45 lines
1.5 KiB
Markdown
45 lines
1.5 KiB
Markdown
# Deploy Tooling
|
|
|
|
This directory contains the additive deployment scaffold for the image-based CI/CD target path.
|
|
|
|
## Files
|
|
|
|
- `deploy-compose.sh`: pulls images, runs migrations, starts the app, and waits for readiness
|
|
- `.env.production.example`: example host-side runtime configuration
|
|
|
|
## Host Layout
|
|
|
|
On the target host, the deploy directory should contain:
|
|
|
|
```text
|
|
<deploy-path>/
|
|
docker-compose.cicd.yml
|
|
deploy.env
|
|
.env.production
|
|
tooling/deploy/deploy-compose.sh
|
|
```
|
|
|
|
`deploy.env` is ephemeral and written by GitHub Actions for one deployment. `.env.production` stays on the host and contains the long-lived runtime secrets and app configuration.
|
|
|
|
## First Setup
|
|
|
|
1. Copy `tooling/deploy/.env.production.example` to the target host as `.env.production`.
|
|
2. Fill in the required secrets and URLs.
|
|
3. Provision runtime AI/SMTP/anonymization secrets on the host through `.env.production` or the platform's secret facility.
|
|
4. Keep admin settings for status/verification only; do not use them to enter or rotate operational secrets.
|
|
5. After migration, use the admin cleanup action to remove any legacy database-stored runtime secrets.
|
|
6. Ensure Docker Engine and Docker Compose v2 are installed.
|
|
7. Ensure the target host can pull from `ghcr.io`.
|
|
8. Run the image release workflow, then the staging or production deploy workflow with the same image tag.
|
|
|
|
## Manual Host Test
|
|
|
|
After the files are present on the host, the flow can be tested manually:
|
|
|
|
```bash
|
|
set -a
|
|
. ./deploy.env
|
|
set +a
|
|
bash tooling/deploy/deploy-compose.sh staging
|
|
```
|