changed app to use json config for pipeline steps

readme command line usage - to specify pipeline file name readme updated to include reasoning behind the project use native golang sqlite RunScriptCommand named in functionMap removed unused functions removed unused functions run script and pipeline example renamed functions to drop the word script and add pipeline verb
2025-07-09 13:19:43 +01:00 · 2025-07-09 13:19:43 +01:00 · 924954d0ff
commit 924954d0ff
parent bd7cee720a
49 changed files with 2059 additions and 101 deletions
--- a/k8s-manifests/ctl-ingress/ingress.yaml
+++ b/k8s-manifests/ctl-ingress/ingress.yaml
@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tls-infctl-ingress-http
+  namespace: infctl
+  annotations:
+    cert-manager.io/issuer: "le-cluster-issuer-http"
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  tls:
+    - hosts:
+        - ctl.headshed.dev
+      secretName: tls-infctl-ingress-http
+  rules:
+    - host: ctl.headshed.dev
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: infctl-service
+                port:
+                  name: web
--- a/k8s-manifests/ctl-ingress/issuer.yaml
+++ b/k8s-manifests/ctl-ingress/issuer.yaml
@ -0,0 +1,22 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: le-cluster-issuer-http
+  namespace: infctl
+spec:
+  acme:
+    email: marshyon@gmail.com
+    # We use the staging server here for testing to avoid hitting
+    #  server: https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: http-issuer-account-key
+    # solvers:
+    #   - http01:
+    #     # The ingressClass used to create the necessary ingress routes
+    #     ingress:
+    #       class: traefik
+    solvers:
+      - http01:
+          ingress:
+            class: traefik
--- a/k8s-manifests/ctl-ingress/kustomization.yaml
+++ b/k8s-manifests/ctl-ingress/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - issuer.yaml
+  - service.yaml
+  - ingress.yaml  
--- a/k8s-manifests/ctl-ingress/service.yaml
+++ b/k8s-manifests/ctl-ingress/service.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: infctl-service
+  namespace: infctl
+spec:
+  selector:
+    app: nginx-sl
+  ports:
+    - name: web
+      protocol: TCP
+      port: 80
+      targetPort: 80
--- a/k8s-manifests/ctl/deployment.yaml
+++ b/k8s-manifests/ctl/deployment.yaml
@ -0,0 +1,298 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: infctl-deployment
+  namespace: infctl
+  labels:
+    app: nginx-sl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-sl
+  template:
+    metadata:
+      labels:
+        app: nginx-sl
+    spec:
+
+      imagePullSecrets:
+      - name: registry-credentials
+
+
+      initContainers:
+      - name: init-data-s3
+        image: amazon/aws-cli:latest
+        imagePullPolicy: IfNotPresent
+        # command: ["/bin/bash", "-c", "trap : TERM INT; sleep infinity & wait"]  
+        # command: ["/bin/bash", "-c", "/scripts/init-data.sh && echo 'Script completed, sleeping for debugging' && sleep 3600"]
+        command: ["/bin/bash", "/scripts/init-data.sh"]
+      
+        volumeMounts:
+        - name: init-script
+          mountPath: /scripts
+        - name: infctl-public-data
+          mountPath: /var/www/public
+        - name: infctl-storage-data
+          mountPath: /var/www/storage
+        - name: infctl-database-data
+          mountPath: /var/www/database
+
+        env:
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: aws-credentials
+              key: access-key
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: aws-credentials
+              key: secret-key
+        - name: AWS_DEFAULT_REGION
+          value: "eu-west-2"
+      - name: merge-data
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        # command: ["/bin/sh", "-c", "trap : TERM INT; sleep infinity & wait"]  
+        command: ["/bin/sh", "/scripts/merge_data_inf.sh"]
+      
+        volumeMounts:
+        - name: merge-script
+          mountPath: /scripts
+        - name: infctl-public-data
+          mountPath: /var/www/public
+        - name: infctl-storage-data
+          mountPath: /var/www/storage
+        - name: infctl-database-data
+          mountPath: /var/www/database
+
+        env:
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: aws-credentials
+              key: access-key
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: aws-credentials
+              key: secret-key
+        - name: AWS_DEFAULT_REGION
+          value: "eu-west-2"
+
+
+
+
+      containers:
+
+      
+      - name: php-fpm
+        image: $APP_CONTAINER
+        command: ["/bin/sh", "-c"]
+        args:
+          - |
+            cd /var/www
+            php artisan config:clear
+            npm install && npm run build
+            php-fpm
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "100m"
+          limits:
+            memory: "256Mi"
+            cpu: "500m"        
+        env:
+          - name: APP_NAME
+            value: "infctl"
+          - name: APP_ENV
+            value: production
+          - name: APP_KEY
+            valueFrom:
+              secretKeyRef:
+                name: app-key-secret
+                key: app_key
+          - name: APP_DEBUG
+            value: "false"
+          - name: APP_URL
+            value: "https://ctl.headshed.dev/"
+          - name: APP_LOCAL
+            value: "en"
+          - name: APP_FALLBACK_LOCALE
+            value: "en"
+          - name: APP_FAKER_LOCALE
+            value: "en_US"
+          - name: APP_MAINTENANCE_DRIVER
+            value: "file"
+          - name: PHP_CLI_SERVER_WORKERS
+            value: "4"
+          - name: BCRYPT_ROUNDS
+            value: "12"
+          - name: LOG_CHANNEL
+            value: "stack"
+          - name: LOG_STACK
+            value: "single"
+          - name: LOG_DEPRECATIONS_CHANNEL
+            value: ""
+          - name: LOG_LEVEL
+            value: "debug"
+          - name: DB_CONNECTION
+            value: pgsql
+          - name: DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: pg-credentials
+                key: host
+          - name: DB_PORT
+            value: "5432"
+          - name: DB_DATABASE
+            valueFrom:
+              secretKeyRef:
+                name: pg-credentials
+                key: dbname
+          - name: DB_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: pg-credentials
+                key: username
+          - name: DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: pg-credentials
+                key: password
+          - name: SESSION_DRIVER
+            value: "database"
+          - name: SESSION_LIFETIME
+            value: "120"
+          - name: SESSION_ENCRYPT
+            value: "false"
+          - name: SESSION_PATH
+            value: "/"
+          - name: SESSION_DOMAIN
+            value: ""
+          - name: BROADCAST_CONNECTION
+            value: "log"
+          - name: FILESYSTEM_DISK
+            value: "s3"
+          - name: FILAMENT_FILESYSTEM_DISK
+            value: "s3"
+          - name: QUEUE_CONNECTION
+            value: "redis"
+          - name: CACHE_STORE
+            value: "database"
+          - name: MEMCACHED_HOST
+            value: "127.0.0.1"
+          - name: REDIS_CLIENT
+            value: "phpredis"
+          - name: REDIS_HOST
+            value: "redis.redis.svc.cluster.local"
+          - name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: redis-auth
+                key: password
+          - name: REDIS_PORT
+            value: "6379"
+          - name: MAIL_MAILER
+            value: "smtp"
+          - name: MAIL_HOST
+            value: "smtp.fastmail.com"
+          - name: MAIL_PORT
+            value: "465"
+          - name: MAIL_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: smtp-credentials
+                key: user
+          - name: MAIL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: smtp-credentials
+                key: password
+          - name: MAIL_ENCRYPTION
+            value: "ssl"
+          - name: MAIL_FROM_ADDRESS
+            value: "info@headshed.dev"
+          - name: MAIL_FROM_NAME
+            value: "Headshed"
+          - name: AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: aws-credentials
+                key: access-key
+          - name: AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: aws-credentials
+                key: secret-key
+          - name: AWS_DEFAULT_REGION
+            value: "eu-west-2"
+          - name: AWS_BUCKET
+            value: "headsheddev-sharelt-cust-data"
+          - name: AWS_USE_PATH_STYLE_ENDPOINT
+            value: "false"
+          - name: VITE_APP_NAME
+            value: "infctl"
+        tty: true
+        workingDir: /var/www
+        volumeMounts:
+        - name: infctl-public-data
+          mountPath: /var/www/public
+        - name: infctl-storage-data
+          mountPath: /var/www/storage
+        - name: infctl-database-data
+          mountPath: /var/www/database
+        - mountPath: /usr/local/etc/php/conf.d/local.ini
+          name: php-config
+          subPath: local.ini
+
+
+      - name: nginx
+        image: nginx:1.28  
+        imagePullPolicy: IfNotPresent
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "128Mi"
+            cpu: "100m"
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: infctl-public-data
+          mountPath: /var/www/public
+        - name: infctl-storage-data
+          mountPath: /var/www/storage
+        - name: infctl-database-data
+          mountPath: /var/www/database
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d
+
+
+      volumes:
+      - name: init-script
+        configMap:
+          name: init-data-script
+      - name: merge-script
+        configMap:
+          name: merge-data-script
+      - name: nginx-config
+        configMap:
+          name: nginx-config
+      # - name: nginx-content
+      #   configMap:
+      #     name: nginx-content
+      - name: infctl-public-data
+        persistentVolumeClaim:
+          claimName: infctl-public-data-pvc
+      - name: infctl-storage-data
+        persistentVolumeClaim:
+          claimName: infctl-storage-data-pvc
+      - name: infctl-database-data
+        persistentVolumeClaim:
+          claimName: infctl-database-data-pvc
+      - name: php-config
+        configMap:
+          name: php-config
--- a/k8s-manifests/ctl/kustomization.yaml
+++ b/k8s-manifests/ctl/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pvc.yaml
+  - deployment.yaml  
--- a/k8s-manifests/ctl/pvc.yaml
+++ b/k8s-manifests/ctl/pvc.yaml
@ -0,0 +1,35 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: infctl-public-data-pvc
+  namespace: infctl
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: infctl-storage-data-pvc
+  namespace: infctl
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: infctl-database-data-pvc
+  namespace: infctl
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi