chore: update infrastructure configs, audit docs, and env template

- Update Docker Compose configs for Redis, Typesense, and MinIO services - Update GitHub Actions deploy workflow with improved caching and steps - Extend .env.example with Stringee, Zalo OA, and FCM config keys - Update audit documentation with latest findings and recommendations - Update CHANGELOG and README with recent feature additions Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-16 05:16:42 +07:00
parent 53c33a1c50
commit e78d706b42
26 changed files with 150 additions and 55 deletions
--- a/docs/RUNBOOK.md
+++ b/docs/RUNBOOK.md
@@ -702,27 +702,70 @@ docker compose -f docker-compose.prod.yml up -d --wait

 ### 4.4 Rollback Deployment

-The CI/CD pipeline (`.github/workflows/deploy.yml`) supports automatic rollback if production smoke tests fail. For manual rollback:
+#### How Rollback Images Work

-#### Quick Rollback (Revert to Previous Images)
+Every deploy (both CI/CD and manual) tags the current running images as `:rollback` **before** pulling new ones. This ensures the previous version is preserved even if `docker image prune` runs. The `:rollback` tags are only cleaned up after smoke tests pass.
+
+Image lifecycle during deploy:
+1. `docker tag <current-image> goodgo-api:rollback` (preserves previous version)
+2. `docker compose pull` (fetches new images)
+3. `docker compose up` (starts new version)
+4. Smoke tests run
+5. **If smoke tests pass:** `:rollback` tags are removed, `docker image prune` runs
+6. **If smoke tests fail:** `:rollback` images are retagged to match the compose template and services are restarted
+
+#### Automatic Rollback (CI/CD)
+
+The CI/CD pipeline (`.github/workflows/deploy.yml`) automatically triggers rollback if smoke tests fail. The rollback job:
+1. Stops the broken containers
+2. Retags `:rollback` images to match the compose image template (`${REGISTRY_URL}/goodgo-{svc}:${IMAGE_TAG}`)
+3. Restarts compose — which now resolves to the previous (working) images
+4. Sends a Slack notification to `#deployments`
+
+No manual intervention is needed for CI-triggered deploys.
+
+#### Quick Rollback Using :rollback Tags (Manual)

 ```bash
-# SSH into production host
+# SSH into the host
 ssh deploy@$PRODUCTION_HOST
-
 cd ~/goodgo

-# Stop current app containers
-docker compose -f docker-compose.prod.yml down api web ai-services
+# Verify rollback images exist
+for svc in goodgo-api goodgo-web goodgo-ai-services; do
+  docker image inspect "${svc}:rollback" > /dev/null 2>&1 \
+    && echo "OK: ${svc}:rollback" \
+    || echo "MISSING: ${svc}:rollback"
+done

-# The previous images are still cached locally
-# Restart without pulling — uses last-known-good images
-docker compose -f docker-compose.prod.yml up -d --wait api web ai-services
+# Stop current containers
+docker compose -f docker-compose.prod.yml stop api web ai-services
+
+# Retag rollback images to match compose template
+export REGISTRY_URL=ghcr.io/goodgo
+export IMAGE_TAG=$(docker inspect --format='{{index .Config.Labels "org.opencontainers.image.revision"}}' goodgo-api 2>/dev/null || echo "latest")
+
+for svc in goodgo-api goodgo-web goodgo-ai-services; do
+  docker tag "${svc}:rollback" "${REGISTRY_URL}/${svc}:${IMAGE_TAG}"
+done
+
+# Restart with rollback images
+docker compose -f docker-compose.prod.yml up -d --no-deps --wait api web ai-services

 # Verify
 curl -sf http://localhost:3001/health && echo "Rollback successful"
 ```

+#### Rollback Using deploy-production.sh (Manual Script)
+
+The manual deploy script (`scripts/deploy-production.sh`) has built-in rollback. If the health check or smoke test fails, it automatically restores from `:rollback` tagged images and restarts services.
+
+```bash
+# Run the manual deploy — rollback is automatic on failure
+cd ~/goodgo
+./scripts/deploy-production.sh <image-tag>
+```
+
 #### Rollback to a Specific Git Commit / Image Tag

 ```bash