Staging and production smoke-test jobs now run both the existing bash
smoke-test.sh (fast endpoint checks) and the new Playwright @smoke projects
(smoke-api + smoke-web) against live deployed URLs. Failure blocks the
rollback trigger just as before.
Required secrets: STAGING_API_URL, PRODUCTION_API_URL (added alongside the
existing STAGING_URL / PRODUCTION_URL).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Previously, `docker image prune` ran immediately after deploying new
containers, potentially deleting the old images needed for rollback
if smoke tests subsequently failed. Now the deploy pipeline:
1. Tags current images as :rollback before pulling new versions
2. Only runs `docker image prune` after smoke tests pass
3. Uses explicit :rollback tags for rollback instead of relying on
Docker layer cache (which is fragile)
Applied to:
- scripts/deploy-production.sh (manual deploy script)
- .github/workflows/deploy.yml (staging + production CI jobs)
- docs/deployment.md (updated rollback documentation)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Nginx reverse-proxy configs for api.goodgo.vn and platform.goodgo.vn
with SSL, gzip, rate limiting, security headers, and WebSocket support
- Add Cloudflare DNS setup script for A/AAAA/CNAME records
- Add server-setup.sh for Ubuntu provisioning (Docker, fail2ban, UFW,
swap, unattended-upgrades)
- Add deploy-production.sh for manual production deployments
- Add env.production.example with all required environment variables
- Bind container ports to 127.0.0.1 in docker-compose.prod.yml
(security: prevent direct access bypassing Nginx)
- Fix deploy workflow: add -T flag to exec, sync Nginx configs,
copy pgbouncer and backup configs to server
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
- Trigger deploy workflow on push to `develop` branch (in addition to `master`)
- Add `staging-latest` Docker image tag for develop branch builds
- Add `rollback-staging` job: auto-reverts to previous images on smoke test failure
- Add Slack success notification for staging deploys (previously only failure was notified)
- Record pre-deploy image digests for rollback capability
- Update deployment docs with CI/CD pipeline details, rollback procedures, and required secrets
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All three GitHub Actions workflows (CI, E2E, Deploy) referenced
branches: [main] but the repository default branch is master.
This meant CI never triggered on pushes or PRs to master.
- ci.yml: push/PR triggers → master
- e2e.yml: push/PR triggers → master
- deploy.yml: push trigger + latest tag condition → master
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add scripts/smoke-test.sh — hits health, readiness, and critical API
endpoints (listings, search, subscriptions) post-deploy
- Add smoke-test-staging job that runs after staging deploy with Slack
notification on failure
- Add smoke-test-production job that runs after production deploy with
success notification
- Add rollback-production job triggered on smoke test failure — reverts
to previous container images and notifies via Slack
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Fix heredoc quoting in deploy workflow to allow IMAGE_TAG and
REGISTRY_URL variable expansion. Add Next.js API health check route.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Multi-stage Dockerfile for apps/api (NestJS) and apps/web (Next.js standalone)
- Production docker-compose.prod.yml with all services, health checks, and security
- Real deploy.yml pipeline: build → push to GHCR → deploy staging/production
- .dockerignore for optimized build context
- Enable Next.js standalone output mode
Co-Authored-By: Paperclip <noreply@paperclip.ing>
