c06a9ec134
fix: Use internal healthcheck instead of HTTP ping endpoint
...
- Change health check to use docker exec traefik healthcheck
- HTTP ping endpoint requires BasicAuth (401), internal check is more reliable
- Improves health check accuracy in restart-traefik.yml playbook
2025-11-08 18:53:07 +01:00
e047720954
feat: Add Ansible playbook to restart Traefik and verify configuration
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 34s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 11s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 12m24s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 4m10s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Add restart-traefik.yml playbook to restart Traefik container
- Verify Traefik health after restart
- Check for ACME challenge errors in logs
- Display status summary with next steps
- Useful after Traefik configuration changes
2025-11-08 18:47:14 +01:00
06bad20123
fix: Explicitly exclude ACME challenge path from HTTPS redirect
...
- Add explicit exclusion of /.well-known/acme-challenge from catch-all redirect
- Ensures ACME challenges are never redirected to HTTPS
- Traefik handles ACME challenges automatically, but explicit exclusion is safer
2025-11-08 18:46:27 +01:00
3d233e8b2c
fix: Remove redundant ACME challenge router in Traefik configuration
...
- Remove explicit ACME challenge router that had no service defined
- Traefik handles ACME challenges automatically when httpChallenge.entryPoint is set
- The router was interfering with automatic challenge handling
- Fixes 'Cannot retrieve the ACME challenge' errors in Traefik logs
2025-11-08 18:46:01 +01:00
af98069eba
fix: Reduce Gitea runner request frequency to prevent DDoS-like behavior
...
- Increase fetch_interval from 2s to 10s to reduce load on Gitea
- Increase fetch_timeout from 5s to 30s for better error handling
- Add documentation about runner overloading Gitea and how to fix it
- Prevents 504 errors caused by runner bombarding Gitea with requests
2025-11-08 17:56:11 +01:00
52023081ab
fix: Add retry logic to git operations in deploy-application-code.yml
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 30s
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 37s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Runtime Base Image (push) Failing after 13m31s
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
- Add retry logic (5 retries, 10s delay) to git clone and update tasks
- Handle 504 Gateway Timeout errors from Gitea gracefully
- Fail with clear error message if all retries are exhausted
- Prevents workflow failures due to temporary Gitea unavailability
2025-11-08 17:34:59 +01:00
43a06eae4d
docs: Add documentation and playbooks for fixing Gitea runner configuration
...
- Add FIX_RUNNER_CONFIG.md with manual steps to re-register runner
- Add fix-gitea-runner-config.yml to diagnose runner issues
- Add register-gitea-runner.yml to re-register runner via Ansible
- Fixes issue where runner falls back to GitHub on 504 errors
2025-11-08 17:25:22 +01:00
21e7c40c99
feat: Add Ansible playbooks to fix Gitea runner configuration
...
- Add fix-gitea-runner-config.yml to diagnose runner configuration issues
- Add register-gitea-runner.yml to re-register runner with correct Gitea URL
- Check for GitHub URLs in runner configuration (should only use git.michaelschiemer.de)
- Verify .env file has correct GITEA_INSTANCE_URL
- Fixes 504 timeouts caused by runner trying to connect to GitHub fallback
2025-11-08 17:14:19 +01:00
97b0dde75b
feat: Add Ansible playbook to check and restart Gitea
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 30s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 35s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 15s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 14s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m11s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Check Gitea container status
- Check Gitea health endpoint
- Display container logs
- Restart container if unhealthy or not running
- Wait for Gitea to be ready after restart
- Display comprehensive status summary
- Helps diagnose and fix 504 Gateway Timeout issues
2025-11-08 17:03:22 +01:00
891c73d0af
fix: Wait for Docker socket and login to registry before compose up
...
- Change Docker daemon wait from TCP port 2375 to Unix socket /var/run/docker.sock
- Add Docker registry login task before docker compose up
- Ensures authentication is available when pulling images
- Fixes 'no basic auth credentials' error during image pull
2025-11-08 16:53:22 +01:00
294e6721eb
fix: Use immutable operations for Docker daemon config merge
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 55s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 27s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 13s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m26s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Replace append() with list concatenation (+ operator)
- Use combine filter instead of update() method
- Avoids 'unsafe append' error with AnsibleLazyTemplateList
- All operations are now immutable and safe
2025-11-08 16:09:56 +01:00
bf25f088c0
fix: Correct Jinja2 logic for merging insecure registry config
...
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 12s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m11s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 35s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 33s
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
- Fix dictionary update logic in set_fact
- Use list operations before updating dictionary
- Ensures proper JSON structure for Docker daemon.json
2025-11-08 16:06:08 +01:00
dbf7f6e002
fix: Replace shell script with Ansible modules for Docker daemon config
...
