77 СЕМЬ

.build/config/production.yaml

@@ -0,0 +1,22 @@
+env: "local"
+host: "0.0.0.0"
+port: 8000
+
+broker:
+  notificationsQueueName: "molva-notification"
+
+cache:
+  readOnly: false
+  dialTimeout: 1h
+  poolSize: 10
+  defaultTtl: 1h
+  rootCaFilePath: "/etc/.redis/YandexInternalRootCA.crt"
+
+s3Storage:
+  bucket: "molva-staging" # TODO: change to prod bucket
+  defaultLinkTtl: 1h
+
+database:
+  schema: test_schema # TODO: change to prod schema
+  sslmode: require
+  rootCaFilePath: "/etc/.postgres/YandexInternalRootCA.crt"

.build/config/staging.yaml

@@ -19,4 +19,4 @@ s3Storage:
 database:
   schema: test_schema
   sslmode: require
-  rootCaFilePath: "/etc/.redis/YandexInternalRootCA.crt"
+  rootCaFilePath: "/etc/.postgres/YandexInternalRootCA.crt"

.gitea/workflows/ci.yaml

@@ -70,79 +70,6 @@ jobs:
           SWAGGER_HOST=${HOST} make docs
           CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o main cmd/main.go
 
-  push:
-    name: Push Docker Images
-    runs-on: ubuntu-22.04
-    needs: lint
-    if: ${{ gitea.ref == 'refs/heads/master' || gitea.ref == 'refs/heads/release' }}
-
-    strategy:
-      matrix:
-        project:
-          - api_gateway
-
-    steps:
-      - name: Checkout репозитория
-        uses: actions/checkout@v4
-
-      - name: Extract Git metadata
-        id: git-metadata
-        env:
-          REPO: ${{ github.repository }}
-        run: |
-          GIT_SHA=$(git rev-parse --short HEAD)
-          GIT_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo 'none')
-          TARGET_ENV=${{ github.ref == 'refs/heads/release' && 'staging' || 'production' }}
-
-          echo "GIT_SHA=${GIT_SHA}" >> $GITHUB_OUTPUT
-          echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_OUTPUT
-          echo "TARGET_ENV=${TARGET_ENV}" >> $GITHUB_OUTPUT
-          echo "REPO_NAME=$(echo $REPO | cut -d'/' -f2)" >> $GITHUB_OUTPUT
-
-      - name: Login to Docker Registry
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Extract image metadata
-        id: docker-metadata
-        needs: git-metadata
-        env:
-          REGISTRY: hub.docker.com
-          REPO_NAME: ${{ steps.git-metadata.outputs.REPO_NAME }}
-          TARGET_ENV: ${{ steps.git-metadata.outputs.TARGET_ENV }}
-          GIT_TAG: ${{ steps.git-metadata.outputs.GIT_TAG }}
-          GIT_SHA: ${{ steps.git-metadata.outputs.GIT_SHA }}
-        run: |
-          IMAGE_TAG=$TARGET_ENV-$($GIT_TAG != 'none' && echo $GIT_TAG || echo $GIT_SHA)
-
-          echo "IMAGE_NAME=molvaapp/${{ steps.git-metadata.outputs.REPO_NAME }}" >> $GITHUB_OUTPUT
-          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_OUTPUT
-
-      - name: Build and Push Docker Image
-        needs: docker-metadata
-        env:
-          IMAGE_NAME: ${{ steps.docker-metadata.outputs.IMAGE_NAME }}
-          IMAGE_TAG: ${{ steps.docker-metadata.outputs.IMAGE_TAG }}
-          CONFIG_FILE: .build/config/${{ steps.git-metadata.outputs.TARGET_ENV }}.yaml
-          HOST: ${{ github.event.base_ref == 'refs/heads/release' && secrets.HOST_STG || secrets.HOST_PROD }}
-        run: |
-          docker build \
-            --build-arg BUILD_LDFLAGS="-w -s" \
-            --build-arg CONFIG_FILE_PATH=$CONFIG_FILE \
-            --build-arg SWAGGER_HOST=$HOST \
-            -t $IMAGE_NAME:$IMAGE_TAG \
-            -t $IMAGE_NAME:latest \
-            .
-
-          docker tag $IMAGE_NAME:$IMAGE_TAG $IMAGE_NAME:latest
-
-          docker push $IMAGE_NAME:$IMAGE_TAG
-          docker push $IMAGE_NAME:latest
-
-          echo "Pushed image $IMAGE_NAME:$IMAGE_TAG and :latest"
-
   tag:
     name: Tag Commit
     runs-on: ubuntu-22.04
@@ -195,3 +122,87 @@ jobs:
           git tag ${{ steps.get-latest-tag.outputs.NEW_TAG }}
           git push origin ${{ steps.get-latest-tag.outputs.NEW_TAG }}
           echo "Successfully pushed tag: ${{ steps.get-latest-tag.outputs.NEW_TAG }}"
+
+  push:
+    name: Push Docker Images
+    runs-on: ubuntu-22.04
+    needs:
+      lint
+      tag
+    if: ${{ gitea.ref == 'refs/heads/master' || gitea.ref == 'refs/heads/release' }}
+
+    strategy:
+      matrix:
+        project:
+          - api_gateway
+
+    steps:
+      - name: Checkout репозитория
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Extract Git metadata
+        id: git-metadata
+        env:
+          REPO: ${{ github.repository }}
+        run: |
+          git fetch --tags --force
+          GIT_SHA=$(git rev-parse --short HEAD)
+          GIT_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "none")
+
+          TARGET_ENV=${{ github.ref == 'refs/heads/release' && 'staging' || 'production' }}
+
+          echo "GIT_SHA=${GIT_SHA}" >> $GITHUB_OUTPUT
+          echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_OUTPUT
+          echo "TARGET_ENV=${TARGET_ENV}" >> $GITHUB_OUTPUT
+          echo "REPO_NAME=$(echo $REPO | cut -d'/' -f2)" >> $GITHUB_OUTPUT
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract image metadata
+        id: docker-metadata
+        needs: git-metadata
+        env:
+          REGISTRY: hub.docker.com
+          REPO_NAME: ${{ steps.git-metadata.outputs.REPO_NAME }}
+          TARGET_ENV: ${{ steps.git-metadata.outputs.TARGET_ENV }}
+          GIT_TAG: ${{ steps.git-metadata.outputs.GIT_TAG }}
+          GIT_SHA: ${{ steps.git-metadata.outputs.GIT_SHA }}
+        run: |
+          if [ "$GIT_TAG" != "none" ]; then
+            IMAGE_TAG="${TARGET_ENV}-${GIT_TAG}"
+          else
+            IMAGE_TAG="${TARGET_ENV}-${GIT_SHA}"
+          fi
+
+          echo "IMAGE_NAME=molvaapp/${{ steps.git-metadata.outputs.REPO_NAME }}" >> $GITHUB_OUTPUT
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_OUTPUT
+
+      - name: Build and Push Docker Image
+        needs: docker-metadata
+        env:
+          IMAGE_NAME: ${{ steps.docker-metadata.outputs.IMAGE_NAME }}
+          IMAGE_TAG: ${{ steps.docker-metadata.outputs.IMAGE_TAG }}
+          CONFIG_FILE: .build/config/${{ steps.git-metadata.outputs.TARGET_ENV }}.yaml
+          HOST: ${{ github.event.base_ref == 'refs/heads/release' && secrets.HOST_STG || secrets.HOST_PROD }}
+        run: |
+          docker build \
+            --build-arg BUILD_LDFLAGS="-w -s" \
+            --build-arg CONFIG_FILE_PATH=$CONFIG_FILE \
+            --build-arg SWAGGER_HOST=$HOST \
+            -t $IMAGE_NAME:$IMAGE_TAG \
+            -t $IMAGE_NAME:latest \
+            .
+
+          docker tag $IMAGE_NAME:$IMAGE_TAG $IMAGE_NAME:latest
+
+          docker push $IMAGE_NAME:$IMAGE_TAG
+          docker push $IMAGE_NAME:latest
+
+          echo "Pushed image $IMAGE_NAME:$IMAGE_TAG and :latest"

.gitea/workflows/deploy_prod.yaml

@@ -1,25 +0,0 @@
-name: Deploy Production
-
-on:
-  push:
-    branches: [master, release]
-  pull_request:
-    branches: [master, release]
-
-jobs:
-  deploy_to_staging:
-    name: Deploy to Staging
-    runs-on: ubuntu-22.04
-    if: ${{ gitea.ref == 'refs/heads/release' }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Manual Approval Step
-        run: echo "Ручное подтверждение получено. Запуск деплоя..."
-
-      - name: Deployment Script (Заглушка)
-        run: |
-          echo "Здесь будет скрипт деплоя на staging"
-          # TODO: Реальный скрипт деплоя
-          echo "Симуляция деплоя..."

Dockerfile

@@ -28,8 +28,8 @@ ARG CONFIG_FILE_PATH
 
 RUN apk add --no-cache ca-certificates tzdata
 
-COPY --from=certs /YandexInternalRootCA.crt /root/.redis/YandexInternalRootCA.crt
-COPY --from=certs /YandexInternalRootCA.crt /root/.postgres/YandexInternalRootCA.crt
+COPY --from=certs /YandexInternalRootCA.crt /etc/.redis/YandexInternalRootCA.crt
+COPY --from=certs /YandexInternalRootCA.crt /etc/.postgres/YandexInternalRootCA.crt
 COPY ${CONFIG_FILE_PATH} /config.yaml
 
 COPY --from=builder /app/main /main