Merge pull request #5 from ndrean/main

change csp rules ofr fly.io deploy

Author: ndrean

.github/workflows/fly-deploy.yml

@@ -0,0 +1,18 @@
+# See https://fly.io/docs/app-guides/continuous-deployment-with-github-actions/
+
+name: Fly Deploy
+on:
+  push:
+    branches:
+      - main
+jobs:
+  deploy:
+    name: Deploy app
+    runs-on: ubuntu-latest
+    concurrency: deploy-group    # optional: ensure only one action runs at a time
+    steps:
+      - uses: actions/checkout@v4
+      - uses: superfly/flyctl-actions/setup-flyctl@master
+      - run: flyctl deploy --remote-only
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}

Dockerfile

@@ -22,15 +22,18 @@ FROM ${BUILDER_IMAGE} AS builder
 
 # install build dependencies
 RUN apt-get update -y && apt-get install -y \
-  build-essential \
+  build-essential wget \
   git \
   curl \
   && curl -sL https://deb.nodesource.com/setup_22.x | bash - && \
   apt-get install -y \
   nodejs && \
-  apt-get clean && rm -f /var/lib/apt/lists/*_* && \
-  node --version && \
-  npm --version
+  apt-get clean && rm -f /var/lib/apt/lists/*_*
+
+# ARG LITESTREAM_VERSION=0.3.13
+# Install litestream
+# RUN wget https://github.com/benbjohnson/litestream/releases/download/v${LITESTREAM_VERSION}/litestream-v${LITESTREAM_VERSION}-linux-amd64.deb \
+# && dpkg -i litestream-v${LITESTREAM_VERSION}-linux-amd64.deb
 
 RUN npm install -g pnpm 
 RUN pnpm self-update
@@ -117,9 +120,17 @@ RUN mkdir -p /app/data && \
   chmod -R 777 /app/data && \
   chown nobody /app
 
+# Copy Litestream binary from build stage
+COPY --from=builder /usr/bin/litestream /usr/bin/litestream
+COPY litestream.sh /app/bin/litestream.sh
+COPY config/litestream.yml /etc/litestream.yml
+
 USER nobody
 
 EXPOSE 4000
+# Run litestream script as entrypoint
+ENTRYPOINT ["/bin/bash", "/app/bin/litestream.sh"]
+
 CMD ["/bin/sh", "-c", "mkdir -p /app/data && /app/bin/server"]
 
 

config/litestream.yml

@@ -0,0 +1,14 @@
+# This is the configuration file for litestream.
+#
+# For more details, see: https://litestream.io/reference/config/
+#
+dbs:
+- path: $DATABASE_PATH
+  replicas:
+  - type: s3
+    endpoint: $AWS_ENDPOINT_URL_S3
+    bucket: $BUCKET_NAME
+    path: litestream${DATABASE_PATH}
+    access-key-id: $AWS_ACCESS_KEY_ID
+    secret-access-key: $AWS_SECRET_ACCESS_KEY
+    region: $AWS_REGION

fly.toml

@@ -0,0 +1,40 @@
+# fly.toml app configuration file generated for solidyjs-lively-pine-4375 on 2025-03-24T15:51:50-05:00
+#
+# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
+#
+
+app = 'solidyjs-lively-pine-4375'
+primary_region = 'bog'
+kill_signal = 'SIGTERM'
+
+[build]
+
+[env]
+  DATABASE_PATH = '/mnt/name/name.db'
+  PHX_HOST = 'solidyjs-lively-pine-4375.fly.dev'
+  PORT = '8080'
+
+[[mounts]]
+  source = 'name'
+  destination = '/mnt/name'
+  auto_extend_size_threshold = 80
+  auto_extend_size_increment = '1GB'
+  auto_extend_size_limit = '10GB'
+
+[http_service]
+  internal_port = 8080
+  force_https = true
+  auto_stop_machines = 'stop'
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ['app']
+
+  [http_service.concurrency]
+    type = 'connections'
+    hard_limit = 1000
+    soft_limit = 1000
+
+[[vm]]
+  memory = '512mb'
+  cpu_kind = 'shared'
+  cpus = 1

lib/solidyjs/release.ex

@@ -0,0 +1,28 @@
+defmodule Solidyjs.Release do
+  @moduledoc """
+  Used for executing DB release tasks when run in production without Mix
+  installed.
+  """
+  @app :solidyjs
+
+  def migrate do
+    load_app()
+
+    for repo <- repos() do
+      {:ok, _, _} = Ecto.Migrator.with_repo(repo, &Ecto.Migrator.run(&1, :up, all: true))
+    end
+  end
+
+  def rollback(repo, version) do
+    load_app()
+    {:ok, _, _} = Ecto.Migrator.with_repo(repo, &Ecto.Migrator.run(&1, :down, to: version))
+  end
+
+  defp repos do
+    Application.fetch_env!(@app, :ecto_repos)
+  end
+
+  defp load_app do
+    Application.load(@app)
+  end
+end

lib/solidyjs_web/router.ex

@@ -3,7 +3,7 @@ defmodule SolidyjsWeb.Router do
 
   @csp (case MIX_ENV do
           :prod ->
-            "require-trusted-types-for 'script'; script-src 'self' 'wasm-unsafe-eval'; object-src 'none'; connect-src http://localhost:* ws://localhost:* https://api.maptiler.com/; img-src 'self' data: https://*.maptiler.com/ https://api.maptiler.com/; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src 'self'; frame-ancestors 'none'; base-uri 'self'"
+            "require-trusted-types-for 'script'; script-src 'self' 'wasm-unsafe-eval'; object-src 'none'; connect-src 'self' wss://solidyjs-lively-pine-4375.fly.dev ws://solidyjs-lively-pine-4375.fly.dev https://api.maptiler.com/; img-src 'self' data: https://*.maptiler.com/ https://api.maptiler.com/; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src 'self'; frame-ancestors 'none'; base-uri 'self'"
 
           _ ->
             "script-src 'self' 'wasm-unsafe-eval'; object-src 'none'; connect-src http://localhost:* ws://localhost:* https://api.maptiler.com/; img-src 'self' data: https://*.maptiler.com/ https://api.maptiler.com/; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src 'self'; frame-ancestors 'none'; base-uri 'self'"

litestream.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -e
+
+# If db doesn't exist, try restoring from object storage
+if [ ! -f "$DATABASE_PATH" ] && [ -n "$BUCKET_NAME" ]; then
+	litestream restore -if-replica-exists "$DATABASE_PATH"
+fi
+
+# Migrate database
+/app/bin/migrate
+
+# Launch application
+if [ -n "$BUCKET_NAME" ]; then
+	litestream replicate -exec "${*}"
+else
+	exec "${@}"
+fi