From e03ab8a06583f372743c1b062a0ff98c85293fd1 Mon Sep 17 00:00:00 2001
From: Nico Vermaas <vermaas@astron.nl>
Date: Fri, 12 Feb 2021 07:36:23 +0100
Subject: [PATCH] CI/CD pipeline for production (sdc.astron.nl)

---
 .gitlab-ci.yml                                | 29 ++++++++++++++++---
 atdb/atdb/settings/dev.py                     | 24 ---------------
 .../docker/docker-compose-atdb-ldv-acc-cd.yml |  2 ++
 atdb/docker/docker-compose-atdb-ldv-acc.yml   |  2 ++
 atdb/docker/docker-compose-dev.yml            |  2 +-
 atdb/docker/docker-compose-production-cd.yml  |  2 ++
 atdb/docker/docker-compose-production.yml     |  2 ++
 .../templates/taskdatabase/index.html         |  2 +-
 8 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6a86ff7f..2f8768d3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,6 +16,7 @@ docker-build-master:
   only:
     - master
     - acceptance
+    - release
 
 docker-build-branch:
   # Official docker image.
@@ -30,10 +31,10 @@ docker-build-branch:
     - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
   except:
     - master
+    - acceptance
+    - release
 
-# this deploys the 'esap-gateway-query' branch (a dev/test branch) as 'vermaas'
-# by running /docker_compose/esap-api-gateway/docker-compose-query-cd.yml
-
+# deploy test/dev version on 'sdc-dev.astron.nl'
 docker-deploy-master:
   image: docker:latest
   stage: deploy
@@ -52,6 +53,7 @@ docker-deploy-master:
   only:
     - master
 
+# deploy acceptance version on 'dop457.astron.nl'
 docker-deploy-acceptance:
   image: docker:latest
   stage: deploy
@@ -68,4 +70,23 @@ docker-deploy-acceptance:
     - ssh -o StrictHostKeyChecking=no vermaas@dop457.astron.nl "docker-compose -p atdb -f /data/docker_compose/docker-compose-atdb-ldv-acc-cd.yml up -d"
   when: manual
   only:
-    - acceptance
\ No newline at end of file
+    - acceptance
+
+# deploy release version on 'sdc.astron.nl'
+docker-deploy-release:
+  image: docker:latest
+  stage: deploy
+  before_script:
+    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan dop821.astron.nl >> ~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+  script:
+    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker pull "$CI_REGISTRY_IMAGE""
+    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker-compose -p atdb -f /opt/dockercompose/docker-compose-production-cd.yml up -d"
+  when: manual
+  only:
+    - release
\ No newline at end of file
diff --git a/atdb/atdb/settings/dev.py b/atdb/atdb/settings/dev.py
index 369ee4e0..d6a1a212 100644
--- a/atdb/atdb/settings/dev.py
+++ b/atdb/atdb/settings/dev.py
@@ -7,30 +7,6 @@ DEBUG = True
 ALLOWED_HOSTS = ["*"]
 CORS_ORIGIN_ALLOW_ALL = True
 
-#####################################################
-# These settings mainly deal with https.
-# See http://django-secure.readthedocs.io/en/latest/middleware.html
-# Check the warning and instructions with:
-# (.env) atdb@/var/.../atdb ./manage.py check --deploy --settings=atdb.settings.prod
-#####################################################
-# Assume SSL is correctly set up.
-SSL_ENABLED = False
-if SSL_ENABLED:
-    # True: Django now checks that cookies are ONLY sent over SSL.
-    # https://docs.djangoproject.com/en/1.11/ref/settings/#session-cookie-secure
-    SESSION_COOKIE_SECURE = True
-    # True: Django now checks that csrf tokens are ONLY sent over SSL.
-    # https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-cookie-secure
-    CSRF_COOKIE_SECURE = True
-    # True: Always redirect requests back to https (currently ignored as Nginx should enforces https).
-    #       Alternatively, enable and add set SECURE_PROXY_SSL_HEADER.
-    SECURE_SSL_REDIRECT = False
-    # Setting this to a non-zero value, will default the client UA always to connect over https.
-    # Unclear how or if this possibly affects other *.astron.nl domains. Especially, if these do
-    # not support https whether this option then breaks those http-only locations.
-    # SECURE_HSTS_SECONDS = 31536000
-
-
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
diff --git a/atdb/docker/docker-compose-atdb-ldv-acc-cd.yml b/atdb/docker/docker-compose-atdb-ldv-acc-cd.yml
index cf7b6f23..558f75bd 100644
--- a/atdb/docker/docker-compose-atdb-ldv-acc-cd.yml
+++ b/atdb/docker/docker-compose-atdb-ldv-acc-cd.yml
@@ -29,4 +29,6 @@ services:
 
     depends_on:
       - atdb-ldv-db
+    env_file:
+      - /data/shared/atdb_ldv.env
     restart: always
diff --git a/atdb/docker/docker-compose-atdb-ldv-acc.yml b/atdb/docker/docker-compose-atdb-ldv-acc.yml
index 966e3edc..8616a8f3 100644
--- a/atdb/docker/docker-compose-atdb-ldv-acc.yml
+++ b/atdb/docker/docker-compose-atdb-ldv-acc.yml
@@ -34,4 +34,6 @@ services:
 
     depends_on:
       - atdb-ldv-db
+    env_file:
+      - /data/shared/atdb_ldv.env
     restart: always
diff --git a/atdb/docker/docker-compose-dev.yml b/atdb/docker/docker-compose-dev.yml
index 2fe0b551..062526b4 100644
--- a/atdb/docker/docker-compose-dev.yml
+++ b/atdb/docker/docker-compose-dev.yml
@@ -43,5 +43,5 @@ services:
     depends_on:
       - atdb-ldv-db
     env_file:
-    - $HOME/shared/atdb_ldv.env
+      - $HOME/shared/atdb_ldv.env
     restart: always
diff --git a/atdb/docker/docker-compose-production-cd.yml b/atdb/docker/docker-compose-production-cd.yml
index 633eade5..f11feaa8 100644
--- a/atdb/docker/docker-compose-production-cd.yml
+++ b/atdb/docker/docker-compose-production-cd.yml
@@ -23,4 +23,6 @@ services:
       - "traefik.http.routers.atdb-backend.service=atdb-backend"
       - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
       - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+    env_file:
+      - $HOME/shared/atdb_ldv.env
     restart: always
diff --git a/atdb/docker/docker-compose-production.yml b/atdb/docker/docker-compose-production.yml
index 5ce8c762..518feaa2 100644
--- a/atdb/docker/docker-compose-production.yml
+++ b/atdb/docker/docker-compose-production.yml
@@ -22,4 +22,6 @@ services:
       - "traefik.http.routers.atdb-backend.service=atdb-backend"
       - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
       - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+    env_file:
+      - $HOME/shared/atdb_ldv.env
     restart: always
diff --git a/atdb/taskdatabase/templates/taskdatabase/index.html b/atdb/taskdatabase/templates/taskdatabase/index.html
index bb7e0987..65657c24 100644
--- a/atdb/taskdatabase/templates/taskdatabase/index.html
+++ b/atdb/taskdatabase/templates/taskdatabase/index.html
@@ -44,7 +44,7 @@
     </div>
     {% include 'taskdatabase/pagination.html' %}
 </div>
-    <p class="footer"> Version 1.0.0 (11 feb 2021 - 14:00)
+    <p class="footer"> Version 1.0.0 (11 feb 2021 - 16:15)
     <script type="text/javascript">
         (function(seconds) {
             var refresh,
-- 
GitLab