From 6155a541f92a5a7744febeca5419b68ffffbb551 Mon Sep 17 00:00:00 2001 From: RJ Date: Fri, 21 Nov 2025 16:01:44 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=8F=97=EF=B8=8F=20add=20staging=20CICD=20?= =?UTF-8?q?and=20env?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/staging.yml | 366 +++++++++++++++++++++++++++++++++++ docker-compose.staging.yml | 135 +++++++++++++ 2 files changed, 501 insertions(+) create mode 100644 .gitea/workflows/staging.yml create mode 100644 docker-compose.staging.yml diff --git a/.gitea/workflows/staging.yml b/.gitea/workflows/staging.yml new file mode 100644 index 0000000..7559a40 --- /dev/null +++ b/.gitea/workflows/staging.yml @@ -0,0 +1,366 @@ +# Gitea Actions Workflow for Next.js Blog Application - Staging Environment +# This workflow builds a Docker image and deploys it to staging +# +# Workflow triggers: +# - Push to staging branch (automatic deployment) +# - Manual trigger via workflow_dispatch +# +# Required Secrets (configure in Gitea repository settings): +# - PRODUCTION_HOST: IP address or hostname of production server (same server hosts staging) +# - PRODUCTION_USER: SSH username (e.g., 'deployer') +# - SSH_PRIVATE_KEY: Private SSH key for authentication +# +# Environment Variables (configured below): +# - REGISTRY: Docker registry URL +# - IMAGE_NAME: Docker image name +# +# Docker Registry Configuration: +# - Current registry (repository.workspace:5000) is INSECURE - no authentication required +# - Registry login steps are SKIPPED to avoid 7+ minute timeout delays +# - Docker push/pull operations work without credentials +# - If switching to authenticated registry: uncomment login steps and configure secrets + +name: Build and Deploy Next.js Blog to Staging + +on: + push: + branches: + - staging # Trigger on push to staging branch + workflow_dispatch: # Allow manual trigger from Gitea UI + +env: + # Docker registry configuration + # Update this to match your private registry URL + REGISTRY: repository.workspace:5000 + IMAGE_NAME: mypage + +jobs: + # ============================================ + # Job 1: Code Quality Checks (Linting) + # ============================================ + lint: + name: πŸ” Code Quality Checks + runs-on: node-22 + # env: + # ACTIONS_RUNTIME_URL: http://192.168.1.53:3000 # SeteazΔƒ la nivel de job + + steps: + - name: πŸ”Ž Checkout code + uses: actions/checkout@v4 + # with: + # github-server-url: ${{ env.ACTIONS_RUNTIME_URL }} + + # - name: πŸ“¦ Setup Node.js + # uses: actions/setup-node@v4 + # with: + # node-version: "22" + # cache: "npm" + + - name: πŸ“₯ Install dependencies + run: npm ci + + - name: πŸ” Run ESLint + run: npm run lint + + - name: πŸ’… Check code formatting (Prettier) + run: npm run format:check + continue-on-error: true + + - name: πŸ”€ TypeScript type checking + run: npx tsc --noEmit + + - name: βœ… All quality checks passed + run: | + echo "βœ… All code quality checks passed successfully!" + echo " - ESLint: No linting errors" + echo " - Prettier: Code is properly formatted" + echo " - TypeScript: No type errors" + + # ============================================ + # Job 2: Build and Push Docker Image + # ============================================ + build-and-push: + name: πŸ—οΈ Build and Push Docker Image + runs-on: ubuntu-latest + needs: [lint] # Wait for lint job to complete successfully + + steps: + - name: πŸ”Ž Checkout code + uses: actions/checkout@v4 + + # Insecure registry configuration - no authentication required + # The registry at repository.workspace:5000 does not require login + # Docker push/pull operations work without credentials + - name: ℹ️ Registry configuration (insecure - no login required) + run: | + echo "=== Docker Registry Configuration ===" + echo "Registry: ${{ env.REGISTRY }}" + echo "Type: Insecure (no authentication required)" + echo "" + echo "ℹ️ Skipping registry login - insecure registry allows push/pull without credentials" + echo "" + echo "If your registry requires authentication in the future:" + echo " 1. Set REGISTRY_USERNAME and REGISTRY_PASSWORD secrets in Gitea" + echo " 2. Uncomment the login step below this message" + echo " 3. Change registry URL to authenticated registry" + + # Uncomment this step if registry requires authentication in the future + # - name: πŸ” Log in to Docker Registry + # timeout-minutes: 1 + # run: | + # if [ -n "${{ secrets.REGISTRY_USERNAME }}" ] && [ -n "${{ secrets.REGISTRY_PASSWORD }}" ]; then + # echo "Attempting login to ${{ env.REGISTRY }}..." + # timeout 30s bash -c 'echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin' || { + # echo "⚠️ Login failed - continuing anyway" + # } + # fi + + - name: πŸ—οΈ Build Docker image + timeout-minutes: 30 + env: + DOCKER_BUILDKIT: 1 # Enable BuildKit for faster builds and better caching + run: | + echo "Building Next.js Docker image with BuildKit (staging)..." + echo "Build context size:" + du -sh . 