update: deploy/docker-compose-staging.yml

setup/deploy/Dockerfile

@@ -13,7 +13,7 @@ LABEL org.opencontainers.image.description="Django: my_project_name"
 
 
 
-FROM base
+FROM base AS main
 
 RUN apt-get -y update && apt-get -y install libpq5
 

setup/deploy/docker-compose-staging.yml

@@ -0,0 +1,140 @@
+version: "3.8"
+services:
+  postgresql-stag:
+    image: postgres:16.2-alpine3.19
+    restart: unless-stopped
+    environment:
+      TZ: Asia/Riyadh
+      POSTGRES_DB: my_project_name_db_v1
+      POSTGRES_USER: my_project_name_user_v1
+      POSTGRES_PASSWORD_FILE: "/root/postgres_password"
+    secrets:
+      - source: secret_my_project_name_stag_sql_password_v1
+        target: /root/postgres_password
+        uid: "1"
+        gid: "1"
+        mode: 0400
+    volumes:
+      - database_v1:/var/lib/postgresql/data
+    networks:
+      - main-public
+
+  setup-volume:
+    image: alpine:3.18
+    entrypoint:
+      - "/bin/sh"
+      - "-c"
+      - "chown 1000:1000 /home/d_user/web/static /home/d_user/web/media"
+    restart: on-failure
+    depends_on:
+      - postgresql
+    volumes:
+      - "static_v1:/home/d_user/web/static"
+      - "media_v1:/home/d_user/web/media"
+
+  static-app:
+    image: nginx:stable-alpine3.17
+    environment:
+      TZ: Asia/Riyadh
+    deploy:
+      mode: replicated
+      replicas: 2
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.my_project_name-stag-static-app.rule: Host(`my_project_name.static.asimt.sa`)
+        traefik.http.routers.my_project_name-stag-static-app.tls: "true"
+        traefik.http.routers.my_project_name-stag-static-app.tls.certresolver: prodResolver
+        traefik.http.services.my_project_name-stag-static-svc.loadbalancer.server.port: 80
+      resources:
+        reservations:
+          memory: 128M
+        limits:
+          memory: 2048M
+    volumes:
+      - "static_v1:/usr/share/nginx/html/static:ro"
+      - "media_v1:/usr/share/nginx/html/media:ro"
+      - "nginx_static_conf:/etc/nginx/conf.d:ro"
+    networks:
+      - main-public
+
+  app-migrate:
+    image: ghcr.io/asim3/my_project_name:${PROJECT_IMAGE_TAG}
+    entrypoint:
+      - "/bin/sh"
+      - "-c"
+      - "python manage.py migrate && python manage.py collectstatic --no-input"
+    restart: on-failure
+    depends_on:
+      - postgresql
+      - setup-volume
+    environment:
+      TZ: Asia/Riyadh
+      DJANGO_SETTINGS_MODULE: "my_project_name.settings.docker_staging"
+    secrets:
+      - source: secret_my_project_name_stag_env_v1
+        target: /home/d_user/web/.env
+        uid: "1000"
+        gid: "1000"
+        mode: 0400
+    volumes:
+      - "static_v1:/home/d_user/web/static"
+      - "media_v1:/home/d_user/web/media"
+    networks:
+      - main-public
+
+  app:
+    image: ghcr.io/asim3/my_project_name:${PROJECT_IMAGE_TAG}
+    environment:
+      TZ: Asia/Riyadh
+      DJANGO_SETTINGS_MODULE: "my_project_name.settings.docker_staging"
+    secrets:
+      - source: secret_my_project_name_stag_env_v1
+        target: /home/d_user/web/.env
+        uid: "1000"
+        gid: "1000"
+        mode: 0400
+
+    depends_on:
+      - app-migrate
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.my_project_name-stag-app.rule: Host(`my_project_name.asimt.sa`)
+        traefik.http.routers.my_project_name-stag-app.tls: "true"
+        traefik.http.routers.my_project_name-stag-app.tls.certresolver: prodResolver
+        traefik.http.services.my_project_name-stag-svc.loadbalancer.server.port: 8000
+        # https://doc.traefik.io/traefik/routing/providers/docker/
+      resources:
+        reservations:
+          memory: 128M
+        limits:
+          memory: 2048M
+      placement:
+        constraints:
+          - node.role == manager
+    volumes:
+      - "static_v1:/home/d_user/web/static"
+      - "media_v1:/home/d_user/web/media"
+    networks:
+      - main-public
+
+
+# docker secret create secret_my_project_name_stag_env_v1 /home/asim/secrets/my_project_name_stag_env
+secrets:
+  secret_my_project_name_stag_env_v1:
+    external: true
+  secret_my_project_name_stag_sql_password_v1:
+    external: true
+
+volumes:
+  database_v1:
+  static_v1:
+  media_v1:
+  nginx_static_conf:
+    external: true
+
+networks:
+  main-public:
+    external: true

