Skip to content

swecc-uw/swecc-infra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

98 Commits
.github/workflows
.github/workflows
 
 
configs
configs
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
nginx.conf
nginx.conf
 
 
stack.yml
stack.yml
 
 
upload-env.sh
upload-env.sh
 
 

Repository files navigation

swecc-infra

Production Swarm configs, env secrets sync, and the api.swecc.org TLS gateway (prod_nginx).

What runs where

Concern Repo Deploy
App images (server, bench-api, …) swecc-core deploy-*.yml on push to main
Docker configs (server_env, …) this repo Sync Docker Configs (schedule + push to main)
TLS + routing api.swecc.org this repo Deploy Gateway / Deploy Nginx

The live gateway is prod_nginx (stack prod, nginx.conf in this repo). Config is copied to /etc/nginx/swecc-api.conf on the swarm manager (never bind-mount the GHA workspace path). It must stay on overlay prod_swecc-network with upstreams server:8000, bench-api:8000, sockets:8004 (Swarm service names — not swecc_stack_*, which are optional aliases and break nginx -t when missing).

Reference SWAG snippets live in swecc-core infra/gateway/; mirror route changes into both repos’ nginx configs.

Migrations vs API outages

Bench schema migrations run in the server image (manage.py migrate in swecc-core s/ops/deploy.sh). Always deploy server before bench-api (swecc-core deploy-bench-api.yml already does this).

  • swecc-core only for app deploys: push to main on the relevant path, or run Deploy Bench API / Deploy Server manually.
  • swecc-infra only when changing nginx.conf, stack.yml, or env configs — not for every migration.

If api.swecc.org is unreachable (connection refused on :443), run Deploy Gateway (workflow_dispatch) — do not redeploy bench-api until the gateway shows 1/1 and public :443 checks pass in the job log. The deploy script also fails if Route53/DNS does not point at this host’s public IP, or if AWS security group blocks inbound TCP 80/443.

Workflows

  • Deploy Gateway — stack deploy, publish :80/:443, sync nginx.conf, roll only when config/ports change (one job at a time via concurrency).
  • Deploy Nginx — manual workflow_dispatch only (do not duplicate push triggers).
  • Sync Docker Configs — refresh Swarm configs; may trigger swecc-core / other service deploys when env changes.

Bench RabbitMQ (optional dispatch)

bench-api_env / bench-worker_env include BENCH_RABBIT_USER, BENCH_RABBIT_PASS, and ORCH_MQ_ENABLED=0 (MQ off until you intentionally enable it). Set repo secrets before the next sync:

gh secret set BENCH_RABBIT_USER --repo swecc-uw/swecc-infra --body-file /path/to/user.txt
gh secret set BENCH_RABBIT_PASS --repo swecc-uw/swecc-infra --body-file /path/to/pass.txt

After merge, run Sync Docker Configs, then on the swarm manager provision the Rabbit user: s/ops/rabbitmq.sh bench-api (from swecc-core). Pairs with swecc-core#62.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages