Merge pull request 'master' (#32 ) from master into prod

Reviewed-on: #32
fix
2025-06-04 02:53:40 +03:00 · 2025-06-04 02:34:14 +03:00 · 2025-06-03 22:53:25 +03:00 · 2025-06-03 22:43:30 +03:00 · 2025-06-02 00:19:08 +03:00 · 2025-06-01 20:04:26 +03:00
7 changed files with 96 additions and 38 deletions
--- a/.deploy/deploy-dev.yaml
+++ b/.deploy/deploy-dev.yaml
@ -6,15 +6,21 @@ services:
    image: mathwave/sprint-repo:certupdater
    command: worker
    environment:
+      MINIO_HOST: "minio.develop.sprinthub.ru"
+      MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
      MONGO_HOST: "mongo.develop.sprinthub.ru"
      MONGO_PASSWORD: $MONGO_PASSWORD_DEV
      STAGE: "development"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - configurator
    deploy:
      mode: replicated
      restart_policy:
        condition: any
+      placement:
+        constraints: [node.labels.stage == development]
      update_config:
        parallelism: 1
        order: start-first
--- a/.deploy/deploy-prod.yaml
+++ b/.deploy/deploy-prod.yaml
@ -2,44 +2,29 @@ version: "3.4"


 services:
-  worker:
-    image: mathwave/sprint-repo:pizda-bot
+  certupdater:
+    image: mathwave/sprint-repo:certupdater
    command: worker
    environment:
+      MINIO_HOST: "minio.sprinthub.ru"
+      MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
      MONGO_HOST: "mongo.sprinthub.ru"
      MONGO_PASSWORD: $MONGO_PASSWORD_PROD
      STAGE: "production"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
    networks:
-      - queues
      - configurator
    deploy:
      mode: replicated
      restart_policy:
        condition: any
-      update_config:
-        parallelism: 1
-        order: start-first
-
-  pizda-bot-nginx:
-    image: mathwave/sprint-repo:pizda-bot
-    command: api
-    environment:
-      MONGO_HOST: "mongo.sprinthub.ru"
-      MONGO_PASSWORD: $MONGO_PASSWORD_PROD
-    networks:
-      - common-infra-nginx
-    deploy:
-      mode: replicated
-      restart_policy:
-        condition: any
+      placement:
+        constraints: [node.labels.stage == production]
      update_config:
        parallelism: 1
        order: start-first

 networks:
-  common-infra-nginx:
-    external: true
-  queues:
-    external: true
  configurator:
    external: true
--- a/.gitea/workflows/deploy-dev.yaml
+++ b/.gitea/workflows/deploy-dev.yaml
@ -18,14 +18,14 @@ jobs:
        with:
          ref: dev
      - name: build
-        run: docker build -t mathwave/sprint-repo:pizda-bot .
+        run: docker build -t mathwave/sprint-repo:certupdater .
  push:
    name: Push
    runs-on: [ dev ]
    needs: build
    steps:
      - name: push
-        run: docker push mathwave/sprint-repo:pizda-bot
+        run: docker push mathwave/sprint-repo:certupdater
  deploy-dev:
    name: Deploy dev
    runs-on: [prod]
@ -40,4 +40,5 @@ jobs:
      - name: deploy
        env:
          MONGO_PASSWORD_DEV: ${{ secrets.MONGO_PASSWORD_DEV }}
-        run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-dev.yaml pizda-bot-development
+          MINIO_SECRET_KEY_DEV: ${{ secrets.MINIO_SECRET_KEY_DEV }}
+        run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-dev.yaml certupdater-development
--- a/.gitea/workflows/deploy-prod.yaml
+++ b/.gitea/workflows/deploy-prod.yaml
@ -40,4 +40,5 @@ jobs:
      - name: deploy
        env:
          MONGO_PASSWORD_PROD: ${{ secrets.MONGO_PASSWORD_PROD }}
-        run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-prod.yaml pizda-bot
+          MINIO_SECRET_KEY_PROD: ${{ secrets.MINIO_SECRET_KEY_PROD }}
+        run: docker stack deploy --with-registry-auth -c ./.deploy/deploy-prod.yaml certupdater
--- a/6
+++ b/6
@ -2,8 +2,14 @@ FROM docker:dind

 ENV PYTHONUNBUFFERED=1
 RUN apk add --update --no-cache python3 py3-pip && ln -sf python3 /usr/bin/python
+RUN mkdir /code
+WORKDIR /code
 RUN python3 -m venv venv
 RUN venv/bin/python3 -m ensurepip
 RUN venv/bin/pip3 install --no-cache --upgrade pip setuptools

+COPY requirements.txt requirements.txt
+RUN venv/bin/pip3 install -r requirements.txt
+COPY . .
+
 ENTRYPOINT [ "venv/bin/python3", "main.py" ]
--- a/main.py
+++ b/main.py
@ -1,4 +1,6 @@
 import datetime
+import io
+import os
 import subprocess
 import time
 from configurator import configurator
@ -22,23 +24,66 @@ def call(command: str) -> Response:


 def get_hosts() -> list[str]:
-    return list(set(configurator.get_config("hosts") + ["platform.chocomarsh.com"]))
+    return list(set(configurator.get_config("hosts") + ["platform.develop.sprinthub.ru"]))


-def update_host(host: str):
-    gen_cert = call(f"docker exec $(docker ps -q -f name=infra_nginx) certbot --nginx --email emmtvv@gmail.com --agree-tos -d \"{host}\"")
-    if gen_cert.code != 0:
-        print("failed generating certificate")
-        return
+def update_host(host: str) -> bool:
+    if os.getenv("STAGE") == "development":
+        container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)")
+    else:
+        container_id_run = call(f"echo $(docker ps -q -f name=infra_nginx)")
+    if container_id_run.code != 0:
+        print(f"something wrong {container_id_run.err}")
+        return False
+    container_name = container_id_run.out.strip()
+    if not container_name:
+        print("No nginx container")
+        return False
    
+    gen_command = f"docker exec {container_name} certbot --nginx --email emmtvv@gmail.com --agree-tos --non-interactive -d \"{host}\""
+    print(gen_command)
+    
+    gen_cert = call(gen_command)
+    if gen_cert.code != 0:
+        print(f"failed generating certificate: {gen_cert.err}")
+        print("Here is the log")
+        print(call(f"docker exec {container_name} cat /var/log/letsencrypt/letsencrypt.log").out)
+        return False
+    
+    fullchain_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/fullchain.pem")
+    if fullchain_command.code != 0:
+        print(f"failed getting fullchain: {fullchain_command.err}")
+        return True
+    
+    privkey_command = call(f"docker exec {container_name} cat /etc/letsencrypt/live/{host}/privkey.pem")
+    if privkey_command.code != 0:
+        print(f"failed getting fullchain: {privkey_command.err}")
+        return True
+
+    fullchain = fullchain_command.out.encode("utf-8")
+    privkey = privkey_command.out.encode("utf-8")
+    minio.put_object("certupdater", f"certificates/{host}/fullchain.pem", io.BytesIO(fullchain), len(fullchain))
+    minio.put_object("certupdater", f"certificates/{host}/privkey.pem", io.BytesIO(privkey), len(privkey))
+    return True


 while True:
    now = datetime.datetime.now()
    mongo_hosts = mongo.hosts
+    updated = False
    for host in get_hosts():
-        if now() + datetime.timedelta(days=14) > mongo_hosts[host]["expire_time"]:
-            update_host(host)
-            print(f"Host {host} updated")
-    minio.put_object("certupdater", "nginx.conf", )
-    time.sleep(5 * 60)
+        if now + datetime.timedelta(days=14) > mongo_hosts.get(host, {"expire_time": datetime.datetime.fromtimestamp(1)})["expire_time"]:
+            success = update_host(host)
+            if success:
+                print(f"Host {host} updated")
+                mongo.update_date(host)
+                updated = True
+    if updated:
+        if os.getenv("STAGE") == "development":
+            container_id_run = call(f"echo $(docker ps -q -f name=infra-development_nginx)")
+            result = call(f"docker restart {container_id_run.out}")
+        else:
+            result = call("docker service update --force infra_nginx")
+
+        print(result.err, result.out)
+    time.sleep(30)
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,14 @@
+argon2-cffi==23.1.0
+argon2-cffi-bindings==21.2.0
+certifi==2025.4.26
+cffi==1.17.1
+charset-normalizer==3.4.2
+dnspython==2.7.0
+idna==3.10
+minio==7.2.15
+pycparser==2.22
+pycryptodome==3.23.0
+pymongo==4.13.0
+requests==2.32.3
+typing_extensions==4.13.2
+urllib3==2.4.0
Author	SHA1	Message	Date
emmatveev	55323f1be1	Merge pull request 'master' (#32 ) from master into prod Reviewed-on: #32	2025-06-04 02:53:40 +03:00
Egor Matveev	080f84477f	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 6s Details Deploy Dev / Push (pull_request) Successful in 10s Details Deploy Dev / Deploy dev (pull_request) Successful in 9s Details Deploy Prod / Build (pull_request) Successful in 6s Details Deploy Prod / Push (pull_request) Successful in 10s Details Deploy Prod / Deploy prod (pull_request) Successful in 24s Details	2025-06-04 02:34:14 +03:00
Egor Matveev	965175be5a	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 27s Details Deploy Dev / Deploy dev (pull_request) Successful in 10s Details	2025-06-03 22:53:25 +03:00
Egor Matveev	d1d23165fa	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 10s Details Deploy Dev / Deploy dev (pull_request) Successful in 9s Details	2025-06-03 22:43:30 +03:00
Egor Matveev	21d1008abe	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 8s Details	2025-06-02 00:19:08 +03:00
Egor Matveev	08fd556c2c	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 20:04:26 +03:00
Egor Matveev	81db99d44d	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details Deploy Dev / Push (pull_request) Successful in 8s Details	2025-06-01 19:58:18 +03:00
Egor Matveev	671f414e45	fix All checks were successful Deploy Dev / Deploy dev (pull_request) Successful in 8s Details Deploy Dev / Build (pull_request) Successful in 4s Details Deploy Dev / Push (pull_request) Successful in 8s Details	2025-06-01 19:54:59 +03:00
Egor Matveev	683320dc44	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 4s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 19:53:14 +03:00
Egor Matveev	0258778e5c	Merge branch 'master' of https://gitea.sprinthub.ru/self/certupdater All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 5s Details	2025-06-01 19:50:32 +03:00
Egor Matveev	9778a5168b	fix	2025-06-01 19:50:14 +03:00
emmatveev	713e8b58a3	Merge branch 'dev' into master All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 19:48:25 +03:00
Egor Matveev	62a57137d1	fix	2025-06-01 19:48:06 +03:00
emmatveev	f14bdcb7aa	Merge pull request 'fix' (#21 ) from master into dev Reviewed-on: #21	2025-06-01 19:45:01 +03:00
Egor Matveev	096506b9dd	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 18s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 19:44:31 +03:00
emmatveev	aa2057d8d6	Merge pull request 'fix' (#20 ) from master into dev Reviewed-on: #20	2025-06-01 19:27:11 +03:00
Egor Matveev	510bf7f2e6	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 19:25:26 +03:00
emmatveev	3f94465db4	Merge pull request 'fix' (#19 ) from master into dev Reviewed-on: #19	2025-06-01 19:24:35 +03:00
Egor Matveev	7abedce009	fix Some checks failed Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Failing after 7s Details	2025-06-01 19:24:11 +03:00
emmatveev	07900cfe43	Merge pull request 'fix' (#18 ) from master into dev Reviewed-on: #18	2025-06-01 15:12:48 +03:00
Egor Matveev	eaf5cbfa55	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 9s Details Deploy Dev / Deploy dev (pull_request) Successful in 5s Details	2025-06-01 15:12:27 +03:00
emmatveev	5b572b2e66	Merge pull request 'fix' (#17 ) from master into dev Reviewed-on: #17	2025-06-01 15:06:38 +03:00
