Previously, `docker image prune` ran immediately after deploying new
containers, potentially deleting the old images needed for rollback
if smoke tests subsequently failed. Now the deploy pipeline:
1. Tags current images as :rollback before pulling new versions
2. Only runs `docker image prune` after smoke tests pass
3. Uses explicit :rollback tags for rollback instead of relying on
Docker layer cache (which is fragile)
Applied to:
- scripts/deploy-production.sh (manual deploy script)
- .github/workflows/deploy.yml (staging + production CI jobs)
- docs/deployment.md (updated rollback documentation)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add Nginx reverse-proxy configs for api.goodgo.vn and platform.goodgo.vn
with SSL, gzip, rate limiting, security headers, and WebSocket support
- Add Cloudflare DNS setup script for A/AAAA/CNAME records
- Add server-setup.sh for Ubuntu provisioning (Docker, fail2ban, UFW,
swap, unattended-upgrades)
- Add deploy-production.sh for manual production deployments
- Add env.production.example with all required environment variables
- Bind container ports to 127.0.0.1 in docker-compose.prod.yml
(security: prevent direct access bypassing Nginx)
- Fix deploy workflow: add -T flag to exec, sync Nginx configs,
copy pgbouncer and backup configs to server
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
- Remove `type` keyword from NestJS injectable class imports across all
modules to fix runtime DI resolution (330+ handler/listener files)
- Offset CI docker-compose ports (5433/6380/8109/9002) to avoid
conflicts with running dev containers
- Update .env.test, playwright.config.ts, and e2e workflow to use
isolated CI ports with configurable overrides
- Fix prisma/seed.ts to use deterministic IDs for Prisma 7 upsert
compatibility (phoneHash replaced phone as unique index)
- Add dedicated Docker bridge network for CI service containers
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
Streamline developer onboarding with a single bootstrap.sh that checks
prerequisites, configures .env with generated secrets, installs deps,
starts Docker services, and runs migrations + seeding.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Change circuit-breaker import in resilient-search.repository.ts to use
@modules/shared barrel export instead of deep path, fixing no-restricted-imports
error. Replace console.log with console.warn in encrypt-existing-kyc.ts script
to satisfy no-console rule.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add field-level encryption service for PII data with AES-256-GCM
- Add health check specs for Prisma and Redis indicators
- Add MCP controller specs
- Add encrypt-existing-kyc migration script for existing KYC data
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add scripts/smoke-test.sh — hits health, readiness, and critical API
endpoints (listings, search, subscriptions) post-deploy
- Add smoke-test-staging job that runs after staging deploy with Slack
notification on failure
- Add smoke-test-production job that runs after production deploy with
success notification
- Add rollback-production job triggered on smoke test failure — reverts
to previous container images and notifies via Slack
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Apply QuotaGuard + @RequireQuota to listing creation and analytics endpoints
- Add QuotaExceeded domain event emitted when quota is exceeded
- Create ListingCreatedUsageHandler to auto-meter usage on listing creation
- Create QuotaExceededListener to send email notifications on quota exceeded
- Add maxAnalyticsQueries and maxMediaUploads fields to Plan model
- Add quota.exceeded email notification template
- Define quota limits per plan tier in seed data
- Add 15 unit tests covering guard, event handler, listener, and event
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add non-null assertions for array indexing in prisma/seed.ts and
scripts/seed-districts.ts to satisfy strict TypeScript checks.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- scripts/seed-districts.ts: Vietnam district/ward data for HCM, Hanoi, Da Nang with sample properties
- scripts/seed-plans.ts: Subscription plans (FREE, AGENT_PRO, INVESTOR, ENTERPRISE)
- scripts/import-market-data.ts: Market index data across all 3 cities with realistic pricing
- All scripts are idempotent (upsert/ON CONFLICT DO NOTHING)
- Refactored prisma/seed.ts to import shared data from scripts, removing duplication
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add pg-backup container with daily automated pg_dump (02:00 UTC) and 7-day retention
- Add backup/restore scripts with documented recovery procedure
- Add Loki + Promtail for centralized log aggregation from all Docker containers
- Add Loki as Grafana datasource with correlation ID derived fields
- Add Grafana logs dashboard with volume, error rate, HTTP request, and log viewer panels
- Configure Promtail to parse Pino structured JSON logs with level/context labels
- Enhance LoggerService with string-level formatter and service base field
- Configure 15-day log retention in Loki
Co-Authored-By: Paperclip <noreply@paperclip.ing>
