diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 1f68350..f33e80d 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -26,6 +26,9 @@ jobs: next_public_base_url: ${{ steps.determine.outputs.next_public_base_url }} directus_url: ${{ steps.determine.outputs.directus_url }} directus_host: ${{ steps.determine.outputs.directus_host }} + gatekeeper_host: ${{ steps.determine.outputs.gatekeeper_host }} + traefik_rule: ${{ steps.determine.outputs.traefik_rule }} + gatekeeper_rule: ${{ steps.determine.outputs.gatekeeper_rule }} project_name: ${{ steps.determine.outputs.project_name }} steps: - name: 🔍 Debug Info @@ -74,6 +77,7 @@ jobs: IMAGE_TAG="testing-${SHORT_SHA}" ENV_FILE=".env.testing" TRAEFIK_HOST="testing.${DOMAIN_BASE}" + GATEKEEPER_HOST="gatekeeper.testing.${DOMAIN_BASE}" NEXT_PUBLIC_BASE_URL="https://testing.${DOMAIN_BASE}" DIRECTUS_URL="https://cms.testing.${DOMAIN_BASE}" DIRECTUS_HOST="cms.testing.${DOMAIN_BASE}" @@ -82,7 +86,8 @@ jobs: TARGET="production" IMAGE_TAG="$REF_NAME" ENV_FILE=".env.prod" - TRAEFIK_HOST="${DOMAIN_BASE}, www.${DOMAIN_BASE}" + TRAEFIK_HOST="${DOMAIN_BASE}" # Primary domain + GATEKEEPER_HOST="gatekeeper.${DOMAIN_BASE}" NEXT_PUBLIC_BASE_URL="https://${DOMAIN_BASE}" DIRECTUS_URL="https://cms.${DOMAIN_BASE}" DIRECTUS_HOST="cms.${DOMAIN_BASE}" @@ -91,6 +96,7 @@ jobs: IMAGE_TAG="$REF_NAME" ENV_FILE=".env.staging" TRAEFIK_HOST="staging.${DOMAIN_BASE}" + GATEKEEPER_HOST="gatekeeper.staging.${DOMAIN_BASE}" NEXT_PUBLIC_BASE_URL="https://staging.${DOMAIN_BASE}" DIRECTUS_URL="https://cms.staging.${DOMAIN_BASE}" DIRECTUS_HOST="cms.staging.${DOMAIN_BASE}" @@ -103,6 +109,17 @@ jobs: echo "Ref type $REF_TYPE is not handled for deployment." fi + # Determine Rules based on target (if not skipped) + if [[ "$TARGET" != "skip" ]]; then + if [[ "$TARGET" == "production" ]]; then + TRAEFIK_RULE="Host(\`${DOMAIN_BASE}\`) || Host(\`www.${DOMAIN_BASE}\`)" + GATEKEEPER_RULE="(Host(\`${DOMAIN_BASE}\`) || Host(\`www.${DOMAIN_BASE}\`)) && PathPrefix(\`/gatekeeper\`) || Host(\`gatekeeper.${DOMAIN_BASE}\`)" + else + TRAEFIK_RULE="Host(\`${TRAEFIK_HOST}\`)" + GATEKEEPER_RULE="(Host(\`${TRAEFIK_HOST}\`) && PathPrefix(\`/gatekeeper\`)) || Host(\`gatekeeper.${TRAEFIK_HOST}\`)" + fi + fi + echo "Target determined: $TARGET" echo "Image tag: $IMAGE_TAG" @@ -110,6 +127,9 @@ jobs: echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" echo "env_file=$ENV_FILE" >> "$GITHUB_OUTPUT" echo "traefik_host=$TRAEFIK_HOST" >> "$GITHUB_OUTPUT" + echo "traefik_rule=$TRAEFIK_RULE" >> "$GITHUB_OUTPUT" + echo "gatekeeper_rule=$GATEKEEPER_RULE" >> "$GITHUB_OUTPUT" + echo "gatekeeper_host=$GATEKEEPER_HOST" >> "$GITHUB_OUTPUT" echo "next_public_base_url=$NEXT_PUBLIC_BASE_URL" >> "$GITHUB_OUTPUT" echo "directus_url=$DIRECTUS_URL" >> "$GITHUB_OUTPUT" echo "directus_host=$DIRECTUS_HOST" >> "$GITHUB_OUTPUT" @@ -206,6 +226,9 @@ jobs: ENV_FILE=${{ needs.prepare.outputs.env_file }} IMAGE_TAG=${{ needs.prepare.outputs.image_tag }} TRAEFIK_HOST=${{ needs.prepare.outputs.traefik_host }} + TRAEFIK_RULE=${{ needs.prepare.outputs.traefik_rule }} + GATEKEEPER_RULE=${{ needs.prepare.outputs.gatekeeper_rule }} + GATEKEEPER_HOST=${{ needs.prepare.outputs.gatekeeper_host }} PROJECT_NAME=${{ needs.prepare.outputs.project_name }} NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }} diff --git a/docker-compose.yaml b/docker-compose.yaml index f5fd200..4695271 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,7 +8,7 @@ services: - ${ENV_FILE:-.env} labels: - "traefik.enable=true" - - "traefik.http.routers.${PROJECT_NAME}.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)" + - "traefik.http.routers.${PROJECT_NAME}.rule=${TRAEFIK_RULE:-Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)}" - "traefik.http.routers.${PROJECT_NAME}.entrypoints=websecure" - "traefik.http.routers.${PROJECT_NAME}.tls.certresolver=le" - "traefik.http.routers.${PROJECT_NAME}.tls=true" @@ -17,7 +17,7 @@ services: - "traefik.docker.network=infra" # Gatekeeper Router (Shared Host + dedicated Subdomain) - - "traefik.http.routers.${PROJECT_NAME}-gatekeeper.rule=(Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathPrefix(`/gatekeeper`)) || Host(`gatekeeper.${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)" + - "traefik.http.routers.${PROJECT_NAME}-gatekeeper.rule=${GATEKEEPER_RULE:-(Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathPrefix(`/gatekeeper`)) || Host(`gatekeeper.${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)}" - "traefik.http.routers.${PROJECT_NAME}-gatekeeper.entrypoints=websecure" - "traefik.http.routers.${PROJECT_NAME}-gatekeeper.tls.certresolver=le" - "traefik.http.routers.${PROJECT_NAME}-gatekeeper.tls=true" @@ -46,7 +46,7 @@ services: AUTH_COOKIE_NAME: ${AUTH_COOKIE_NAME:-mintel_gatekeeper_session} GATEKEEPER_PASSWORD: ${GATEKEEPER_PASSWORD:-mintel} # Dedicated Base URL for Gatekeeper subdomain to prevent redirect loops - NEXT_PUBLIC_BASE_URL: https://gatekeeper.${TRAEFIK_HOST:-mb-grid-solutions.localhost} + NEXT_PUBLIC_BASE_URL: https://${GATEKEEPER_HOST:-gatekeeper.mb-grid-solutions.localhost} labels: - "traefik.enable=true" - "traefik.http.services.${PROJECT_NAME}-gatekeeper.loadbalancer.server.port=3000"