michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

Browse Source
This commit is contained in:
Michael Schiemer
2025-10-31 01:39:24 +01:00
parent 55c04e4fd0
commit e26eb2aa12
601 changed files with 44184 additions and 32477 deletions
Download Patch File Download Diff File Expand all files Collapse all files

352
deployment/README.md
View File

@@ -1,218 +1,208 @@
# Custom PHP Framework Deployment System
# Pragmatic Production Deployment Setup
Complete deployment automation system for the Custom PHP Framework with infrastructure provisioning and application deployment.
## Architecture Overview
## Project Information
- **Domain**: michaelschiemer.de
- **Email**: kontakt@michaelschiemer.de
- **PHP Version**: 8.4
- **Framework**: Custom PHP Framework
This deployment setup uses separate Docker Compose stacks for better maintainability and clear separation of concerns.
## 🚀 Quick Start
### Infrastructure Components
```bash
# First-time setup
./setup.sh
```
Production Server (94.16.110.151)
├── Stack 1: Traefik (Reverse Proxy & SSL)
├── Stack 2: Gitea (Git Server + MySQL + Redis)
├── Stack 3: Docker Registry (Private Registry)
├── Stack 4: Application (PHP + Nginx + Redis + Queue Workers)
├── Stack 5: PostgreSQL (Database)
└── Stack 6: Monitoring (Portainer + Grafana + Prometheus)
# Deploy to staging
make deploy-staging
# Deploy to production
make deploy-production
Development Machine
└── Gitea Actions Runner (local, Docker-in-Docker)
```
## Architecture
## Deployment Flow
The deployment system uses a hybrid approach combining:
- **Ansible** for infrastructure provisioning (security, Docker, Nginx, SSL)
- **Docker Compose** for application deployment (PHP 8.4, database, assets)
- **Automation Scripts** for orchestrated deployment workflows
```
Developer → git push
Gitea (Production)
Gitea Actions (Dev Machine)
Build Docker Image
Push to Private Registry
SSH/Ansible → Production Server
docker compose pull
docker compose up -d
```
## Directory Structure
```
deployment/
├── deploy.sh # Main deployment orchestrator
├── setup.sh # First-time environment setup
├── Makefile # Convenient deployment commands
├── docs/ # Documentation
│ ├── QUICKSTART.md # Quick start guide
│ ├── ENVIRONMENTS.md # Environment configuration
│ └── TROUBLESHOOTING.md # Troubleshooting guide
├── infrastructure/ # Ansible infrastructure provisioning
│ ├── inventories/ # Environment-specific inventories
│ ├── development/ # Development inventory
│ ├── staging/ # Staging inventory
│ │ └── production/ # Production inventory
│ ├── roles/ # Reusable Ansible roles
├── base-security/ # Security hardening
│ │ ├── docker-runtime/ # Docker and PHP 8.4 setup
│ │ ├── nginx-proxy/ # Nginx reverse proxy with SSL
│ │ └── monitoring/ # System monitoring
│ ├── playbooks/ # Infrastructure playbooks
│ ├── group_vars/ # Environment variables
│ └── site.yml # Main infrastructure playbook
└── applications/ # Docker Compose application deployment
├── docker-compose.*.yml # Environment overlays
├── environments/ # Environment configurations
│ ├── .env.production.template # Production settings template
│ └── .env.staging.template # Staging settings template
└── scripts/ # Application deployment scripts
├── deploy-app.sh # Main application deployment script
└── health-check.sh # Post-deployment health validation
├── stacks/ # Docker Compose stacks
│ ├── traefik/ # Reverse proxy with SSL
│ ├── gitea/ # Git server
│ ├── registry/ # Private Docker registry
│ ├── application/ # Main PHP application
│ ├── postgres/ # Database
│ └── monitoring/ # Portainer + Grafana + Prometheus
├── ansible/ # Automation playbooks
│ ├── playbooks/ # Deployment automation
│ ├── inventory/ # Server inventory
└── secrets/ # Ansible Vault secrets
├── runner/ # Gitea Actions runner (dev machine)
├── scripts/ # Helper scripts
└── docs/ # Deployment documentation
```
## Features
### 🔒 Security First
- Automated security hardening with fail2ban and UFW firewall
