From bc2e9257522afc5e259641df98e53c5db302cf70 Mon Sep 17 00:00:00 2001 From: Pavel Zilke Date: Tue, 21 Oct 2025 10:58:55 +0300 Subject: [PATCH] DEVOPS-2210 Update CI --- Dockerfile | 45 ++++++++++ config/Dockerfile | 43 --------- config/Dockerfile.build | 58 ------------ config/Dockerfile.tc | 18 ++++ config/NODEJS_version | 1 - config/application.yaml | 12 +-- config/db.env | 57 ++++++++---- config/docker-compose.tc.yaml | 34 +++++++ ...er-compose.db.yaml => docker-compose.yaml} | 29 ++++-- config/nginx.conf | 88 +++++++++++++++++++ config/settings.xml | 19 ++++ 11 files changed, 271 insertions(+), 133 deletions(-) create mode 100644 Dockerfile delete mode 100644 config/Dockerfile delete mode 100644 config/Dockerfile.build create mode 100644 config/Dockerfile.tc delete mode 100644 config/NODEJS_version create mode 100644 config/docker-compose.tc.yaml rename config/{docker-compose.db.yaml => docker-compose.yaml} (52%) create mode 100644 config/nginx.conf create mode 100644 config/settings.xml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..501b91d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,45 @@ +ARG BUILDER_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/node:20.9-alpine-git +ARG RUNTIME_IMAGE=nexus.ervu.rt-sk.ru/ervu-base/ervu/jdk:17.0.13-alpine-3.21 + + +FROM $BUILDER_IMAGE AS builder + +ARG MVN_FLAGS="-T4C -Pprod --batch-mode --no-transfer-progress" + +RUN echo "https://dl-cdn.alpinelinux.org/alpine/v3.18/main" >> /etc/apk/repositories \ + && echo "https://dl-cdn.alpinelinux.org/alpine/v3.18/community" >> /etc/apk/repositories \ + && apk --update --no-cache add maven openjdk17-jdk + +ENV LANG=ru_RU.UTF-8 +ENV LANGUAGE=ru_RU.UTF-8 +ENV LC_ALL=ru_RU.UTF-8 + +WORKDIR /app +COPY . . + +RUN mkdir -p /root/.m2 \ +# && cp config/settings.xml /root/.m2/settings.xml \ + && mvn clean ${MVN_FLAGS} \ + && mvn package ${MVN_FLAGS} + +RUN cd config-data-executor \ + && mvn clean package ${MVN_FLAGS} + + +FROM $RUNTIME_IMAGE + +RUN rm -f /etc/apk/repositories \ + && echo "https://dl-cdn.alpinelinux.org/alpine/v3.21/main" >> /etc/apk/repositories \ + && apk --update --no-cache add nginx + +ENV BACKEND_URL=http://localhost:8080 +ENV CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api + +COPY config/nginx.conf /etc/nginx/nginx.conf +COPY --from=builder /app/frontend/dist /usr/share/nginx/html +COPY --from=builder /app/backend/target/*.jar /home/app/backend.jar +COPY --from=builder /app/config-data-executor/target/*.jar /home/app/cde.jar + +EXPOSE 80 + +ENTRYPOINT ["java", "-jar", "/home/app/backend.jar"] diff --git a/config/Dockerfile b/config/Dockerfile deleted file mode 100644 index 28a98c7..0000000 --- a/config/Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -FROM quay.io/wildfly/wildfly:26.1.3.Final-jdk17 -USER root -ARG POSTGRES_DRIVER_VERSION=42.7.3 -RUN yum-config-manager --disable base --disable extras --disable updates \ - && yum-config-manager --enable C7.8.2003-base --enable C7.8.2003-extras --enable C7.8.2003-updates \ - && yum -y --disableplugin=fastestmirror install sudo \ - && chown -R jboss: /opt/jboss/ - -USER jboss -WORKDIR $JBOSS_HOME -ENV JAVA_ARGS=-Xmx3g -RUN echo 'JAVA_OPTS="$JAVA_OPTS -agentlib:jdwp=transport=dt_socket,address=*:8787,server=y,suspend=n"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:MaxMetaspaceSize=1g"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+ExplicitGCInvokesConcurrent"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF-8"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:-OmitStackTraceInFastThrow"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -Dorg.jboss.logmanager.nocolor=true"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS $JAVA_ARGS"' >> bin/standalone.conf - -### Locale support ru_RU ### -USER root -RUN localedef -i ru_RU -f UTF-8 ru_RU.UTF-8 -RUN echo "LANG=\"ru_RU.UTF-8\"" > /etc/locale.conf -USER jboss -ENV LANG ru_RU.UTF-8 -ENV LANGUAGE ru_RU.UTF-8 -ENV LC_ALL ru_RU.UTF-8 -### Locale Support END ### - -COPY --chown=jboss entrypoint.sh . -COPY --chown=jboss patches patches -RUN (cd patches && wget https://repo.micord.ru/repository/libs-releases-local/org/jboss/ironjacamar/ironjacamar-core-impl/1.5.3.Final/ironjacamar-core-impl-1.5.3.Final.jar) -RUN (cd patches/system && wget https://repo1.maven.org/maven2/org/postgresql/postgresql/$POSTGRES_DRIVER_VERSION/postgresql-$POSTGRES_DRIVER_VERSION.jar -O postgresql-driver.jar) - -RUN chmod -R +x patches && \ - chmod +x entrypoint.sh && \ - ./entrypoint.sh && \ - rm -rf patches - -ENV SERVER_START=true -COPY --chown=jboss *.ear $JBOSS_HOME/standalone/deployments/ -COPY --chown=jboss *.war $JBOSS_HOME/standalone/deployments/ diff --git a/config/Dockerfile.build b/config/Dockerfile.build deleted file mode 100644 index 7fbc109..0000000 --- a/config/Dockerfile.build +++ /dev/null @@ -1,58 +0,0 @@ -FROM maven:3-openjdk-17-slim AS builder -RUN apt update \ - && apt upgrade -y \ - && curl -fsSL https://deb.nodesource.com/setup_14.x | bash - \ - && apt install -y git nodejs \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /app -COPY ../ . -RUN mvn clean \ - && mvn package -T4C \ - && cd config-data-executor \ - && mvn clean \ - && mvn package -T4C - -FROM quay.io/wildfly/wildfly:26.1.3.Final-jdk17 -USER root -ARG POSTGRES_DRIVER_VERSION=42.7.3 -RUN yum-config-manager --disable base --disable extras --disable updates \ - && yum-config-manager --enable C7.8.2003-base --enable C7.8.2003-extras --enable C7.8.2003-updates \ - && yum -y --disableplugin=fastestmirror install sudo \ - && chown -R jboss: /opt/jboss/ - -USER jboss -WORKDIR $JBOSS_HOME -ENV JAVA_ARGS=-Xmx3g -RUN echo 'JAVA_OPTS="$JAVA_OPTS -agentlib:jdwp=transport=dt_socket,address=*:8787,server=y,suspend=n"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:MaxMetaspaceSize=1g"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+ExplicitGCInvokesConcurrent"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF-8"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -XX:-OmitStackTraceInFastThrow"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS -Dorg.jboss.logmanager.nocolor=true"' >> bin/standalone.conf && \ - echo 'JAVA_OPTS="$JAVA_OPTS $JAVA_ARGS"' >> bin/standalone.conf - -### Locale support ru_RU ### -USER root -RUN localedef -i ru_RU -f UTF-8 ru_RU.UTF-8 -RUN echo "LANG=\"ru_RU.UTF-8\"" > /etc/locale.conf -USER jboss -ENV LANG ru_RU.UTF-8 -ENV LANGUAGE ru_RU.UTF-8 -ENV LC_ALL ru_RU.UTF-8 -### Locale Support END ### - -COPY --chown=jboss config/entrypoint.sh . -COPY --chown=jboss config/patches patches -RUN (cd patches && wget https://repo.micord.ru/repository/libs-releases-local/org/jboss/ironjacamar/ironjacamar-core-impl/1.5.3.Final/ironjacamar-core-impl-1.5.3.Final.jar) -RUN (cd patches/system && wget https://repo1.maven.org/maven2/org/postgresql/postgresql/$POSTGRES_DRIVER_VERSION/postgresql-$POSTGRES_DRIVER_VERSION.jar -O postgresql-driver.jar) - -RUN chmod -R +x patches && \ - chmod +x entrypoint.sh && \ - ./entrypoint.sh && \ - rm -rf patches - -ENV SERVER_START=true -COPY --from=builder --chown=jboss /app/distribution/target/*.ear $JBOSS_HOME/standalone/deployments/ -COPY --from=builder --chown=jboss /app/config-data-executor/target/*.war $JBOSS_HOME/standalone/deployments/ diff --git a/config/Dockerfile.tc b/config/Dockerfile.tc new file mode 100644 index 0000000..34f5ecc --- /dev/null +++ b/config/Dockerfile.tc @@ -0,0 +1,18 @@ +ARG RUNTIME_IMAGE=reg.gitlab.micord.ru/common/base/alt/alt-p11-jre17:latest + +FROM $RUNTIME_IMAGE + +RUN apt-get update \ + && apt-get install nginx + +ENV BACKEND_URL=http://localhost:8080 +ENV CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api + +COPY nginx.conf /etc/nginx/nginx.conf +COPY dist /usr/share/nginx/html +COPY backend.jar /home/app/backend.jar +COPY config-data-executor.jar /home/app/cde.jar + +EXPOSE 80 + +ENTRYPOINT ["java", "-jar", "/home/app/backend.jar"] diff --git a/config/NODEJS_version b/config/NODEJS_version deleted file mode 100644 index 9a2a0e2..0000000 --- a/config/NODEJS_version +++ /dev/null @@ -1 +0,0 @@ -v20 diff --git a/config/application.yaml b/config/application.yaml index cafd6ef..a878742 100644 --- a/config/application.yaml +++ b/config/application.yaml @@ -37,9 +37,9 @@ spring: size: 12 datasource: person: - url: jdbc:postgresql://10.10.31.118:5432/person_registry - username: ervu - password: ervu + url: jdbc:postgresql://127.0.0.1:5432/person_registry + username: ${SPRING_DATASOURCE_PERSON_USERNAME} + password: ${SPRING_DATASOURCE_PERSON_PASSWORD} driverClassName: org.postgresql.Driver dbBeanPackage: com.example.ervu_eks_5.db_beans.person sqlDialect: POSTGRES @@ -48,9 +48,9 @@ spring: schemas: - public security: - url: jdbc:postgresql://10.10.31.118:5432/ervu_eks - username: ervu_eks_sec - password: ervu_eks_sec + url: jdbc:postgresql://127.0.0.1:5432/ervu_eks + username: ${SPRING_DATASOURCE_SECURITY_USERNAME} + password: ${SPRING_DATASOURCE_SECURITY_PASSWORD} driverClassName: org.postgresql.Driver dbBeanPackage: com.example.ervu_eks_5.db_beans.security sqlDialect: POSTGRES diff --git a/config/db.env b/config/db.env index ed18bf6..220f07c 100644 --- a/config/db.env +++ b/config/db.env @@ -1,20 +1,41 @@ -# App datasource -DB_APP_NAME=ervu_eks -DB_APP_HOST=db -DB_APP_PORT=5432 -DB_APP_USERNAME=ervu_eks -DB_APP_PASSWORD=ervu_eks +CONFIG_DATA_EXECUTOR_SOCKET_TIMEOUT=10 +CONFIG_DATA_EXECUTOR_CONNECTION_TIMEOUT=10 +CONFIG_DATA_EXECUTOR_URL=http://localhost:8080/api +WEBBPM_MODE=development +WEBBPM_SECURITY_TOKEN_SECRET_KEY=de2c9de3-0de5-47c1-a8de-0fad6f93873b-com.example-ervu_eks_5-17_10_2025_13:18 +SERVER_SERVLET_CONTEXT_PATH=/ervu-eks +BPMN_ENABLE=false +GAR_ENABLE=false +FIAS_ENABLE=false +SPRING_MVC_SERVLET_LOADONSTARTUP=1 +SPRING_JACKSON_SERIALIZATION_WRITEDATESASTIMESTAMPS=false +SPRING_JACKSON_SERIALIZATION_WRITEENUMSUSINGTOSTRING=true +SPRING_JACKSON_DESERIALIZATION_READENUMSUSINGTOSTRING=true +SPRING_TASK_SCHEDULING_POOL_SIZE=12 -# Security datasource -DB_SEC_NAME=ervu_eks -DB_SEC_HOST=db -DB_SEC_PORT=5432 -DB_SEC_USERNAME=ervu_eks_sec -DB_SEC_PASSWORD=ervu_eks_sec +SPRING_DATASOURCE_PERSON_URL=jdbc:postgresql://10.10.31.118:5432/person_registry +SPRING_DATASOURCE_PERSON_USERNAME=ervu +SPRING_DATASOURCE_PERSON_PASSWORD=ervu +SPRING_DATASOURCE_PERSON_DRIVERCLASSNAME=org.postgresql.Driver +SPRING_DATASOURCE_PERSON_DBBEANPACKAGE=com.example.ervu_eks_5.db_beans.person +SPRING_DATASOURCE_PERSON_SQLDIALECT=POSTGRES +SPRING_DATASOURCE_PERSON_DEFAULT=true +SPRING_DATASOURCE_PERSON_MANUALLY=true -# Person datasource -DB_PERSON_NAME=person_registry -DB_PERSON_HOST=10.10.31.118 -DB_PERSON_PORT=5432 -DB_PERSON_USERNAME=ervu -DB_PERSON_PASSWORD=ervu +SPRING_DATASOURCE_SECURITY_URL=jdbc:postgresql://10.10.31.118:5432/ervu_eks +SPRING_DATASOURCE_SECURITY_USERNAME=ervu_eks_sec +SPRING_DATASOURCE_SECURITY_PASSWORD=ervu_eks_sec +SPRING_DATASOURCE_SECURITY_DRIVERCLASSNAME=org.postgresql.Driver +SPRING_DATASOURCE_SECURITY_DBBEANPACKAGE=com.example.ervu_eks_5.db_beans.security +SPRING_DATASOURCE_SECURITY_SQLDIALECT=POSTGRES +SPRING_DATASOURCE_SECURITY_MAXSIZE=7 +SPRING_DATASOURCE_SECURITY_METRICSENABLED=true +SPRING_DATASOURCE_SECURITY_DEFAULT=false +SPRING_DATASOURCE_SECURITY_MANUALLY=true + +MONITORING_WHITE_IP_LIST=127.0.0.1, 0:0:0:0:0:0:0:1 +MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=info,health,metrics,prometheus +MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED=true +LOGGING_LEVEL_ROOT=INFO +LOGGING_LEVEL_ORG_JOOQ_TOOLS=DEBUG +LOGGING_LEVEL_RU_CG_WEBBPM_MODULES_DATABASE_IMPL_ANALYTICS=DEBUG diff --git a/config/docker-compose.tc.yaml b/config/docker-compose.tc.yaml new file mode 100644 index 0000000..6376670 --- /dev/null +++ b/config/docker-compose.tc.yaml @@ -0,0 +1,34 @@ +#version: "3" +services: + eks-backend: + build: + dockerfile: Dockerfile.ts + entrypoint: ["java", "-jar", "/home/app/backend.jar"] + environment: + - TZ="Europe/Moscow" + - CONFIG_DATA_EXECUTOR_URL=http://eks-cde:8080/api + env_file: + - db.env + + eks-frontend: + build: + dockerfile: Dockerfile.ts + depends_on: + - eks-backend + ports: + - "127.0.0.1:8080:80" + entrypoint: ["nginx", "-g", "daemon off;"] + environment: + - TZ="Europe/Moscow" + + eks-cde: + build: + dockerfile: Dockerfile.ts + entrypoint: ["java", "-jar", "/home/app/cde.jar"] + volumes: + - ./cde-xml:/cde-xml + environment: + - CONFIGDIRECTORY=/cde-xml + +volumes: + db-data: diff --git a/config/docker-compose.db.yaml b/config/docker-compose.yaml similarity index 52% rename from config/docker-compose.db.yaml rename to config/docker-compose.yaml index b1a08cb..cfc2320 100644 --- a/config/docker-compose.db.yaml +++ b/config/docker-compose.yaml @@ -1,4 +1,4 @@ -version: "3" +#version: "3" services: db: image: postgres:15-bullseye @@ -13,19 +13,34 @@ services: - POSTGRES_PASSWORD=supersecretpassword - TZ="Europe/Moscow" - webbpm-app: + eks-backend: image: ervu-eks:latest depends_on: - db - ports: - - "127.0.0.1:9990:9990" - - "127.0.0.1:8080:8080" - volumes: - - ./cde-xml:/cde-xml + entrypoint: ["java", "-jar", "/home/app/backend.jar"] environment: - TZ="Europe/Moscow" + - CONFIG_DATA_EXECUTOR_URL=http://eks-cde:8080/api env_file: - db.env + eks-frontend: + image: ervu-eks:latest + depends_on: + - eks-backend + ports: + - "127.0.0.1:8080:80" + entrypoint: ["nginx", "-g", "daemon off;"] + environment: + - TZ="Europe/Moscow" + + eks-cde: + image: ervu-eks:latest + entrypoint: ["java", "-jar", "/home/app/cde.jar"] + volumes: + - ./cde-xml:/cde-xml + environment: + - CONFIGDIRECTORY=/cde-xml + volumes: db-data: diff --git a/config/nginx.conf b/config/nginx.conf new file mode 100644 index 0000000..76c1450 --- /dev/null +++ b/config/nginx.conf @@ -0,0 +1,88 @@ +include /etc/nginx/modules-enabled.d/*.conf; + +worker_processes 10; + +error_log /var/log/nginx/error.log; + +events { + worker_connections 1024; +} + +include /etc/nginx/conf-enabled.d/*.conf; + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + sendfile on; + + gzip on; + gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml; + + log_format nginx_main + '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '"$request_filename" "$gzip_ratio" $upstream_response_time server: $host : $document_root $fastcgi_script_name '; + + server { + listen 80 default; + + access_log /var/log/nginx/access.log nginx_main; + error_log /var/log/nginx/error.log error; + + root /usr/share/nginx/html; + charset utf-8; + client_max_body_size 32m; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_min_length 256; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; + + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|ttf)$ { + expires 1M; + access_log off; + add_header Cache-Control "max-age=2629746, public"; + } + + location /ervu-eks/ { + proxy_pass http://eks-backend:8080/ervu-eks/; + proxy_set_header Accept application/json; + add_header Content-Type application/json; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location = /health { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } + } +} diff --git a/config/settings.xml b/config/settings.xml new file mode 100644 index 0000000..f455f09 --- /dev/null +++ b/config/settings.xml @@ -0,0 +1,19 @@ + + + + rtsk-ext + rtsk ext + https://nexus.ervu.rt-sk.ru/repository/micord-maven/ + micord + + + central + Central mirror + https://nexus.ervu.rt-sk.ru/repository/maven-public/ + * + + +