runfoo-org/fediversion
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Configure CI/CD for VPS deployment

Browse source 
- Update .forgejo/workflows/deploy.yml for fediversion
  - testing branch -> nexus-vector (fediversion.runfoo.run)
  - production branch -> tangible-aacorn (fediversion.xyz)
- Update docker-compose.yml:
  - Ports: backend 8030, frontend 3030
  - Network: fediversion
  - Add PHISHNET/SETLISTFM/GRATEFULSTATS API key env vars
  - Traefik labels for fediversion domains
  - Umami analytics at stats.fediversion.xyz
This commit is contained in:
fullsizemalt 2025-12-28 14:36:17 -08:00
parent 29c5d30ebb
commit 4782b50f78
2 changed files with 60 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.forgejo/workflows/deploy.yml
View file

@ -1,4 +1,4 @@
name: Deploy Elmeg name: Deploy Fediversion
on: on:
push: push:
@ -18,10 +18,12 @@ jobs:
run: | run: |
if [ "${{ github.ref_name }}" = "testing" ]; then if [ "${{ github.ref_name }}" = "testing" ]; then
echo "server=nexus-vector" >> $GITHUB_OUTPUT echo "server=nexus-vector" >> $GITHUB_OUTPUT
echo "domain=elmeg.runfoo.run" >> $GITHUB_OUTPUT echo "domain=fediversion.runfoo.run" >> $GITHUB_OUTPUT
echo "deploy_path=/srv/containers/fediversion" >> $GITHUB_OUTPUT
elif [ "${{ github.ref_name }}" = "production" ]; then elif [ "${{ github.ref_name }}" = "production" ]; then
echo "server=tangible-aacorn" >> $GITHUB_OUTPUT echo "server=tangible-aacorn" >> $GITHUB_OUTPUT
echo "domain=elmeg.xyz" >> $GITHUB_OUTPUT echo "domain=fediversion.xyz" >> $GITHUB_OUTPUT
echo "deploy_path=/srv/containers/fediversion" >> $GITHUB_OUTPUT
fi fi
- name: Deploy to ${{ steps.target.outputs.server }} - name: Deploy to ${{ steps.target.outputs.server }}
@ -31,11 +33,20 @@ jobs:
username: root username: root
key: ${{ secrets.DEPLOY_SSH_KEY }} key: ${{ secrets.DEPLOY_SSH_KEY }}
script: | script: |
cd /srv/containers/elmeg-demo # Clone or pull repo
if [ ! -d "${{ steps.target.outputs.deploy_path }}" ]; then
git clone https://git.runfoo.run/runfoo/fediversion.git ${{ steps.target.outputs.deploy_path }}
fi
cd ${{ steps.target.outputs.deploy_path }}
git fetch origin ${{ github.ref_name }} git fetch origin ${{ github.ref_name }}
git checkout ${{ github.ref_name }} git checkout ${{ github.ref_name }}
git reset --hard origin/${{ github.ref_name }} git reset --hard origin/${{ github.ref_name }}
# Build and deploy
docker compose build --no-cache docker compose build --no-cache
docker compose up -d docker compose up -d
# Run migrations
docker compose exec -T backend alembic upgrade head docker compose exec -T backend alembic upgrade head
echo "Deployed ${{ github.ref_name }} to ${{ steps.target.outputs.domain }}" echo "Deployed ${{ github.ref_name }} to ${{ steps.target.outputs.domain }}"

99
docker-compose.yml
View file

@ -4,12 +4,12 @@ services:
backend: backend:
build: ./backend build: ./backend
ports: ports:
- "127.0.0.1:8020:8000" - "127.0.0.1:8030:8000"
volumes: volumes:
- ./backend:/app - ./backend:/app
- backend_data:/app/data - backend_data:/app/data
environment: environment:
- DATABASE_URL=${DATABASE_URL:-postgresql://elmeg:elmeg_password@db:5432/elmeg} - DATABASE_URL=${DATABASE_URL:-postgresql://fediversion:fediversion_password@db:5432/fediversion}
- SECRET_KEY=${SECRET_KEY:-demo-secret-change-in-production} - SECRET_KEY=${SECRET_KEY:-demo-secret-change-in-production}
# Postal SMTP (primary) # Postal SMTP (primary)
- SMTP_HOST=${SMTP_HOST} - SMTP_HOST=${SMTP_HOST}
@ -22,8 +22,12 @@ services:
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
- AWS_SES_REGION=${AWS_SES_REGION} - AWS_SES_REGION=${AWS_SES_REGION}
# Common # Common
- EMAIL_FROM=${EMAIL_FROM:-noreply@elmeg.xyz} - EMAIL_FROM=${EMAIL_FROM:-noreply@fediversion.xyz}
- FRONTEND_URL=${FRONTEND_URL:-https://elmeg.xyz} - FRONTEND_URL=${FRONTEND_URL:-https://fediversion.xyz}