setup/deploy/docker-compose.yml

@@ -1,27 +1,111 @@
 version: "3.8"
 services:
+  postgresql-prod:
+    image: postgres:16.2-alpine3.19
+    restart: unless-stopped
+    environment:
+      TZ: Asia/Riyadh
+      POSTGRES_DB: my_project_name_db_v1
+      POSTGRES_USER: my_project_name_user_v1
+      POSTGRES_PASSWORD_FILE: "/root/postgres_password"
+    secrets:
+      - source: secret_my_project_name_prod_sql_password_v1
+        target: /root/postgres_password
+        uid: "1"
+        gid: "1"
+        mode: 0400
+    volumes:
+      - database_v1:/var/lib/postgresql/data
+    networks:
+      - main-public
+
+  setup-volume:
+    image: alpine:3.18
+    entrypoint:
+      - "/bin/sh"
+      - "-c"
+      - "chown 1000:1000 /home/d_user/web/static /home/d_user/web/media"
+    restart: on-failure
+    depends_on:
+      - postgresql
+    volumes:
+      - "static_v1:/home/d_user/web/static"
+      - "media_v1:/home/d_user/web/media"
+
+  static-app:
+    image: nginx:stable-alpine3.17
+    environment:
+      TZ: Asia/Riyadh
+    deploy:
+      mode: replicated
+      replicas: 2
+      labels:
+        traefik.enable: "true"
+        traefik.http.routers.my_project_name-prod-static-app.rule: Host(`static.my_project_name.sa`)
+        traefik.http.routers.my_project_name-prod-static-app.tls: "true"
+        traefik.http.routers.my_project_name-prod-static-app.tls.certresolver: prodResolver
+        traefik.http.services.my_project_name-prod-static-svc.loadbalancer.server.port: 80
+      resources:
+        reservations:
+          memory: 128M
+        limits:
+          memory: 2048M
+    volumes:
+      - "static_v1:/usr/share/nginx/html/static:ro"
+      - "media_v1:/usr/share/nginx/html/media:ro"
+      - "nginx_static_conf:/etc/nginx/conf.d:ro"
+    networks:
+      - main-public
+
+  app-migrate:
+    image: ghcr.io/asim3/my_project_name:${PROJECT_IMAGE_TAG}
+    entrypoint:
+      - "/bin/sh"
+      - "-c"
+      - "python manage.py migrate && python manage.py collectstatic --no-input"
+    restart: on-failure
+    depends_on:
+      - postgresql
+      - setup-volume
+    environment:
+      TZ: Asia/Riyadh
+      DJANGO_SETTINGS_MODULE: "my_project_name.settings.docker_production"
+    secrets:
+      - source: secret_my_project_name_prod_env_v1
+        target: /home/d_user/web/.env
+        uid: "1000"
+        gid: "1000"
+        mode: 0400
+    volumes:
+      - "static_v1:/home/d_user/web/static"
+      - "media_v1:/home/d_user/web/media"
+    networks:
+      - main-public
+
   app:
     image: ghcr.io/asim3/my_project_name:${PROJECT_IMAGE_TAG}
-    user: "1000:1000"
     environment:
       TZ: Asia/Riyadh
-      MY___11111111111111: "22222222222222222222222222222222"
-      MY___22222222222222: my Env
+      DJANGO_SETTINGS_MODULE: "my_project_name.settings.docker_production"
     secrets:
-      - source: secret_swarmcd_key
-        target: /home/swarmcd/.ssh/id_ecdsa
+      - source: secret_my_project_name_prod_env_v1
+        target: /home/d_user/web/.env
         uid: "1000"
         gid: "1000"
         mode: 0400
 
+    depends_on:
+      - app-migrate
     deploy:
       mode: replicated
-      replicas: 2
+      replicas: 1
       labels:
-        - traefik.enable=true
-        - traefik.http.routers.my_project_name-app.rule=Host(`my_project_name.staging.asimt.sa`)
-        - traefik.http.routers.my_project_name-app.tls=true
-        - traefik.http.services.my_project_name-svc.loadbalancer.server.port=443
+        traefik.enable: "true"
+        traefik.http.routers.my_project_name-prod-app.rule: Host(`my_project_name.sa`)
+        traefik.http.routers.my_project_name-prod-app.tls: "true"
+        traefik.http.routers.my_project_name-prod-app.tls.certresolver: prodResolver
+        traefik.http.services.my_project_name-prod-svc.loadbalancer.server.port: 8000
+        # https://doc.traefik.io/traefik/routing/providers/docker/
       resources:
         reservations:
           memory: 128M
@@ -30,22 +114,27 @@ services:
       placement:
         constraints:
           - node.role == manager
-
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-
+      - "static_v1:/home/d_user/web/static"
+      - "media_v1:/home/d_user/web/media"
     networks:
       - main-public
 
-    ports:
-      - "8000:80"
 
-
-networks:
-  main-public:
+# docker secret create secret_my_project_name_prod_env_v1 /home/asim/secrets/my_project_name_prod_env
+secrets:
+  secret_my_project_name_prod_env_v1:
+    external: true
+  secret_my_project_name_prod_sql_password_v1:
     external: true
 
+volumes:
+  database_v1:
+  static_v1:
+  media_v1:
+  nginx_static_conf:
+    external: true
 
-secrets:
-  secret_swarmcd_key:
+networks:
+  main-public:
     external: true

setup/set-new-django-project.bash

@@ -28,8 +28,10 @@ update-project-name() {
 	sed -i -e "s/my_project_name/${name}/g" ./README.md
 	sed -i -e "s/my_project_name/${name}/g" ./setup/Dockerfile
 	sed -i -e "s/my_project_name/${name}/g" ./setup/docker-compose.yml
-	sed -i -e "s/my_project_name/${name}/g" ./setup/workflows/staging-ci.yml
-	sed -i -e "s/my_project_name/${name}/g" ./setup/workflows/staging-cd.yml
+	sed -i -e "s/my_project_name/${name}/g" ./setup/workflows/prod-ci-cd.yml
+	sed -i -e "s/my_project_name/${name}/g" ./setup/workflows/stag-ci-cd.yml
+	sed -i -e "s/my_project_name/${name}/g" ./setup/workflows/testing.yml
+	sed -i -e "s/my_project_name/${name}/g" ./setup/deploy/docker-compose-staging.yml
 	sed -i -e "s/my_project_name/${name}/g" ./setup/deploy/docker-compose.yml
 	sed -i -e "s/my_project_name/${name}/g" ./setup/deploy/Dockerfile
 }