feat(deploy): switch to docker compose for v2.1#2
Open
dyakovri wants to merge 2 commits into
Open
Conversation
Replace imperative `docker run` deploys (images from ghcr.io) with a
`docker compose` based pipeline pulling from `git.dyakov.space`:
- New `deploy/compose.yaml` with `control-panel-service` and `web`
services on the existing external `web` network. No DB service: an
external Postgres is reached via `DB_DSN`. Container names
`com_profcomff_{api,ui}_redirect[_test]` are preserved for the
existing reverse-proxy configs; `redirector-api`/`redirector-www`
aliases are added for parity with upstream.
- Workflow now does `compose pull` → `compose run --rm
control-panel-service alembic upgrade head` → `compose up -d` per
environment. Testing deploys `dev-latest` on push to `main`,
Production deploys `latest` on `v*` tags. Login uses
`secrets.DYAKOVSPACE_CI_TOKEN` as `robot-profcomff`.
- README rewritten as a service overview + deploy reference; the
application source is no longer open source so the old upstream
links are dropped.
Temmmmmo
approved these changes
May 19, 2026
Member
Author
|
@Temmmmmo если что, я не смогу это раскатать, у меня нет ключей на сервера |
Member
Author
|
Вроде все нужное я поменял в репозитории, секреты создал и все такое. Надо только вмержить, удалить старые контейнеры и удостовериться, что поднялись новые |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
deploy/compose.yamlwithcontrol-panel-service+webon the existing externalwebnetwork. DB is external (DB_DSN); nodbservice in compose. Container namescom_profcomff_{api,ui}_redirect[_test]preserved for existing reverse-proxy configs; addedredirector-api/redirector-wwwnetwork aliases for parity with upstream.actions/checkout@v4→docker/login-action@v3togit.dyakov.spaceasrobot-profcomff(secrets.DYAKOVSPACE_CI_TOKEN) →docker compose pull→docker compose run --rm control-panel-service alembic upgrade head→docker compose up -d --remove-orphans. Testing job runs on push tomainwithdev-latest; Production runs onv*tags withlatest. Both environments migrate their own DB.docs/superpowers/specs/.Environment setup
GitHub Environments already populated:
BASE_URL,OIDC_CONFIGURATION_URI,OIDC_CLIENT_ID=redirector,OIDC_ADMIN_CLAIM=groups,OIDC_ADMIN_CLAIM_VALUE=redirector-admin,ALLOWED_DOMAINSDB_DSN(pre-existing), freshly generatedJWT_SECRET_KEYStill TODO before first deploy — set per environment:
DYAKOVSPACE_CI_TOKEN— read-token togit.dyakov.spaceOIDC_CLIENT_SECRET— OIDC client secretOIDC_TRUSTED_TOKEN— dev bypass, leave unset in productionThe legacy
SECRETin Production is unused by the new compose flow and can be deleted at convenience.Test plan
DYAKOVSPACE_CI_TOKENandOIDC_CLIENT_SECRETin both Environmentsmain→ Testing workflow runs end-to-endhttps://to.test.profcomff.com/opens, auth + redirect smoke test passesv2.1.0→ Production workflow runs end-to-end (gated by required reviewers)https://to.profcomff.com/opens, auth + redirect smoke test passes