diff --git a/.env.example b/.env.example index dc718a4..1fb634d 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,4 @@ -KC_REALM_URL= +AUTH_REALM_URL= ELASTICSEARCH_PROTOCOL= ELASTICSEARCH_HOST= @@ -29,9 +29,9 @@ MAIN_MINIO_ACCESS_KEY= MAIN_MINIO_SECRET_KEY= MAIN_MINIO_BUCKET= -BACKUP_MINIO_USE_SSL= -BACKUP_MINIO_HOST= -BACKUP_MINIO_PORT= -BACKUP_MINIO_ACCESS_KEY= -BACKUP_MINIO_SECRET_KEY= +MAIN_MINIO_USE_SSL= +MAIN_MINIO_HOST= +MAIN_MINIO_PORT= +MAIN_MINIO_ACCESS_KEY= +MAIN_MINIO_SECRET_KEY= BACKUP_MINIO_BUCKET= diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..ddfd391 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,105 @@ +name: release +run-name: release ${{ github.actor }} +on: + push: + tags: + - "version-[0-9]+.[0-9]+.[0-9]+" + workflow_dispatch: +env: + REGISTRY: docker.frappet.com + IMAGE_NAME: ehr/bma-ehr-log-backup + DEPLOY_HOST: frappet.com + COMPOSE_PATH: /home/frappet/docker/bma/bma-ehr-log-backup + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # skip Set up QEMU because it fail on act and container + # Gen Version try to get version from tag or inut + - name: Set output tags + id: vars + run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT + - name: Gen Version + id: gen_ver + run: | + if [[ $GITHUB_REF == 'refs/tags/'* ]]; then + IMAGE_VER=${{ steps.vars.outputs.tag }} + else + IMAGE_VER=${{ github.event.inputs.IMAGE_VER }} + fi + if [[ $IMAGE_VER == '' ]]; then + IMAGE_VER='test-vBeta' + fi + echo '::set-output name=image_ver::'$IMAGE_VER + - name: Check Version + run: | + echo $GITHUB_REF + echo ${{ steps.gen_ver.outputs.image_ver }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login in to registry + uses: docker/login-action@v2 + with: + registry: ${{env.REGISTRY}} + username: ${{secrets.DOCKER_USER}} + password: ${{secrets.DOCKER_PASS}} + - name: Build and push docker image + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + file: docker/Dockerfile + push: true + tags: ${{env.REGISTRY}}/${{env.IMAGE_NAME}}:${{ steps.gen_ver.outputs.image_ver }},${{env.REGISTRY}}/${{env.IMAGE_NAME}}:latest + # - name: Remote Deployment + # uses: appleboy/ssh-action@v0.1.8 + # with: + # host: ${{env.DEPLOY_HOST}} + # username: frappet + # password: ${{ secrets.SSH_PASSWORD }} + # port: 10102 + # script: | + # cd "${{env.COMPOSE_PATH}}" + # docker compose pull + # docker compose up -d + # echo "${{ steps.gen_ver.outputs.image_ver }}"> success + - name: Notify Discord Success + if: success() + run: | + curl -H "Content-Type: application/json" \ + -X POST \ + -d '{ + "embeds": [{ + "title": "✅ Deployment Success!", + "description": "**Details:**\n- Image: `${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Deployed by: `${{github.actor}}`", + "color": 3066993, + "footer": { + "text": "Release Notification", + "icon_url": "https://example.com/success-icon.png" + }, + "timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" + }] + }' \ + ${{ secrets.DISCORD_WEBHOOK }} + + - name: Notify Discord Failure + if: failure() + run: | + curl -H "Content-Type: application/json" \ + -X POST \ + -d '{ + "embeds": [{ + "title": "❌ Deployment Failed!", + "description": "**Details:**\n- Image: `${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Attempted by: `${{github.actor}}`", + "color": 15158332, + "footer": { + "text": "Release Notification", + "icon_url": "https://example.com/failure-icon.png" + }, + "timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" + }] + }' \ + ${{ secrets.DISCORD_WEBHOOK }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index eb51815..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: release -run-name: Release by ${{ github.actor }} -on: - push: - tags: - - "version-[0-9]+.[0-9]+.[0-9]+" - workflow_dispatch: -env: - REGISTRY: docker.frappet.com - IMAGE_NAME: ehr/bma-ehr-log-backup - DEPLOY_HOST: 49.0.91.80 - COMPOSE_PATH: /home/frappet/docker/bma/bma-ehr-log-backup -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set output tags - id: vars - run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT - - name: Gen Version - id: gen_ver - run: | - if [[ $GITHUB_REF == 'refs/tags/'* ]]; then - IMAGE_VER=${{ steps.vars.outputs.tag }} - else - IMAGE_VER=${{ github.event.inputs.IMAGE_VER }} - fi - if [[ $IMAGE_VER == '' ]]; then - IMAGE_VER='test-vBeta' - fi - echo '::set-output name=image_ver::'$IMAGE_VER - - name: Check Version - run: | - echo $GITHUB_REF - echo ${{ steps.gen_ver.outputs.image_ver }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login in to registry - uses: docker/login-action@v2 - with: - registry: ${{env.REGISTRY}} - username: ${{secrets.DOCKER_USER}} - password: ${{secrets.DOCKER_PASS}} - - name: Build and push docker image - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64 - push: true - tags: ${{env.REGISTRY}}/${{env.IMAGE_NAME}}:${{ steps.gen_ver.outputs.image_ver }},${{env.REGISTRY}}/${{env.IMAGE_NAME}}:latest - - name: Remote Deployment - uses: appleboy/ssh-action@v0.1.8 - with: - host: ${{env.DEPLOY_HOST}} - username: frappet - password: ${{ secrets.SSH_PASSWORD }} - port: 10102 - script: | - cd "${{env.COMPOSE_PATH}}" - docker compose pull - docker compose up -d - echo "${{ steps.gen_ver.outputs.image_ver }}"> success - - uses: snow-actions/line-notify@v1.1.0 - if: success() - with: - access_token: ${{ secrets.TOKEN_LINE }} - message: | - ✅ - Image: ${{ env.IMAGE_NAME }} - Version: ${{ steps.gen_ver.outputs.IMAGE_VER }} - By: ${{github.actor}} - - uses: snow-actions/line-notify@v1.1.0 - if: failure() - with: - access_token: ${{ secrets.TOKEN_LINE }} - message: | - ❌ - Image: ${{ env.IMAGE_NAME }} - Version: ${{ steps.gen_ver.outputs.IMAGE_VER }} - By: ${{github.actor}} diff --git a/Dockerfile b/docker/Dockerfile similarity index 94% rename from Dockerfile rename to docker/Dockerfile index 6767e59..e75f5a0 100644 --- a/Dockerfile +++ b/docker/Dockerfile @@ -22,4 +22,4 @@ COPY --from=deps /app/node_modules /app/node_modules COPY --from=build /app/dist /app/dist COPY --from=base /app/static /app/static -CMD ["pnpm", "run", "start"] +CMD ["npm", "run", "start"] diff --git a/src/controllers/backup-controller.ts b/src/controllers/backup-controller.ts index 3b47bf1..552aaf7 100644 --- a/src/controllers/backup-controller.ts +++ b/src/controllers/backup-controller.ts @@ -27,11 +27,6 @@ const MAIN_MINIO_PORT = process.env.MAIN_MINIO_PORT; const MAIN_MINIO_ACCESS_KEY = getEnvVar("MAIN_MINIO_ACCESS_KEY"); const MAIN_MINIO_SECRET_KEY = getEnvVar("MAIN_MINIO_SECRET_KEY"); const MAIN_MINIO_BUCKET = getEnvVar("MAIN_MINIO_BUCKET"); -const