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
🚀 Build & Deploy Image / Determine Build Necessity (push) Has been cancelled
- Replace Python heredoc in shell script with native Ansible modules
- Use slurp to read existing daemon.json
- Use set_fact and copy modules to update configuration
- Fixes YAML parsing error with heredoc syntax
- More idempotent and Ansible-native approach
2025-11-08 16:05:53 +01:00
76ec4cf28d
fix: Configure Docker insecure registry and add GIT_BRANCH
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 52s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 51s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 52s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Add Docker daemon configuration to use HTTP for git.michaelschiemer.de:5000 registry
- Configure insecure-registries in /etc/docker/daemon.json
- Add GIT_BRANCH environment variable (staging for staging, main for production)
- Set default GIT_REPOSITORY_URL if not provided
- Fixes 'http: server gave HTTP response to HTTPS client' error
- Fixes missing GIT_BRANCH variable warnings
2025-11-08 16:01:44 +01:00
bfd91fcb61
fix: Add Git variables and improve bool check for image pull
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 28s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 13s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 27s
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m3s
- Add Git repository variables (GIT_REPOSITORY_URL, GIT_TOKEN, GIT_USERNAME, GIT_PASSWORD) to environment
- Load Git variables from vault or defaults
- Add Git variables to .env file creation
- Improve registry_accessible check with 'is defined' guard
- Fixes missing GIT_* environment variable warnings in docker compose
2025-11-08 15:58:09 +01:00
43c36d2687
fix: Fix bool comparison and .env file permissions
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 58s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 34s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 12s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 14s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m6s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Change registry_accessible to string comparison ('true'/'false') instead of bool
- Fix 'argument of type bool is not iterable' error in when conditions
- Set correct owner/group for .env file (ansible_user instead of root)
- Fixes 'permission denied' error when docker compose reads .env file
2025-11-08 15:53:50 +01:00
c1331ae7a7
fix: Add .env file check and environment variables for docker compose
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 30s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 11s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m14s
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 28s
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Fix 'argument of type bool is not iterable' error in image pull task
- Check if .env file exists before docker compose up
- Create minimal .env file if it doesn't exist with required variables
- Load secrets from vault file if available
- Set database and MinIO variables from vault or defaults
- Pass environment variables to docker compose command
- Fixes missing MINIO_ROOT_USER, DB_USERNAME, DB_PASSWORD, SECRETS_DIR errors
2025-11-08 15:49:22 +01:00
333dc04404
fix: Improve registry check and image pull error handling
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 33s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 15s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 14s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m11s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 32s
- Add registry_accessible flag to safely check registry status
- Fix 'argument of type bool is not iterable' error in when conditions
- Only pull image if registry is accessible
- Add ignore_errors to image pull task to prevent failures
- Improves handling of registry connectivity issues
2025-11-08 15:44:50 +01:00
cf8fea322c
fix: Resolve recursive loops and fix registry URL in deploy-image.yml
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 30s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 28s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 12s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m24s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Fix recursive loop in app_name variable
- Set app_name and deploy_image using set_fact tasks
- Replace application_stack_dest with application_code_dest (consistent with other playbooks)
- Change registry URL from HTTP to HTTPS
- Add validate_certs: no for registry accessibility check
- Fixes 'Recursive loop detected' error in image deployment
2025-11-08 15:41:11 +01:00
38af81e2db
fix: Don't start containers in install-composer-dependencies playbook
...
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
🚀 Build & Deploy Image / Determine Build Necessity (push) Has been cancelled
- Remove container start logic - containers should be started by deploy-image.yml
- Add clear error message if container is not running
- Provides helpful instructions for manual container start if needed
2025-11-08 15:35:22 +01:00
ae592c21c7
fix: Add container status check and better error handling
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 56s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 24s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 12s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 15s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m3s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Check if container is running before executing composer
- Start container if not running
- Display detailed error output for debugging
- Fixes composer install failures when container is not running
2025-11-08 15:31:06 +01:00
f0a412a221
fix: Use application code directory for docker-compose files
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 53s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 25s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 12s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 15s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m20s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Change from stacks path to application code directory (/home/deploy/michaelschiemer/current)
- docker-compose files are in the application root, not in deployment/stacks
- Fixes 'no such file or directory' error for docker-compose.base.yml
2025-11-08 15:26:42 +01:00
dd072ded3c
fix: Use correct path for docker-compose files
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 34s
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
- Change stacks_base_path_default from /home/deploy to /home/deploy/deployment/stacks
- Matches actual server directory structure where stacks are located
2025-11-08 15:25:57 +01:00
f7bac92b64
fix: Resolve recursive loop in stacks_base_path variable
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 30s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 11s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 54s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 54s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Use stacks_base_path_default instead of self-reference
- Fixes 'Recursive loop detected' error in install-composer-dependencies playbook
2025-11-08 15:19:37 +01:00
eeaf025fed
fix: Define stacks_base_path variable with default value
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 29s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 13s
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 29s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 52s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Add stacks_base_path variable with default '/home/deploy'
- Fixes 'stacks_base_path is undefined' error in install-composer-dependencies playbook
2025-11-08 15:16:24 +01:00
2e14557b21
fix: Handle case where destination exists but is not a git repo
...
