2f98c52300
refactor: Simplify git_repo_url logic
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 59s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 26s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 48s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Use single set_fact task with ternary operator
- Cleaner and more efficient than multiple conditional tasks
2025-11-08 15:04:20 +01:00
163460c22e
fix: Use separate variable git_repo_url to avoid recursive loop
...
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
🚀 Build & Deploy Image / Determine Build Necessity (push) Has been cancelled
- Use git_repo_url instead of git_repository_url in tasks
- Set git_repo_url based on whether git_repository_url is provided
- This completely avoids the recursive loop issue
2025-11-08 15:04:04 +01:00
0ab3b6a799
fix: Set git_repository_url using set_fact to avoid recursive loop
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 33s
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
- Use set_fact task to set git_repository_url instead of vars section
- This prevents recursive loop when variable is referenced in tasks
2025-11-08 15:03:09 +01:00
acecc23cec
fix: Resolve recursive loop in git_repository_url variable
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 57s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 11s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m7s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 25s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
- Change git_repository_url to use git_repository_url_default instead of self-reference
- Fixes 'Recursive loop detected in template' error in Ansible playbook
2025-11-08 14:59:16 +01:00
95b53c0ab8
test: Verify workflow with ANSIBLE_VAULT_PASSWORD secret
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 25s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 26s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 14s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 11s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 44s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Test commit to verify that workflow can now:
- Use php-ci image with Ansible
- Use ANSIBLE_VAULT_PASSWORD secret for vault decryption
- Successfully deploy to staging
2025-11-08 14:56:35 +01:00
deddb87dcf
test: Trigger workflow by changing deployment path
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 50s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 26s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 14s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 41s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
This commit changes a file in deployment/ to trigger the build workflow
2025-11-08 14:46:22 +01:00
efa97f8b5d
fix: Build CI images on production server
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 33s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 39s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 17s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Successful in 1m15s
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Failing after 33s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Add build-ci-image-production.sh script for building CI images on production
- Add BUILD_ON_PRODUCTION.md documentation
- Fix Dockerfile to handle optional PECL extensions for PHP 8.5 RC
This fixes the issue where Gitea workflows fail with:
'Error response from daemon: pull access denied for php-ci'
2025-11-08 14:33:59 +01:00
1b9cda6dd3
docs: Add CI image setup documentation
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 40s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 46s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 1m0s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 11s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
2025-11-08 13:38:46 +01:00
50e58c6ba9
docs: Update deployment status - Gitea repository created, Traefik issues fixed
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 34s
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
🚀 Build & Deploy Image / Determine Build Necessity (push) Has been cancelled
2025-11-08 13:13:42 +01:00
7093693cfb
test: CI/CD pipeline staging test
2025-11-08 11:16:01 +01:00
9e77ac3b42
feat(traefik): Add Gitea service definition for Traefik
...
- Add gitea-service.yml with proper timeout configuration
- Service definition required for Traefik to route to Gitea
- Replaces old gitea.yml file that was removed
2025-11-07 23:24:20 +01:00
e8a26d7807
test: CI/CD pipeline staging test - Redis aktiviert, Bad Gateway dokumentiert
2025-11-07 20:54:44 +01:00
c088d08639
test: CI/CD pipeline staging test - Repository Setup automatisiert
2025-11-07 20:17:35 +01:00
1963b10749
feat: Integrate Ansible playbooks into CI/CD workflows
...
- Add deploy-application-code.yml for Git-based code deployment
- Add install-composer-dependencies.yml for dependency installation
- Add deploy-image.yml for Docker image deployment
- Update build-image.yml to use Ansible playbooks
- Update manual-deploy.yml to use Ansible playbooks
- Add ANSIBLE_VAULT_PASSWORD secret handling
2025-11-07 18:14:11 +01:00
cf903f2582
fix(traefik): update local dev ports and gitea SSH IP
...
- Change Traefik local HTTP port from 8080 to 8081 (conflict with cadvisor)
- Change Traefik dashboard port to 8093 (conflicts with cadvisor, Hyperion)
- Update Gitea SSH service IP from 172.23.0.2 to 172.23.0.3
- Note: Gitea SSH works directly via Docker port mapping in local dev
- Traefik TCP routing only needed for production (host network mode)
2025-11-05 14:51:37 +01:00
95147ff23e
refactor(deployment): Remove WireGuard VPN dependency and restore public service access
...
Remove WireGuard integration from production deployment to simplify infrastructure:
- Remove docker-compose-direct-access.yml (VPN-bound services)
- Remove VPN-only middlewares from Grafana, Prometheus, Portainer
- Remove WireGuard middleware definitions from Traefik
- Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers
All monitoring services now publicly accessible via subdomains:
- grafana.michaelschiemer.de (with Grafana native auth)
- prometheus.michaelschiemer.de (with Basic Auth)
- portainer.michaelschiemer.de (with Portainer native auth)
All services use Let's Encrypt SSL certificates via Traefik.
2025-11-05 12:48:25 +01:00
7c52065aae
feat(traefik): add TCP routing for Gitea SSH port 2222
...
- Add TCP entrypoint 'gitea-ssh' on port 2222 in static config
- Create TCP router configuration for routing SSH traffic to Gitea
- Use Gitea container IP (172.23.0.2) since Traefik runs in host network mode
- Routes git.michaelschiemer.de:2222 through Traefik instead of direct VPN access
2025-11-05 12:12:42 +01:00
aeeed293af
feat(monitoring): Add direct VPN access configuration
...
- Add docker-compose-direct-access.yml for VPN-only admin access
- Configure Portainer on port 9002 (avoid MinIO conflict)
- Add grafana.ini to disable external plugin update checks
- Bind services to 10.8.0.1 (WireGuard VPN gateway)
This configuration enables direct access to admin services via WireGuard VPN
while removing Traefik routing overhead. Services are bound exclusively to
the VPN gateway IP to prevent public access.
2025-11-05 04:42:17 +01:00
f9b8cf9f33
feat: add API Gateway, RapidMail and Shopify integrations, update WireGuard configs, add Redis override and architecture docs
2025-11-04 23:08:17 +01:00
3ed2685e74
feat: add comprehensive framework features and deployment improvements
...
Major additions:
- Storage abstraction layer with filesystem and in-memory implementations
- Gitea API integration with MCP tools for repository management
- Console dialog mode with interactive command execution
- WireGuard VPN DNS fix implementation and documentation
- HTTP client streaming response support
- Router generic result type
- Parameter type validator for framework core
Framework enhancements:
- Console command registry improvements
- Console dialog components
- Method signature analyzer updates
- Route mapper refinements
- MCP server and tool mapper updates
- Queue job chain and dependency commands
- Discovery tokenizer improvements
Infrastructure:
- Deployment architecture documentation
- Ansible playbook updates for WireGuard client regeneration
- Production environment configuration updates
- Docker Compose local configuration updates
- Remove obsolete docker-compose.yml (replaced by environment-specific configs)
Documentation:
- PERMISSIONS.md for access control guidelines
- WireGuard DNS fix implementation details
- Console dialog mode usage guide
- Deployment architecture overview
Testing:
- Multi-purpose attribute tests
- Gitea Actions integration tests (typed and untyped)
2025-11-04 20:39:48 +01:00
02e4dc9338
feat(local-secrets): introduce unified local secrets management and documentation
...
- Add example secret files for `app_key`, `db_user_password`, and `redis_password`.
- Introduce `local.vault.yml.example` for Ansible Vault encryption of local secrets.
- Create migration and setup scripts for transitioning from `.env.local` to secrets files.
- Update `docker-compose.local.yml` to adopt Docker Secrets and `_FILE` pattern for local configurations.
- Add deployment playbooks and enhanced logging configurations for local development.
