From c9b4bf7ceb35dd0b9bf5f8a0448735e2e1e56997 Mon Sep 17 00:00:00 2001 From: Stephan D Date: Fri, 14 Nov 2025 12:44:51 +0100 Subject: [PATCH] + version bump --- .vscode/settings.json | 6 +- .woodpecker/bff.yml | 17 ++--- .woodpecker/billing_fees.yml | 15 +++-- .woodpecker/bump_version.yml | 29 +++++++++ .woodpecker/chain_gateway.yml | 21 ++++--- .woodpecker/db.yml | 4 ++ .woodpecker/{fx.yml => fx_ingestor.yml} | 28 ++++----- .woodpecker/fx_oracle.yml | 80 ++++++++++++++++++++++++ .woodpecker/ledger.yml | 15 +++-- .woodpecker/nats.yml | 4 ++ .woodpecker/notification.yml | 19 +++--- .woodpecker/payments_orchestrator.yml | 15 +++-- ci/scripts/common/bump_version.sh | 42 +++++++++++++ infra/mail/docker-compose.yml | 83 +++++++++++++++++++++++++ 14 files changed, 319 insertions(+), 59 deletions(-) create mode 100644 .woodpecker/bump_version.yml rename .woodpecker/{fx.yml => fx_ingestor.yml} (83%) create mode 100644 .woodpecker/fx_oracle.yml create mode 100755 ci/scripts/common/bump_version.sh create mode 100644 infra/mail/docker-compose.yml diff --git a/.vscode/settings.json b/.vscode/settings.json index bae9443..56d4e72 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,9 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/woodpecker-ci/woodpecker/main/pipeline/frontend/yaml/linter/schema/schema.json": "file:///Users/stephan/Documents/Projects/sendico/.woodpecker/chain_gateway.yml" + "https://raw.githubusercontent.com/woodpecker-ci/woodpecker/main/pipeline/frontend/yaml/linter/schema/schema.json": [ + ".woodpecker/*.yml", + ".woodpecker.yml", + "woodpecker.yml" + ] } } \ No newline at end of file diff --git a/.woodpecker/bff.yml b/.woodpecker/bff.yml index 19dbb7a..8038194 100644 --- a/.woodpecker/bff.yml +++ b/.woodpecker/bff.yml @@ -1,10 +1,13 @@ -matrix: - include: - - BFF_IMAGE_PATH: bff/service - BFF_DOCKERFILE: ci/prod/compose/bff.dockerfile - BFF_MONGO_SECRET_PATH: sendico/db - BFF_API_SECRET_PATH: sendico/api/endpoint - BFF_ENV: prod +kind: pipeline +type: docker +name: bff + +environment: + BFF_IMAGE_PATH: bff/service + BFF_DOCKERFILE: ci/prod/compose/bff.dockerfile + BFF_MONGO_SECRET_PATH: sendico/db + BFF_API_SECRET_PATH: sendico/api/endpoint + BFF_ENV: prod when: - event: push diff --git a/.woodpecker/billing_fees.yml b/.woodpecker/billing_fees.yml index 8ae4f8e..db368a4 100644 --- a/.woodpecker/billing_fees.yml +++ b/.woodpecker/billing_fees.yml @@ -1,9 +1,12 @@ -matrix: - include: - - FEES_IMAGE_PATH: billing/fees - FEES_DOCKERFILE: ci/prod/compose/billing_fees.dockerfile - FEES_MONGO_SECRET_PATH: sendico/db - FEES_ENV: prod +kind: pipeline +type: docker +name: billing_fees + +environment: + FEES_IMAGE_PATH: billing/fees + FEES_DOCKERFILE: ci/prod/compose/billing_fees.dockerfile + FEES_MONGO_SECRET_PATH: sendico/db + FEES_ENV: prod when: - event: push diff --git a/.woodpecker/bump_version.yml b/.woodpecker/bump_version.yml new file mode 100644 index 0000000..ecb585a --- /dev/null +++ b/.woodpecker/bump_version.yml @@ -0,0 +1,29 @@ +kind: pipeline +type: docker +name: bump_version +depends_on: + - bff + - billing_fees + - chain_gateway + - db + - fx_ingestor + - fx_oracle + - ledger + - nats + - notification + - payments_orchestrator + +when: + - event: push + branch: main + +steps: + - name: bump-version + image: alpine:latest + environment: + GIT_AUTHOR_NAME: woodpecker + GIT_AUTHOR_EMAIL: ci@sendico.io + commands: + - set -euo pipefail + - apk add --no-cache git + - sh ci/scripts/common/bump_version.sh diff --git a/.woodpecker/chain_gateway.yml b/.woodpecker/chain_gateway.yml index 447c455..d51e6ea 100644 --- a/.woodpecker/chain_gateway.yml +++ b/.woodpecker/chain_gateway.yml @@ -1,12 +1,15 @@ -matrix: - include: - - CHAIN_GATEWAY_IMAGE_PATH: chain/gateway - CHAIN_GATEWAY_DOCKERFILE: ci/prod/compose/chain_gateway.dockerfile - CHAIN_GATEWAY_MONGO_SECRET_PATH: sendico/db - CHAIN_GATEWAY_RPC_SECRET_PATH: sendico/chain/gateway - CHAIN_GATEWAY_WALLET_SECRET_PATH: sendico/chain/gateway/wallet - CHAIN_GATEWAY_VAULT_SECRET_PATH: sendico/chain/gateway/vault - CHAIN_GATEWAY_ENV: prod +kind: pipeline +type: docker +name: chain_gateway + +environment: + CHAIN_GATEWAY_IMAGE_PATH: chain/gateway + CHAIN_GATEWAY_DOCKERFILE: ci/prod/compose/chain_gateway.dockerfile + CHAIN_GATEWAY_MONGO_SECRET_PATH: sendico/db + CHAIN_GATEWAY_RPC_SECRET_PATH: sendico/chain/gateway + CHAIN_GATEWAY_WALLET_SECRET_PATH: sendico/chain/gateway/wallet + CHAIN_GATEWAY_VAULT_SECRET_PATH: sendico/chain/gateway/vault + CHAIN_GATEWAY_ENV: prod when: - event: push diff --git a/.woodpecker/db.yml b/.woodpecker/db.yml index 7792525..6ac95fb 100644 --- a/.woodpecker/db.yml +++ b/.woodpecker/db.yml @@ -1,3 +1,7 @@ +kind: pipeline +type: docker +name: db + when: - event: push branch: main diff --git a/.woodpecker/fx.yml b/.woodpecker/fx_ingestor.yml similarity index 83% rename from .woodpecker/fx.yml rename to .woodpecker/fx_ingestor.yml index 79935c0..da55b01 100644 --- a/.woodpecker/fx.yml +++ b/.woodpecker/fx_ingestor.yml @@ -1,19 +1,15 @@ -matrix: - include: - - FX_PIPELINE: fx_ingestor - FX_IMAGE_PATH: fx/ingestor - FX_DOCKERFILE: ci/prod/compose/fx_ingestor.dockerfile - FX_DEPLOY_TARGET: ingestor - FX_MONGO_SECRET_PATH: sendico/db - FX_NEEDS_NATS: "false" - FX_ENV: prod - - FX_PIPELINE: fx_oracle - FX_IMAGE_PATH: fx/oracle - FX_DOCKERFILE: ci/prod/compose/fx_oracle.dockerfile - FX_DEPLOY_TARGET: oracle - FX_MONGO_SECRET_PATH: sendico/db - FX_NEEDS_NATS: "true" - FX_ENV: prod +kind: pipeline +type: docker +name: fx_ingestor + +environment: + FX_PIPELINE: fx_ingestor + FX_IMAGE_PATH: fx/ingestor + FX_DOCKERFILE: ci/prod/compose/fx_ingestor.dockerfile + FX_DEPLOY_TARGET: ingestor + FX_MONGO_SECRET_PATH: sendico/db + FX_NEEDS_NATS: "false" + FX_ENV: prod when: - event: push diff --git a/.woodpecker/fx_oracle.yml b/.woodpecker/fx_oracle.yml new file mode 100644 index 0000000..3bcb8a3 --- /dev/null +++ b/.woodpecker/fx_oracle.yml @@ -0,0 +1,80 @@ +kind: pipeline +type: docker +name: fx_oracle + +environment: + FX_PIPELINE: fx_oracle + FX_IMAGE_PATH: fx/oracle + FX_DOCKERFILE: ci/prod/compose/fx_oracle.dockerfile + FX_DEPLOY_TARGET: oracle + FX_MONGO_SECRET_PATH: sendico/db + FX_NEEDS_NATS: "true" + FX_ENV: prod + +when: + - event: push + branch: main + +steps: + - name: version + image: alpine:latest + commands: + - set -euo pipefail 2>/dev/null || set -eu + - apk add --no-cache git + - GIT_REV="$(git rev-parse --short HEAD)" + - BUILD_BRANCH="$(git rev-parse --abbrev-ref HEAD)" + - APP_V="$(cat version)" + - BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)" + - BUILD_USER="${WOODPECKER_MACHINE:-woodpecker}" + - printf "GIT_REV=%s\nBUILD_BRANCH=%s\nAPP_V=%s\nBUILD_DATE=%s\nBUILD_USER=%s\n" \ + "$GIT_REV" "$BUILD_BRANCH" "$APP_V" "$BUILD_DATE" "$BUILD_USER" | tee .env.version + + - name: proto + image: golang:alpine + depends_on: [ version ] + commands: + - set -eu + # protoc + headers; protobuf runtime pkg is not needed for codegen + - apk add --no-cache bash git build-base protoc protobuf-dev + - go install google.golang.org/protobuf/cmd/protoc-gen-go@latest + - go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest + - export PATH="$(go env GOPATH)/bin:$PATH" + - bash ci/scripts/proto/generate.sh + + - name: secrets + image: alpine:latest + depends_on: [ version ] + environment: + VAULT_ADDR: { from_secret: VAULT_ADDR } + VAULT_ROLE_ID: { from_secret: VAULT_APP_ROLE } + VAULT_SECRET_ID: { from_secret: VAULT_SECRET_ID } + commands: + - set -euo pipefail + - apk add --no-cache bash coreutils openssh-keygen curl sed python3 + - mkdir -p secrets + - ./ci/vlt kv_to_file kv ops/deploy/ssh_key private_b64 secrets/SSH_KEY.b64 600 + - base64 -d secrets/SSH_KEY.b64 > secrets/SSH_KEY + - chmod 600 secrets/SSH_KEY + - ssh-keygen -y -f secrets/SSH_KEY >/dev/null + - ./ci/vlt kv_get kv registry user > secrets/REGISTRY_USER + - ./ci/vlt kv_get kv registry password > secrets/REGISTRY_PASSWORD + + - name: build-image + image: gcr.io/kaniko-project/executor:debug + depends_on: [ proto, secrets ] + commands: + - sh ci/scripts/fx/build-image.sh + + - name: deploy + image: alpine:latest + depends_on: [ secrets, build-image ] + environment: + VAULT_ADDR: { from_secret: VAULT_ADDR } + VAULT_ROLE_ID: { from_secret: VAULT_APP_ROLE } + VAULT_SECRET_ID: { from_secret: VAULT_SECRET_ID } + commands: + - set -euo pipefail + - apk add --no-cache bash openssh-client rsync coreutils curl sed python3 + - mkdir -p /root/.ssh + - install -m 600 secrets/SSH_KEY /root/.ssh/id_rsa + - sh ci/scripts/fx/deploy.sh diff --git a/.woodpecker/ledger.yml b/.woodpecker/ledger.yml index 486a652..14fda34 100644 --- a/.woodpecker/ledger.yml +++ b/.woodpecker/ledger.yml @@ -1,9 +1,12 @@ -matrix: - include: - - LEDGER_IMAGE_PATH: ledger/service - LEDGER_DOCKERFILE: ci/prod/compose/ledger.dockerfile - LEDGER_MONGO_SECRET_PATH: sendico/db - LEDGER_ENV: prod +kind: pipeline +type: docker +name: ledger + +environment: + LEDGER_IMAGE_PATH: ledger/service + LEDGER_DOCKERFILE: ci/prod/compose/ledger.dockerfile + LEDGER_MONGO_SECRET_PATH: sendico/db + LEDGER_ENV: prod when: - event: push diff --git a/.woodpecker/nats.yml b/.woodpecker/nats.yml index 692df8b..d775bb8 100644 --- a/.woodpecker/nats.yml +++ b/.woodpecker/nats.yml @@ -1,3 +1,7 @@ +kind: pipeline +type: docker +name: nats + when: - event: push branch: main diff --git a/.woodpecker/notification.yml b/.woodpecker/notification.yml index db4133c..c5c059c 100644 --- a/.woodpecker/notification.yml +++ b/.woodpecker/notification.yml @@ -1,11 +1,14 @@ -matrix: - include: - - NOTIFICATION_IMAGE_PATH: notification/service - NOTIFICATION_DOCKERFILE: ci/prod/compose/notification.dockerfile - NOTIFICATION_MONGO_SECRET_PATH: sendico/db - NOTIFICATION_MAIL_SECRET_PATH: sendico/notification/mail - NOTIFICATION_API_SECRET_PATH: sendico/api/endpoint - NOTIFICATION_ENV: prod +kind: pipeline +type: docker +name: notification + +environment: + NOTIFICATION_IMAGE_PATH: notification/service + NOTIFICATION_DOCKERFILE: ci/prod/compose/notification.dockerfile + NOTIFICATION_MONGO_SECRET_PATH: sendico/db + NOTIFICATION_MAIL_SECRET_PATH: sendico/notification/mail + NOTIFICATION_API_SECRET_PATH: sendico/api/endpoint + NOTIFICATION_ENV: prod when: - event: push diff --git a/.woodpecker/payments_orchestrator.yml b/.woodpecker/payments_orchestrator.yml index 58697c3..132a140 100644 --- a/.woodpecker/payments_orchestrator.yml +++ b/.woodpecker/payments_orchestrator.yml @@ -1,9 +1,12 @@ -matrix: - include: - - PAYMENTS_IMAGE_PATH: payments/orchestrator - PAYMENTS_DOCKERFILE: ci/prod/compose/payments_orchestrator.dockerfile - PAYMENTS_MONGO_SECRET_PATH: sendico/db - PAYMENTS_ENV: prod +kind: pipeline +type: docker +name: payments_orchestrator + +environment: + PAYMENTS_IMAGE_PATH: payments/orchestrator + PAYMENTS_DOCKERFILE: ci/prod/compose/payments_orchestrator.dockerfile + PAYMENTS_MONGO_SECRET_PATH: sendico/db + PAYMENTS_ENV: prod when: - event: push diff --git a/ci/scripts/common/bump_version.sh b/ci/scripts/common/bump_version.sh new file mode 100755 index 0000000..b9bb3f5 --- /dev/null +++ b/ci/scripts/common/bump_version.sh @@ -0,0 +1,42 @@ +#!/bin/sh +set -eu + +REPO_ROOT="$(cd "$(dirname "$0")/../.." && pwd)" +cd "${REPO_ROOT}" + +VERSION_FILE="./version" +if [ ! -f "${VERSION_FILE}" ]; then + echo "[bump-version] version file not found: ${VERSION_FILE}" >&2 + exit 1 +fi + +CURRENT_VERSION="$(cat "${VERSION_FILE}")" +NEXT_VERSION="$(printf '%s' "${CURRENT_VERSION}" | awk -F. -v OFS=. ' + NF==1 { print ++$NF; next } + { + $NF=sprintf("%0*d", length($NF), ($NF+1)) + print + }')" + +printf '%s\n' "${NEXT_VERSION}" > "${VERSION_FILE}" +echo "[bump-version] ${CURRENT_VERSION} -> ${NEXT_VERSION}" + +git add "${VERSION_FILE}" +if git diff --cached --quiet; then + echo "[bump-version] no changes staged, skipping commit" + exit 0 +fi + +AUTHOR_NAME="${GIT_AUTHOR_NAME:-woodpecker}" +AUTHOR_EMAIL="${GIT_AUTHOR_EMAIL:-ci@sendico.io}" +git config user.name "${AUTHOR_NAME}" +git config user.email "${AUTHOR_EMAIL}" + +git commit -m "chore(ci): bump version to ${NEXT_VERSION}" + +BRANCH="${WOODPECKER_BRANCH:-}" +if [ -z "${BRANCH}" ] || [ "${BRANCH}" = "HEAD" ]; then + BRANCH="$(git rev-parse --abbrev-ref HEAD)" +fi + +git push origin "HEAD:${BRANCH}" diff --git a/infra/mail/docker-compose.yml b/infra/mail/docker-compose.yml new file mode 100644 index 0000000..79a386c --- /dev/null +++ b/infra/mail/docker-compose.yml @@ -0,0 +1,83 @@ +services: + mail: + image: ghcr.io/docker-mailserver/docker-mailserver:latest + hostname: mail.sendico.io + environment: + - MAIL_DOMAIN=sendico.io + - MAIL_HOSTNAME=mail + - MAIL_FQDN=mail.sendico.io + - SSL_TYPE=letsencrypt + env_file: .env + volumes: + - /srv/infra/compose/mail/data:/var/mail + - /srv/infra/compose/mail/state:/var/mail-state + - /srv/infra/compose/mail/logs:/var/log/mail + - /srv/infra/compose/mail/config:/tmp/docker-mailserver + - traefik_letsencrypt:/etc/letsencrypt:ro # πŸ‘ˆ ΠΎΠ±Ρ‰ΠΈΠ΅ сСртификаты Traefik + ports: + - target: 25 + published: 25 + protocol: tcp + mode: host + - target: 465 + published: 465 + protocol: tcp + mode: host + - target: 587 + published: 587 + protocol: tcp + mode: host + - target: 993 + published: 993 + protocol: tcp + mode: host + cap_add: + - NET_ADMIN + - SYS_PTRACE + deploy: + restart_policy: + condition: on-failure + placement: + constraints: + - node.hostname == infra + stop_grace_period: 1m + networks: + - cicd + + webmail: + image: djmaze/snappymail:latest + depends_on: + - mail + environment: + SNAPPYMAIL_DEFAULT_HOST: mail.sendico.io + SNAPPYMAIL_DEFAULT_PORT: 993 + SNAPPYMAIL_SMTP_SERVER: mail.sendico.io + SNAPPYMAIL_SMTP_PORT: 587 + SNAPPYMAIL_SMTP_SECURE: "STARTTLS" + volumes: + - webmail_data:/var/lib/snappymail + networks: + - cicd + ports: + - "8088:80" + deploy: + restart_policy: + condition: on-failure + placement: + constraints: + - node.hostname == infra + labels: + - "traefik.enable=true" + - "traefik.http.routers.webmail.rule=Host(`webmail.sendico.io`)" + - "traefik.http.routers.webmail.entrypoints=websecure" + - "traefik.http.routers.webmail.tls.certresolver=letsencrypt" + - "traefik.http.services.webmail.loadbalancer.server.port=8888" + +networks: + cicd: + external: true + +volumes: + webmail_data: + traefik_letsencrypt: + external: true \ No newline at end of file