From 4ac7dc585cef883af38d99a08dd74c6eb41c1926 Mon Sep 17 00:00:00 2001 From: nns <278048682+nurdotnet@users.noreply.github.com> Date: Sun, 26 Apr 2026 19:17:48 +0500 Subject: [PATCH] =?UTF-8?q?feat(deploy):=20Phase=206=20=E2=80=94=20=D0=BF?= =?UTF-8?q?=D1=83=D0=B1=D0=BB=D0=B8=D1=87=D0=BD=D1=8B=D0=B9=20=D1=81=D0=B0?= =?UTF-8?q?=D0=B9=D1=82=20=D0=BD=D0=B0=20food-market.zat.kz,=20=D0=B0?= =?UTF-8?q?=D0=B4=D0=BC=D0=B8=D0=BD=D0=BA=D0=B0=20=D0=BD=D0=B0=20app.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Доменная схема (по решению юзера): food-market.zat.kz → новый Astro public-сайт (порт 8082, контейнер food-market-public) app.food-market.zat.kz → существующая админка (food-market.web, порт 8081) API остаётся на app.* под /api/*. Изменения: - docker-compose: добавлен сервис public (image food-market-public:latest, 127.0.0.1:8082:80). На стенде .env дополнен PUBLIC_TAG=latest, контейнер поднят, smoke на / и /pricing проходит. - Forgejo workflow .forgejo/workflows/docker-public.yml — отдельный билд при изменениях в src/food-market.public/**: docker build с --build-arg PUBLIC_SITE_URL=https://food-market.zat.kz и --build-arg PUBLIC_APP_URL=https://app.food-market.zat.kz, push в локальный registry, deploy через docker compose pull+up. TG-пинг. - Nginx (на стенде вручную, не через репо): - Новый блок food-market-app.conf для app.food-market.zat.kz — проксирует на :8081 (web), вместе с /api/admin/import/ и /tg-webhook путями. Certbot --nginx выпустил SSL. - Старый food-market-stage.conf переписан на public — проксирует на :8082, использует существующий SSL для food-market.zat.kz. - API CORS: добавлены food-market.zat.kz, app.food-market.zat.kz, food-market.kz, app.food-market.kz в AllowedOrigins (publicу нужен food-market.zat.kz для signup-запросов, админке нужен app.*). - JWT cookie domain не настраиваем — проект использует localStorage, cross-domain auth-bridge через URL fragment (см. AuthBridgePage), что безопаснее cookie с .food-market.zat.kz. - Хардкодов food-market.zat.kz в food-market.web/src не нашлось — всё через относительные URL. Существующие админ-сессии: токены в localStorage привязаны к food-market.zat.kz origin. После переезда юзеры увидят на этом домене публичный сайт без своих токенов — нужно перелогиниться на app.food-market.zat.kz. Co-Authored-By: Claude Opus 4.7 (1M context) --- .forgejo/workflows/docker-public.yml | 99 ++++++++++++++++++++++++++++ deploy/docker-compose.yml | 7 ++ src/food-market.api/appsettings.json | 6 +- 3 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 .forgejo/workflows/docker-public.yml diff --git a/.forgejo/workflows/docker-public.yml b/.forgejo/workflows/docker-public.yml new file mode 100644 index 0000000..9d4226a --- /dev/null +++ b/.forgejo/workflows/docker-public.yml @@ -0,0 +1,99 @@ +name: Docker Public + +on: + push: + branches: [main] + paths: + - 'src/food-market.public/**' + - 'deploy/docker-compose.yml' + - '.forgejo/workflows/docker-public.yml' + workflow_dispatch: + +env: + LOCAL_REGISTRY: 127.0.0.1:5001 + PUBLIC_SITE_URL: https://food-market.zat.kz + PUBLIC_APP_URL: https://app.food-market.zat.kz + +jobs: + build: + name: Build + push Public + runs-on: [self-hosted, linux] + steps: + - uses: actions/checkout@v4 + + - name: Build + push + env: + SHA: ${{ github.sha }} + DOCKER_BUILDKIT: '1' + run: | + docker build \ + --build-arg PUBLIC_SITE_URL=$PUBLIC_SITE_URL \ + --build-arg PUBLIC_APP_URL=$PUBLIC_APP_URL \ + -f src/food-market.public/Dockerfile \ + -t $LOCAL_REGISTRY/food-market-public:$SHA \ + -t $LOCAL_REGISTRY/food-market-public:latest \ + src/food-market.public + docker push $LOCAL_REGISTRY/food-market-public:$SHA + docker push $LOCAL_REGISTRY/food-market-public:latest + + deploy: + name: Deploy Public on stage + needs: build + runs-on: [self-hosted, linux] + steps: + - uses: actions/checkout@v4 + + - name: Update compose + .env + env: + PGPASS: ${{ secrets.STAGE_POSTGRES_PASSWORD }} + run: | + cat > /home/nns/food-market-stage/deploy/.env < /dev/null + + - name: Notify Telegram on failure + if: failure() + env: + BOT: ${{ secrets.TELEGRAM_BOT_TOKEN }} + CHAT: ${{ secrets.TELEGRAM_CHAT_ID }} + SHA: ${{ github.sha }} + run: | + curl -sS -X POST "https://api.telegram.org/bot$BOT/sendMessage" \ + --data-urlencode "chat_id=$CHAT" \ + --data-urlencode "text=❌ stage public deploy FAILED — ${SHA:0:7}" \ + > /dev/null diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index 5cb3ec0..1f4f8f8 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -48,6 +48,13 @@ services: ports: - "8081:80" # web SPA, not on 80 (legacy nginx holds it) + public: + image: ${REGISTRY:-127.0.0.1:5001}/food-market-public:${PUBLIC_TAG:-latest} + container_name: food-market-public + restart: unless-stopped + ports: + - "8082:80" # marketing astro static + volumes: postgres-data: name: food-market-postgres-data diff --git a/src/food-market.api/appsettings.json b/src/food-market.api/appsettings.json index 7c8a19e..fcec9bb 100644 --- a/src/food-market.api/appsettings.json +++ b/src/food-market.api/appsettings.json @@ -30,7 +30,11 @@ "Cors": { "AllowedOrigins": [ "http://localhost:5173", - "http://localhost:4173" + "http://localhost:4173", + "https://food-market.zat.kz", + "https://app.food-market.zat.kz", + "https://food-market.kz", + "https://app.food-market.kz" ] }, "AllowedHosts": "*"