apix/apix-mvp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ops: add CI/CD pipeline, a/b rolling deploy, Gitea Actions workflow
Deploy to Production / deploy (push) Failing after 10s
Details

Browse Source 
- .gitea/workflows/deploy.yml — push-to-main triggers rolling deploy
- scripts/deploy-bluegreen.sh — a-stack then b-stack restart; Maven runs
  in Docker (no JDK needed on runner host); Caddy reload at end
- scripts/deploy-all.ps1 — emergency manual deploy from dev machine
- infra/docker-compose.yml — a/b pairs per service; wget health checks;
  Gitea service; Prometheus/Grafana/DB ports restricted to localhost
- infra/Caddyfile — dual upstreams with health-based routing
- infra/Dockerfile.* — one per service
- infra/prometheus.yml + grafana provisioning

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Carsten Rehfeld
2026-05-14 14:01:12 +02:00
parent 5156089152
commit 82f0ac6007
72 changed files with 4715 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra/Caddyfile
+60
View File
@@ -0,0 +1,60 @@
www.api-index.org {
reverse_proxy portal-a:8081 portal-b:8081 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
api-index.org {
reverse_proxy registry-a:8180 registry-b:8180 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
-Server
}
log {
output file /var/log/caddy/api-index.log
format json
}
}
demo.api-index.org {
reverse_proxy demo-a:8083 demo-b:8083 {
lb_policy first
health_uri /q/health/live
health_interval 5s
fail_duration 30s
}
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
header X-Content-Type-Options "nosniff"
header -Server
}
git.api-index.org {
reverse_proxy gitea:3001
header Strict-Transport-Security "max-age=31536000; includeSubDomains"
header -Server
}
# grafana.api-index.org — access via SSH tunnel for now:
# ssh -L 3000:localhost:3000 deploy@204.168.156.179
# Uncomment when DNS record is added and bcrypt hash is generated:
# caddy hash-password --plaintext <password>
# grafana.api-index.org {
# basic_auth {
# admin $2a$14$REPLACE_WITH_BCRYPT_HASH
# }
# reverse_proxy grafana:3000
# header Strict-Transport-Security "max-age=31536000; includeSubDomains"
# }