Setup Files Configuration

name: Test SSH Connection

on:
  workflow_dispatch:

permissions:
  contents: read
  actions: read

jobs:
  test-ssh:
    runs-on: ubuntu-latest
    steps:
      - name: Test SSH connection
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.SSH_KEY }}
          port: ${{ secrets.PORT }}
          script: |
            echo "🧪 Testing SSH connection... Nice"
            echo "🎉 Successfully connected to $(hostname)!"
            echo "Current user is: $(whoami)"
            echo "Current directory is: $(pwd)"

# GitHub Apps Setup Guide

## Step 1: Create a GitHub App

1. **Go to GitHub App creation**:
   - Visit: https://github.com/settings/apps/new
   - Or: GitHub.com → Settings → Developer settings → GitHub Apps → New GitHub App

2. **Configure the App**:
   - **App name**: `LXC106-Deployment-App`
   - **Description**: `Deployment automation for LXC106 server`
   - **Homepage URL**: `http://192.168.1.26` (your server IP)
   - **Webhook**: Leave unchecked for now

## Step 2: Set App Permissions

**Repository permissions**:
- **Contents**: `Read and write` (for cloning and pulling)
- **Metadata**: `Read-only`
- **Pull requests**: `Read-only` (if you want to deploy from PRs)

**No account permissions needed** (leave as default)

## Step 3: Install the App

1. **Click "Create GitHub App"**
2. **Click "Install"** to install it on your repository
3. **Select your repository**: `HappyMinsker/DjFull106`
4. **Click "Install"**

## Step 4: Generate Installation Token

1. **Go back to your GitHub App settings**
2. **Click "Generate new token (classic)"**
3. **Configure the token**:
   - Name: `LXC106 Deployment Token`
   - Expiration: `No expiration` (or choose reasonable time)
4. **Click "Generate token"**
5. **Copy the token** (you won't see it again!)

## Step 5: Update GitHub Secrets

1. **Go to your repository**: Settings → Secrets and variables → Actions
2. **Add new secret**:
   - Name: `GITHUB_APP_TOKEN`
   - Value: Paste the installation token from Step 4
3. **Keep existing secrets**:
   - `HOST`: Your server IP (e.g., 192.168.1.26)
   - `USERNAME`: SSH username (e.g., root)
   - `PORT`: SSH port (usually 22)
4. **Remove old secret**:
   - `SSH_KEY` (no longer needed)

## Step 6: Update Deployment Workflow

Your `.github/workflows/deploy.yml` now uses:
```yaml
git clone https://x-access-token:$@github.com/HappyMinsker/DjFull106.git
```

## Step 7: Test the Setup

1. **Push a small change** to trigger the workflow
2. **Or manually run** the workflow from Actions tab
3. **Monitor the logs** - should now show successful authentication

## Benefits of GitHub Apps

- ✅ **More secure**: Tokens can be revoked individually
- ✅ **Granular permissions**: Only access what you need
- ✅ **Better audit trail**: See exactly what the app is doing
- ✅ **Future-proof**: GitHub's recommended approach
- ✅ **No SSH key management** on your server

## Troubleshooting

- **"Repository not found"**: Check if app is installed on correct repository
- **"Authentication failed"**: Verify GITHUB_APP_TOKEN secret is correct
- **"Permission denied"**: Check app permissions in GitHub App settings

server {
    listen 80;
    server_name _;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /static/ {
        alias /var/www/DjFull106/staticfiles/;
    }
}

root@DjFull106:~# sudo nginx -T | sed -n '1,200p' | grep -E "server_name|listen|sites-enabled"
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;
        include /etc/nginx/sites-enabled/*;
#               listen     localhost:110;
#               listen     localhost:143;
# configuration file /etc/nginx/sites-enabled/DjFull106:
    listen 80 default_server;
    server_name 192.168.1.26;
root@DjFull106:~# ls -l /etc/nginx/sites-enabled/
total 0
lrwxrwxrwx 1 root root 36 Sep  1 08:56 DjFull106 -> /etc/nginx/sites-available/DjFull106
root@DjFull106:~#

[Unit]
Description=Gunicorn daemon for Django
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/var/www/DjFull106
ExecStart=/var/www/DjFull106/venv/bin/gunicorn --workers 3 --bind 127.0.0.1:8000 DjFull106.wsgi:application
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

"""
Django settings for DjFull106 project in production.
"""

from pathlib import Path

BASE_DIR = Path(__file__).resolve().parent.parent

SECRET_KEY = 'your-production-secret-key-here'
DEBUG = False
ALLOWED_HOSTS = ['91.149.187.178', '192.168.1.26', 'localhost', '127.0.0.1']

# Application definition
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'main',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'DjFull106.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [BASE_DIR / 'templates'],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'DjFull106.wsgi.application'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}

