96 lines
2.4 KiB
Markdown
96 lines
2.4 KiB
Markdown
# GitHub Actions Deployment Setup
|
|
|
|
## Required Secrets
|
|
|
|
Configure the following secrets in your GitHub repository settings:
|
|
|
|
### Production Deployment Secrets
|
|
|
|
1. **HOST** - Your server IP address or domain
|
|
```
|
|
123.456.789.123
|
|
```
|
|
|
|
2. **USERNAME** - SSH username (usually `root` or `ubuntu`)
|
|
```
|
|
root
|
|
```
|
|
|
|
3. **SSH_KEY** - Private SSH key for server access
|
|
```
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
your_private_key_content_here
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
```
|
|
|
|
4. **PORT** - SSH port (optional, defaults to 22)
|
|
```
|
|
22
|
|
```
|
|
|
|
## Server Prerequisites
|
|
|
|
Your production server should have:
|
|
|
|
1. **Docker & Docker Compose installed**
|
|
```bash
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
sudo usermod -aG docker $USER
|
|
```
|
|
|
|
2. **Project directory prepared**
|
|
```bash
|
|
sudo mkdir -p /opt/quixotic
|
|
sudo chown $USER:$USER /opt/quixotic
|
|
cd /opt/quixotic
|
|
git clone https://github.com/yourusername/quixotic.git .
|
|
```
|
|
|
|
3. **Environment file configured**
|
|
```bash
|
|
cp .env.docker.example .env.docker
|
|
nano .env.docker
|
|
# Set your domain and email
|
|
```
|
|
|
|
## Workflow Features
|
|
|
|
### CI Pipeline (`ci.yml`)
|
|
- ✅ **Test & Lint** - Runs on all PRs and pushes
|
|
- ✅ **Multi-platform build** - AMD64 and ARM64 support
|
|
- ✅ **Docker image caching** - Faster builds
|
|
- ✅ **Auto-deployment** - Deploys main branch to production
|
|
- ✅ **Zero-downtime deployment** - Rolling updates
|
|
|
|
### Security Pipeline (`security.yml`)
|
|
- ✅ **Dependency scanning** - npm audit for vulnerabilities
|
|
- ✅ **Code analysis** - GitHub CodeQL for security issues
|
|
- ✅ **Docker scanning** - Trivy for container vulnerabilities
|
|
- ✅ **Weekly scans** - Automated security checks
|
|
|
|
## Usage
|
|
|
|
1. **Development workflow:**
|
|
- Create feature branch: `git checkout -b feature/new-feature`
|
|
- Push changes: CI runs tests automatically
|
|
- Create PR: Full CI pipeline runs
|
|
|
|
2. **Production deployment:**
|
|
- Merge to main: Automatic build and deploy
|
|
- Monitor deployment: Check GitHub Actions tab
|
|
|
|
3. **Manual deployment:**
|
|
```bash
|
|
# On server
|
|
cd /opt/quixotic
|
|
git pull origin main
|
|
docker-compose --env-file .env.docker up -d --build
|
|
```
|
|
|
|
## Monitoring
|
|
|
|
- **GitHub Actions** - Build and deployment status
|
|
- **Traefik Dashboard** - `http://yourserver:8080`
|
|
- **Application Health** - `https://yourdomain.com/health`
|
|
- **Docker Logs** - `docker-compose logs -f quixotic-app` |