da7729d6e4
- Constitution and project spec (spec.yml) - 7 comprehensive feature specs (tasks, batches, labor, compliance, inventory, integrations, comms) - Phase 1 implementation plan (6-week roadmap) - Week 1 task breakdown (15 concrete tasks) - Architecture and compliance documentation - Backend and frontend setup guides - Deployment guide for nexus-vector - CI/CD workflows (Forgejo Actions) - Quick start guide for developers Project is ready for implementation with: - Automated testing on every push - Automatic deployment to nexus-vector on push to main - Database migrations handled automatically - Health checks and monitoring Stack: TypeScript, Fastify, React, Vite, PostgreSQL, Prisma, Docker
7.6 KiB
7.6 KiB
CI/CD Setup Guide
Project: CA Grow Ops Manager
Platform: Forgejo Actions
Target: nexus-vector
Overview
This project uses Forgejo Actions (GitHub Actions compatible) for automated testing and deployment. The CI/CD pipeline automatically:
- Tests code on every push and pull request
- Deploys to production on push to
mainbranch - Runs migrations automatically
- Performs health checks after deployment
Workflows
1. Test Workflow (.forgejo/workflows/test.yml)
Triggers:
- Push to
mainordevelopbranches - Pull requests to
main
Jobs:
-
Backend Tests:
- Spins up PostgreSQL and Redis services
- Runs Prisma migrations
- Executes Jest tests
- Runs ESLint
-
Frontend Tests:
- Runs Vitest tests
- Runs ESLint
- Builds production bundle
Duration: ~5-10 minutes
2. Deploy Workflow (.forgejo/workflows/deploy.yml)
Triggers:
- Push to
mainbranch only
Steps:
- Checkout code
- SSH to nexus-vector
- Pull latest code from Forgejo
- Rebuild Docker containers
- Run database migrations
- Restart services
- Perform health check
Duration: ~3-5 minutes
Setup Instructions
Step 1: Add SSH Private Key to Forgejo Secrets
The deployment workflow needs SSH access to nexus-vector.
1.1 Generate SSH Key (if needed)
# On your local machine or nexus-vector
ssh-keygen -t ed25519 -C "forgejo-deploy" -f ~/.ssh/forgejo_deploy
1.2 Add Public Key to nexus-vector
# Copy public key to nexus-vector
ssh admin@nexus-vector "echo '$(cat ~/.ssh/forgejo_deploy.pub)' >> ~/.ssh/authorized_keys"
# Test connection
ssh -i ~/.ssh/forgejo_deploy admin@nexus-vector "echo 'Connection successful'"
1.3 Add Private Key to Forgejo Secrets
- Navigate to repository: https://git.runfoo.run/runfoo/ca-grow-ops-manager
- Go to Settings → Secrets
- Click Add Secret
- Name:
SSH_PRIVATE_KEY - Value: Paste contents of
~/.ssh/forgejo_deploy(the private key) - Click Add Secret
Step 2: Enable Forgejo Actions
2.1 Check Runner Status
# On nexus-vector
docker ps | grep runner
You should see:
forgejo-runner code.forgejo.org/forgejo/runner:3.3.0
2.2 Enable Actions in Repository
- Navigate to: https://git.runfoo.run/runfoo/ca-grow-ops-manager
- Go to Settings → Actions
- Enable Actions (if not already enabled)
- Set Default workflow permissions to Read and write
Step 3: Test the Workflows
3.1 Test Workflow (Manual Trigger)
# Make a small change and push
cd /Users/ten/ANTIGRAVITY/777wolfpack/ca-grow-ops-manager
echo "# Test CI/CD" >> README.md
git add README.md
git commit -m "test: Trigger CI/CD pipeline"
git push origin main
3.2 Monitor Workflow Execution
- Go to: https://git.runfoo.run/runfoo/ca-grow-ops-manager/actions
- Click on the latest workflow run
- Watch the logs in real-time
Expected:
- ✅ Test workflow completes successfully
- ✅ Deploy workflow starts automatically
- ✅ Deployment completes with health check
Step 4: Verify Deployment
# SSH to nexus-vector
ssh admin@nexus-vector
# Check service status
cd /srv/containers/ca-grow-ops-manager
docker compose ps
# Check health
curl http://localhost:8010/api/healthz
# View logs
docker compose logs -f --tail=50
Workflow Details
Test Workflow
