diff --git a/.woodpecker.yml b/.woodpecker.yml index 269dba0..1994b01 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -2,12 +2,15 @@ steps: build: image: woodpeckerci/plugin-docker settings: - registry: gitea.infra.mintel.me - repo: gitea.infra.mintel.me/mintel/mb-grid-solutions + registry: registry.infra.mintel.me + repo: registry.infra.mintel.me/mintel/mb-grid-solutions username: - from_secret: GITEA_USER + from_secret: REGISTRY_USER password: - from_secret: GITEA_TOKEN + from_secret: REGISTRY_PASS + tags: + - latest + - ${CI_COMMIT_SHA} when: event: push branch: main diff --git a/docker-compose.yaml b/docker-compose.yaml index bb523b5..04a999c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,7 +1,7 @@ services: app: build: . - image: gitea.infra.mintel.me/mintel/mb-grid-solutions:latest + image: registry.infra.mintel.me/mintel/mb-grid-solutions:latest restart: always expose: - "3000" diff --git a/docs/PLATFORM.md b/docs/PLATFORM.md index 13a400e..8b6abb4 100644 --- a/docs/PLATFORM.md +++ b/docs/PLATFORM.md @@ -13,12 +13,15 @@ Mintel runs the platform. These are for developers only (not customers): -Git +Git (Gitea) https://git.infra.mintel.me -CI +CI (Woodpecker) https://ci.infra.mintel.me +Container Registry +https://registry.infra.mintel.me + Errors (GlitchTip) https://errors.infra.mintel.me @@ -68,6 +71,21 @@ This directory contains: --- +## Container Images + +All production images must be built by CI and pushed to the Mintel Registry. + +Registry: +registry.infra.mintel.me + +Image naming: +registry.infra.mintel.me/ORG/APP_NAME:TAG + +Example: +registry.infra.mintel.me/mintel/mb-grid-solutions:latest + +--- + ## Databases ### Postgres (shared) @@ -151,7 +169,7 @@ No downtime. ## Error tracking (GlitchTip) -Each project gets a DSN, similar to Sentry. +Each project gets a DSN (like Sentry). Example: @@ -159,69 +177,77 @@ https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID Use as SENTRY_DSN in your app. -All errors appear in GlitchTip. - --- ## Analytics (Umami) Each site gets a website ID. -Include this script in your site: +Include this script: https://analytics.infra.mintel.me/script.js data-website-id=YOUR_ID -Traffic is visible in Umami. - --- ## Deployment via Woodpecker -Woodpecker deploys to Alpha via SSH. +Woodpecker builds images and pushes them to the Mintel Registry, then deploys to Alpha via SSH. Target: deploy@alpha.mintel.me -Auth: -ALPHA_SSH_KEY is provided as a CI secret. - --- ## Woodpecker pipeline example +steps: +build: +image: woodpeckerci/plugin-docker +settings: +registry: registry.infra.mintel.me +repo: registry.infra.mintel.me/mintel/mb-grid-solutions +username: +from_secret: REGISTRY_USER +password: +from_secret: REGISTRY_PASS +tags: +- latest +- ${CI_COMMIT_SHA} -Every repo must contain .woodpecker.yml: - -pipeline: - deploy: - image: alpine - commands: - - apk add --no-cache openssh - - mkdir -p ~/.ssh - - echo "$ALPHA_SSH_KEY" > ~/.ssh/id_ed25519 - - chmod 600 ~/.ssh/id_ed25519 - - ssh -o StrictHostKeyChecking=no deploy@alpha.mintel.me "cd /opt/alpha/sites/APP_NAME && docker compose pull && docker compose up -d" +deploy: +image: alpine +environment: +ALPHA_SSH_KEY: +from_secret: ALPHA_SSH_KEY +commands: +- apk add –no-cache openssh +- mkdir -p ~/.ssh +- echo “$ALPHA_SSH_KEY” > ~/.ssh/id_ed25519 +- chmod 600 ~/.ssh/id_ed25519 +- ssh -o StrictHostKeyChecking=no deploy@alpha.mintel.me “cd /opt/alpha/sites/mb-grid-solutions && docker compose pull && docker compose up -d” --- ## Monitoring -Errors: GlitchTip -Traffic: Umami -Uptime: Uptime-Kuma -Logs: Dozzle +Errors → GlitchTip +Traffic → Umami +Uptime → Uptime-Kuma +Logs → Dozzle -Infra monitors all services automatically. +Infra monitors all services. --- ## Summary You push code. -Woodpecker deploys. -Traefik routes domains. +CI builds images. +Images go to the Mintel Registry. +Alpha pulls and runs them. +Traefik routes real domains. Postgres and Redis are shared but isolated. -Zero-downtime updates are automatic. -Errors, traffic and uptime are tracked. +Deploys are zero-downtime. +Everything is monitored. This is a real production platform. \ No newline at end of file