food-market

nns/food-market

Fork 0

Commit graph

Author	SHA1	Message	Date
nurdotnet	75d73b9dcd	ci/deploy: stage deploy workflow + notifications + server plan .github/workflows/deploy-stage.yml: - Triggers on successful "Docker Images" workflow or manual dispatch. - SSHes to stage server via STAGE_SSH_KEY, copies deploy/docker-compose.yml and nginx.conf, writes .env with current SHA + POSTGRES_PASSWORD. - `docker compose pull && up -d --remove-orphans`. - Smoke-tests /health with 5 retries (5s each). - Pings Telegram on success/failure with commit SHA + stage URL. .github/workflows/notify.yml: - Separate workflow_run listener for CI/Docker failures, sends Telegram message with link to the failed run. deploy/docker-compose.yml port remap (stage server already uses 80/443/5000/5432): - API: 8080 (was 8080, confirmed free) - Web: 8081 (was 80 — taken by legacy nginx) - Postgres: 127.0.0.1:5434 (was 5433 — and now localhost-only, safer) docs/stage-setup.md — one-time server setup runbook: - Verified specs: Ubuntu 24.04, 4 CPU, 15 GB RAM, 4 GB free disk (tight). - Step 1: `sudo usermod -aG docker nns` so deploy doesn't need sudo. - Step 2: generate STAGE_POSTGRES_PASSWORD secret via `openssl rand`. - Step 3: port-conflict check. - Step 4: first manual deploy via gh workflow run. - Disk-usage monitoring via cron → Telegram when >85%. Secrets now in repo: TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, STAGE_SSH_HOST, STAGE_SSH_PORT, STAGE_SSH_USER, STAGE_SSH_KEY Still needed from user: STAGE_POSTGRES_PASSWORD (one openssl command). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 13:46:03 +05:00

Author

SHA1

Message

Date

nurdotnet

75d73b9dcd

ci/deploy: stage deploy workflow + notifications + server plan

.github/workflows/deploy-stage.yml:
- Triggers on successful "Docker Images" workflow or manual dispatch.
- SSHes to stage server via STAGE_SSH_KEY, copies deploy/docker-compose.yml
  and nginx.conf, writes .env with current SHA + POSTGRES_PASSWORD.
- `docker compose pull && up -d --remove-orphans`.
- Smoke-tests /health with 5 retries (5s each).
- Pings Telegram on success/failure with commit SHA + stage URL.

.github/workflows/notify.yml:
- Separate workflow_run listener for CI/Docker failures, sends Telegram
  message with link to the failed run.

deploy/docker-compose.yml port remap (stage server already uses 80/443/5000/5432):
- API: 8080 (was 8080, confirmed free)
- Web: 8081 (was 80 — taken by legacy nginx)
- Postgres: 127.0.0.1:5434 (was 5433 — and now localhost-only, safer)

docs/stage-setup.md — one-time server setup runbook:
- Verified specs: Ubuntu 24.04, 4 CPU, 15 GB RAM, 4 GB free disk (tight).
- Step 1: `sudo usermod -aG docker nns` so deploy doesn't need sudo.
- Step 2: generate STAGE_POSTGRES_PASSWORD secret via `openssl rand`.
- Step 3: port-conflict check.
- Step 4: first manual deploy via gh workflow run.
- Disk-usage monitoring via cron → Telegram when >85%.

Secrets now in repo:
  TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID,
  STAGE_SSH_HOST, STAGE_SSH_PORT, STAGE_SSH_USER, STAGE_SSH_KEY
Still needed from user: STAGE_POSTGRES_PASSWORD (one openssl command).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 13:46:03 +05:00

1 commit