fix: Gitea Traefik routing and connection pool optimization

- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00
parent 85c369e846
commit 36ef2a1e2c
1366 changed files with 104925 additions and 28719 deletions
--- a/.gitea/workflows/build-image.yml
+++ b/.gitea/workflows/build-image.yml
@@ -96,7 +96,7 @@ jobs:
          chmod +x /tmp/ci-tools/clone_repo.sh

      - name: Upload CI helpers as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: ci-helpers
          path: /tmp/ci-tools/clone_repo.sh
@@ -242,7 +242,7 @@ jobs:
          echo "needs_runtime_build=$RUNTIME_BUILD" >> "$GITHUB_OUTPUT"

      - name: Upload repository as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: repository
          path: /workspace/repo
@@ -270,7 +270,7 @@ jobs:

      - name: Download CI helpers from artifact
        if: ${{ steps.decision.outputs.should_build == 'true' }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: ci-helpers
          path: /tmp/ci-tools
@@ -316,7 +316,7 @@ jobs:

      - name: Download repository artifact
        if: steps.decision.outputs.should_build == 'true'
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: repository
          path: /workspace
@@ -499,7 +499,7 @@ jobs:
    runs-on: php-ci
    steps:
      - name: Download CI helpers from artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: ci-helpers
          path: /tmp/ci-tools
@@ -529,7 +529,7 @@ jobs:
          chmod +x /tmp/ci-tools/clone_repo.sh

      - name: Download repository artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: repository
          path: /workspace
@@ -605,7 +605,7 @@ jobs:

      - name: Download CI helpers from artifact
        if: ${{ env.SHOULD_BUILD == 'true' }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: ci-helpers
          path: /tmp/ci-tools
@@ -636,7 +636,7 @@ jobs:

      - name: Download repository artifact
        if: ${{ env.SHOULD_BUILD == 'true' }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: repository
          path: /workspace
@@ -987,7 +987,7 @@ jobs:

      - name: Upload repository as artifact
        if: ${{ env.SHOULD_BUILD == 'true' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: repository
          path: /workspace/repo
@@ -1023,7 +1023,7 @@ jobs:
          echo "📋 Branch: $REF_NAME"

      - name: Download repository artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: repository
          path: /workspace
@@ -1182,7 +1182,7 @@ jobs:
          echo "📋 Branch: $REF_NAME"

      - name: Download repository artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: repository
          path: /workspace
--- a/.gitea/workflows/manual-deploy.yml
+++ b/.gitea/workflows/manual-deploy.yml
@@ -124,33 +124,14 @@ jobs:
            chmod 600 /tmp/vault_pass
          fi

-      - name: Deploy Application Code to Staging
+      - name: Deploy to Staging (Complete)
        run: |
          cd /workspace/repo/deployment/ansible
          ansible-playbook -i inventory/production.yml \
-            playbooks/deploy-application-code.yml \
+            playbooks/deploy-complete.yml \
            -e "deployment_environment=staging" \
            -e "deployment_hosts=production" \
            -e "git_branch=${{ steps.branch.outputs.BRANCH }}" \
-            --vault-password-file /tmp/vault_pass \
-            --private-key ~/.ssh/production
-
-      - name: Install Composer Dependencies
-        run: |
-          cd /workspace/repo/deployment/ansible
-          ansible-playbook -i inventory/production.yml \
-            playbooks/install-composer-dependencies.yml \
-            -e "deployment_environment=staging" \
-            --vault-password-file /tmp/vault_pass \
-            --private-key ~/.ssh/production
-
-      - name: Deploy Docker Image to Staging
-        run: |
-          cd /workspace/repo/deployment/ansible
-          ansible-playbook -i inventory/production.yml \
-            playbooks/deploy-image.yml \
-            -e "deployment_environment=staging" \
-            -e "deployment_hosts=production" \
            -e "image_tag=${{ needs.determine-image.outputs.image_tag }}" \
            -e "docker_registry=${{ needs.determine-image.outputs.registry_host }}" \
            -e "docker_registry_username=${{ secrets.REGISTRY_USER }}" \
@@ -164,15 +145,24 @@ jobs:
      - name: Health check
        id: health
        run: |
-          for i in {1..10}; do
-            if curl -f -k https://staging.michaelschiemer.de/health; then
-              echo "✅ Health check passed"
+          echo "🔍 Performing health checks with exponential backoff..."
+          DELAY=2
+          MAX_DELAY=60
+          MAX_ATTEMPTS=5
+          
+          for i in $(seq 1 $MAX_ATTEMPTS); do
+            if curl -f -k -s https://staging.michaelschiemer.de/health > /dev/null 2>&1; then
+              echo "✅ Health check passed (attempt $i/$MAX_ATTEMPTS)"
              exit 0
            fi
-            echo "⏳ Waiting for staging service... (attempt $i/10)"
-            sleep 10
+            if [ $i -lt $MAX_ATTEMPTS ]; then
+              echo "⏳ Waiting for staging service... (attempt $i/$MAX_ATTEMPTS, delay ${DELAY}s)"
+              sleep $DELAY
+              DELAY=$((DELAY * 2))
+              [ $DELAY -gt $MAX_DELAY ] && DELAY=$MAX_DELAY
+            fi
          done
-          echo "❌ Health check failed"
+          echo "❌ Health check failed after $MAX_ATTEMPTS attempts"
          exit 1

      - name: Notify deployment success
@@ -187,6 +177,9 @@ jobs:
    needs: determine-image
    if: inputs.environment == 'production'
    runs-on: ubuntu-latest
+    concurrency:
+      group: deploy-production
+      cancel-in-progress: false
    environment:
      name: production
      url: https://michaelschiemer.de
@@ -243,33 +236,14 @@ jobs:
            chmod 600 /tmp/vault_pass
          fi

-      - name: Deploy Application Code to Production
+      - name: Deploy to Production (Complete)
        run: |
          cd /workspace/repo/deployment/ansible
          ansible-playbook -i inventory/production.yml \
-            playbooks/deploy-application-code.yml \
+            playbooks/deploy-complete.yml \
            -e "deployment_environment=production" \
            -e "deployment_hosts=production" \
            -e "git_branch=${{ steps.branch.outputs.BRANCH }}" \
-            --vault-password-file /tmp/vault_pass \
-            --private-key ~/.ssh/production
-
-      - name: Install Composer Dependencies
-        run: |
-          cd /workspace/repo/deployment/ansible
-          ansible-playbook -i inventory/production.yml \
-            playbooks/install-composer-dependencies.yml \
-            -e "deployment_environment=production" \
-            --vault-password-file /tmp/vault_pass \
-            --private-key ~/.ssh/production
-
-      - name: Deploy Docker Image to Production
-        run: |
-          cd /workspace/repo/deployment/ansible
-          ansible-playbook -i inventory/production.yml \
-            playbooks/deploy-image.yml \
-            -e "deployment_environment=production" \
-            -e "deployment_hosts=production" \
            -e "image_tag=${{ needs.determine-image.outputs.image_tag }}" \
            -e "docker_registry=${{ needs.determine-image.outputs.registry_host }}" \
            -e "docker_registry_username=${{ secrets.REGISTRY_USER }}" \
@@ -283,15 +257,24 @@ jobs:
      - name: Health check
        id: health
        run: |
-          for i in {1..10}; do
-            if curl -f -k https://michaelschiemer.de/health; then
-              echo "✅ Health check passed"
+          echo "🔍 Performing health checks with exponential backoff..."
+          DELAY=2
+          MAX_DELAY=60
+          MAX_ATTEMPTS=5
+          
+          for i in $(seq 1 $MAX_ATTEMPTS); do
+            if curl -f -k -s https://michaelschiemer.de/health > /dev/null 2>&1; then
+              echo "✅ Health check passed (attempt $i/$MAX_ATTEMPTS)"
              exit 0
            fi
-            echo "⏳ Waiting for production service... (attempt $i/10)"
-            sleep 10
+            if [ $i -lt $MAX_ATTEMPTS ]; then
+              echo "⏳ Waiting for production service... (attempt $i/$MAX_ATTEMPTS, delay ${DELAY}s)"
+              sleep $DELAY
+              DELAY=$((DELAY * 2))
+              [ $DELAY -gt $MAX_DELAY ] && DELAY=$MAX_DELAY
+            fi
          done
-          echo "❌ Health check failed"
+          echo "❌ Health check failed after $MAX_ATTEMPTS attempts"
          exit 1

      - name: Notify deployment success
--- a/.gitea/workflows/monitor-performance.yml
+++ b/.gitea/workflows/monitor-performance.yml
@@ -80,7 +80,7 @@ jobs:
          fi

      - name: Upload metrics as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: workflow-metrics
          path: /tmp/combined_metrics.json