feat: Implement a gatekeeper service for access control and add CMS health monitoring with a connectivity notice.

2026-02-01 16:27:52 +01:00
parent 9e87720494
commit fcb3169d04
11 changed files with 327 additions and 6 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -193,6 +193,16 @@ jobs:
            --cache-to type=registry,ref=registry.infra.mintel.me/mintel/klz-cables.com:buildcache,mode=max \
            --push .

+      - name: 🏗️ Gatekeeper bauen & pushen
+        env:
+          IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
+        run: |
+          docker buildx build \
+            --pull \
+            --platform linux/arm64 \
+            -t registry.infra.mintel.me/mintel/klz-cables-gatekeeper:$IMAGE_TAG \
+            --push ./gatekeeper
+

  # ──────────────────────────────────────────────────────────────────────────────
  # JOB 4: Deploy via SSH
@@ -227,6 +237,7 @@ jobs:
      DIRECTUS_DB_USER:              ${{ secrets.DIRECTUS_DB_USER || 'directus' }}
      DIRECTUS_DB_PASSWORD:          ${{ secrets.DIRECTUS_DB_PASSWORD }}
      DIRECTUS_API_TOKEN:            ${{ secrets.DIRECTUS_API_TOKEN }}
+      GATEKEEPER_PASSWORD:           ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@@ -265,10 +276,12 @@ jobs:
          DIRECTUS_DB_USER=$DIRECTUS_DB_USER
          DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD
          DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN
+          GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD

          IMAGE_TAG=$IMAGE_TAG
          TRAEFIK_HOST=$TRAEFIK_HOST
          ENV_FILE=$ENV_FILE
+          AUTH_MIDDLEWARE=$( [[ "$TARGET" == "production" ]] && echo "compress" || echo "${PROJECT_NAME}-auth,compress" )
          EOF

          scp -o StrictHostKeyChecking=accept-new /tmp/klz-cables.env root@alpha.mintel.me:/home/deploy/sites/klz-cables.com/$ENV_FILE