bb6dbe37a4
Ports the deploy pipeline from the Gitea main fork (commit 7ddb06d's deploy toolkit) into the Auth.js v5 / NextAuth tree: - .gitea/workflows/deploy.yml: inline deploy that brings up the Docker stack, applies migrations, builds Next.js, and runs the app under PM2. Swapped Better Auth env vars (BETTER_AUTH_SECRET/URL, NEXT_PUBLIC_BETTER_AUTH_URL) for Auth.js v5 names (AUTH_SECRET/URL, NEXT_PUBLIC_AUTH_URL). Dropped NEXT_PUBLIC_SUPABASE_URL/ANON_KEY (Supabase removal in progress). Added GOOGLE_CLIENT_ID/SECRET + ALLOW_DEV_LOGIN for the Auth.js Google provider and dev credentials path. Switched runs-on from 'ubuntu-latest' to the self-hosted runner labels matching build.yml. - deploy/: idempotent deploy toolkit (deploy.sh, docker-compose.yml, Dockerfile.nextjs, nginx.conf.template, .env.production.example, healthcheck.sh, Makefile, deploy/.gitignore). No auth/Supabase dependencies — pure infra. - deploy/.env.production.example: renamed NEXTAUTH_SECRET/NEXTAUTH_URL (v4) to AUTH_SECRET/AUTH_URL (v5) and added the v5-specific vars (NEXT_PUBLIC_AUTH_URL, GOOGLE_*, ALLOW_DEV_LOGIN). Build pipeline is now end-to-end: build.yml → typecheck + lint + build (uses [self-hosted, linux, ubuntu-latest]) deploy.yml → start docker stack + migrations + build + PM2 restart Storage / admin code ports (MinIO via @/lib/storage, Supabase removal, admin-permissions rewrite) are tracked separately — they require porting the storage and admin code first; the deploy pipeline itself is ready to run against the Auth.js world.
55 lines
1.9 KiB
Makefile
55 lines
1.9 KiB
Makefile
# =============================================================================
|
|
# Makefile — convenience targets around deploy.sh
|
|
# =============================================================================
|
|
# All targets are wrappers; you can also invoke deploy.sh directly.
|
|
|
|
SHELL := /usr/bin/env bash
|
|
.SHELLFLAGS := -Eeu -o pipefail -c
|
|
.SHELLFLAGS_LOG := $(.SHELLFLAGS)
|
|
|
|
DEPLOY := ./deploy.sh
|
|
HEALTH := ./healthcheck.sh
|
|
WORKSPACE ?= $(CURDIR)
|
|
|
|
.PHONY: help
|
|
help: ## Show this help message
|
|
@awk 'BEGIN {FS = ":.*##"; printf "Targets:\n"} /^[a-zA-Z_-]+:.*##/ { printf " %-20s %s\n", $$1, $$2 }' $(MAKEFILE_LIST)
|
|
|
|
.PHONY: deploy
|
|
deploy: ## Run a full deploy (build + up + nginx + healthcheck)
|
|
$(DEPLOY)
|
|
|
|
.PHONY: deploy-verbose
|
|
deploy-verbose: ## Deploy with extra logging (PRUNE_IMAGES=0, longer healthcheck)
|
|
PRUNE_IMAGES=0 HEALTHCHECK_TIMEOUT=120 $(DEPLOY)
|
|
|
|
.PHONY: health
|
|
health: ## Run a one-shot health check against the running stack
|
|
WORKSPACE=$(WORKSPACE) $(HEALTH)
|
|
|
|
.PHONY: health-nginx
|
|
health-nginx: ## Health check including the nginx-fronted URL
|
|
WORKSPACE=$(WORKSPACE) $(HEALTH) --nginx
|
|
|
|
.PHONY: status
|
|
status: ## Show current prod ports and running containers
|
|
@echo "PostgREST port: $$(cat .postgrest-port 2>/dev/null || echo none)"
|
|
@echo "Next.js port: $$(cat .nextjs-port 2>/dev/null || echo none)"
|
|
@cd deploy && docker compose -p prod-app ps
|
|
|
|
.PHONY: logs
|
|
logs: ## Tail deploy.log
|
|
tail -n 200 -f deploy.log
|
|
|
|
.PHONY: down
|
|
down: ## Stop the production stack (without redeploying)
|
|
cd deploy && docker compose -p prod-app down --remove-orphans
|
|
|
|
.PHONY: rollback
|
|
rollback: ## Restart the previous stack (the one whose ports are still on disk)
|
|
@if [[ ! -f .postgrest-port ]]; then echo "no .postgrest-port to roll back to"; exit 1; fi
|
|
cd deploy && \
|
|
POSTGREST_HOST_PORT=$$(cat ../.postgrest-port) \
|
|
NEXTJS_HOST_PORT=$$(cat ../.nextjs-port) \
|
|
docker compose -p prod-app --env-file ../.env.production up -d
|