create better isolation for networks

Author: rikukissa

.github/workflows/deploy.yml

@@ -176,6 +176,7 @@ jobs:
         id: deploy
         run: |
           cd ./${{ github.event.repository.name }}
+          yarn install
           yarn deploy \
           --clear_data=no \
           --environment=${{ inputs.environment }} \

infrastructure/deployment/add-networks.ts

@@ -0,0 +1,79 @@
+import * as fs from 'fs'
+import * as yaml from 'yaml'
+
+interface DockerCompose {
+  version: string
+  services: Record<string, Service>
+  networks: Record<string, Network>
+}
+
+interface Service {
+  image?: string
+  environment?: { [key: string]: string }
+  volumes?: string[]
+  ports?: string[]
+  networks: string[]
+}
+
+interface Network {
+  driver?: string
+  external?: boolean
+}
+
+// Function to add networks to services and networks section
+function addNetworksToCompose(composeFile: string, networksList: string) {
+  // Read and parse the existing docker-compose YAML file
+  const fileContent = fs.readFileSync(composeFile, 'utf8')
+  const composeObject = yaml.parse(fileContent) as DockerCompose
+
+  // Convert the comma-separated networks list into an array
+  const networksArray = networksList
+    .split(',')
+    .map((network) => network.trim())
+    .filter((network) => network.length > 0)
+    .map((stack) => `${stack}_dependencies_net`)
+    .concat('traefik_net')
+
+  // Add networks to each service
+  for (const serviceName in composeObject.services) {
+    if (serviceName in composeObject.services) {
+      const service = composeObject.services[serviceName]
+      if (!service.networks) {
+        service.networks = []
+      }
+      networksArray.forEach((network) => {
+        if (!service.networks.includes(network)) {
+          service.networks.push(network)
+        }
+      })
+    }
+  }
+
+  // Add networks to the global networks section
+  if (!composeObject.networks) {
+    composeObject.networks = {}
+  }
+
+  networksArray.forEach((network) => {
+    if (!composeObject.networks[network]) {
+      composeObject.networks[network] = { driver: 'overlay' }
+    }
+  })
+
+  // Convert the updated object back to YAML and output it
+  const updatedComposeYaml = yaml.stringify(composeObject)
+  console.log(updatedComposeYaml)
+}
+
+// Parse arguments from the command line
+const [composeFile, networksList] = process.argv.slice(2)
+
+if (!composeFile || !networksList) {
+  console.error(
+    'Usage: ts-node script.ts <docker-compose-file> <networks-list>'
+  )
+  process.exit(1)
+}
+
+// Call the function to update the compose file
+addNetworksToCompose(composeFile, networksList)

infrastructure/deployment/deploy.sh

@@ -300,6 +300,22 @@ docker_stack_deploy() {
 
   echo "Updating docker swarm stack with new compose files"
 
+  EXISTING_STACKS=$(configured_ssh 'docker stack ls --format "{{ .Name }}" | grep -v "dependencies" | paste -sd "," -')
+
+  configured_rsync -rlD $SSH_USER@$SSH_HOST:/opt/opencrvs/infrastructure/docker-compose.dependencies.yml ./infrastructure/docker-compose.dependencies.yml
+
+  if echo $EXISTING_STACKS | grep -w $STACK > /dev/null; then
+    echo "Stack $STACK exists"
+    npx tsx infrastructure/deployment/add-networks.ts infrastructure/docker-compose.dependencies.yml "$EXISTING_STACKS" > ./docker-compose.dependencies.yml
+  else
+    echo "Stack $STACK doesnt exist. Creating"
+    UPDATE_DEPENDENCIES=true
+    npx tsx infrastructure/deployment/add-networks.ts infrastructure/docker-compose.dependencies.yml "$EXISTING_STACKS,$STACK" > ./docker-compose.dependencies.yml
+  fi
+
+  configured_rsync -rlD ./docker-compose.dependencies.yml $SSH_USER@$SSH_HOST:/opt/opencrvs/infrastructure/docker-compose.dependencies.yml
+
+
   if [ "$UPDATE_DEPENDENCIES" = true ]; then
     echo "Updating dependency stack"
     configured_ssh 'cd /opt/opencrvs && \
@@ -379,7 +395,6 @@ echo "Deploying COUNTRY_CONFIG_VERSION $COUNTRY_CONFIG_VERSION to $SSH_HOST..."
 echo
 echo "Syncing configuration files to the target server"
 
-
 configured_rsync -rlD $PROJECT_ROOT/infrastructure $SSH_USER@$SSH_HOST:/opt/opencrvs/ --delete --no-perms --omit-dir-times --verbose
 
 echo "Logging to Dockerhub"