2025-11-04 11:06:21 +01:00
12afbe874d
refactor(container): simplify Redis pool initialization flow
...
- Remove redundant `$container` parameter in `RedisPoolInitializer` instantiation.
- Streamline container interactions for improved clarity and maintainability.
2025-11-04 02:43:45 +01:00
7a2cb0b63e
fix: staging deployment configuration and redis secrets handling
2025-11-03 00:15:43 +01:00
77c656af62
feat(deployment): update Semaphore stack and Traefik configuration
...
- Add QUICKSTART.md and SETUP_REPOSITORY.md for Semaphore stack
- Add playbooks directory for Semaphore deployment
- Update Semaphore docker-compose.yml, env.example, and README
- Add Traefik local configuration files
- Disable semaphore.yml in Traefik dynamic config
- Update docker-compose.local.yml and build-image workflow
2025-11-02 22:55:51 +01:00
6b633996a1
chore: remove acme.json from repository and add to .gitignore
2025-11-02 20:55:33 +01:00
516b7a847a
feat(deployment): add manual deploy workflow and update semaphore configuration
2025-11-02 20:53:10 +01:00
a5cd49bde7
feat(deployment): update semaphore configuration and deployment workflows
2025-11-02 20:46:18 +01:00
24cbbccf4c
feat: update deployment configuration and encrypted env loader
...
- Update Ansible playbooks and roles for application deployment
- Add new Gitea/Traefik troubleshooting playbooks
- Update Docker Compose configurations (base, local, staging, production)
- Enhance EncryptedEnvLoader with improved error handling
- Add deployment scripts (autossh setup, migration, secret testing)
- Update CI/CD workflows and documentation
- Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
7b7f0b41d2
chore: update VPN routing configuration and add Grafana VPN documentation
2025-11-02 18:10:04 +01:00
8344032fb6
feat: add Redis connection diagnostics, VPN routing fixes, and Traefik middleware updates
2025-11-02 15:58:30 +01:00
edcf509a4f
feat: add PHP ini management system and update infrastructure configs
...
- Add PHP ini management classes (Access, IniDirective, IniKey, PhpIni)
- Update deployment configurations (Wireguard, Traefik, Monitoring)
- Add DNS stack and Ansible role
- Add deployment debugging playbooks
- Update framework components (FilePath, RedisConnectionPool)
- Update .gitignore and documentation
2025-11-02 15:29:41 +01:00
871c5b842b
fix: ensure redis secrets flow from vault
2025-11-02 04:27:12 +01:00
e598309c48
feat: improve WireGuard client management and framework initialization
...
- Improve WireGuard client IP calculation logic (find next available IP)
- Add local wireguard-clients directory for storing client configs
- Integrate Redis pool into CacheInitializer
- Improve ContainerBootstrapper with better imports and Redis pool
- Add monitoring role tags for better task organization
- Update WireGuard documentation
- Store generated WireGuard client configs locally
2025-11-02 03:29:23 +01:00
4cec6dd8a0
fix: improve Redis connection error messages and add staging troubleshooting playbooks
...
- Improve Redis connection error message to include password info
- Add Ansible playbooks for staging 502 error troubleshooting
- check-staging-status.yml: Check nginx logs and upstream config
- fix-staging-502-verify.yml: Fix and verify nginx upstream configuration
2025-11-02 02:16:12 +01:00
cf0ad6e905
refactor: improve logging system and add deployment fixes
...
- Enhance logging handlers (Console, DockerJson, File, JsonFile, MultiFile)
- Improve exception and line formatters
- Update logger initialization and processor management
- Add Ansible playbooks for staging 502 error troubleshooting
- Update deployment documentation
- Fix serializer and queue components
- Update error kernel and queued log handler
2025-11-02 01:37:49 +01:00
2defdf2baf
chore: update staging branch with current changes
2025-11-02 00:05:26 +01:00
a52142f304
chore: Update Dockerfiles, Makefile and documentation
...
