From 511ec1c55c2a053834046dbc945693145b5cffbe Mon Sep 17 00:00:00 2001
From: MoonTestUse1 <crocoman7887@gmail.com>
Date: Tue, 7 Jan 2025 07:25:16 +0600
Subject: [PATCH] Fix project test gitlab and deployment

---
 .gitlab-ci.yml  | 108 ++++++++++++++++++++++++++++++++++++------------
 backend.service |  15 +++++++
 nginx.conf      |  48 +++++++++++++++++++++
 3 files changed, 145 insertions(+), 26 deletions(-)
 create mode 100644 backend.service
 create mode 100644 nginx.conf

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3017fde..0dde889 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,45 +1,101 @@
 image: python:3.11
 
-variables:
-  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.pip-cache"
-  PYTHONPATH: "$CI_PROJECT_DIR/backend"
-
-cache:
-  paths:
-    - .pip-cache/
-    - venv/
-    - frontend/node_modules/
-
 stages:
   - test
+  - build
+  - deploy
+
+variables:
+  SECRET_KEY: "your-super-secret-key-123"
 
 test-backend:
+  image: python:3.11
   stage: test
   before_script:
     - python -V
-    - python -m venv venv
-    - source venv/bin/activate
-    - cd backend
-    - pip install -r requirements.txt
+    - python -m pip install --upgrade pip
+    - pip install pytest pytest-cov
+    - pip install -r backend/requirements.txt
   script:
+    - cd backend
     - python -m pytest -v tests/test_health.py
-  rules:
-    - if: $CI_COMMIT_BRANCH
-      exists:
-        - backend/**/*
+  only:
+    - main
+    - Testing
 
 test-frontend:
-  stage: test
   image: node:18
-  cache:
-    paths:
-      - frontend/node_modules/
+  stage: test
   before_script:
     - cd frontend
     - npm install
   script:
     - npm run test
-  rules:
-    - if: $CI_COMMIT_BRANCH
-      exists:
-        - frontend/**/* 
\ No newline at end of file
+  only:
+    - main
+    - Testing
+
+build-backend:
+  stage: build
+  image: docker:latest
+  variables:
+    DOCKER_TLS_CERTDIR: ""
+  services:
+    - name: docker:dind
+      alias: docker
+      command: ["--tls=false"]
+  before_script:
+    - docker info
+  script:
+    - cd backend
+    - docker build -t backend:latest .
+    - docker save backend:latest > backend.tar
+  artifacts:
+    paths:
+      - backend/backend.tar
+    expire_in: 1 hour
+  only:
+    - main
+
+build-frontend:
+  stage: build
+  image: docker:latest
+  variables:
+    DOCKER_TLS_CERTDIR: ""
+  services:
+    - name: docker:dind
+      alias: docker
+      command: ["--tls=false"]
+  before_script:
+    - docker info
+  script:
+    - cd frontend
+    - docker build -t frontend:latest .
+    - docker save frontend:latest > frontend.tar
+  artifacts:
+    paths:
+      - frontend/frontend.tar
+    expire_in: 1 hour
+  only:
+    - main
+
+deploy:
+  stage: deploy
+  image: python:3.11
+  script:
+    - apt-get update -qy
+    - apt-get install -y sshpass
+    - sshpass -p "$SSH_PASSWORD" scp -o StrictHostKeyChecking=no backend/backend.tar frontend/frontend.tar docker-compose.yml root@185.139.70.62:/root/app/
+    - |
+      sshpass -p "$SSH_PASSWORD" ssh -o StrictHostKeyChecking=no root@185.139.70.62 "bash -c '
+        cd /root/app && 
+        docker load < backend.tar &&
+        docker load < frontend.tar &&
+        export SECRET_KEY=\"your-super-secret-key-123\" && 
+        /usr/bin/docker compose down && 
+        /usr/bin/docker compose up -d
+      '"
+  only:
+    - main
+  environment:
+    name: production 
\ No newline at end of file
diff --git a/backend.service b/backend.service
new file mode 100644
index 0000000..0eb6d1f
--- /dev/null
+++ b/backend.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Employee Request System Backend
+After=network.target
+
+[Service]
+User=www-data
+Group=www-data
+WorkingDirectory=/var/www/app/backend
+Environment="PATH=/var/www/app/backend/venv/bin"
+Environment="PYTHONPATH=/var/www/app/backend"
+ExecStart=/var/www/app/backend/venv/bin/gunicorn -w 4 -k uvicorn.workers.UvicornWorker app.main:app -b 127.0.0.1:8000
+Restart=always
+
+[Install]
+WantedBy=multi-user.target 
\ No newline at end of file
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..6316c43
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,48 @@
+server {
+    listen 80;
+    server_name your-domain.com;  # Замените на ваш домен
+    
+    # Редирект на HTTPS
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name your-domain.com;  # Замените на ваш домен
+
+    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
+
+    # Frontend
+    location / {
+        root /var/www/app/frontend;
+        try_files $uri $uri/ /index.html;
+        expires 30d;
+        add_header Cache-Control "public, no-transform";
+    }
+
+    # Backend API
+    location /api {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    # Gzip compression
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+} 
\ No newline at end of file