ci
This commit is contained in:
Andrey Kondratev
96
.github/DEPLOYMENT.md
vendored
Normal file
96
.github/DEPLOYMENT.md
vendored
Normal file
@@ -0,0 +1,96 @@
|
||||
# GitHub Actions Deployment Setup
|
||||
|
||||
## Required Secrets
|
||||
|
||||
Configure the following secrets in your GitHub repository settings:
|
||||
|
||||
### Production Deployment Secrets
|
||||
|
||||
1. **HOST** - Your server IP address or domain
|
||||
```
|
||||
123.456.789.123
|
||||
```
|
||||
|
||||
2. **USERNAME** - SSH username (usually `root` or `ubuntu`)
|
||||
```
|
||||
root
|
||||
```
|
||||
|
||||
3. **SSH_KEY** - Private SSH key for server access
|
||||
```
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
your_private_key_content_here
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
```
|
||||
|
||||
4. **PORT** - SSH port (optional, defaults to 22)
|
||||
```
|
||||
22
|
||||
```
|
||||
|
||||
## Server Prerequisites
|
||||
|
||||
Your production server should have:
|
||||
|
||||
1. **Docker & Docker Compose installed**
|
||||
```bash
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||
sh get-docker.sh
|
||||
sudo usermod -aG docker $USER
|
||||
```
|
||||
|
||||
2. **Project directory prepared**
|
||||
```bash
|
||||
sudo mkdir -p /opt/quixotic
|
||||
sudo chown $USER:$USER /opt/quixotic
|
||||
cd /opt/quixotic
|
||||
git clone https://github.com/yourusername/quixotic.git .
|
||||
```
|
||||
|
||||
3. **Environment file configured**
|
||||
```bash
|
||||
cp .env.docker.example .env.docker
|
||||
nano .env.docker
|
||||
# Set your domain and email
|
||||
```
|
||||
|
||||
## Workflow Features
|
||||
|
||||
### CI Pipeline (`ci.yml`)
|
||||
- ✅ **Test & Lint** - Runs on all PRs and pushes
|
||||
- ✅ **Multi-platform build** - AMD64 and ARM64 support
|
||||
- ✅ **Docker image caching** - Faster builds
|
||||
- ✅ **Auto-deployment** - Deploys main branch to production
|
||||
- ✅ **Zero-downtime deployment** - Rolling updates
|
||||
|
||||
### Security Pipeline (`security.yml`)
|
||||
- ✅ **Dependency scanning** - npm audit for vulnerabilities
|
||||
- ✅ **Code analysis** - GitHub CodeQL for security issues
|
||||
- ✅ **Docker scanning** - Trivy for container vulnerabilities
|
||||
- ✅ **Weekly scans** - Automated security checks
|
||||
|
||||
## Usage
|
||||
|
||||
1. **Development workflow:**
|
||||
- Create feature branch: `git checkout -b feature/new-feature`
|
||||
- Push changes: CI runs tests automatically
|
||||
- Create PR: Full CI pipeline runs
|
||||
|
||||
2. **Production deployment:**
|
||||
- Merge to main: Automatic build and deploy
|
||||
- Monitor deployment: Check GitHub Actions tab
|
||||
|
||||
3. **Manual deployment:**
|
||||
```bash
|
||||
# On server
|
||||
cd /opt/quixotic
|
||||
git pull origin main
|
||||
docker-compose --env-file .env.docker up -d --build
|
||||
```
|
||||
|
||||
## Monitoring
|
||||
|
||||
- **GitHub Actions** - Build and deployment status
|
||||
- **Traefik Dashboard** - `http://yourserver:8080`
|
||||
- **Application Health** - `https://yourdomain.com/health`
|
||||
- **Docker Logs** - `docker-compose logs -f quixotic-app`
|
||||
Reference in New Issue
Block a user