Skip to content

[codex] Revert accidental dev deploy merge to main #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jjoonleo wants to merge 1 commit into from
Closed

[codex] Revert accidental dev deploy merge to main #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
169 changes: 0 additions & 169 deletions .github/workflows/deploy-dev.yml
View file
Open in desktop

This file was deleted.

81 changes: 6 additions & 75 deletions docs/deployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
# Deployment
# Production Deployment

This service deploys as an immutable Docker image published to GitHub Container Registry (GHCR). Runtime configuration is injected through `.env` files generated by GitHub Actions; private resource files are not copied into the image or bind-mounted from the host.
This service deploys as an immutable Docker image published to GitHub Container Registry (GHCR). Runtime configuration is injected through the EC2 `.env` file generated by GitHub Actions; private resource files are not copied into the image or bind-mounted from the host.

Production deploys to EC2 from `main`. Development deploys to a remote Ubuntu/Linux PC from `dev`.

## Production GitHub Secrets
## Required GitHub Secrets

Deployment access:

Expand Down Expand Up @@ -87,7 +85,9 @@ base64 -i ontime-back/src/main/resources/key/AuthKey_743M7R5W3W.p8 | tr -d '\n'

Push to the `main` branch, or run `.github/workflows/deploy.yml` manually, to deploy production.

The production workflow:
Pushes to `dev` run CI only. There is no dev-server deploy workflow in the one-EC2 plan.

The workflow:

1. Builds `ontime-back/Dockerfile` from the `ontime-back/` context.
2. Pushes two GHCR tags:
Expand All @@ -100,65 +100,6 @@ The production workflow:
7. Waits until the `ontime-container` Docker health status is `healthy`.
8. Installs Caddy if needed, configures `/etc/caddy/Caddyfile`, and verifies HTTPS for `ontime-back.duckdns.org`.

## Development Remote PC Deployment

Push to the `dev` branch, or run `.github/workflows/deploy-dev.yml` manually, to deploy the development backend to the remote PC.

The development workflow:

1. Builds `ontime-back/Dockerfile` from the `ontime-back/` context.
2. Pushes two GHCR tags:
- `ghcr.io/devkor-github/ontime-back:dev-<commit-sha>`
- `ghcr.io/devkor-github/ontime-back:dev-latest`
3. Uploads `docker-compose.yml` and `docker-compose.dev.yml` to the remote PC.
4. Writes a development `.env` from GitHub secrets and safe dev defaults.
5. Runs `docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d --remove-orphans`.
6. Starts MySQL as a private Docker Compose service with persistent volume `ontime-dev-mysql-data`.
7. Waits until the `ontime-dev-container` Docker health status is `healthy`.

Required development secrets:

- `DEV_REMOTE_HOST`
- `DEV_REMOTE_USER`
- `DEV_REMOTE_SSH_KEY`
- `GHCR_USERNAME`
- `GHCR_READ_TOKEN`

Optional development secrets:

- `DEV_DEPLOY_DIR` (defaults to `/home/<DEV_REMOTE_USER>/OnTime-back-dev`)
- `DEV_BACKEND_HTTP_PORT` (defaults to `8081`)
- `DEV_BACKEND_MEMORY_LIMIT` (defaults to `768m`)
- `DEV_BACKEND_CPU_LIMIT` (defaults to `1.0`)
- `DEV_MYSQL_DATABASE` (defaults to `ontime_dev`)
- `DEV_MYSQL_USER` (defaults to `ontime_dev`)
- `DEV_MYSQL_PASSWORD` (defaults to `ontime_dev_password`)
- `DEV_MYSQL_ROOT_PASSWORD` (defaults to `ontime_dev_root_password`)
- `DEV_SPRING_APPLICATION_NAME` (defaults to `ontime-back-dev`)
- `DEV_SPRING_DATASOURCE_URL` (defaults to the Compose MySQL service)
- `DEV_SPRING_DATASOURCE_USERNAME` (defaults to the dev MySQL user)
- `DEV_SPRING_DATASOURCE_PASSWORD` (defaults to the dev MySQL password)
- `DEV_JWT_SECRETKEY`
- `DEV_JWT_ACCESS_EXPIRATION`
- `DEV_JWT_REFRESH_EXPIRATION`
- `DEV_JWT_ACCESS_HEADER`
- `DEV_JWT_REFRESH_HEADER`
- `DEV_GOOGLE_WEB_CLIENT_ID`
- `DEV_GOOGLE_APP_CLIENT_ID`
- `DEV_APPLE_CLIENT_ID`
- `DEV_APPLE_TEAM_ID`
- `DEV_APPLE_LOGIN_KEY`
- `DEV_APPLE_PRIVATE_KEY_BASE64`
- `DEV_FEATURE_APPLE_LOGIN_ENABLED` (defaults to `false`)
- `DEV_FIREBASE_CREDENTIALS_BASE64`

Remote PC prerequisites:

- Ubuntu/Linux host with normal SSH access from GitHub Actions.
- Docker and the Docker Compose plugin installed.
- Inbound firewall access for the backend HTTP port, default `8081`.
- No public inbound MySQL port is required; MySQL stays inside the Docker network.

## HTTPS Prerequisites

Before running the production deploy, configure AWS and DNS:
Expand Down Expand Up @@ -188,16 +129,6 @@ curl -fsS https://ontime-back.duckdns.org/actuator/health/readiness
nc -zv ontime-prod.cpoeguokwaq5.ap-northeast-2.rds.amazonaws.com 3306
```

Manual checks on the remote development PC:

```bash
cd /home/<DEV_REMOTE_USER>/OnTime-back-dev
sudo docker compose -f docker-compose.yml -f docker-compose.dev.yml ps
sudo docker inspect -f '{{.State.Health.Status}}' ontime-dev-container
sudo docker logs --tail=200 ontime-dev-container
curl -fsS http://<remote-pc-host>:8081/actuator/health/readiness
```

## Rollback

Every deploy is tagged by commit SHA. To roll back, set `IMAGE_TAG` in `/home/ubuntu/OnTime-back/.env` to the previous known-good SHA, then restart from the existing Compose file:
Expand Down
Loading
Loading