# Password validation
AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

# Internationalization
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_TZ = True

# Static files (CSS, JavaScript, Images)
STATIC_URL = 'static/'
STATICFILES_DIRS = [
    BASE_DIR / 'assets',
]
STATIC_ROOT = BASE_DIR / 'staticfiles'

# Default primary key field type
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' 

name: Deploy Django to Proxmox Server

on:
  push:
    branches: [ main, master ]
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Deploy to Proxmox Server
      uses: appleboy/ssh-action@v1.0.3
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.SSH_KEY }}
        port: ${{ secrets.PORT }}
        script: |
          # Navigate to project directory
          cd /var/www/DjFull106
          
          # Pull latest changes from GitHub
          git pull origin main
          
          # Activate virtual environment
          source venv/bin/activate
          
          # Install/update dependencies
          pip install -r requirements.txt
          
          # Run database migrations
          python manage.py migrate --settings=DjFull106.settings_production
          
          # Collect static files
          python manage.py collectstatic --noinput --settings=DjFull106.settings_production
          
          # Restart Gunicorn service
          sudo systemctl restart gunicorn
          
          # Reload Nginx configuration
          sudo systemctl reload nginx
          
          echo "Deployment completed successfully!"
          
    - name: Deployment Status
      run: |
        echo "✅ Django application deployed to Proxmox server"
        echo "🌐 Website should be available at your domain/IP"
        echo "📝 Check server logs if needed: journalctl -u gunicorn"

# SSH Key Setup for GitHub Actions to LXC Deployment

## Step 1: Generate a New SSH Key Pair
On DANIIT001
```bash
ssh-keygen -t ed25519 -C "github-actions@gominsk.online" -f ./.ssh/GithubToLXC
```

## Step 2: Place the PUBLIC Key on LXC106
- Copy the contents of the GithubToLXC.pub
- SSH into LXC106 using your normal credentials
- Navigate to the user's SSH directory:
```bash
cd ~/.ssh
```
- If the 'authorized_keys' file doesn't exist, this will create it:
```bash
echo "paste_the_public_GithubToLXC_content_here" >> authorized_keys
```

- Set secure permissions:
```bash
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
```

## Step 3: Place the PRIVATE Key on GitHub
1. Go to your GitHub repository
2. Click on Settings -> Secrets and variables -> Actions
3. Click New repository secret
4. Name: SSH_KEY
5. Copy private GithubToLXC to SSH_KEY

## Step 4: Create Test Workflow File
Create a new file in your repository at .github/workflows/test-ssh.yml:

```yaml
name: Test SSH Connection
on:
  workflow_dispatch:

jobs:
  test-ssh:
    runs-on: ubuntu-latest
    steps:
    - name: Test SSH connection
      uses: appleboy/ssh-action@v1.0.3
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.SSH_KEY }}
        port: ${{ secrets.PORT }}
        script: |
          echo "SSH connection successful!"
          whoami
          pwd
          date
```

After completing these steps, proceed to the Test Workflow Execution guide.

# Test Workflow Execution Guide

## Prerequisites
Before running this test, ensure you have:
- ✅ Generated SSH key pair (GithubToLXC)
- ✅ Added public key to LXC106 authorized_keys
- ✅ Added private key to GitHub Secrets as SSH_KEY
- ✅ Created .github/workflows/test-ssh.yml file

## Step 1: Navigate to GitHub Repository
Go to your repository on GitHub.com (e.g., https://github.com/your-username/your-repo-name).

## Step 2: Access Actions Tab
Click on the **"Actions"** tab in the top navigation bar of your repository (between "Pull requests" and "Projects").

## Step 3: Select Your Workflow
In the left sidebar, you will see the name of your workflow: **"Test SSH Connection"**.

## Step 4: Run the Workflow Manually
- Since we used `on: workflow_dispatch`, you will see a button that says **"Run workflow"**.
- Click the dropdown button, make sure the branch is set to **main** (or whichever branch you pushed the file to).
- Click the green **"Run workflow"** button.

## Step 5: Monitor the Execution
- GitHub will now start a new run. You'll see a **yellow icon** as it starts.
- Click on the run to see the **live logs** and watch each step execute in real-time.
- **Success**: If the SSH connection works, you'll see a **green checkmark (✅)**.
- **Failure**: If it fails, you'll see a **red X (❌)** and detailed error logs.

## Expected Output
When successful, you should see output similar to:
```
SSH connection successful!
root
/root
Mon Dec 18 10:30:00 UTC 2023
```

## Troubleshooting
If the test fails:
1. Verify SSH key permissions on LXC106
2. Check that the private key was copied correctly to GitHub Secrets
3. Ensure the HOST, USERNAME, and PORT secrets are correct
4. Verify the LXC container is accessible from the internet

After successful SSH test, your main deployment workflow should work correctly!