# Runs on: ubuntu-latest
# Services: PostgreSQL 15, Redis 7
# Node.js: 20.x
Backend:
- npm ci
- prisma generate
- prisma migrate deploy
- npm test
- npm run lint
Frontend:
- npm ci
- npm test
- npm run lint
- npm run build
Deploy Workflow
# Runs on: ubuntu-latest
# Target: nexus-vector via SSH
Steps:
1. git pull origin main
2. docker compose build --no-cache
3. docker compose up -d db redis
4. docker compose run --rm backend npx prisma migrate deploy
5. docker compose up -d
6. curl http://localhost:8010/api/healthz
Troubleshooting
Workflow Fails: "Permission denied (publickey)"
Cause: SSH private key not configured or incorrect
Solution:
- Verify secret exists: Settings → Secrets →
SSH_PRIVATE_KEY - Verify public key is in
~/.ssh/authorized_keyson nexus-vector - Test SSH connection manually
Workflow Fails: "Database migration failed"
Cause: Database schema conflict or connection issue
Solution:
# SSH to nexus-vector
ssh admin@nexus-vector
cd /srv/containers/ca-grow-ops-manager
# Check database status
docker compose logs db
# Reset database (⚠️ DESTRUCTIVE)
docker compose down -v
docker compose up -d db
docker compose exec backend npx prisma migrate deploy
Workflow Fails: "Health check failed"
Cause: Service didn't start properly
Solution:
# Check container logs
docker compose logs backend
docker compose logs frontend
# Check container status
docker compose ps
# Restart services
docker compose restart
Workflow Stuck: "Waiting for runner"
Cause: Forgejo runner is offline or busy
Solution:
# Check runner status
docker ps | grep runner
# Restart runner (if needed)
docker restart forgejo-runner
# Check runner logs
docker logs forgejo-runner
Best Practices
Branch Strategy
main: Production branch (auto-deploys)develop: Development branch (tests only)- Feature branches:
feature/task-name(tests only)
Workflow
# 1. Create feature branch
git checkout -b feature/add-authentication
# 2. Make changes and commit
git add .
git commit -m "feat: Add JWT authentication"
# 3. Push and create PR
git push origin feature/add-authentication
# 4. Tests run automatically on PR
# 5. Merge to main → Auto-deploys
Commit Messages
Follow conventional commits:
feat:New featurefix:Bug fixdocs:Documentationtest:Testschore:Maintenance
Monitoring Deployments
View Deployment History
- Go to: https://git.runfoo.run/runfoo/ca-grow-ops-manager/actions
- Filter by Deploy to Production
- View logs for each deployment
Rollback
If deployment fails:
# SSH to nexus-vector
ssh admin@nexus-vector
cd /srv/containers/ca-grow-ops-manager
# Checkout previous commit
git log --oneline -n 5
git checkout <previous-commit-hash>
# Rebuild and restart
docker compose build
docker compose up -d
Advanced Configuration
Environment-Specific Deployments
To add staging environment:
- Create
.forgejo/workflows/deploy-staging.yml - Change target branch to
develop - Change deployment path to
/srv/containers/ca-grow-ops-manager-staging - Use different port (e.g., 8011)
Notifications
Add Slack/Discord notifications:
- name: Notify deployment
if: always()
run: |
curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
-H 'Content-Type: application/json' \
-d '{"text":"Deployment ${{ job.status }}"}'
Security Checklist
- SSH private key stored as Forgejo secret
- Secrets not committed to repository
- Workflow runs on trusted runner
- Database migrations run before deployment
- Health check verifies deployment
- Add deployment approval for production (optional)
- Add rollback automation (optional)
Next Steps
- ✅ Set up SSH key and Forgejo secret
- ✅ Enable Actions in repository
- ✅ Push code to trigger first deployment
- ⏭️ Monitor deployment logs
- ⏭️ Verify service health
- ⏭️ Set up monitoring alerts (optional)
Created: 2025-12-08
Last Updated: 2025-12-08
Maintained By: Development team