Merge pull request #2381 from betagouv/feat/cms

Feat: cms
betagouv · Jan 24, 2024 · 08dddbd · 08dddbd
2 parents 630440a + 92c1738
commit 08dddbd
Show file tree

Hide file tree

Showing 66 changed files with 18,073 additions and 73 deletions.
diff --git a/.github/workflows/base-build-push-docker.yml b/.github/workflows/base-build-push-docker.yml
@@ -0,0 +1,97 @@
+name: Base build push docker
+
+on:
+  workflow_call:
+    inputs:
+      name:
+        required: true
+        type: string
+      context:
+        required: true
+        type: string
+        default: .
+      tag:
+        required: true
+        type: string
+      dockerfile:
+        required: true
+        type: string
+
+    secrets:
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_PASSWORD:
+        required: true
+
+jobs:
+  build:
+    name: Build ${{ inputs.name }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Build ${{ inputs.name }} image for test
+        id: docker_test
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
+          load: true
+          push: false
+          tags: betagouvpdc/${{ inputs.name }}:${{ inputs.tag }}
+          labels: |
+            org.opencontainers.image.title=${{ inputs.name }} Image
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.created=${{ steps.buildx.outputs.start }}
+            org.opencontainers.image.version=${{ inputs.tag }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: betagouvpdc/${{ inputs.name }}:${{ inputs.tag }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        continue-on-error: true
+        with:
+          sarif_file: 'trivy-results.sarif'
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Build and push ${{ inputs.name }}
+        id: docker_build
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
+          push: true
+          tags: betagouvpdc/${{ inputs.name }}:${{ inputs.tag }}
+          labels: |
+            org.opencontainers.image.title=${{ inputs.name }} Image
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.created=${{ steps.buildx.outputs.start }}
+            org.opencontainers.image.version=${{ inputs.tag }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+      - run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/.github/workflows/deploy-backends.yml b/.github/workflows/deploy-backends.yml
@@ -14,81 +14,24 @@ env:
 
 jobs:
   build:
-    name: Build ${{ matrix.image_name }}
-    runs-on: ubuntu-latest
+    name: Build ${{ matrix.name }}
+    uses: ./.github/workflows/base-build-push-docker.yml
+    with:
+      name: ${{ matrix.name }}
+      context: .
+      tag: ${{ env.tag }}
+      dockerfile: ${{ matrix.dockerfile }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
     strategy:
       matrix:
-        image:
-          - { name: 'api', dockerfile: './docker/api/prod/Dockerfile' }
-          - { name: 'data', dockerfile: './docker/python/Dockerfile' }
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Cache Docker layers
-        uses: actions/cache@v3
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-      - name: Build ${{ matrix.image.name }} image for test
-        id: docker_test
-        uses: docker/build-push-action@v4
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: ./
-          file: ${{ matrix.image.dockerfile }}
-          load: true
-          push: false
-          tags: betagouvpdc/${{ matrix.image.name }}:${{ env.tag }}
-          labels: |
-            org.opencontainers.image.title=${{ matrix.image.name }} Image
-            org.opencontainers.image.source=${{ github.event.repository.html_url }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.created=${{ steps.buildx.outputs.start }}
-            org.opencontainers.image.version=${{ env.tag }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: betagouvpdc/${{ matrix.image.name }}:${{ env.tag }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        continue-on-error: true
-        with:
-          sarif_file: 'trivy-results.sarif'
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Build and push ${{ matrix.image.name }}
-        id: docker_build
-        uses: docker/build-push-action@v4
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: .
-          file: ${{ matrix.image.dockerfile }}
-          push: true
-          tags: betagouvpdc/${{ matrix.image.name }}:${{ env.tag }}
-          labels: |
-            org.opencontainers.image.title=${{ matrix.image.name }} Image
-            org.opencontainers.image.source=${{ github.event.repository.html_url }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.created=${{ steps.buildx.outputs.start }}
-            org.opencontainers.image.version=${{ env.tag }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-      - run: echo ${{ steps.docker_build.outputs.digest }}
+        name: ['api', 'data']
+        include:
+        - name: api
+          dockerfile: './docker/api/prod/Dockerfile'
+        - name: data
+          dockerfile: './docker/python/Dockerfile'
   deploy:
     name: Deploy
     needs: [build]

diff --git a/.github/workflows/deploy-cms.yml b/.github/workflows/deploy-cms.yml
@@ -0,0 +1,58 @@
+name: 'Deploy CMS'
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'cms/**'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    outputs:
+      value: ${{ steps.set_tag.outputs.value }}
+    steps:
+      - id: set_tag
+        run: echo "::set-output name=value::$(date +'%F.%H%M')"
+
+  build:
+    needs: tag
+    name: Build cms
+    uses: ./.github/workflows/base-build-push-docker.yml
+    with:
+      name: cms
+      context: .
+      tag: ${{ needs.tag.outputs.value }}
+      dockerfile: ./docker/cms/prod/Dockerfile 
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+
+  # TODO
+  # deploy:
+  #   name: Deploy
+  #   needs: [tag, build]
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Trigger Workflow
+  #       uses: actions/github-script@v6
+  #       env: 
+  #         TARGET_VERSION: ${{ needs.tag.outputs.value }}
+  #       with:
+  #         github-token: ${{ secrets.GA_PDC_TOKEN }}
+  #         script: |
+  #             github.rest.actions.createWorkflowDispatch({
+  #               owner: context.repo.owner,
+  #               repo: 'preuve-covoiturage-infra',
+  #               workflow_id: 'deploy.yml',
+  #               ref: 'main',
+  #               inputs: {
+  #                 cms_version: process.env.TARGET_VERSION,
+  #               },
+  #             })
diff --git a/cms/.dockerignore b/cms/.dockerignore
@@ -0,0 +1,4 @@
+# .dockerignore
+node_modules
+dist
+.strapi
diff --git a/cms/.editorconfig b/cms/.editorconfig
@@ -0,0 +1,16 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[{package.json,*.yml}]
+indent_style = space
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
diff --git a/cms/.env.example b/cms/.env.example
@@ -0,0 +1,7 @@
+HOST=0.0.0.0
+PORT=1337
+APP_KEYS="toBeModified1,toBeModified2"
+API_TOKEN_SALT=tobemodified
+ADMIN_JWT_SECRET=tobemodified
+TRANSFER_TOKEN_SALT=tobemodified
+JWT_SECRET=tobemodified