hjess/tink-demo
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity

excluded resolver
Some checks failed
Build and Deploy / build-and-deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Henrik Jess Nielsen
2026-05-22 18:33:54 +02:00
parent 26a16e3638
commit e3fa08f6fb
3 changed files with 41 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.gitea/workflows/deploy.yml
View File

@@ -10,19 +10,14 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Log in to i80 registry - name: Build Docker image
uses: docker/login-action@v3 run: docker build -t registry.i80.dk/moneycapp-tink-demo:latest .
with:
registry: registry.i80.dk
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and push Docker image - name: Push to i80 registry
uses: docker/build-push-action@v5 run: |
with: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login registry.i80.dk \
context: . -u "${{ secrets.REGISTRY_USER }}" --password-stdin
push: true docker push registry.i80.dk/moneycapp-tink-demo:latest
tags: registry.i80.dk/moneycapp-tink-demo:latest
- name: Deploy to Nomad - name: Deploy to Nomad
env: env:

28
Makefile
View File

@@ -1,4 +1,7 @@
.PHONY: install run dev docker-build docker-up docker-down test clean .PHONY: install run dev docker-build docker-up docker-down push deploy logs vault-setup test clean
REGISTRY = registry.i80.dk
IMAGE = $(REGISTRY)/moneycapp-tink-demo
install: install:
python3 -m venv .venv && .venv/bin/pip install -q -r requirements.txt python3 -m venv .venv && .venv/bin/pip install -q -r requirements.txt
@@ -20,5 +23,28 @@ docker-up:
docker-down: docker-down:
docker compose down docker compose down
# --- Deploy to i80.dk ---
push:
docker build --platform linux/amd64 -t $(IMAGE):latest .
docker push $(IMAGE):latest
@echo "✓ Image pushed to $(IMAGE):latest"
vault-setup:
@echo "Storing Tink credentials in Vault..."
vault kv put secret/moneycapp-tink-demo \
client_id=$(TINK_CLIENT_ID) \
client_secret=$(TINK_CLIENT_SECRET) \
session_secret=$$(openssl rand -hex 32)
@echo "✓ Vault secret stored at secret/moneycapp-tink-demo"
deploy: push
scp moneycapp-tink-demo.nomad autobox.i80.dk:/tmp/
ssh autobox.i80.dk 'export NOMAD_ADDR=https://nomad.i80.dk:4646 && nomad job run /tmp/moneycapp-tink-demo.nomad'
@echo "✓ Deployed — https://tink-demo.i80.dk"
logs:
ssh autobox.i80.dk 'export NOMAD_ADDR=https://nomad.i80.dk:4646 && nomad alloc logs -job moneycapp-tink-demo'
clean: clean:
rm -rf .venv __pycache__ src/__pycache__ src/**/__pycache__ rm -rf .venv __pycache__ src/__pycache__ src/**/__pycache__

20
moneycapp-tink-demo.nomad
View File

@@ -13,7 +13,9 @@ job "moneycapp-tink-demo" {
name = "moneycapp-tink-demo" name = "moneycapp-tink-demo"
port = "http" port = "http"
tags = ["traefik.enable=true", tags = ["traefik.enable=true",
"traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)"] "traefik.http.routers.tink-demo.rule=Host(`tink-demo.i80.dk`)",
"traefik.http.routers.tink-demo.tls=true",
"traefik.http.routers.tink-demo.tls.certresolver=le"]
check { check {
type = "http" type = "http"
path = "/" path = "/"
@@ -31,22 +33,14 @@ job "moneycapp-tink-demo" {
} }
env { env {
TINK_CLIENT_ID = "f168ab67fc2a413a8bd1e9ec62583392"
TINK_CLIENT_SECRET = "87f9ef0f49b54a1282f7969b85719f34"
TINK_REDIRECT_URI = "https://tink-demo.i80.dk/callback" TINK_REDIRECT_URI = "https://tink-demo.i80.dk/callback"
APP_BASE_URL = "https://tink-demo.i80.dk" APP_BASE_URL = "https://tink-demo.i80.dk"
SESSION_SECRET = "moneycapp-tink-demo-i80-2026"
TINK_API_BASE = "https://api.tink.com" TINK_API_BASE = "https://api.tink.com"
TINK_LINK_BASE = "https://link.tink.com" TINK_LINK_BASE = "https://link.tink.com"
} DEMO_MODE = "false"
template {
data = <<EOF
{{ with secret "secret/moneycapp-tink-demo" }}
TINK_CLIENT_ID={{ .Data.data.client_id }}
TINK_CLIENT_SECRET={{ .Data.data.client_secret }}
SESSION_SECRET={{ .Data.data.session_secret }}
{{ end }}
EOF
destination = "secrets/env"
env = true
} }
resources { resources {