Merge branch 'main' of https://github.com/CookieLessOrg/CookieLess

Ge-os · Ge-os · commit 003ce1e4cba9 · 2025-05-18T15:28:44.000+03:00
diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml
@@ -4,27 +4,24 @@ on:
     paths:
       - 'backend/**'
       - '.github/workflows/backend.yml'
-      - 'playbook.yml'
     branches: [main]
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      
-      - name: Setup Ansible
-        uses: ansible/ansible-action@master
+      - name: Checkout code
+        uses: actions/checkout@v4
         with:
-          requirements: ansible-core==2.12
+          fetch-depth: 0
 
-      - name: Run Ansible Playbook
-        uses: ansible/ansible-action@master
+      - name: Deploy via SSH
+        uses: appleboy/ssh-action@v1
         with:
-          playbook: playbook.yml
-          inventory: |
-            [production]
-            ${{ secrets.SERVER_IP }}
-          extra-vars: |
-            MONGO_INITDB_ROOT_USERNAME: ${{ secrets.MONGO_INITDB_ROOT_USERNAME }}
-            MONGO_INITDB_ROOT_PASSWORD: ${{ secrets.MONGO_INITDB_ROOT_PASSWORD }}
+          host: ${{ secrets.SERVER_IP }}
+          username: ${{ secrets.SERVER_USER }}
+          key: ${{ secrets.SERVER_SSH_KEY }}
+          script: |
+            cd /opt/CookieLess/backend
+            git pull origin main
+            ansible-playbook ansible/playbook.yml
diff --git a/backend/ansible/playbook.yml b/backend/ansible/playbook.yml
@@ -1,80 +1,90 @@
 ---
-- name: Configure CookieLess backend
-  hosts: all
+- hosts: localhost
   become: yes
   vars:
-    app_dir: /opt/CookieLess
-    backup_dir: /opt/backups
-    cron_backup: "0 3 * * *"  # Daily at 3 AM
-
+    backup_dir: /opt/CookieLess/backups
+    retention_days: 30
+    docker_compose_version: "2.34.0"
   tasks:
-    # Base system setup
-    - name: Update apt cache
-      apt:
-        update_cache: yes
+    # Check existing installations
+    - name: Check Docker installation
+      command: docker --version
+      register: docker_check
+      changed_when: false
+      ignore_errors: yes
+
+    - name: Check Docker Compose installation
+      stat:
+        path: /usr/local/bin/docker-compose
+      register: docker_compose_check
 
-    # Docker installation
+    # Install Docker only if needed
     - name: Install Docker
       apt:
         name: docker.io
         state: present
+        update_cache: yes
+      when: docker_check is failed
 
+    # Install Docker Compose only if needed
     - name: Install Docker Compose
-      ansible.builtin.get_url:
-        url: https://github.com/docker/compose/releases/download/v2.28.1/docker-compose-linux-x86_64
+      get_url:
+        url: "https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64"
         dest: /usr/local/bin/docker-compose
         mode: '0755'
+      when: not docker_compose_check.stat.exists
 
-    # Application setup
-    - name: Create application directory
-      ansible.builtin.file:
-        path: "{{ app_dir }}"
-        state: directory
-        mode: '0755'
-
-    - name: Synchronize backend code
-      ansible.builtin.synchronize:
-        src: ../backend/
-        dest: "{{ app_dir }}"
-        delete: yes
-
-    - name: Create .env file
-      ansible.builtin.template:
-        src: templates/env.j2
-        dest: "{{ app_dir }}/.env"
-
-    # MongoDB backup setup
+    # Existing backup and deployment tasks
     - name: Create backup directory
-      ansible.builtin.file:
+      file:
         path: "{{ backup_dir }}"
         state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Create MongoDB backup script
+      copy:
+        dest: /opt/CookieLess/backend/mongodb-backup.sh
+        content: |
+          #!/bin/bash
+          docker exec cookieless-mongodb-1 mongodump \
+            --username=${MONGO_INITDB_ROOT_USERNAME} \
+            --password=${MONGO_INITDB_ROOT_PASSWORD} \
+            --authenticationDatabase admin \
+            --archive="{{ backup_dir }}/mongodb-$(date +\%Y-\%m-\%d-\%H-\%M).gz" \
+            --gzip
         mode: '0755'
 
-    - name: Install MongoDB backup cron
-      ansible.builtin.cron:
+    - name: Add daily backup cron job
+      cron:
         name: "MongoDB daily backup"
-        job: "docker exec cookieless-mongodb-1 mongodump --archive={{ backup_dir }}/backup-$(date +\\%F).gz --gzip"
-        cron_file: mongodb_backup
+        minute: "0"
+        hour: "2"
+        job: "/opt/CookieLess/backend/mongodb-backup.sh"
         user: root
-        minute: "{{ cron_backup.split()[0] }}"
-        hour: "{{ cron_backup.split()[1] }}"
 
-    # Security setup
-    - name: Configure UFW firewall
-      ufw:
-        rule: allow
-        port: "{{ item }}"
-        proto: tcp
-      loop:
-        - 7880
-        - 7881
-        - 9333
+    - name: Add backup retention policy
+      cron:
+        name: "Clean old MongoDB backups"
+        minute: "30"
+        hour: "3"
+        job: "find {{ backup_dir }} -name 'mongodb-*.gz' -mtime +{{ retention_days }} -delete"
+        user: root
+
+    - name: Copy backend code
+      copy:
+        src: ../backend
+        dest: /opt/CookieLess
+
+    - name: Create .env file for docker-compose
+      copy:
+        dest: /opt/CookieLess/backend/.env
+        content: |
+          MONGO_INITDB_ROOT_USERNAME={{ lookup('env', 'MONGO_INITDB_ROOT_USERNAME') }}
+          MONGO_INITDB_ROOT_PASSWORD={{ lookup('env', 'MONGO_INITDB_ROOT_PASSWORD') }}
+          MONGO_HOST={{ lookup('env', 'MONGO_HOST') }}
+          MONGO_PORT={{ lookup('env', 'MONGO_PORT') }}
 
-    # Application deployment
     - name: Start containers
-      community.docker.docker_compose:
-        project_src: "{{ app_dir }}"
-        build: yes
-        restart: yes
-        recreate: always
-        remove_orphans: yes
+      command: docker-compose -f /opt/CookieLess/docker-compose.yml up -d