2>/dev/null || echo "Cannot measure context size" + + # Build the Docker image for staging + # - Uses Dockerfile.nextjs from project root + # - Tags image with 'staging' tag + # - Enables inline cache for faster subsequent builds + docker build \ + --progress=plain \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:staging \ + -f Dockerfile.nextjs \ + . + + echo "βœ… Build successful" + echo "Image size:" + docker images ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:staging + + - name: πŸš€ Push Docker image to registry + run: | + echo "Pushing staging image to registry..." + + # Push staging tag + docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:staging + + echo "βœ… Image pushed successfully" + echo " - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:staging" + + # ============================================ + # Job 3: Deploy to Staging Server + # ============================================ + deploy-staging: + name: πŸš€ Deploy to Staging + runs-on: ubuntu-latest + needs: [build-and-push] # Wait for build job to complete + environment: + name: staging + url: http://192.168.1.54:3031 + + steps: + - name: πŸ”Ž Checkout code (for docker-compose file) + uses: actions/checkout@v4 + + # Verify Docker is accessible on staging server + # Registry authentication is not required for insecure registry + - name: ℹ️ Verify staging server Docker access + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ vars.PRODUCTION_HOST }} + username: ${{ vars.PRODUCTION_USER }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + port: 22 + script: | + echo "=== Verifying Docker is accessible ===" + docker info > /dev/null 2>&1 || { + echo "❌ Docker is not running or user has no access" + echo "Please ensure Docker is installed and user is in docker group" + exit 1 + } + echo "βœ… Docker is accessible" + + echo "" + echo "=== Registry Configuration ===" + echo "Registry: ${{ env.REGISTRY }}" + echo "Type: Insecure (no authentication)" + echo "ℹ️ Skipping registry login - push/pull will work without credentials" + + - name: πŸ“ Ensure staging directory structure + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ vars.PRODUCTION_HOST }} + username: ${{ vars.PRODUCTION_USER }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + port: 22 + script: | + echo "=== Ensuring staging directory structure ===" + + # Verify base directory exists and is writable + # Update /opt/mypage-staging to match your deployment directory + if [ ! -d /opt/mypage-staging ]; then + echo "❌ /opt/mypage-staging does not exist!" + echo "Please run manually on staging server:" + echo " sudo mkdir -p /opt/mypage-staging" + echo " sudo chown -R deployer:docker /opt/mypage-staging" + echo " sudo chmod -R 775 /opt/mypage-staging" + exit 1 + fi + + if [ ! -w /opt/mypage-staging ]; then + echo "❌ /opt/mypage-staging is not writable by $USER user" + echo "Please run manually on staging server:" + echo " sudo chown -R deployer:docker /opt/mypage-staging" + echo " sudo chmod -R 775 /opt/mypage-staging" + exit 1 + fi + + # Create data directories for logs + mkdir -p /opt/mypage-staging/data/logs || { echo "❌ Failed to create logs directory"; exit 1; } + + echo "βœ… Directory structure ready" + ls -la /opt/mypage-staging + + - name: πŸ“¦ Copy docker-compose.staging.yml to staging server + uses: appleboy/scp-action@v0.1.7 + with: + host: ${{ vars.PRODUCTION_HOST }} + username: ${{ vars.PRODUCTION_USER }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + port: 22 + source: "docker-compose.staging.yml" + target: "/opt/mypage-staging/" + overwrite: true + + - name: 🐳 Deploy application via Docker Compose + uses: appleboy/ssh-action@v1.0.3 + env: + # Optional: only needed if registry requires authentication + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD || '' }} + REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME || '' }} + REGISTRY_URL: ${{ env.REGISTRY }} + IMAGE_FULL: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:staging + with: + host: ${{ vars.PRODUCTION_HOST }} + username: ${{ vars.PRODUCTION_USER }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + port: 22 + envs: REGISTRY_PASSWORD,REGISTRY_USERNAME,REGISTRY_URL,IMAGE_FULL + script_stop: true # Stop execution on any error + script: | + echo "=== Starting deployment to staging server ===" + cd /opt/mypage-staging + + # Registry configuration - insecure registry does not require authentication + echo "=== Registry Configuration ===" + echo "Registry: $REGISTRY_URL" + echo "Type: Insecure (no authentication required)" + echo "ℹ️ Skipping registry login" + echo "" + + # Verify docker-compose.staging.yml exists (copied by previous step) + if [ ! -f docker-compose.staging.yml ]; then + echo "❌ docker-compose.staging.yml not found in /opt/mypage-staging" + echo "File should have been copied by CI/CD workflow" + exit 1 + fi + echo "βœ… Using docker-compose.staging.yml" + + # Pull latest staging image from registry + echo "=== Pulling latest Docker image (staging) ===" + docker pull "$IMAGE_FULL" + + if [ $? -ne 0 ]; then + echo "❌ Failed to pull image, aborting deployment" + exit 1 + fi + + # Deploy new container + # - Stops old container + # - Removes old container + # - Creates and starts new container with fresh image + echo "=== Deploying new staging container ===" + docker compose -f docker-compose.staging.yml up -d --force-recreate + + if [ $? -ne 0 ]; then + echo "❌ Failed to deploy new container" + echo "Check logs above for errors" + exit 1 + fi + + # Check container status + echo "=== Container Status ===" + docker compose -f docker-compose.staging.yml ps + + # Show recent logs for debugging + echo "=== Recent application logs ===" + docker compose -f docker-compose.staging.yml logs --tail=50 + + # Clean up old/unused images to save disk space + echo "=== Cleaning up old Docker images ===" + docker image prune -f + + echo "βœ… Staging deployment completed successfully ===" + + - name: ❀️ Health check + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ vars.PRODUCTION_HOST }} + username: ${{ vars.PRODUCTION_USER }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + port: 22 + script: | + echo "=== Performing health check ===" + cd /opt/mypage-staging + max_attempts=15 + attempt=1 + + # Wait for container to be healthy (respect start_period from health check) + echo "Waiting for application to start (40s start period)..." + sleep 40 + + # Retry health check up to 15 times + while [ $attempt -le $max_attempts ]; do + # Check if application responds at port 3031 + if curl -f http://localhost:3031/ > /dev/null 2>&1; then + echo "βœ… Health check passed!" + echo "Application is healthy and responding to requests" + exit 0 + fi + echo "Attempt $attempt/$max_attempts: Health check failed, retrying in 5s..." + sleep 5 + attempt=$((attempt + 1)) + done + + # Health check failed - gather diagnostic information + echo "❌ Health check failed after $max_attempts attempts" + echo "" + echo "=== Container Status ===" + docker compose -f docker-compose.staging.yml ps + echo "" + echo "=== Container Health ===" + docker inspect mypage-staging --format='{{.State.Health.Status}}' 2>/dev/null || echo "No health status" + echo "" + echo "=== Recent Application Logs ===" + docker compose -f docker-compose.staging.yml logs --tail=100 + + exit 1 + + - name: πŸ“Š Deployment summary + if: always() # Run even if previous steps fail + run: | + echo "### πŸš€ Deployment Summary" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "- **Environment**: Staging" >> $GITHUB_STEP_SUMMARY + echo "- **Image**: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:staging" >> $GITHUB_STEP_SUMMARY + echo "- **Commit**: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY + echo "- **Workflow Run**: #${{ github.run_number }}" >> $GITHUB_STEP_SUMMARY + echo "- **Triggered By**: ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY + echo "- **Status**: ${{ job.status }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Next Steps:**" >> $GITHUB_STEP_SUMMARY + echo "1. Verify application is accessible at http://192.168.1.54:3031" >> $GITHUB_STEP_SUMMARY + echo "2. Check application logs for any errors" >> $GITHUB_STEP_SUMMARY + echo "3. Test staging features before promoting to production" >> $GITHUB_STEP_SUMMARY diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml new file mode 100644 index 0000000..4c16c17 --- /dev/null +++ b/docker-compose.staging.yml @@ -0,0 +1,135 @@ +# Docker