feat: update deployment configuration and encrypted env loader

- Update Ansible playbooks and roles for application deployment - Add new Gitea/Traefik troubleshooting playbooks - Update Docker Compose configurations (base, local, staging, production) - Enhance EncryptedEnvLoader with improved error handling - Add deployment scripts (autossh setup, migration, secret testing) - Update CI/CD workflows and documentation - Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
parent 7b7f0b41d2
commit 24cbbccf4c
44 changed files with 5280 additions and 276 deletions
--- a/deployment/ansible/roles/application/defaults/main.yml
+++ b/deployment/ansible/roles/application/defaults/main.yml
@@ -1,6 +1,8 @@
 ---
 # Source path for application stack files on the control node
-application_stack_src: "{{ role_path }}/../../stacks/application"
+# Use playbook_dir as base, then go to ../stacks/application
+# This assumes playbooks are in deployment/ansible/playbooks
+application_stack_src: "{{ playbook_dir | default(role_path + '/..') }}/../stacks/application"

 # Destination path on the target host (defaults to configured app_stack_path)
 application_stack_dest: "{{ app_stack_path | default(stacks_base_path + '/application') }}"
--- a/deployment/ansible/roles/application/tasks/deploy.yml
+++ b/deployment/ansible/roles/application/tasks/deploy.yml
@@ -10,7 +10,7 @@

 - name: Wait for application container to report Up
  shell: |
-    docker compose -f {{ application_stack_dest }}/docker-compose.yml ps app | grep -Eiq "Up|running"
+    docker compose -f {{ application_stack_dest }}/docker-compose.base.yml -f {{ application_stack_dest }}/docker-compose.production.yml ps php | grep -Eiq "Up|running"
  register: application_app_running
  changed_when: false
  until: application_app_running.rc == 0
@@ -20,7 +20,7 @@

 - name: Ensure app container is running before migrations
  shell: |
-    docker compose -f {{ application_stack_dest }}/docker-compose.yml ps app | grep -Eiq "Up|running"
+    docker compose -f {{ application_stack_dest }}/docker-compose.base.yml -f {{ application_stack_dest }}/docker-compose.production.yml ps php | grep -Eiq "Up|running"
  args:
    executable: /bin/bash
  register: application_app_container_running
@@ -30,7 +30,7 @@

 - name: Run database migrations
  shell: |
-    docker compose -f {{ application_stack_dest }}/docker-compose.yml exec -T app {{ application_migration_command }}
+    docker compose -f {{ application_stack_dest }}/docker-compose.base.yml -f {{ application_stack_dest }}/docker-compose.production.yml exec -T php {{ application_migration_command }}
  args:
    executable: /bin/bash
  register: application_migration_result
@@ -43,7 +43,7 @@
    - application_app_container_running.rc == 0

 - name: Collect application container status
-  shell: docker compose -f {{ application_stack_dest }}/docker-compose.yml ps
+  shell: docker compose -f {{ application_stack_dest }}/docker-compose.base.yml -f {{ application_stack_dest }}/docker-compose.production.yml ps
  register: application_ps
  changed_when: false
  ignore_errors: yes
--- a/deployment/ansible/roles/application/tasks/sync.yml
+++ b/deployment/ansible/roles/application/tasks/sync.yml
@@ -17,6 +17,7 @@
    file: "{{ application_vault_file }}"
  when: application_vault_stat.stat.exists
  no_log: yes
+  ignore_errors: yes
  delegate_to: localhost
  become: no

@@ -72,21 +73,57 @@
    application_encryption_key: "{{ encryption_key | default(vault_encryption_key | default('')) }}"
  no_log: yes

- name: Check if application docker-compose source exists locally
+- name: Check if application docker-compose.base.yml source exists locally
+  stat:
+    path: "{{ application_stack_src }}/docker-compose.base.yml"
+  delegate_to: localhost
+  register: application_compose_base_src
+  become: no
+
+- name: Check if application docker-compose.production.yml source exists locally
+  stat:
+    path: "{{ application_stack_src }}/../../../docker-compose.production.yml"
+  delegate_to: localhost
+  register: application_compose_prod_src
+  become: no
+
+- name: Copy application docker-compose.base.yml to target host
+  copy:
+    src: "{{ application_stack_src }}/docker-compose.base.yml"
+    dest: "{{ application_stack_dest }}/docker-compose.base.yml"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0644'
+  when: application_compose_base_src.stat.exists
+
+- name: Copy application docker-compose.production.yml to target host
+  copy:
+    src: "{{ application_stack_src }}/../../../docker-compose.production.yml"
+    dest: "{{ application_stack_dest }}/docker-compose.production.yml"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0644'
+  when: application_compose_prod_src.stat.exists
+
+- name: Check if legacy docker-compose.yml exists (fallback)
  stat:
    path: "{{ application_stack_src }}/docker-compose.yml"
  delegate_to: localhost
  register: application_compose_src
  become: no
+  when: not (application_compose_base_src.stat.exists | default(false))

- name: Copy application docker-compose to target host
+- name: Copy application docker-compose.yml to target host (fallback for legacy)
  copy:
    src: "{{ application_stack_src }}/docker-compose.yml"
    dest: "{{ application_stack_dest }}/docker-compose.yml"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0644'
-  when: application_compose_src.stat.exists
+  when:
+    - application_compose_src is defined
+    - application_compose_src.stat.exists | default(false)
+    - not (application_compose_base_src.stat.exists | default(false))

 - name: Check if nginx configuration exists locally
  stat: