.cache|upper }}
+
+{% if django_sentry_dns %}
+SENTRY_DNS={{ django_sentry_dns }}
+{% endif %}