# GitHub Actions Deployment Setup

## Required Secrets

Configure the following secrets in your GitHub repository settings:

### Production Deployment Secrets

1. **HOST** - Your server IP address or domain
   ```
   123.456.789.123
   ```

2. **USERNAME** - SSH username (usually `root` or `ubuntu`)
   ```
   root
   ```

3. **SSH_KEY** - Private SSH key for server access
   ```
   -----BEGIN OPENSSH PRIVATE KEY-----
   your_private_key_content_here
   -----END OPENSSH PRIVATE KEY-----
   ```

4. **PORT** - SSH port (optional, defaults to 22)
   ```
   22
   ```

## Server Prerequisites

Your production server should have:

1. **Docker & Docker Compose installed**
   ```bash
   curl -fsSL https://get.docker.com -o get-docker.sh
   sh get-docker.sh
   sudo usermod -aG docker $USER
   ```

2. **Project directory prepared**
   ```bash
   sudo mkdir -p /opt/quixotic
   sudo chown $USER:$USER /opt/quixotic
   cd /opt/quixotic
   git clone https://github.com/yourusername/quixotic.git .
   ```

3. **Environment file configured**
   ```bash
   # Create and configure .env.docker with your production values
   # The docker-compose.yml already references this file
   cp .env.docker.example .env.docker
   nano .env.docker
   ```

## Workflow Features

### CI Pipeline (`ci.yml`)
- ✅ **Test & Lint** - Runs on all PRs and pushes
- ✅ **Multi-platform build** - AMD64 and ARM64 support
- ✅ **Docker image caching** - Faster builds
- ✅ **Auto-deployment** - Deploys main branch to production
- ✅ **Zero-downtime deployment** - Rolling updates

### Security Pipeline (`security.yml`)
- ✅ **Dependency scanning** - npm audit for vulnerabilities  
- ✅ **Code analysis** - GitHub CodeQL for security issues
- ✅ **Docker scanning** - Trivy for container vulnerabilities
- ✅ **Weekly scans** - Automated security checks

## Usage

1. **Development workflow:**
   - Create feature branch: `git checkout -b feature/new-feature`
   - Push changes: CI runs tests automatically
   - Create PR: Full CI pipeline runs

2. **Production deployment:**
   - Merge to main: Automatic build and deploy
   - Monitor deployment: Check GitHub Actions tab

3. **Manual deployment:**
   ```bash
   # On server
   cd /opt/quixotic
   git pull origin main
   docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d --pull always
   ```

## Monitoring

- **GitHub Actions** - Build and deployment status
- **Traefik Dashboard** - `http://yourserver:8080`
- **Application Health** - `https://yourdomain.com/health`
- **Docker Logs** - `docker-compose logs -f quixotic-app`