# Data Import API Keys
- PHISHNET_API_KEY=${PHISHNET_API_KEY}
- SETLISTFM_API_KEY=${SETLISTFM_API_KEY}
- GRATEFULSTATS_API_KEY=${GRATEFULSTATS_API_KEY}
command: sh start.sh command: sh start.sh
depends_on: depends_on:
- db - db
@ -34,33 +38,33 @@ services:
timeout: 10s timeout: 10s
retries: 3 retries: 3
networks: networks:
- elmeg - fediversion
- traefik-public - traefik-public
- postal-internal - postal-internal
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.elmeg-backend.rule=(Host(`elmeg.runfoo.run`) || Host(`elmeg.xyz`)) && PathPrefix(`/api`)" - "traefik.http.routers.fediversion-backend.rule=(Host(`fediversion.runfoo.run`) || Host(`fediversion.xyz`)) && PathPrefix(`/api`)"
- "traefik.http.routers.elmeg-backend.entrypoints=websecure" - "traefik.http.routers.fediversion-backend.entrypoints=websecure"
- "traefik.http.routers.elmeg-backend.tls.certresolver=letsencrypt" - "traefik.http.routers.fediversion-backend.tls.certresolver=letsencrypt"
- "traefik.http.routers.elmeg-backend.priority=100" - "traefik.http.routers.fediversion-backend.priority=100"
- "traefik.http.middlewares.elmeg-strip.stripprefix.prefixes=/api" - "traefik.http.middlewares.fediversion-strip.stripprefix.prefixes=/api"
- "traefik.http.routers.elmeg-backend.middlewares=elmeg-strip" - "traefik.http.routers.fediversion-backend.middlewares=fediversion-strip"
- "traefik.http.routers.elmeg-backend.service=elmeg-backend-svc" - "traefik.http.routers.fediversion-backend.service=fediversion-backend-svc"
- "traefik.http.services.elmeg-backend-svc.loadbalancer.server.port=8000" - "traefik.http.services.fediversion-backend-svc.loadbalancer.server.port=8000"
- "traefik.docker.network=traefik" - "traefik.docker.network=traefik"
# Direct routes for docs (no strip) # Direct routes for docs (no strip)
- "traefik.http.routers.elmeg-backend-docs.rule=(Host(`elmeg.runfoo.run`) || Host(`elmeg.xyz`)) && PathPrefix(`/docs`, `/openapi.json`)" - "traefik.http.routers.fediversion-backend-docs.rule=(Host(`fediversion.runfoo.run`) || Host(`fediversion.xyz`)) && PathPrefix(`/docs`, `/openapi.json`)"
- "traefik.http.routers.elmeg-backend-docs.entrypoints=websecure" - "traefik.http.routers.fediversion-backend-docs.entrypoints=websecure"
- "traefik.http.routers.elmeg-backend-docs.tls.certresolver=letsencrypt" - "traefik.http.routers.fediversion-backend-docs.tls.certresolver=letsencrypt"
- "traefik.http.routers.elmeg-backend-docs.priority=100" - "traefik.http.routers.fediversion-backend-docs.priority=100"
- "traefik.http.routers.elmeg-backend-docs.service=elmeg-backend-svc" - "traefik.http.routers.fediversion-backend-docs.service=fediversion-backend-svc"
frontend: frontend:
build: build:
context: ./frontend context: ./frontend
dockerfile: Dockerfile dockerfile: Dockerfile
ports: ports:
- "127.0.0.1:3020:3000" - "127.0.0.1:3030:3000"
volumes: volumes:
- ./frontend:/app - ./frontend:/app
- /app/node_modules - /app/node_modules
@ -72,42 +76,33 @@ services:
condition: service_healthy condition: service_healthy
restart: unless-stopped restart: unless-stopped
networks: networks:
- elmeg - fediversion
- traefik-public - traefik-public
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.elmeg-frontend.rule=(Host(`elmeg.runfoo.run`) || Host(`elmeg.xyz`)) && !PathPrefix(`/api`, `/docs`, `/openapi.json`)" - "traefik.http.routers.fediversion-frontend.rule=(Host(`fediversion.runfoo.run`) || Host(`fediversion.xyz`)) && !PathPrefix(`/api`, `/docs`, `/openapi.json`)"
- "traefik.http.routers.elmeg-frontend.entrypoints=websecure" - "traefik.http.routers.fediversion-frontend.entrypoints=websecure"
- "traefik.http.routers.elmeg-frontend.tls.certresolver=letsencrypt" - "traefik.http.routers.fediversion-frontend.tls.certresolver=letsencrypt"
- "traefik.http.routers.elmeg-frontend.priority=50" - "traefik.http.routers.fediversion-frontend.priority=50"
- "traefik.http.services.elmeg-frontend.loadbalancer.server.port=3000" - "traefik.http.services.fediversion-frontend.loadbalancer.server.port=3000"
- "traefik.docker.network=traefik" - "traefik.docker.network=traefik"
# bugs.elmeg.xyz subdomain - redirects to /bugs
- "traefik.http.routers.elmeg-bugs.rule=Host(`bugs.elmeg.xyz`)"
- "traefik.http.routers.elmeg-bugs.entrypoints=websecure"
- "traefik.http.routers.elmeg-bugs.tls.certresolver=letsencrypt"
- "traefik.http.middlewares.bugs-redirect.redirectregex.regex=^https://bugs\\.elmeg\\.xyz/(.*)"
- "traefik.http.middlewares.bugs-redirect.redirectregex.replacement=https://elmeg.xyz/bugs/$${1}"
- "traefik.http.middlewares.bugs-redirect.redirectregex.permanent=true"
- "traefik.http.routers.elmeg-bugs.middlewares=bugs-redirect"
- "traefik.http.routers.elmeg-bugs.service=elmeg-frontend"
db: db:
image: postgres:15-alpine image: postgres:15-alpine
environment: environment:
- POSTGRES_USER=elmeg - POSTGRES_USER=fediversion
- POSTGRES_PASSWORD=elmeg_password - POSTGRES_PASSWORD=fediversion_password
- POSTGRES_DB=elmeg - POSTGRES_DB=fediversion
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
restart: unless-stopped restart: unless-stopped
healthcheck: healthcheck:
test: [ "CMD-SHELL", "pg_isready -U elmeg -d elmeg" ] test: [ "CMD-SHELL", "pg_isready -U fediversion -d fediversion" ]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
networks: networks:
- elmeg - fediversion
db-backup: db-backup:
image: prodrigestivill/postgres-backup-local:15-alpine image: prodrigestivill/postgres-backup-local:15-alpine
@ -117,9 +112,9 @@ services:
- postgres_data:/var/lib/postgresql/data:ro - postgres_data:/var/lib/postgresql/data:ro
environment: environment:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=elmeg - POSTGRES_DB=fediversion
- POSTGRES_USER=elmeg - POSTGRES_USER=fediversion
- POSTGRES_PASSWORD=elmeg_password - POSTGRES_PASSWORD=fediversion_password
- SCHEDULE=@daily - SCHEDULE=@daily
- BACKUP_KEEP_DAYS=7 - BACKUP_KEEP_DAYS=7
- BACKUP_KEEP_WEEKS=4 - BACKUP_KEEP_WEEKS=4
@ -128,11 +123,7 @@ services:
depends_on: depends_on:
- db - db
networks: networks:
- elmeg - fediversion
# Note: Weekly digest emails are triggered via admin API: POST /api/admin/send-weekly-digest
# Or set up system cron to call: curl -X POST https://elmeg.xyz/api/admin/send-weekly-digest -H "Authorization: Bearer $ADMIN_TOKEN"
umami: umami:
image: ghcr.io/umami-software/umami:postgresql-latest image: ghcr.io/umami-software/umami:postgresql-latest
@ -144,14 +135,14 @@ services:
depends_on: depends_on:
- umami-db - umami-db
networks: networks:
- elmeg - fediversion
- traefik-public - traefik-public
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.elmeg-umami.rule=Host(`stats.elmeg.xyz`) || Host(`stats.elmeg.runfoo.run`)" - "traefik.http.routers.fediversion-umami.rule=Host(`stats.fediversion.xyz`) || Host(`stats.fediversion.runfoo.run`)"
- "traefik.http.routers.elmeg-umami.entrypoints=websecure" - "traefik.http.routers.fediversion-umami.entrypoints=websecure"
- "traefik.http.routers.elmeg-umami.tls.certresolver=letsencrypt" - "traefik.http.routers.fediversion-umami.tls.certresolver=letsencrypt"
- "traefik.http.services.elmeg-umami.loadbalancer.server.port=3000" - "traefik.http.services.fediversion-umami.loadbalancer.server.port=3000"
- "traefik.docker.network=${TRAEFIK_NETWORK:-traefik}" - "traefik.docker.network=${TRAEFIK_NETWORK:-traefik}"
umami-db: umami-db:
@ -164,7 +155,7 @@ services:
- umami_data:/var/lib/postgresql/data - umami_data:/var/lib/postgresql/data
restart: unless-stopped restart: unless-stopped
networks: networks:
- elmeg - fediversion
volumes: volumes:
postgres_data: postgres_data:
@ -173,7 +164,7 @@ volumes:
networks: networks:
elmeg: fediversion:
traefik-public: traefik-public:
name: ${TRAEFIK_NETWORK:-traefik} name: ${TRAEFIK_NETWORK:-traefik}
external: true external: true