BACKUP_MINIO_USE_SSL = getEnvVar("BACKUP_MINIO_USE_SSL"); -const BACKUP_MINIO_HOST = getEnvVar("BACKUP_MINIO_HOST"); -const BACKUP_MINIO_PORT = process.env.BACKUP_MINIO_PORT; -const BACKUP_MINIO_ACCESS_KEY = getEnvVar("BACKUP_MINIO_ACCESS_KEY"); -const BACKUP_MINIO_SECRET_KEY = getEnvVar("BACKUP_MINIO_SECRET_KEY"); const BACKUP_MINIO_BUCKET = getEnvVar("BACKUP_MINIO_BUCKET"); function jsonParseOrPlainText(str: string) { @@ -56,9 +51,9 @@ export class BackupController extends Controller { "Content-Type": "application/json", }, body: JSON.stringify({ - s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_backup_access: BACKUP_MINIO_ACCESS_KEY, - s3_backup_secret: BACKUP_MINIO_SECRET_KEY, + s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_backup_access: MAIN_MINIO_ACCESS_KEY, + s3_backup_secret: MAIN_MINIO_SECRET_KEY, s3_backup_bucket: BACKUP_MINIO_BUCKET, }), }, @@ -142,14 +137,14 @@ export class BackupController extends Controller { s3_source_access: MAIN_MINIO_ACCESS_KEY, s3_source_secret: MAIN_MINIO_SECRET_KEY, s3_source_bucket: MAIN_MINIO_BUCKET, - s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_dest_access: BACKUP_MINIO_ACCESS_KEY, - s3_dest_secret: BACKUP_MINIO_SECRET_KEY, + s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_dest_access: MAIN_MINIO_ACCESS_KEY, + s3_dest_secret: MAIN_MINIO_SECRET_KEY, }, database: { - s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_access: BACKUP_MINIO_ACCESS_KEY, - s3_secret: BACKUP_MINIO_SECRET_KEY, + s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_access: MAIN_MINIO_ACCESS_KEY, + s3_secret: MAIN_MINIO_SECRET_KEY, s3_bucket: BACKUP_MINIO_BUCKET, db_host: DB_HOST, db_port: DB_PORT, @@ -185,14 +180,14 @@ export class BackupController extends Controller { s3_restore_access: MAIN_MINIO_ACCESS_KEY, s3_restore_secret: MAIN_MINIO_SECRET_KEY, s3_restore_bucket: MAIN_MINIO_BUCKET, - s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_backup_access: BACKUP_MINIO_ACCESS_KEY, - s3_backup_secret: BACKUP_MINIO_SECRET_KEY, + s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_backup_access: MAIN_MINIO_ACCESS_KEY, + s3_backup_secret: MAIN_MINIO_SECRET_KEY, }, database: { - s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_access: BACKUP_MINIO_ACCESS_KEY, - s3_secret: BACKUP_MINIO_SECRET_KEY, + s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_access: MAIN_MINIO_ACCESS_KEY, + s3_secret: MAIN_MINIO_SECRET_KEY, s3_bucket: BACKUP_MINIO_BUCKET, db_host: DB_HOST, db_port: DB_PORT, @@ -216,9 +211,9 @@ export class BackupController extends Controller { }, body: JSON.stringify({ backup_name: body.name, - s3_backup_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_backup_access: BACKUP_MINIO_ACCESS_KEY, - s3_backup_secret: BACKUP_MINIO_SECRET_KEY, + s3_backup_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_backup_access: MAIN_MINIO_ACCESS_KEY, + s3_backup_secret: MAIN_MINIO_SECRET_KEY, s3_backup_bucket: BACKUP_MINIO_BUCKET, }), }, @@ -285,14 +280,14 @@ export class BackupController extends Controller { s3_source_access: MAIN_MINIO_ACCESS_KEY, s3_source_secret: MAIN_MINIO_SECRET_KEY, s3_source_bucket: MAIN_MINIO_BUCKET, - s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_dest_access: BACKUP_MINIO_ACCESS_KEY, - s3_dest_secret: BACKUP_MINIO_SECRET_KEY, + s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_dest_access: MAIN_MINIO_ACCESS_KEY, + s3_dest_secret: MAIN_MINIO_SECRET_KEY, }, database: { - s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_access: BACKUP_MINIO_ACCESS_KEY, - s3_secret: BACKUP_MINIO_SECRET_KEY, + s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_access: MAIN_MINIO_ACCESS_KEY, + s3_secret: MAIN_MINIO_SECRET_KEY, s3_bucket: BACKUP_MINIO_BUCKET, db_host: DB_HOST, db_port: DB_PORT, @@ -336,14 +331,14 @@ export class BackupController extends Controller { s3_source_access: MAIN_MINIO_ACCESS_KEY, s3_source_secret: MAIN_MINIO_SECRET_KEY, s3_source_bucket: MAIN_MINIO_BUCKET, - s3_dest_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_dest_access: BACKUP_MINIO_ACCESS_KEY, - s3_dest_secret: BACKUP_MINIO_SECRET_KEY, + s3_dest_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_dest_access: MAIN_MINIO_ACCESS_KEY, + s3_dest_secret: MAIN_MINIO_SECRET_KEY, }, database: { - s3_endpoint: `${BACKUP_MINIO_USE_SSL === "true" ? "https://" : "http://"}${BACKUP_MINIO_HOST}${(BACKUP_MINIO_PORT && ":" + BACKUP_MINIO_PORT) || ""}`, - s3_access: BACKUP_MINIO_ACCESS_KEY, - s3_secret: BACKUP_MINIO_SECRET_KEY, + s3_endpoint: `${MAIN_MINIO_USE_SSL === "true" ? "https://" : "http://"}${MAIN_MINIO_HOST}${(MAIN_MINIO_PORT && ":" + MAIN_MINIO_PORT) || ""}`, + s3_access: MAIN_MINIO_ACCESS_KEY, + s3_secret: MAIN_MINIO_SECRET_KEY, s3_bucket: BACKUP_MINIO_BUCKET, db_host: DB_HOST, db_port: DB_PORT, diff --git a/src/middlewares/auth-provider/keycloak.ts b/src/middlewares/auth-provider/keycloak.ts index cd4ddef..6bf7597 100644 --- a/src/middlewares/auth-provider/keycloak.ts +++ b/src/middlewares/auth-provider/keycloak.ts @@ -4,12 +4,12 @@ import { createDecoder, createVerifier } from "fast-jwt"; import HttpError from "../../interfaces/http-error"; import HttpStatus from "../../interfaces/http-status"; -if (!process.env.KC_PUBLIC_KEY && !process.env.KC_REALM_URL) { - throw new Error("Require keycloak KC_PUBLIC_KEY or KC_REALM_URL."); +if (!process.env.KC_PUBLIC_KEY && !process.env.AUTH_REALM_URL) { + throw new Error("Require keycloak KC_PUBLIC_KEY or AUTH_REALM_URL."); } -if (process.env.KC_PUBLIC_KEY && process.env.KC_REALM_URL && !process.env.KC_PREFERRED_MODE) { +if (process.env.KC_PUBLIC_KEY && process.env.AUTH_REALM_URL && !process.env.KC_PREFERRED_MODE) { throw new Error( - "AUTH_PREFERRED must be specified if KC_PUBLIC_KEY and KC_REALM_URL is provided.", + "AUTH_PREFERRED must be specified if KC_PUBLIC_KEY and AUTH_REALM_URL is provided.", ); } @@ -44,7 +44,7 @@ export async function keycloakAuth(request: Express.Request) { payload = await verifyOffline(token); break; default: - if (process.env.KC_REALM_URL) payload = await verifyOnline(token); + if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token); if (process.env.KC_PUBLIC_KEY) payload = await verifyOffline(token); break; } @@ -61,7 +61,7 @@ async function verifyOffline(token: string) { } async function verifyOnline(token: string) { - const res = await fetch(`${process.env.KC_REALM_URL}/protocol/openid-connect/userinfo`, { + const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, { headers: { authorization: `Bearer ${token}` }, }).catch((e) => console.error(e));