feat: update deployment configuration and encrypted env loader

- Update Ansible playbooks and roles for application deployment - Add new Gitea/Traefik troubleshooting playbooks - Update Docker Compose configurations (base, local, staging, production) - Enhance EncryptedEnvLoader with improved error handling - Add deployment scripts (autossh setup, migration, secret testing) - Update CI/CD workflows and documentation - Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
parent 7b7f0b41d2
commit 24cbbccf4c
44 changed files with 5280 additions and 276 deletions
--- a/.gitea/workflows/cache-warm.yml
+++ b/.gitea/workflows/cache-warm.yml
@@ -41,6 +41,7 @@ jobs:
          fi
          echo "target_ref=$TARGET" >> "$GITHUB_OUTPUT"
          echo "TARGET_REF=$TARGET" >> $GITHUB_ENV
+          echo "BRANCH_NAME=$TARGET" >> $GITHUB_ENV

      - name: Download CI helpers
        shell: bash
@@ -173,14 +174,28 @@ jobs:

          IMAGE_NAME="${{ env.RUNTIME_IMAGE_NAME }}"
          DATE_TAG="warm-$(date -u +%Y%m%d%H%M)"
+          BRANCH_NAME="${{ env.BRANCH_NAME || 'main' }}"
+
+          # Build cache sources - multiple sources for better cache hit rate
+          CACHE_SOURCES=(
+            "type=registry,ref=${TARGET_REGISTRY}/${IMAGE_NAME}:buildcache"
+            "type=registry,ref=${TARGET_REGISTRY}/${IMAGE_NAME}:${BRANCH_NAME}-cache"
+            "type=registry,ref=${TARGET_REGISTRY}/${IMAGE_NAME}:latest"
+          )
+          
+          CACHE_FROM_ARGS=""
+          for CACHE_SRC in "${CACHE_SOURCES[@]}"; do
+            CACHE_FROM_ARGS="${CACHE_FROM_ARGS} --cache-from ${CACHE_SRC}"
+          done

          docker buildx build \
            --platform linux/amd64 \
            --file ./Dockerfile.production \
            --target runtime-base \
            --build-arg RUNTIME_IMAGE=runtime-base \
-            --cache-from type=registry,ref="$TARGET_REGISTRY/$IMAGE_NAME:buildcache" \
-            --cache-to type=registry,ref="$TARGET_REGISTRY/$IMAGE_NAME:buildcache",mode=max \
+            ${CACHE_FROM_ARGS} \
+            --cache-to type=registry,ref="${TARGET_REGISTRY}/${IMAGE_NAME}:buildcache",mode=max \
+            --cache-to type=registry,ref="${TARGET_REGISTRY}/${IMAGE_NAME}:${BRANCH_NAME}-cache",mode=max \
            --tag "$TARGET_REGISTRY/$IMAGE_NAME:$DATE_TAG" \
            --push \
            .
@@ -201,6 +216,7 @@ jobs:

          IMAGE_NAME="${{ env.IMAGE_NAME }}"
          DATE_TAG="warm-$(date -u +%Y%m%d%H%M)"
+          BRANCH_NAME="${{ env.BRANCH_NAME || 'main' }}"

          DEFAULT_RUNTIME="$CACHE_TARGET/${{ env.RUNTIME_IMAGE_NAME }}:latest"
          RUNTIME_ARG="runtime-base"
@@ -208,12 +224,25 @@ jobs:
            RUNTIME_ARG="$DEFAULT_RUNTIME"
          fi

+          # Build cache sources - multiple sources for better cache hit rate
+          CACHE_SOURCES=(
+            "type=registry,ref=${CACHE_TARGET}/${IMAGE_NAME}:buildcache"
+            "type=registry,ref=${REGISTRY_TO_USE}/${IMAGE_NAME}:${BRANCH_NAME}-cache"
+            "type=registry,ref=${REGISTRY_TO_USE}/${IMAGE_NAME}:latest"
+          )
+          
+          CACHE_FROM_ARGS=""
+          for CACHE_SRC in "${CACHE_SOURCES[@]}"; do
+            CACHE_FROM_ARGS="${CACHE_FROM_ARGS} --cache-from ${CACHE_SRC}"
+          done
+
          docker buildx build \
            --platform linux/amd64 \
            --file ./Dockerfile.production \
            --build-arg RUNTIME_IMAGE="$RUNTIME_ARG" \
-            --cache-from type=registry,ref="$CACHE_TARGET/$IMAGE_NAME:buildcache" \
-            --cache-to type=registry,ref="$CACHE_TARGET/$IMAGE_NAME:buildcache",mode=max \
+            ${CACHE_FROM_ARGS} \
+            --cache-to type=registry,ref="${CACHE_TARGET}/${IMAGE_NAME}:buildcache",mode=max \
+            --cache-to type=registry,ref="${REGISTRY_TO_USE}/${IMAGE_NAME}:${BRANCH_NAME}-cache",mode=max \
            --tag "$REGISTRY_TO_USE/$IMAGE_NAME:$DATE_TAG" \
            --push \
            .