From e3fa08f6fba2b449dc9420e67c797fcb58e6d418 Mon Sep 17 00:00:00 2001 From: Henrik Jess Nielsen Date: Fri, 22 May 2026 18:33:54 +0200 Subject: [PATCH] excluded resolver --- .gitea/workflows/deploy.yml | 19 +++++++------------ Makefile | 28 +++++++++++++++++++++++++++- moneycapp-tink-demo.nomad | 20 +++++++------------- 3 files changed, 41 insertions(+), 26 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 95c0c40..1d9cac5 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -10,19 +10,14 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Log in to i80 registry - uses: docker/login-action@v3 - with: - registry: registry.i80.dk - username: ${{ secrets.REGISTRY_USER }} - password: ${{ secrets.REGISTRY_TOKEN }} + - name: Build Docker image + run: docker build -t registry.i80.dk/moneycapp-tink-demo:latest . - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - push: true - tags: registry.i80.dk/moneycapp-tink-demo:latest + - name: Push to i80 registry + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | docker login registry.i80.dk \ + -u "${{ secrets.REGISTRY_USER }}" --password-stdin + docker push registry.i80.dk/moneycapp-tink-demo:latest - name: Deploy to Nomad env: diff --git a/Makefile b/Makefile index 3d3bdc6..fcd0ff2 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,7 @@ -.PHONY: install run dev docker-build docker-up docker-down test clean +.PHONY: install run dev docker-build docker-up docker-down push deploy logs vault-setup test clean + +REGISTRY = registry.i80.dk +IMAGE = $(REGISTRY)/moneycapp-tink-demo install: python3 -m venv .venv && .venv/bin/pip install -q -r requirements.txt @@ -20,5 +23,28 @@ docker-up: docker-down: docker compose down +# --- Deploy to i80.dk --- + +push: + docker build --platform linux/amd64 -t $(IMAGE):latest . + docker push $(IMAGE):latest + @echo "✓ Image pushed to $(IMAGE):latest" + +vault-setup: + @echo "Storing Tink credentials in Vault..." + vault kv put secret/moneycapp-tink-demo \ + client_id=$(TINK_CLIENT_ID) \ + client_secret=$(TINK_CLIENT_SECRET) \ + session_secret=$$(openssl rand -hex 32) + @echo "✓ Vault secret stored at secret/moneycapp-tink-demo" + +deploy: push + scp moneycapp-tink-demo.nomad autobox.i80.dk:/tmp/ + ssh autobox.i80.dk 'export NOMAD_ADDR=https://nomad.i80.dk:4646 && nomad job run /tmp/moneycapp-tink-demo.nomad' + @echo "✓ Deployed — https://tink-demo.i80.dk" + +logs: + ssh autobox.i80.dk 'export NOMAD_ADDR=https://nomad.i80.dk:4646 && nomad alloc logs -job moneycapp-tink-demo' + clean: rm -rf .venv __pycache__ src/__pycache__ src/**/__pycache__ diff --git a/moneycapp-tink-demo.nomad b/moneycapp-tink-demo.nomad index 460fc31..c5f6c92 100644 --- a/moneycapp-tink-demo.nomad +++ b/moneycapp-tink-demo.nomad @@ -13,7 +13,9 @@ job "moneycapp-tink-demo" { name = "moneycapp-tink-demo" port = "http" tags = ["traefik.enable=true", - "traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)"] + "traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)", + "traefik.http.routers.tink-demo.tls=true", + "traefik.http.routers.tink-demo.tls.certresolver=le"] check { type = "http" path = "/" @@ -31,22 +33,14 @@ job "moneycapp-tink-demo" { } env { + TINK_CLIENT_ID = "f168ab67fc2a413a8bd1e9ec62583392" + TINK_CLIENT_SECRET = "87f9ef0f49b54a1282f7969b85719f34" TINK_REDIRECT_URI = "https://tink-demo.i80.dk/callback" APP_BASE_URL = "https://tink-demo.i80.dk" + SESSION_SECRET = "moneycapp-tink-demo-i80-2026" TINK_API_BASE = "https://api.tink.com" TINK_LINK_BASE = "https://link.tink.com" - } - - template { - data = <