Compose Configuration for Staging Deployment +# This file is used by CI/CD to deploy the application on staging servers +# +# Key differences from production docker-compose.prod.yml: +# - Container name: mypage-staging (vs mypage-prod) +# - Port mapping: 3031:3030 (vs 3030:3030) +# - Network name: mypage-staging-network (vs mypage-network) +# - Image tag: staging (vs latest) +# +# Usage: +# 1. This file is automatically copied to server by CI/CD workflow +# 2. Server pulls image from registry: docker compose -f docker-compose.staging.yml pull +# 3. Server starts container: docker compose -f docker-compose.staging.yml up -d +# +# Manual deployment (if CI/CD is not available): +# ssh user@staging-server +# cd /opt/mypage-staging +# docker compose -f docker-compose.staging.yml pull +# docker compose -f docker-compose.staging.yml up -d --force-recreate + +version: '3.8' + +services: + mypage: + # Use pre-built image from private registry with staging tag + # This image is built and pushed by the CI/CD workflow + # Format: REGISTRY_URL/IMAGE_NAME:TAG + image: repository.workspace:5000/mypage:staging + + container_name: mypage-staging + + # Restart policy: always restart on failure or server reboot + # This ensures high availability in staging + restart: always + + # Port mapping: host:container + # Staging runs on port 3031 to avoid conflicts with production (3030) + # The application will be accessible at http://SERVER_IP:3031 + ports: + - "3031:3030" + + # Staging environment variables + environment: + - NODE_ENV=production + - NEXT_TELEMETRY_DISABLED=1 + - PORT=3030 + - HOSTNAME=0.0.0.0 + # Add any other staging-specific environment variables here + # Example: + # - DATABASE_URL=postgresql://user:pass@db:5432/mypage_staging + # - REDIS_URL=redis://redis:6379 + + # Persistent volumes for logs (optional) + # Uncomment if your application writes logs + volumes: + - ./data/logs:/app/logs + + # Health check configuration + # Docker monitors the application and marks it unhealthy if checks fail + # If container is unhealthy, restart policy will trigger a restart + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3030/", "||", "exit", "1"] + interval: 30s # Check every 30 seconds + timeout: 10s # Wait up to 10 seconds for response + retries: 3 # Mark unhealthy after 3 consecutive failures + start_period: 40s # Grace period during container startup + + # Resource limits for staging + # Prevents container from consuming all server resources + # deploy: + # resources: + # limits: + # cpus: '1.0' # Maximum 1 CPU core + # memory: 512M # Maximum 512MB RAM + # reservations: + # cpus: '0.25' # Reserve at least 0.25 CPU cores + # memory: 256M # Reserve at least 256MB RAM + + # Network configuration + networks: + - mypage-staging-network + + # Logging configuration + # Prevents logs from consuming all disk space + logging: + driver: "json-file" + options: + max-size: "10m" # Maximum 10MB per log file + max-file: "3" # Keep only 3 log files (30MB total) + +# Network definition +networks: + mypage-staging-network: + driver: bridge + +# ============================================ +# Staging Deployment Commands +# ============================================ +# +# Pull latest image from registry: +# docker compose -f docker-compose.staging.yml pull +# +# Start/update containers: +# docker compose -f docker-compose.staging.yml up -d --force-recreate +# +# View logs: +# docker compose -f docker-compose.staging.yml logs -f mypage +# +# Check health status: +# docker inspect mypage-staging | grep -A 10 Health +# +# Stop containers: +# docker compose -f docker-compose.staging.yml down +# +# Restart containers: +# docker compose -f docker-compose.staging.yml restart +# +# Remove old/unused images (cleanup): +# docker image prune -f +# +# ============================================ +# Troubleshooting +# ============================================ +# +# If container keeps restarting: +# 1. Check logs: docker compose -f docker-compose.staging.yml logs --tail=100 +# 2. Check health: docker inspect mypage-staging | grep -A 10 Health +# 3. Verify port is not already in use: netstat -tulpn | grep 3031 +# 4. Check resource usage: docker stats mypage-staging +# +# If health check fails: +# 1. Test manually: docker exec mypage-staging curl -f http://localhost:3030/ +# 2. Check if Next.js server is running: docker exec mypage-staging ps aux +# 3. Verify environment variables: docker exec mypage-staging env +#