Deploy Tooling
This directory contains the additive deployment scaffold for the image-based CI/CD target path.
Files
deploy-compose.sh: pulls images, runs migrations, starts the app, and waits for readiness.env.production.example: example host-side runtime configuration
Host Layout
On the target host, the deploy directory should contain:
<deploy-path>/
docker-compose.cicd.yml
deploy.env
.env.production
tooling/deploy/deploy-compose.sh
deploy.env is ephemeral and written by GitHub Actions for one deployment. .env.production stays on the host and contains the long-lived runtime secrets and app configuration.
First Setup
- Copy
tooling/deploy/.env.production.exampleto the target host as.env.production. - Fill in the required secrets and URLs.
- Provision runtime AI/SMTP/anonymization secrets on the host through
.env.productionor the platform's secret facility. - Keep admin settings for status/verification only; do not use them to enter or rotate operational secrets.
- After migration, use the admin cleanup action to remove any legacy database-stored runtime secrets.
- Ensure Docker Engine and Docker Compose v2 are installed.
- Ensure the target host can pull from
ghcr.io. - Run the image release workflow, then the staging or production deploy workflow with the same image tag.
Manual Host Test
After the files are present on the host, the flow can be tested manually:
set -a
. ./deploy.env
set +a
bash tooling/deploy/deploy-compose.sh staging