From dc2046cc1ab104856ee530aae0d8f943e11e97e1 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 12:19:44 +0500 Subject: [PATCH 01/22] feat: add CI/CD workflow for building and deploying application with Docker --- .gitea/workflows/build.yml | 46 +++++++++++++++++++ docker-compose.yml => docker-compose-ci.yml | 0 docker-compose-dev.yml | 51 +++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 .gitea/workflows/build.yml rename docker-compose.yml => docker-compose-ci.yml (100%) create mode 100644 docker-compose-dev.yml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml new file mode 100644 index 0000000..e1f7440 --- /dev/null +++ b/.gitea/workflows/build.yml @@ -0,0 +1,46 @@ +name: Build and deploy + +on: + push: + branches: "**" + workflow-dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Build and push app + run: | + docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile ./app + docker push $ {{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + + deploy: + runs-on: ubuntu-latest + needs: build + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Instasll SSH key + uses: webfactory/ssh-agent@v.0.9.0 + with: + ssh-private-key: $ {{ secrets.DEPLOY_SSH_KEY }} + + - name: Add host to known_hosts + run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts + + - name: Deploy docker-compose-ci.yml + run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml + + - name: Restart services: + run: | + ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' + echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin + docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + cd /srv/app + docker compose up -d --force-recreate + docker image prune -f + EOF \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose-ci.yml similarity index 100% rename from docker-compose.yml rename to docker-compose-ci.yml diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml new file mode 100644 index 0000000..1ecc8a2 --- /dev/null +++ b/docker-compose-dev.yml @@ -0,0 +1,51 @@ +services: + app: + build: + context: . + dockerfile: app/Dockerfile + command: uvicorn app.main:app --host 0.0.0.0 --port 8000 + env_file: + - .env + environment: + PROJECT_NAME: ${PROJECT_NAME} + VERSION: ${VERSION} + API_V1_PREFIX: ${API_V1_PREFIX} + DB_HOST: ${DB_HOST:-postgres} + DB_PORT: ${DB_PORT} + DB_NAME: ${DB_NAME} + DB_USER: ${DB_USER} + DB_PASSWORD: ${DB_PASSWORD} + SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO} + JWT_SECRET_KEY: ${JWT_SECRET_KEY} + JWT_ALGORITHM: ${JWT_ALGORITHM} + ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES} + REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS} + REDIS_ENABLED: ${REDIS_ENABLED} + REDIS_URL: ${REDIS_URL:-redis://redis:6379/0} + ANALYTICS_CACHE_TTL_SECONDS: ${ANALYTICS_CACHE_TTL_SECONDS} + ANALYTICS_CACHE_BACKOFF_MS: ${ANALYTICS_CACHE_BACKOFF_MS} + ports: + - "8000:8000" + depends_on: + - postgres + - redis + + postgres: + image: postgres:16-alpine + environment: + POSTGRES_DB: ${DB_NAME} + POSTGRES_USER: ${DB_USER} + POSTGRES_PASSWORD: ${DB_PASSWORD} + volumes: + - postgres_data:/var/lib/postgresql/data + ports: + - "5432:5432" + + redis: + image: redis:7-alpine + command: redis-server --save "" --appendonly no + ports: + - "6379:6379" + +volumes: + postgres_data: From ecc23321ba7cab83f852242e81f6dd93722be495 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 12:20:36 +0500 Subject: [PATCH 02/22] fix: comment out branches filter in build workflow trigger --- .gitea/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index e1f7440..da8ded9 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -2,7 +2,7 @@ name: Build and deploy on: push: - branches: "**" + # branches: "**" workflow-dispatch: jobs: From a06a6eb83409847f6b180ea38268f45f557a7fe9 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 12:22:13 +0500 Subject: [PATCH 03/22] fix: correct workflow_dispatch syntax in build configuration --- .gitea/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index da8ded9..8b15461 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -3,7 +3,7 @@ name: Build and deploy on: push: # branches: "**" - workflow-dispatch: + workflow_dispatch: jobs: build: From 4bdc57589229c04a158c3ba716ca1e2570054299 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 12:32:08 +0500 Subject: [PATCH 04/22] fix: remove extra spaces in docker push command and SSH key configuration --- .gitea/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 8b15461..5a54203 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -15,7 +15,7 @@ jobs: - name: Build and push app run: | docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile ./app - docker push $ {{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + docker push ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app deploy: runs-on: ubuntu-latest @@ -27,7 +27,7 @@ jobs: - name: Instasll SSH key uses: webfactory/ssh-agent@v.0.9.0 with: - ssh-private-key: $ {{ secrets.DEPLOY_SSH_KEY }} + ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} - name: Add host to known_hosts run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts From 276c40ce6ce0eb80538de59b9b27373f88215047 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 12:33:28 +0500 Subject: [PATCH 05/22] fix: add missing login step for Docker registry and correct SSH agent version --- .gitea/workflows/build.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 5a54203..eb28f4d 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -12,6 +12,9 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Login to registry + run: echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin + - name: Build and push app run: | docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile ./app @@ -25,7 +28,7 @@ jobs: uses: actions/checkout@v4 - name: Instasll SSH key - uses: webfactory/ssh-agent@v.0.9.0 + uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} From b9c77f276621012701c2813b23af20c5018d5484 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 17:44:34 +0500 Subject: [PATCH 06/22] fix: uncomment branches filter in build workflow trigger --- .gitea/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index eb28f4d..a80a712 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -2,7 +2,8 @@ name: Build and deploy on: push: - # branches: "**" + branches: + - "**" workflow_dispatch: jobs: From d35bc3cc6c4f305096bdb3fdd288735a2feef92e Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 17:45:10 +0500 Subject: [PATCH 07/22] fix: remove colon from 'Restart services' step in build workflow --- .gitea/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index a80a712..04db55f 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -39,7 +39,7 @@ jobs: - name: Deploy docker-compose-ci.yml run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml - - name: Restart services: + - name: Restart services run: | ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin From 3f071a7f36b44ca22b36f88f5ffc8be315990703 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 19:24:56 +0500 Subject: [PATCH 08/22] fix: correct Docker build context path in build workflow --- .gitea/workflows/build.yml | 48 +++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 04db55f..0c45658 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -18,33 +18,33 @@ jobs: - name: Build and push app run: | - docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile ./app + docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile . docker push ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app - deploy: - runs-on: ubuntu-latest - needs: build - steps: - - name: Checkout - uses: actions/checkout@v4 + # deploy: + # runs-on: ubuntu-latest + # needs: build + # steps: + # - name: Checkout + # uses: actions/checkout@v4 - - name: Instasll SSH key - uses: webfactory/ssh-agent@v0.9.0 - with: - ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + # - name: Instasll SSH key + # uses: webfactory/ssh-agent@v0.9.0 + # with: + # ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} - - name: Add host to known_hosts - run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts + # - name: Add host to known_hosts + # run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts - - name: Deploy docker-compose-ci.yml - run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml + # - name: Deploy docker-compose-ci.yml + # run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml - - name: Restart services - run: | - ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' - echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin - docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app - cd /srv/app - docker compose up -d --force-recreate - docker image prune -f - EOF \ No newline at end of file + # - name: Restart services + # run: | + # ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' + # echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin + # docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + # cd /srv/app + # docker compose up -d --force-recreate + # docker image prune -f + # EOF \ No newline at end of file From e1b15f57a05c5f4a612a0e4a5a87fe28aba12cfe Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 19:32:12 +0500 Subject: [PATCH 09/22] fix: update build and deploy steps in workflow and refine docker-compose configuration --- .gitea/workflows/build.yml | 46 +++++++++++++++++++------------------- docker-compose-ci.yml | 15 +++++-------- 2 files changed, 28 insertions(+), 33 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 0c45658..da86e98 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -21,30 +21,30 @@ jobs: docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile . docker push ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app - # deploy: - # runs-on: ubuntu-latest - # needs: build - # steps: - # - name: Checkout - # uses: actions/checkout@v4 + deploy: + runs-on: ubuntu-latest + needs: build + steps: + - name: Checkout + uses: actions/checkout@v4 - # - name: Instasll SSH key - # uses: webfactory/ssh-agent@v0.9.0 - # with: - # ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + - name: Instasll SSH key + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} - # - name: Add host to known_hosts - # run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts + - name: Add host to known_hosts + run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts - # - name: Deploy docker-compose-ci.yml - # run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml + - name: Deploy docker-compose-ci.yml + run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml - # - name: Restart services - # run: | - # ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' - # echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin - # docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app - # cd /srv/app - # docker compose up -d --force-recreate - # docker image prune -f - # EOF \ No newline at end of file + - name: Restart services + run: | + ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' + echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin + docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + cd /srv/app + docker compose up -d --force-recreate + docker image prune -f + EOF \ No newline at end of file diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index 1ecc8a2..cfaa6ca 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -1,8 +1,8 @@ +version: '3.9' + services: app: - build: - context: . - dockerfile: app/Dockerfile + image: https://${{ GIT_HOST }}/${{ GIT_USER }}/${{ GIT_REPO }}:app command: uvicorn app.main:app --host 0.0.0.0 --port 8000 env_file: - .env @@ -10,7 +10,7 @@ services: PROJECT_NAME: ${PROJECT_NAME} VERSION: ${VERSION} API_V1_PREFIX: ${API_V1_PREFIX} - DB_HOST: ${DB_HOST:-postgres} + DB_HOST: postgres DB_PORT: ${DB_PORT} DB_NAME: ${DB_NAME} DB_USER: ${DB_USER} @@ -21,7 +21,7 @@ services: ACCESS_TOKEN_EXPIRE_MINUTES: ${ACCESS_TOKEN_EXPIRE_MINUTES} REFRESH_TOKEN_EXPIRE_DAYS: ${REFRESH_TOKEN_EXPIRE_DAYS} REDIS_ENABLED: ${REDIS_ENABLED} - REDIS_URL: ${REDIS_URL:-redis://redis:6379/0} + REDIS_URL: redis://redis:6379/0 ANALYTICS_CACHE_TTL_SECONDS: ${ANALYTICS_CACHE_TTL_SECONDS} ANALYTICS_CACHE_BACKOFF_MS: ${ANALYTICS_CACHE_BACKOFF_MS} ports: @@ -36,8 +36,6 @@ services: POSTGRES_DB: ${DB_NAME} POSTGRES_USER: ${DB_USER} POSTGRES_PASSWORD: ${DB_PASSWORD} - volumes: - - postgres_data:/var/lib/postgresql/data ports: - "5432:5432" @@ -46,6 +44,3 @@ services: command: redis-server --save "" --appendonly no ports: - "6379:6379" - -volumes: - postgres_data: From 1e4bea46c20b99e992f0aca72657d045bd7eabd1 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 19:38:19 +0500 Subject: [PATCH 10/22] fix: add step to create deployment directory in build workflow --- .gitea/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index da86e98..f62164f 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -36,6 +36,9 @@ jobs: - name: Add host to known_hosts run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts + - name: Make directory for deployment + run: mkdir -p /srv/app + - name: Deploy docker-compose-ci.yml run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml From 54de35d4034fdee8e7432c30609b1cd78f29f668 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 19:55:41 +0500 Subject: [PATCH 11/22] fix: update deployment step to create directory on remote host --- .gitea/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index f62164f..8a2e6eb 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -36,8 +36,8 @@ jobs: - name: Add host to known_hosts run: ssh-keyscan -H ${{ secrets.LXC_HOST }} >> ~/.ssh/known_hosts - - name: Make directory for deployment - run: mkdir -p /srv/app + - name: Create remote deployment directory + run: ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} "mkdir -p /srv/app" - name: Deploy docker-compose-ci.yml run: scp docker-compose-ci.yml ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }}:/srv/app/docker-compose.yml From 4c0b1621125386ac6951b713cd88e0a18619c8e9 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 20:02:59 +0500 Subject: [PATCH 12/22] fix: remove unnecessary braces from image URL in docker-compose configuration --- docker-compose-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index cfaa6ca..00c235d 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -2,7 +2,7 @@ version: '3.9' services: app: - image: https://${{ GIT_HOST }}/${{ GIT_USER }}/${{ GIT_REPO }}:app + image: https://${GIT_HOST}/${GIT_USER}/${GIT_REPO}:app command: uvicorn app.main:app --host 0.0.0.0 --port 8000 env_file: - .env From 9083d9d23cf8c84c0e406e12bb1d8253d4179dc4 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 23:30:17 +0500 Subject: [PATCH 13/22] fix: remove unnecessary protocol from image URL in docker-compose configuration --- docker-compose-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index 00c235d..2aaa38b 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -1,8 +1,6 @@ -version: '3.9' - services: app: - image: https://${GIT_HOST}/${GIT_USER}/${GIT_REPO}:app + image: ${GIT_HOST}/${GIT_USER}/${GIT_REPO}:app command: uvicorn app.main:app --host 0.0.0.0 --port 8000 env_file: - .env From 31d1d8de1eb49f8bcfabb8c0fc232a5c05b25e44 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 23:36:17 +0500 Subject: [PATCH 14/22] fix: update port mapping for app service in docker-compose configuration --- docker-compose-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index 2aaa38b..76b967f 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -23,7 +23,7 @@ services: ANALYTICS_CACHE_TTL_SECONDS: ${ANALYTICS_CACHE_TTL_SECONDS} ANALYTICS_CACHE_BACKOFF_MS: ${ANALYTICS_CACHE_BACKOFF_MS} ports: - - "8000:8000" + - "80:8000" depends_on: - postgres - redis From 03831499ca6b848767d6d0b71fd55ed1dfbac216 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 23:57:50 +0500 Subject: [PATCH 15/22] fix: add CORS middleware to allow specific origins and methods --- app/main.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/app/main.py b/app/main.py index cbcaa7b..d006a48 100644 --- a/app/main.py +++ b/app/main.py @@ -10,6 +10,8 @@ from app.api.routes import api_router from app.core.cache import init_cache, shutdown_cache from app.core.config import settings from app.core.middleware.cache_monitor import CacheAvailabilityMiddleware +from fastapi.middleware.cors import CORSMiddleware + def create_app() -> FastAPI: @@ -25,6 +27,13 @@ def create_app() -> FastAPI: application = FastAPI(title=settings.project_name, version=settings.version, lifespan=lifespan) application.include_router(api_router) application.add_middleware(CacheAvailabilityMiddleware) + app.add_middleware( + CORSMiddleware, + allow_origins=["https://kitchen-crm.k1nq.tech", "http://192.168.31.51"], + allow_credentials=True, + allow_methods=["*"], # Разрешить все HTTP-методы + allow_headers=["*"], # Разрешить все заголовки + ) return application From 82812ecf72fa384cc7d05b8266791d9f85503ac3 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sat, 29 Nov 2025 23:58:53 +0500 Subject: [PATCH 16/22] fix: correct middleware reference in FastAPI application setup --- app/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/main.py b/app/main.py index d006a48..84c6c52 100644 --- a/app/main.py +++ b/app/main.py @@ -27,7 +27,7 @@ def create_app() -> FastAPI: application = FastAPI(title=settings.project_name, version=settings.version, lifespan=lifespan) application.include_router(api_router) application.add_middleware(CacheAvailabilityMiddleware) - app.add_middleware( + application.add_middleware( CORSMiddleware, allow_origins=["https://kitchen-crm.k1nq.tech", "http://192.168.31.51"], allow_credentials=True, From ef6b6d598e364e38689878a9753166bd57a8c6de Mon Sep 17 00:00:00 2001 From: k1nq Date: Sun, 30 Nov 2025 00:03:21 +0500 Subject: [PATCH 17/22] fix: add restart policy and volume mapping for postgres and redis services in docker-compose --- docker-compose-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index 76b967f..5bfeeba 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -1,6 +1,7 @@ services: app: image: ${GIT_HOST}/${GIT_USER}/${GIT_REPO}:app + restart: unless-stopped command: uvicorn app.main:app --host 0.0.0.0 --port 8000 env_file: - .env @@ -36,9 +37,13 @@ services: POSTGRES_PASSWORD: ${DB_PASSWORD} ports: - "5432:5432" + volumes: + - /mnt/data/postgres:/var/lib/postgresql/data + restart: unless-stopped redis: image: redis:7-alpine command: redis-server --save "" --appendonly no + restart: unless-stopped ports: - "6379:6379" From 0e480232589442b8bc4e910919f91e691def01a3 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sun, 30 Nov 2025 00:18:19 +0500 Subject: [PATCH 18/22] fix: add migrations service to docker-compose and update build workflow for migrations image --- .gitea/workflows/build.yml | 8 +++++++- docker-compose-ci.yml | 20 ++++++++++++++++++-- migrations/Dockerfile | 26 ++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 migrations/Dockerfile diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 8a2e6eb..cd01663 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -21,6 +21,11 @@ jobs: docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app -f app/Dockerfile . docker push ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + - name: Build and push migrations image + run: | + docker build -t ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:migrations -f migrations/Dockerfile . + docker push ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:migrations + deploy: runs-on: ubuntu-latest needs: build @@ -28,7 +33,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Instasll SSH key + - name: Install SSH key uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} @@ -47,6 +52,7 @@ jobs: ssh ${{ secrets.LXC_USER }}@${{ secrets.LXC_HOST }} << 'EOF' echo "${{ secrets.TOKEN }}" | docker login ${{ secrets.GIT_HOST }} -u ${{ secrets.USERNAME }} --password-stdin docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:app + docker pull ${{ secrets.GIT_HOST }}/${{ gitea.repository }}:migrations cd /srv/app docker compose up -d --force-recreate docker image prune -f diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index 5bfeeba..dc7fae8 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -26,8 +26,24 @@ services: ports: - "80:8000" depends_on: - - postgres - - redis + postgres: + condition: service_started + redis: + condition: service_started + migrations: + condition: service_completed_successfully + + migrations: + image: ${GIT_HOST}/${GIT_USER}/${GIT_REPO}:migrations + restart: "no" + env_file: + - .env + environment: + DB_HOST: postgres + REDIS_URL: redis://redis:6379/0 + depends_on: + postgres: + condition: service_started postgres: image: postgres:16-alpine diff --git a/migrations/Dockerfile b/migrations/Dockerfile new file mode 100644 index 0000000..f9c3ac3 --- /dev/null +++ b/migrations/Dockerfile @@ -0,0 +1,26 @@ +# syntax=docker/dockerfile:1.7 + +FROM ghcr.io/astral-sh/uv:python3.14-alpine AS builder +WORKDIR /opt/migrations + +COPY pyproject.toml uv.lock ./ +RUN uv sync --frozen --no-dev + +COPY app ./app +COPY migrations ./migrations +COPY alembic.ini . + +FROM python:3.14-alpine AS runtime +ENV PYTHONUNBUFFERED=1 PYTHONDONTWRITEBYTECODE=1 +ENV PATH="/opt/app/.venv/bin:${PATH}" +WORKDIR /opt/app + +RUN apk add --no-cache postgresql-libs + +COPY --from=builder /opt/migrations/.venv /opt/app/.venv +COPY app ./app +COPY migrations ./migrations +COPY alembic.ini . +COPY pyproject.toml . + +ENTRYPOINT ["alembic", "upgrade", "head"] \ No newline at end of file From 755547b7bf47822214d3d005a09a35a0b7b21634 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sun, 30 Nov 2025 00:26:44 +0500 Subject: [PATCH 19/22] fix: replace postgresql-libs with libpq in Dockerfile and streamline file copying --- migrations/Dockerfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/migrations/Dockerfile b/migrations/Dockerfile index f9c3ac3..b18413d 100644 --- a/migrations/Dockerfile +++ b/migrations/Dockerfile @@ -15,12 +15,11 @@ ENV PYTHONUNBUFFERED=1 PYTHONDONTWRITEBYTECODE=1 ENV PATH="/opt/app/.venv/bin:${PATH}" WORKDIR /opt/app -RUN apk add --no-cache postgresql-libs +RUN apk add --no-cache libpq -COPY --from=builder /opt/migrations/.venv /opt/app/.venv -COPY app ./app -COPY migrations ./migrations -COPY alembic.ini . -COPY pyproject.toml . +COPY --from=builder /opt/app/.venv /opt/app/.venv +COPY --from=builder /opt/app/app ./app +COPY --from=builder /opt/app/migrations ./migrations +COPY --from=builder /opt/app/alembic.ini . ENTRYPOINT ["alembic", "upgrade", "head"] \ No newline at end of file From 373b42768c8e96cb13bf534af24cdeec014d5729 Mon Sep 17 00:00:00 2001 From: k1nq Date: Sun, 30 Nov 2025 00:30:44 +0500 Subject: [PATCH 20/22] fix: update Dockerfile to set correct working directory for migrations --- migrations/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/migrations/Dockerfile b/migrations/Dockerfile index b18413d..fef17ae 100644 --- a/migrations/Dockerfile +++ b/migrations/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1.7 FROM ghcr.io/astral-sh/uv:python3.14-alpine AS builder -WORKDIR /opt/migrations +WORKDIR /opt/app COPY pyproject.toml uv.lock ./ RUN uv sync --frozen --no-dev @@ -11,8 +11,10 @@ COPY migrations ./migrations COPY alembic.ini . FROM python:3.14-alpine AS runtime + ENV PYTHONUNBUFFERED=1 PYTHONDONTWRITEBYTECODE=1 ENV PATH="/opt/app/.venv/bin:${PATH}" + WORKDIR /opt/app RUN apk add --no-cache libpq From 2fcf75b85909fb2afed7ff9f72498e123f83f64c Mon Sep 17 00:00:00 2001 From: k1nq Date: Sun, 30 Nov 2025 00:33:50 +0500 Subject: [PATCH 21/22] fix: add healthcheck configurations for app, postgres, and redis services in docker-compose --- docker-compose-ci.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index dc7fae8..fbd7412 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -25,6 +25,12 @@ services: ANALYTICS_CACHE_BACKOFF_MS: ${ANALYTICS_CACHE_BACKOFF_MS} ports: - "80:8000" + healthcheck: + test: ["CMD", "wget", "-qO-", "http://localhost:8000/health"] + interval: 30s + timeout: 5s + retries: 5 + start_period: 10s depends_on: postgres: condition: service_started @@ -56,6 +62,20 @@ services: volumes: - /mnt/data/postgres:/var/lib/postgresql/data restart: unless-stopped + healthcheck: + test: + [ + "CMD", + "pg_isready", + "-U", + "${DB_USER}", + "-d", + "${DB_NAME}", + ] + interval: 30s + timeout: 5s + retries: 5 + start_period: 10s redis: image: redis:7-alpine @@ -63,3 +83,9 @@ services: restart: unless-stopped ports: - "6379:6379" + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 30s + timeout: 5s + retries: 5 + start_period: 5s From 4956039ae83983b320b017df0334c7a6fec377fd Mon Sep 17 00:00:00 2001 From: k1nq Date: Sun, 30 Nov 2025 09:46:58 +0500 Subject: [PATCH 22/22] fix: restrict build workflow to trigger only on master branch --- .gitea/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index cd01663..a4df63f 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -3,7 +3,7 @@ name: Build and deploy on: push: branches: - - "**" + - master workflow_dispatch: jobs: