feat: update deployment configuration and encrypted env loader

- Update Ansible playbooks and roles for application deployment - Add new Gitea/Traefik troubleshooting playbooks - Update Docker Compose configurations (base, local, staging, production) - Enhance EncryptedEnvLoader with improved error handling - Add deployment scripts (autossh setup, migration, secret testing) - Update CI/CD workflows and documentation - Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
parent 7b7f0b41d2
commit 24cbbccf4c
44 changed files with 5280 additions and 276 deletions
--- a/deployment/ansible/playbooks/deploy-update.yml
+++ b/deployment/ansible/playbooks/deploy-update.yml
@@ -50,21 +50,34 @@
        group: "{{ ansible_user }}"
        mode: '0755'

-    - name: Check if docker-compose.yml exists in application stack
+    - name: Check if docker-compose.base.yml exists in application stack
      stat:
-        path: "{{ app_stack_path }}/docker-compose.yml"
-      register: compose_file_exists
+        path: "{{ app_stack_path }}/docker-compose.base.yml"
+      register: compose_base_exists
+      when: not (application_sync_files | default(false) | bool)

-    - name: Fail if docker-compose.yml doesn't exist
+    - name: Check if docker-compose.production.yml exists in application stack
+      stat:
+        path: "{{ app_stack_path }}/docker-compose.production.yml"
+      register: compose_prod_exists
+      when: not (application_sync_files | default(false) | bool)
+
+    - name: Fail if docker-compose files don't exist
      fail:
        msg: |
-          Application Stack docker-compose.yml not found at {{ app_stack_path }}/docker-compose.yml
+          Application Stack docker-compose files not found at {{ app_stack_path }}
+          
+          Required files:
+          - docker-compose.base.yml
+          - docker-compose.production.yml
          
          The Application Stack must be deployed first via:
          ansible-playbook -i inventory/production.yml playbooks/setup-infrastructure.yml
          
-          This will create the application stack with docker-compose.yml and .env file.
-      when: not compose_file_exists.stat.exists
+          This will create the application stack with docker-compose files and .env file.
+      when:
+        - not (application_sync_files | default(false) | bool)
+        - (not compose_base_exists.stat.exists or not compose_prod_exists.stat.exists)

    - name: Create backup directory
      file:
@@ -75,31 +88,47 @@
        mode: '0755'

  tasks:
-    - name: Verify docker-compose.yml exists
+    - name: Verify docker-compose files exist
      stat:
-        path: "{{ app_stack_path }}/docker-compose.yml"
-      register: compose_file_check
+        path: "{{ app_stack_path }}/docker-compose.base.yml"
+      register: compose_base_check
+      when: not (application_sync_files | default(false) | bool)
+      
+    - name: Verify docker-compose.production.yml exists
+      stat:
+        path: "{{ app_stack_path }}/docker-compose.production.yml"
+      register: compose_prod_check
+      when: not (application_sync_files | default(false) | bool)

-    - name: Fail if docker-compose.yml doesn't exist
+    - name: Fail if docker-compose files don't exist
      fail:
        msg: |
-          Application Stack docker-compose.yml not found at {{ app_stack_path }}/docker-compose.yml
+          Application Stack docker-compose files not found at {{ app_stack_path }}
+          
+          Required files:
+          - docker-compose.base.yml
+          - docker-compose.production.yml
          
          The Application Stack must be deployed first via:
          ansible-playbook -i inventory/production.yml playbooks/setup-infrastructure.yml
          
-          This will create the application stack with docker-compose.yml and .env file.
-      when: not compose_file_check.stat.exists
+          This will create the application stack with docker-compose files and .env file.
+      when:
+        - not (application_sync_files | default(false) | bool)
+        - (not compose_base_check.stat.exists or not compose_prod_check.stat.exists)

    - name: Backup current deployment metadata
      shell: |
-        docker compose -f {{ app_stack_path }}/docker-compose.yml ps --format json 2>/dev/null > {{ backups_path }}/{{ deployment_timestamp | regex_replace(':', '-') }}/current_containers.json || true
-        docker compose -f {{ app_stack_path }}/docker-compose.yml config 2>/dev/null > {{ backups_path }}/{{ deployment_timestamp | regex_replace(':', '-') }}/docker-compose-config.yml || true
+        docker compose -f {{ app_stack_path }}/docker-compose.base.yml -f {{ app_stack_path }}/docker-compose.production.yml ps --format json 2>/dev/null > {{ backups_path }}/{{ deployment_timestamp | regex_replace(':', '-') }}/current_containers.json || true
+        docker compose -f {{ app_stack_path }}/docker-compose.base.yml -f {{ app_stack_path }}/docker-compose.production.yml config 2>/dev/null > {{ backups_path }}/{{ deployment_timestamp | regex_replace(':', '-') }}/docker-compose-config.yml || true
      args:
        executable: /bin/bash
      changed_when: false
      ignore_errors: yes
-      when: compose_file_check.stat.exists
+      when: 
+        - not (application_sync_files | default(false) | bool)
+        - compose_base_exists.stat.exists | default(false)
+        - compose_prod_exists.stat.exists | default(false)

    - name: Login to Docker registry (if credentials provided)
      community.docker.docker_login:
@@ -128,9 +157,19 @@
        msg: "Failed to pull image {{ app_image }}:{{ image_tag }}"
      when: image_pull.failed

-    - name: Update docker-compose.yml with new image tag (all services)
+    # Sync files first if application_sync_files=true (before updating docker-compose.production.yml)
+    - name: Sync application stack files
+      import_role:
+        name: application
+      vars:
+        application_sync_files: "{{ application_sync_files | default(false) }}"
+        application_compose_recreate: "never"  # Don't recreate yet, just sync files
+        application_remove_orphans: false
+      when: application_sync_files | default(false) | bool
+
+    - name: Update docker-compose.production.yml with new image tag (all services)
      replace:
-        path: "{{ app_stack_path }}/docker-compose.yml"
+        path: "{{ app_stack_path }}/docker-compose.production.yml"
        # Match both localhost:5000 and registry.michaelschiemer.de (or any registry URL)
        regexp: '^(\s+image:\s+)(localhost:5000|registry\.michaelschiemer\.de|{{ docker_registry }})/{{ app_name }}:.*$'
        replace: '\1{{ app_image }}:{{ image_tag }}'
@@ -142,13 +181,13 @@
      import_role:
        name: application
      vars:
-        application_sync_files: false
+        application_sync_files: false  # Already synced above, don't sync again
        application_compose_recreate: "always"
        application_remove_orphans: true

    - name: Get deployed image information
      shell: |
-        docker compose -f {{ app_stack_path }}/docker-compose.yml config | grep -E "^\s+image:" | head -1 | awk '{print $2}' || echo "unknown"
+        docker compose -f {{ app_stack_path }}/docker-compose.base.yml -f {{ app_stack_path }}/docker-compose.production.yml config | grep -E "^\s+image:" | head -1 | awk '{print $2}' || echo "unknown"
      args:
        executable: /bin/bash
      register: deployed_image