Joakim Mörling
75911dfffa
Production must not ship test users, demo orders, or test1234. Dev and CI still need seeded users for e2e. Prod creates one admin from deploy secrets. - Move V2/V4/V6 seed migrations to db/dev-migration - Add application-prod.yml with schema-only Flyway and ignore-missing for moved seeds - Add AdminBootstrap to create admin from ADMIN_EMAIL and ADMIN_PASSWORD - Wire docker,prod profile, deploy secrets, and localhost:5433 for SSH DB access - Add hashPassword Gradle task for optional manual bcrypt generation
102 lines
4.1 KiB
YAML
102 lines
4.1 KiB
YAML
name: Deploy to Production
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version tag (e.g., v0.1.0)'
|
|
required: true
|
|
default: 'v0.1.0'
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Build and deploy
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
run: |
|
|
git init
|
|
git remote add origin https://x-access-token:${FORGEJO_TOKEN}@srvr.nu/git/jocke/bilhej.git
|
|
git fetch --depth 1 origin ${GITHUB_SHA}
|
|
git checkout FETCH_HEAD
|
|
|
|
- name: Tag version
|
|
run: |
|
|
git tag -d ${{ github.event.inputs.version }} 2>/dev/null || true
|
|
git push origin --delete ${{ github.event.inputs.version }} 2>/dev/null || true
|
|
git tag ${{ github.event.inputs.version }}
|
|
git push origin ${{ github.event.inputs.version }}
|
|
|
|
- name: Write production .env
|
|
run: |
|
|
cat > .env << 'EOF'
|
|
POSTGRES_DB=${{ secrets.POSTGRES_DB }}
|
|
POSTGRES_USER=${{ secrets.POSTGRES_USER }}
|
|
POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
|
|
JWT_SECRET=${{ secrets.JWT_SECRET }}
|
|
STRIPE_SECRET_KEY=${{ secrets.STRIPE_SECRET_KEY }}
|
|
STRIPE_WEBHOOK_SECRET=${{ secrets.STRIPE_WEBHOOK_SECRET }}
|
|
STRIPE_PRICE_ID=${{ secrets.STRIPE_PRICE_ID }}
|
|
SWISH_NUMBER=${{ secrets.SWISH_NUMBER }}
|
|
ADMIN_EMAIL=${{ secrets.ADMIN_EMAIL }}
|
|
ADMIN_PASSWORD=${{ secrets.ADMIN_PASSWORD }}
|
|
EOF
|
|
|
|
- name: Build and start production stack
|
|
run: |
|
|
docker compose -p bilhej-prod -f docker-compose.prod.yml down
|
|
docker compose -p bilhej-prod -f docker-compose.prod.yml up --build -d
|
|
|
|
- name: Health checks with rollback
|
|
run: |
|
|
echo "Waiting for services to start..."
|
|
sleep 20
|
|
|
|
BACKEND_OK=false
|
|
for i in 1 2 3 4 5; do
|
|
if docker run --rm --network bilhej-prod_default curlimages/curl:8.5.0 \
|
|
-s http://bilhej-backend-prod:8080/api/vehicles/ABC123 > /dev/null; then
|
|
echo "Backend is healthy"
|
|
BACKEND_OK=true
|
|
break
|
|
fi
|
|
echo "Backend check attempt $i failed, retrying in 5s..."
|
|
sleep 5
|
|
done
|
|
|
|
FRONTEND_OK=false
|
|
for i in 1 2 3 4 5; do
|
|
if docker run --rm --network bilhej-prod_default curlimages/curl:8.5.0 \
|
|
-s http://bilhej-frontend-prod/ | grep -qi "bilhej\|Bilhej\|BilHej"; then
|
|
echo "Frontend is serving"
|
|
FRONTEND_OK=true
|
|
break
|
|
fi
|
|
echo "Frontend check attempt $i failed, retrying in 5s..."
|
|
sleep 5
|
|
done
|
|
|
|
if [ "$BACKEND_OK" != "true" ] || [ "$FRONTEND_OK" != "true" ]; then
|
|
echo ""
|
|
echo "═══════════════════════════════════════════════════"
|
|
echo " HEALTH CHECK FAILED — ROLLING BACK DEPLOYMENT"
|
|
echo "═══════════════════════════════════════════════════"
|
|
echo ""
|
|
docker compose -p bilhej-prod -f docker-compose.prod.yml down
|
|
echo ""
|
|
echo "Rolled back. Containers stopped. DB volume preserved."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Print deploy status
|
|
run: |
|
|
echo ""
|
|
echo "═══════════════════════════════════════════════════"
|
|
echo " Deployed ${{ github.event.inputs.version }} to production"
|
|
echo "═══════════════════════════════════════════════════"
|
|
echo ""
|
|
docker compose -p bilhej-prod -f docker-compose.prod.yml ps
|
|
echo ""
|
|
echo "Containers running. Update nginx config on srvr.nu"
|
|
echo "to point bilhej.se to the frontend container."
|
|
echo ""
|