162 lines
5.3 KiB
HTML
162 lines
5.3 KiB
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<title>Build & Deploy</title>
|
|
<link rel="stylesheet" href="./style.css" />
|
|
</head>
|
|
<body>
|
|
<header>
|
|
<h1>Build & Deploy Pipeline</h1>
|
|
<div class="meta">
|
|
Node/Next build, Docker multi-stage, registry push, kubectl rollout.
|
|
</div>
|
|
</header>
|
|
<main class="grid">
|
|
<section class="card">
|
|
<h2>Local prerequisites (macOS)</h2>
|
|
<ul>
|
|
<li>
|
|
Run <code>./scripts/install-mac-prereqs.sh</code> to install
|
|
dev/test tools via Homebrew (Node 20, envsubst/gettext, kubectl,
|
|
sops, Trivy, Docker Desktop).
|
|
</li>
|
|
<li>
|
|
Requires Homebrew pre-installed; set
|
|
<code>SKIP_TRIVY=1</code> and/or <code>SKIP_SOPS=1</code> to avoid
|
|
optional security tools.
|
|
</li>
|
|
<li>
|
|
After install, open Docker.app once so the daemon is running before
|
|
you build or run ZAP/Trivy scans.
|
|
</li>
|
|
</ul>
|
|
</section>
|
|
|
|
<section class="card">
|
|
<h2>Pipeline at a glance</h2>
|
|
<div class="diagram">
|
|
<pre class="mermaid">
|
|
flowchart LR
|
|
Dev["Developer"] -->|"npm run lint"| Lint
|
|
Dev --> Build["./deploy/build.sh"]
|
|
Lint --> Build
|
|
Build --> Docker["Docker buildx\nmulti-stage"]
|
|
Docker --> Image["registry.halla-aho.net/thalla/lomavuokraus-web"]
|
|
Image --> Push["./deploy/push.sh"]
|
|
Push --> DeployStg["./deploy/deploy-staging.sh"]
|
|
Push --> DeployProd["./deploy/deploy-prod.sh"]
|
|
DeployStg --> RolloutStg["kubectl apply + rollout\n(staging)"]
|
|
DeployProd --> RolloutProd["kubectl apply + rollout\n(prod)"]
|
|
</pre>
|
|
</div>
|
|
<div class="callout">
|
|
Edit the Mermaid block to reflect pipeline changes; no external
|
|
tooling required.
|
|
</div>
|
|
</section>
|
|
|
|
<section class="card">
|
|
<h2>Build Inputs</h2>
|
|
<ul>
|
|
<li>Source: Next.js app with TypeScript and Prisma.</li>
|
|
<li>
|
|
Env: <code>.env</code> (local), K8s Secret
|
|
<code>lomavuokraus-web-secrets</code> in cluster.
|
|
</li>
|
|
<li>
|
|
Local secrets: <code>creds/secrets.env</code> (dotenv) loadable via
|
|
<code>scripts/load-secrets.sh</code>.
|
|
</li>
|
|
<li>
|
|
Prisma schema: <code>prisma/schema.prisma</code>, migrations in
|
|
<code>prisma/migrations/</code>.
|
|
</li>
|
|
</ul>
|
|
</section>
|
|
|
|
<section class="card">
|
|
<h2>NPM Scripts</h2>
|
|
<ul>
|
|
<li><code>npm run lint</code> → <code>next lint</code></li>
|
|
<li>
|
|
<code>npm run build</code> → <code>next build</code> (used inside
|
|
Docker and locally)
|
|
</li>
|
|
</ul>
|
|
</section>
|
|
|
|
<section class="card">
|
|
<h2>Docker Image</h2>
|
|
<ul>
|
|
<li>
|
|
Multi-stage Dockerfile:
|
|
<ul>
|
|
<li>deps: npm ci</li>
|
|
<li>
|
|
builder: copy source, <code>npx prisma generate</code>,
|
|
<code>npm run build</code>
|
|
</li>
|
|
<li>runner: Node 20 bookworm-slim, copy standalone + static</li>
|
|
</ul>
|
|
</li>
|
|
<li>Tags: numeric (git SHA-derived) + <code>:latest</code>.</li>
|
|
<li>Scan: Trivy runs post-build if available.</li>
|
|
</ul>
|
|
</section>
|
|
|
|
<section class="card">
|
|
<h2>Deploy Scripts</h2>
|
|
<ul>
|
|
<li>
|
|
<code>deploy/build.sh</code> → build image, write
|
|
<code>deploy/.last-image</code>.
|
|
</li>
|
|
<li><code>deploy/push.sh</code> → push image.</li>
|
|
<li>
|
|
<code>deploy/deploy.sh</code> → envsubst <code>k8s/app.yaml</code>,
|
|
kubectl apply, rollout.
|
|
</li>
|
|
<li>
|
|
Environment wrappers:
|
|
<ul>
|
|
<li><code>deploy/deploy-staging.sh</code></li>
|
|
<li><code>deploy/deploy-prod.sh</code></li>
|
|
<li><code>deploy/deploy-test.sh</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
DNS helpers: <code>deploy/update-test-dns.sh</code> updates
|
|
test.lomavuokraus.fi + apitest.lomavuokraus.fi via Joker DYNDNS.
|
|
</li>
|
|
</ul>
|
|
</section>
|
|
|
|
<section class="card">
|
|
<h2>Config & Env Vars</h2>
|
|
<ul>
|
|
<li>
|
|
From ConfigMap (public): <code>NEXT_PUBLIC_SITE_URL</code>,
|
|
<code>NEXT_PUBLIC_API_BASE</code>, <code>APP_ENV</code>.
|
|
</li>
|
|
<li>
|
|
From Secret: DB URL, AUTH_SECRET, SMTP, DKIM, etc. (materialize from
|
|
<code>creds/secrets.env</code>).
|
|
</li>
|
|
<li>
|
|
App env resolution: <code>process.env.*</code> in Next server code.
|
|
</li>
|
|
<li>
|
|
n8n billing assistant: <code>N8N_BILLING_API_KEY</code> or file
|
|
<code>creds/n8n-billing.key</code> protects
|
|
<code>/api/integrations/billing/verify</code>.
|
|
</li>
|
|
</ul>
|
|
</section>
|
|
</main>
|
|
<script type="module">
|
|
import mermaid from "https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs";
|
|
mermaid.initialize({ startOnLoad: true, theme: "dark" });
|
|
</script>
|
|
</body>
|
|
</html>
|