- SSL certificates with Let's Encrypt integration
- IP-based authentication for admin routes
- OWASP security event logging
- Secure password generation and management
### ⚡ Performance Optimized
- PHP 8.4 with OPcache and performance tuning
- Nginx reverse proxy with optimization
- Database connection pooling and query optimization
- Asset optimization with Vite build system
- Health checks and monitoring
### 🛠️ Developer Friendly
- One-command deployment with `make deploy-staging`
- Dry-run mode for testing deployments
- Comprehensive logging and error handling
- Database backups and rollback capabilities
- Multi-environment support
### 🌍 Production Ready
- Zero-downtime deployments
- Automated database migrations
- Health checks and validation
- Emergency stop/restart procedures
- Monitoring and alerting setup
## Available Commands
### Main Deployment Commands
```bash
make deploy-staging # Deploy to staging
make deploy-production # Deploy to production
make deploy-dry ENV=production # Dry run deployment
make infrastructure ENV=staging # Deploy only infrastructure
make application ENV=staging # Deploy only application
```
### Management Commands
```bash
make status ENV=staging # Check deployment status
make health ENV=production # Run health checks
make logs ENV=staging # View application logs
make backup ENV=production # Create database backup
make restore ENV=production # Restore from backup
```
### Configuration Commands
```bash
make init-config # Initialize configuration files
make edit-config ENV=staging # Edit environment configuration
make validate-config ENV=prod # Validate configuration
make show-config ENV=staging # Show safe configuration values
```
### Emergency Commands
```bash
make emergency-stop ENV=staging # Emergency stop all services
make emergency-restart ENV=prod # Emergency restart services
make rollback ENV=production # Emergency rollback
```
## Environment Configuration
The system supports three environments:
- **Development**: Local development with relaxed security
- **Staging**: Pre-production testing with production-like settings
- **Production**: Live production with maximum security and performance
Each environment has its own:
- Docker Compose overlay configuration
- Environment variables file
- Ansible inventory
- SSL certificate configuration
## Deployment Flow
1. **Validation**: Prerequisites, configuration, and test validation
2. **Infrastructure**: Ansible deploys security, Docker, Nginx, SSL
3. **Application**: Docker Compose deploys PHP app, database, assets
4. **Health Checks**: Comprehensive deployment validation
## Safety Features
- **Production Confirmations**: Double confirmation for production deployments
- **Automated Backups**: Database backups before deployment
- **Dry Run Mode**: Test deployments without making changes
- **Health Validation**: Verify deployment success before completion
- **Rollback Capability**: Emergency rollback procedures
- **Error Handling**: Comprehensive error handling and logging
## Getting Started
1. **First-Time Setup**:
### Prerequisites
**Production Server:**
- Docker & Docker Compose installed
- Firewall configured (ports 80, 443, 2222)
- User `deploy` with Docker permissions
- SSH access configured
**Development Machine:**
- Docker & Docker Compose installed
- Ansible installed
- SSH key configured for production server
### Initial Setup
1. **Deploy Infrastructure Stacks (Production)**
```bash
./setup.sh
cd deployment/stacks/traefik && docker compose up -d
cd ../postgres && docker compose up -d
cd ../registry && docker compose up -d
cd ../gitea && docker compose up -d
cd ../monitoring && docker compose up -d
```
2. **Configure Environments**:
2. **Setup Gitea Runner (Development)**
```bash
make init-config
make edit-config ENV=staging
cd deployment/runner
docker compose up -d
```
3. **Test Deployment**:
3. **Deploy Application**
```bash
make deploy-dry ENV=staging
cd deployment/ansible
ansible-playbook -i inventory/production.yml playbooks/deploy-application.yml
```
4. **Deploy to Staging**:
```bash
make deploy-staging
```
## Stack Documentation
5. **Deploy to Production**:
```bash
make deploy-production
```
Each stack has its own README with detailed configuration:
## Documentation
- [Traefik](stacks/traefik/README.md) - Reverse proxy setup
- [Gitea](stacks/gitea/README.md) - Git server configuration
- [Registry](stacks/registry/README.md) - Private registry setup
- [Application](stacks/application/README.md) - Application deployment
- [PostgreSQL](stacks/postgres/README.md) - Database configuration
- [Monitoring](stacks/monitoring/README.md) - Monitoring stack
- [**Quick Start Guide**](docs/QUICKSTART.md) - Get up and running quickly
- [**Environment Configuration**](docs/ENVIRONMENTS.md) - Detailed environment setup
- [**Troubleshooting Guide**](docs/TROUBLESHOOTING.md) - Common issues and solutions
## Deployment Commands
## Migration from Old System
### Manual Deployment
```bash
./scripts/deploy.sh
```
The old deployment configurations have been preserved in `.deployment-backup/` for reference. The new system provides:
### Rollback to Previous Version
```bash
./scripts/rollback.sh
```
- **Improved Security**: Modern security practices and automated hardening
- **Better Organization**: Clear separation between infrastructure and application
- **Enhanced Automation**: One-command deployments with comprehensive validation
- **Multi-Environment**: Proper staging and production environment management
- **Modern Stack**: PHP 8.4, latest Docker practices, and optimized configurations
### Update Specific Stack
```bash
cd stacks/<stack-name>
docker compose pull
docker compose up -d
```
## CI/CD Pipeline
The CI/CD pipeline is defined in `.gitea/workflows/deploy.yml` and runs on push to main branch:
1. **Build Stage**: Build Docker image
2. **Push Stage**: Push to private registry
3. **Deploy Stage**: Deploy to production via Ansible
## Monitoring
Access monitoring tools:
- **Portainer**: https://portainer.yourdomain.com
- **Grafana**: https://grafana.yourdomain.com
- **Prometheus**: https://prometheus.yourdomain.com
## Backup & Recovery
### Automated Backups
- **PostgreSQL**: Daily backups with 7-day retention
- **Gitea Data**: Weekly backups
- **Registry Images**: On-demand backups
### Manual Backup
```bash
ansible-playbook -i inventory/production.yml playbooks/backup.yml
```
### Restore from Backup
```bash
ansible-playbook -i inventory/production.yml playbooks/restore.yml
```
## Security
- All external services behind Traefik with HTTPS
- Private registry with BasicAuth
- Secrets managed via Ansible Vault
- Regular security updates via Watchtower
## Troubleshooting
### Check Stack Health
```bash
cd stacks/<stack-name>
docker compose ps
docker compose logs -f
```
### Check Service Connectivity
```bash
curl -I https://app.yourdomain.com
docker network inspect traefik-public
```
### View Logs
```bash
# Application logs
docker compose -f stacks/application/docker-compose.yml logs -f app-php
# Traefik logs
docker compose -f stacks/traefik/docker-compose.yml logs -f
```
## Support
For deployment issues or questions:
1. Check the [Troubleshooting Guide](docs/TROUBLESHOOTING.md)
2. Run diagnostics: `make status ENV=your-environment`
3. Review logs: `make logs ENV=your-environment`
4. Test with dry-run: `make deploy-dry ENV=your-environment`
For issues and questions, see:
- [Troubleshooting Guide](docs/troubleshooting.md)
- [FAQ](docs/faq.md)
- [Migration Guide](docs/migration.md)
---
## Migration from Docker Swarm
**Domain**: michaelschiemer.de | **Email**: kontakt@michaelschiemer.de | **PHP**: 8.4
See [Migration Guide](docs/migration-from-swarm.md) for detailed instructions on migrating from the old Docker Swarm setup.
## License
This deployment configuration is part of the Custom PHP Framework project.