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 13s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 27s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 31s
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 13s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m22s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Check if destination directory exists separately from git repo check
- Remove directory if it exists but is not a git repository
- Prevents 'destination path already exists' error during clone
2025-11-08 15:12:06 +01:00
03f4d90ed0
fix: Remove unsupported owner/group parameters from git module
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 28s
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 28s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 9s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 10s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 43s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- ansible.builtin.git no longer supports owner and group parameters
- Set ownership in separate file task after git operations
- Fixes 'Unsupported parameters' error
2025-11-08 15:08:52 +01:00
2f98c52300
refactor: Simplify git_repo_url logic
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 59s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 26s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 48s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Use single set_fact task with ternary operator
- Cleaner and more efficient than multiple conditional tasks
2025-11-08 15:04:20 +01:00
163460c22e
fix: Use separate variable git_repo_url to avoid recursive loop
...
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
🚀 Build & Deploy Image / Determine Build Necessity (push) Has been cancelled
- Use git_repo_url instead of git_repository_url in tasks
- Set git_repo_url based on whether git_repository_url is provided
- This completely avoids the recursive loop issue
2025-11-08 15:04:04 +01:00
0ab3b6a799
fix: Set git_repository_url using set_fact to avoid recursive loop
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 33s
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been cancelled
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Security Vulnerability Scan / Check for Dependency Changes (push) Has been cancelled
- Use set_fact task to set git_repository_url instead of vars section
- This prevents recursive loop when variable is referenced in tasks
2025-11-08 15:03:09 +01:00
acecc23cec
fix: Resolve recursive loop in git_repository_url variable
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 57s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 11s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 1m7s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 25s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
- Change git_repository_url to use git_repository_url_default instead of self-reference
- Fixes 'Recursive loop detected in template' error in Ansible playbook
2025-11-08 14:59:16 +01:00
95b53c0ab8
test: Verify workflow with ANSIBLE_VAULT_PASSWORD secret
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 25s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 26s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 14s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 11s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 44s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Test commit to verify that workflow can now:
- Use php-ci image with Ansible
- Use ANSIBLE_VAULT_PASSWORD secret for vault decryption
- Successfully deploy to staging
2025-11-08 14:56:35 +01:00
deddb87dcf
test: Trigger workflow by changing deployment path
...
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 50s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 26s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 10s
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 14s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 41s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
This commit changes a file in deployment/ to trigger the build workflow
2025-11-08 14:46:22 +01:00
efa97f8b5d
fix: Build CI images on production server
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 33s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 39s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 17s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Successful in 1m15s
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Failing after 33s
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
- Add build-ci-image-production.sh script for building CI images on production
- Add BUILD_ON_PRODUCTION.md documentation
- Fix Dockerfile to handle optional PECL extensions for PHP 8.5 RC
This fixes the issue where Gitea workflows fail with:
'Error response from daemon: pull access denied for php-ci'
2025-11-08 14:33:59 +01:00
1b9cda6dd3
docs: Add CI image setup documentation
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Failing after 40s
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Determine Build Necessity (push) Successful in 46s
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 1m0s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Successful in 11s
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Successful in 12s
2025-11-08 13:38:46 +01:00
50e58c6ba9
docs: Update deployment status - Gitea repository created, Traefik issues fixed
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 34s
Security Vulnerability Scan / Composer Security Audit (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been cancelled
🚀 Build & Deploy Image / Build Docker Image (push) Has been cancelled
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been cancelled
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been cancelled
🚀 Build & Deploy Image / Determine Build Necessity (push) Has been cancelled
2025-11-08 13:13:42 +01:00
7093693cfb
test: CI/CD pipeline staging test
2025-11-08 11:16:01 +01:00
9e77ac3b42
feat(traefik): Add Gitea service definition for Traefik
...
- Add gitea-service.yml with proper timeout configuration
- Service definition required for Traefik to route to Gitea
- Replaces old gitea.yml file that was removed
2025-11-07 23:24:20 +01:00
e8a26d7807
test: CI/CD pipeline staging test - Redis aktiviert, Bad Gateway dokumentiert
2025-11-07 20:54:44 +01:00
c088d08639
test: CI/CD pipeline staging test - Repository Setup automatisiert
2025-11-07 20:17:35 +01:00
1963b10749
feat: Integrate Ansible playbooks into CI/CD workflows
...
- Add deploy-application-code.yml for Git-based code deployment
- Add install-composer-dependencies.yml for dependency installation
- Add deploy-image.yml for Docker image deployment
- Update build-image.yml to use Ansible playbooks
- Update manual-deploy.yml to use Ansible playbooks
- Add ANSIBLE_VAULT_PASSWORD secret handling
2025-11-07 18:14:11 +01:00
cf903f2582
fix(traefik): update local dev ports and gitea SSH IP
...
- Change Traefik local HTTP port from 8080 to 8081 (conflict with cadvisor)
- Change Traefik dashboard port to 8093 (conflicts with cadvisor, Hyperion)
- Update Gitea SSH service IP from 172.23.0.2 to 172.23.0.3
- Note: Gitea SSH works directly via Docker port mapping in local dev
- Traefik TCP routing only needed for production (host network mode)
2025-11-05 14:51:37 +01:00
95147ff23e
refactor(deployment): Remove WireGuard VPN dependency and restore public service access
...
Remove WireGuard integration from production deployment to simplify infrastructure:
- Remove docker-compose-direct-access.yml (VPN-bound services)
- Remove VPN-only middlewares from Grafana, Prometheus, Portainer
- Remove WireGuard middleware definitions from Traefik
- Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers
All monitoring services now publicly accessible via subdomains:
- grafana.michaelschiemer.de (with Grafana native auth)
- prometheus.michaelschiemer.de (with Basic Auth)
- portainer.michaelschiemer.de (with Portainer native auth)
All services use Let's Encrypt SSL certificates via Traefik.
2025-11-05 12:48:25 +01:00
7c52065aae
feat(traefik): add TCP routing for Gitea SSH port 2222
...
- Add TCP entrypoint 'gitea-ssh' on port 2222 in static config
- Create TCP router configuration for routing SSH traffic to Gitea
- Use Gitea container IP (172.23.0.2) since Traefik runs in host network mode
- Routes git.michaelschiemer.de:2222 through Traefik instead of direct VPN access
2025-11-05 12:12:42 +01:00
aeeed293af
feat(monitoring): Add direct VPN access configuration
...
- Add docker-compose-direct-access.yml for VPN-only admin access
- Configure Portainer on port 9002 (avoid MinIO conflict)
- Add grafana.ini to disable external plugin update checks
- Bind services to 10.8.0.1 (WireGuard VPN gateway)
This configuration enables direct access to admin services via WireGuard VPN
while removing Traefik routing overhead. Services are bound exclusively to
the VPN gateway IP to prevent public access.
2025-11-05 04:42:17 +01:00
f9b8cf9f33
feat: add API Gateway, RapidMail and Shopify integrations, update WireGuard configs, add Redis override and architecture docs
2025-11-04 23:08:17 +01:00
3ed2685e74
feat: add comprehensive framework features and deployment improvements
...
Major additions:
- Storage abstraction layer with filesystem and in-memory implementations
- Gitea API integration with MCP tools for repository management
- Console dialog mode with interactive command execution
- WireGuard VPN DNS fix implementation and documentation
- HTTP client streaming response support
- Router generic result type
- Parameter type validator for framework core
Framework enhancements:
- Console command registry improvements
- Console dialog components
- Method signature analyzer updates
- Route mapper refinements
- MCP server and tool mapper updates
- Queue job chain and dependency commands
- Discovery tokenizer improvements
Infrastructure:
- Deployment architecture documentation
- Ansible playbook updates for WireGuard client regeneration
- Production environment configuration updates
- Docker Compose local configuration updates
- Remove obsolete docker-compose.yml (replaced by environment-specific configs)
Documentation:
- PERMISSIONS.md for access control guidelines
- WireGuard DNS fix implementation details
- Console dialog mode usage guide
- Deployment architecture overview
Testing:
- Multi-purpose attribute tests
- Gitea Actions integration tests (typed and untyped)
2025-11-04 20:39:48 +01:00
02e4dc9338
feat(local-secrets): introduce unified local secrets management and documentation
...
- Add example secret files for `app_key`, `db_user_password`, and `redis_password`.
- Introduce `local.vault.yml.example` for Ansible Vault encryption of local secrets.
- Create migration and setup scripts for transitioning from `.env.local` to secrets files.
- Update `docker-compose.local.yml` to adopt Docker Secrets and `_FILE` pattern for local configurations.
- Add deployment playbooks and enhanced logging configurations for local development.
2025-11-04 11:06:21 +01:00
12afbe874d
refactor(container): simplify Redis pool initialization flow
...
- Remove redundant `$container` parameter in `RedisPoolInitializer` instantiation.
- Streamline container interactions for improved clarity and maintainability.
2025-11-04 02:43:45 +01:00
7a2cb0b63e
fix: staging deployment configuration and redis secrets handling
2025-11-03 00:15:43 +01:00