- Updated Dockerfile.production
- Updated Makefile
- Updated deployment documentation
- Updated docker/ci/Dockerfile, docker/php/Dockerfile, docker/worker/Dockerfile
- Updated dependency scanning documentation
- Added git-hooks documentation
2025-11-01 21:16:03 +01:00
8381651876
fix: Korrigiere Nginx PHP-FPM Upstream-Konfiguration für Staging
...
- Fix upstream configuration in staging-nginx container
- Verbessere sed-Befehle zur automatischen Korrektur der PHP-FPM Upstream-Definition
- Behebt 502 Bad Gateway Fehler durch korrekte Verbindung zu staging-app:9000
2025-11-01 20:43:42 +01:00
2d99a23286
feat: add system maintenance automation
2025-11-01 19:56:42 +01:00
b76064d94a
fix: stabilise staging sync
2025-11-01 19:42:27 +01:00
5a79646daf
chore: sync staging workspace
2025-11-01 19:02:09 +01:00
46f17c5164
fix: staging-app should only run PHP-FPM (not nginx) + fix git ownership warnings
2025-11-01 16:03:22 +01:00
8c7bbec8b7
fix: Correct staging-internal network configuration
...
Remove external: false and name specification to let Docker Compose
create the network automatically
2025-10-31 23:58:14 +01:00
77b2dc5dd7
feat: Add staging environment setup
...
- Create staging stack with separate containers and volumes
- Configure staging.michaelschiemer.de subdomain routing
- Add deploy-staging.yml workflow for auto-deployment
- Extend build-image.yml to support staging branch
- Separate Redis instance and network for staging
- Staging uses staging branch by default
Features:
- Auto-deploy: Push to staging branch → build → deploy to staging
- Separate from production: Different containers, volumes, networks
- Shared Traefik: Uses same SSL certificates (*.michaelschiemer.de)
- Testing environment before production deployment
2025-10-31 23:52:30 +01:00
dd5c1687e3
fix: Update nginx upstream name from php-fpm to php-upstream
...
Ensure consistency with nginx base image configuration
2025-10-31 23:38:13 +01:00
01fcd690e2
feat: Shared code volume for nginx and app containers
...
- Add app-code volume to both nginx and app containers
- App container clones code once into shared volume
- Nginx container uses shared volume (read-only) and waits for code
- Update entrypoint.sh to handle storage-preserving git clone
- Fix nginx configuration to use app:9000 for PHP-FPM
This eliminates duplicate code cloning and ensures both containers
always use the same code version from the shared volume.
2025-10-31 23:37:29 +01:00
16d586ecdf
chore: Update deployment configuration and documentation
...
- Update Gitea configuration (remove DEFAULT_ACTIONS_URL)
- Fix deployment documentation
- Update Ansible playbooks
- Clean up deprecated files
- Add new deployment scripts and templates
2025-10-31 21:11:11 +01:00
891508f47c
Fix: Ansible group_vars werden jetzt automatisch geladen
...
- Erstelle Symlink für inventory/group_vars/production.yml
- Ansible lädt group_vars automatisch, wenn sie neben der Inventory-Datei liegen
- Entferne manuelle include_vars Aufrufe (werden später bereinigt)
- Test: Production Deployment Workflow
2025-10-31 20:11:40 +01:00
e463f074f2
Fix: docker-dind insecure-registry Konfiguration für HTTP-Registry
...
- Fügt insecure-registry Flags für 94.16.110.151:5000 hinzu
- Erlaubt HTTP-Zugriff auf Registry ohne SSL-Zertifikatsprüfung
2025-10-31 18:09:09 +01:00
8b181a5ea2
Fix: docker-dind Zugriff auf traefik-public Netzwerk
...
- docker-dind erhält Zugriff auf traefik-public Netzwerk
- Job-Container können Registry über Container-Namen 'registry:5000' erreichen
- Workflow testet jetzt auch Container-Namen als Registry-URL
2025-10-31 17:52:28 +01:00
