Michael Schiemer
36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Remove middleware reference from Gitea Traefik labels (caused routing issues) - Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s) - Add explicit service reference in Traefik labels - Fix intermittent 504 timeouts by improving PostgreSQL connection handling Fixes Gitea unreachability via git.michaelschiemer.de
117 lines
4.4 KiB
YAML
117 lines
4.4 KiB
YAML
---
|
|
# Source path for production stack files on the control node
|
|
# Use playbook_dir as base, then go to ../stacks/production
|
|
# This assumes playbooks are in deployment/ansible/playbooks
|
|
# Note: Use ~ for string concatenation in Jinja2 templates
|
|
# Note: Don't use application_stack_src in the default chain to avoid recursion
|
|
application_stack_src: "{{ (playbook_dir | default(role_path + '/..') | dirname | dirname | dirname) ~ '/stacks/production' }}"
|
|
|
|
# Destination path on the target host (defaults to configured app_stack_path)
|
|
# Note: Don't use application_stack_dest in the default chain to avoid recursion
|
|
# Note: Use ~ for string concatenation in Jinja2 templates
|
|
application_stack_dest: "{{ app_stack_path | default((stacks_base_path | default('/home/deploy/deployment/stacks')) ~ '/production') }}"
|
|
|
|
# Template used to generate the application .env file
|
|
application_env_template: "{{ role_path }}/../../templates/application.env.j2"
|
|
|
|
# Optional vault file containing secrets (loaded if present)
|
|
application_vault_file: "{{ role_path }}/../../secrets/production.vault.yml"
|
|
|
|
# Whether to synchronize stack files from repository
|
|
application_sync_files: true
|
|
|
|
# Compose recreate strategy ("auto", "always", "never")
|
|
application_compose_recreate: "auto"
|
|
|
|
# Whether to remove orphaned containers during compose up
|
|
application_remove_orphans: false
|
|
|
|
# Whether to run database migrations after (re)deploying the stack
|
|
application_run_migrations: true
|
|
|
|
# Optional health check URL to verify after deployment
|
|
application_healthcheck_url: "{{ health_check_url | default('') }}"
|
|
|
|
# Timeout used for waits in this role
|
|
application_wait_timeout: "{{ wait_timeout | default(60) }}"
|
|
application_wait_interval: 5
|
|
|
|
# Command executed inside the app container to run migrations
|
|
application_migration_command: "php console.php db:migrate"
|
|
|
|
# Environment (production, staging, local)
|
|
# Determines which compose files to use and service names
|
|
application_environment: "{{ APP_ENV | default('production') }}"
|
|
|
|
# Compose file suffix based on environment
|
|
application_compose_suffix: "{{ 'staging.yml' if application_environment == 'staging' else 'production.yml' }}"
|
|
|
|
# Service names based on environment
|
|
application_service_name: "{{ 'staging-app' if application_environment == 'staging' else 'php' }}"
|
|
application_php_service_name: "{{ application_service_name }}"
|
|
|
|
# Code Deployment Configuration
|
|
application_code_dest: "/home/deploy/michaelschiemer/current"
|
|
application_deployment_method: "git" # Options: git, rsync
|
|
application_git_repository_url_default: "https://git.michaelschiemer.de/michael/michaelschiemer.git"
|
|
application_git_branch: "{{ 'staging' if application_environment == 'staging' else 'main' }}"
|
|
application_git_retries: 5
|
|
application_git_retry_delay: 10
|
|
application_rsync_source: "{{ playbook_dir | default('') | dirname | dirname | dirname }}"
|
|
application_rsync_opts:
|
|
- "--chmod=D755,F644"
|
|
- "--exclude=.git"
|
|
- "--exclude=.gitignore"
|
|
- "--exclude=node_modules"
|
|
- "--exclude=vendor"
|
|
- "--exclude=.env"
|
|
- "--exclude=.env.*"
|
|
- "--exclude=*.log"
|
|
- "--exclude=.idea"
|
|
- "--exclude=.vscode"
|
|
- "--exclude=.DS_Store"
|
|
- "--exclude=*.swp"
|
|
- "--exclude=*.swo"
|
|
- "--exclude=*~"
|
|
- "--exclude=.phpunit.result.cache"
|
|
- "--exclude=coverage"
|
|
- "--exclude=.phpunit.cache"
|
|
- "--exclude=public/assets"
|
|
- "--exclude=storage/logs"
|
|
- "--exclude=storage/framework/cache"
|
|
- "--exclude=storage/framework/sessions"
|
|
- "--exclude=storage/framework/views"
|
|
- "--exclude=deployment"
|
|
- "--exclude=docker"
|
|
- "--exclude=.deployment-archive-*"
|
|
- "--exclude=docs"
|
|
- "--exclude=tests"
|
|
application_php_scripts:
|
|
- worker.php
|
|
- console.php
|
|
application_critical_files:
|
|
- worker.php
|
|
- console.php
|
|
- composer.json
|
|
|
|
# Composer Configuration
|
|
application_restart_workers_after_composer: true
|
|
|
|
# Container Management Configuration
|
|
application_container_action: "fix" # Options: fix, fix-web, recreate, recreate-with-env, sync-recreate
|
|
application_container_target_services: "queue-worker scheduler"
|
|
application_container_status_services: "queue-worker web scheduler php"
|
|
application_container_stabilize_wait: 5
|
|
|
|
# Health Check Configuration
|
|
application_health_check_logs_tail: 20
|
|
application_health_check_final: false
|
|
application_show_status: true
|
|
|
|
# Logs Configuration
|
|
application_logs_tail: 50
|
|
application_logs_check_vendor: true
|
|
application_logs_check_permissions: true
|
|
application_logs_check_files: true
|
|
application_logs_list_files: false
|