Egor Matveev	224fb045e9	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 9s Details Deploy Dev / Deploy dev (pull_request) Successful in 8s Details	2025-06-01 15:06:22 +03:00
emmatveev	5efbd0e7fd	Merge pull request 'fix' (#16 ) from master into dev Reviewed-on: #16	2025-06-01 15:05:10 +03:00
Egor Matveev	ba8c2292a6	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 9s Details Deploy Dev / Deploy dev (pull_request) Successful in 8s Details	2025-06-01 15:04:46 +03:00
emmatveev	6e47ccb904	Merge pull request 'fix' (#15 ) from master into dev Reviewed-on: #15	2025-06-01 15:02:52 +03:00
Egor Matveev	707bf34f8a	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 8s Details	2025-06-01 15:02:30 +03:00
emmatveev	f99dd0c4b7	Merge pull request 'fix' (#14 ) from master into dev Reviewed-on: #14	2025-06-01 14:58:29 +03:00
Egor Matveev	e00c2f7f71	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 14:57:54 +03:00
emmatveev	5f84b3e8df	Merge pull request 'fix' (#13 ) from master into dev Reviewed-on: #13	2025-06-01 14:51:00 +03:00
Egor Matveev	2abffabca8	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 14:50:44 +03:00
emmatveev	6ed10602ff	Merge pull request 'fix' (#12 ) from master into dev Reviewed-on: #12	2025-06-01 14:49:16 +03:00
Egor Matveev	b718b17f93	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 9s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 14:49:01 +03:00
emmatveev	d4af35ddbf	Merge pull request 'fix' (#11 ) from master into dev Reviewed-on: #11	2025-06-01 14:42:51 +03:00
Egor Matveev	8a64bec6fe	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 4s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 5s Details	2025-06-01 14:42:31 +03:00
emmatveev	c0eefdf3f0	Merge pull request 'fix' (#10 ) from master into dev Reviewed-on: #10	2025-06-01 14:01:58 +03:00
Egor Matveev	0f4e509639	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 8s Details Deploy Dev / Deploy dev (pull_request) Successful in 6s Details	2025-06-01 14:01:42 +03:00
emmatveev	d4ef8b6b7c	Merge pull request 'fix' (#9 ) from master into dev Reviewed-on: #9	2025-06-01 13:59:48 +03:00
Egor Matveev	29e4912a95	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 5s Details Deploy Dev / Push (pull_request) Successful in 13s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 13:59:17 +03:00
emmatveev	11516b1a6e	Merge pull request 'fix' (#8 ) from master into dev Reviewed-on: #8	2025-06-01 01:13:10 +03:00
Egor Matveev	cc0c578cdc	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 24s Details Deploy Dev / Push (pull_request) Successful in 11s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 01:12:52 +03:00
emmatveev	90d5d957e0	Merge pull request 'fix' (#7 ) from master into dev Reviewed-on: #7	2025-06-01 01:10:42 +03:00
Egor Matveev	8e193e2e87	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 23s Details Deploy Dev / Push (pull_request) Successful in 15s Details Deploy Dev / Deploy dev (pull_request) Successful in 7s Details	2025-06-01 01:10:28 +03:00
emmatveev	5c1a8a3a5e	Merge pull request 'fix' (#6 ) from master into dev Reviewed-on: #6	2025-06-01 01:07:52 +03:00
Egor Matveev	317b371977	fix Some checks failed Deploy Dev / Build (pull_request) Failing after 27s Details Deploy Dev / Push (pull_request) Has been skipped Details Deploy Dev / Deploy dev (pull_request) Has been skipped Details	2025-06-01 01:07:20 +03:00
emmatveev	f8d5acb4a0	Merge pull request 'fix' (#5 ) from master into dev Reviewed-on: #5	2025-06-01 01:05:29 +03:00
Egor Matveev	580eb94ef7	fix Some checks failed Deploy Dev / Build (pull_request) Failing after 6s Details Deploy Dev / Push (pull_request) Has been skipped Details Deploy Dev / Deploy dev (pull_request) Has been skipped Details	2025-06-01 01:05:00 +03:00
emmatveev	9ead345f05	Merge pull request 'fix' (#4 ) from master into dev Reviewed-on: #4	2025-05-31 13:50:13 +03:00
Egor Matveev	17858ba868	fix Some checks failed Deploy Dev / Build (pull_request) Failing after 6s Details Deploy Dev / Push (pull_request) Has been skipped Details Deploy Dev / Deploy dev (pull_request) Has been skipped Details	2025-05-31 13:49:54 +03:00
emmatveev	f0c1f1a935	Merge pull request 'fix' (#3 ) from master into dev Reviewed-on: #3	2025-05-31 13:48:48 +03:00
Egor Matveev	fed8955dd3	fix Some checks failed Deploy Dev / Build (pull_request) Failing after 7s Details Deploy Dev / Push (pull_request) Has been skipped Details Deploy Dev / Deploy dev (pull_request) Has been skipped Details	2025-05-31 13:48:29 +03:00
emmatveev	72500ab48d	Merge pull request 'fix' (#2 ) from master into dev Reviewed-on: #2	2025-05-31 13:44:02 +03:00
Egor Matveev	ad830c6ba6	fix All checks were successful Deploy Dev / Build (pull_request) Successful in 44s Details Deploy Dev / Push (pull_request) Successful in 17s Details Deploy Dev / Deploy dev (pull_request) Successful in 17s Details	2025-05-31 13:43:40 +03:00