From 3921cb91a497bd7b5297ac41ee33ffab16a7eb2c Mon Sep 17 00:00:00 2001 From: Dotty Dotter Date: Tue, 28 Apr 2026 01:35:30 +0200 Subject: [PATCH] ops(dev): docker-compose.dev.yml + deploy.sh-Branch-Guard Container-Duplikation fuer v1.x-Entwicklung: - docker-compose.dev.yml: eigener Container gwoe-antragspruefer-dev, Traefik-Host gwoe-dev.toppyr.de, Keycloak-Client gwoe-antragspruefer-dev, ohne SMTP (Mail aus Dev = gar nicht), GITEA_FEEDBACK_LABELS=feedback,dev. - scripts/deploy.sh: Branch-Guard verhindert Prod-Deploy aus main; Prod geht nur aus release/1.0 (oder mit --force). Dev-Server zieht main per Cron alle 5 Minuten und baut neu. --- docker-compose.dev.yml | 44 ++++++++++++++++++++++++++++++++++++++++++ scripts/deploy.sh | 22 +++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 docker-compose.dev.yml diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml new file mode 100644 index 0000000..d9c1273 --- /dev/null +++ b/docker-compose.dev.yml @@ -0,0 +1,44 @@ +# Dev-Compose fuer gwoe-dev.toppyr.de. +# Auto-Deploy via Cron: docker compose -f docker-compose.dev.yml up -d --build +# Datenbank, Wahlprogramme, Reports: separate Volumes (am Server: /opt/gwoe-antragspruefer-dev/{data,reports}) +# Mail: bewusst nicht aktiv (kein SMTP-Block) +# Keycloak: eigener Public-Client gwoe-antragspruefer-dev +services: + gwoe-antragspruefer-dev: + build: . + container_name: gwoe-antragspruefer-dev + restart: unless-stopped + stop_grace_period: 15m + environment: + - DASHSCOPE_API_KEY=${DASHSCOPE_API_KEY} + - KEYCLOAK_URL=https://sso.toppyr.de + - KEYCLOAK_REALM=collaboration + - KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID:-gwoe-antragspruefer-dev} + - KEYCLOAK_CLIENT_SECRET=${KEYCLOAK_CLIENT_SECRET} + - KEYCLOAK_ADMIN_USER=${KEYCLOAK_ADMIN_USER} + - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD} + - EMBEDDING_MODEL_WRITE=${EMBEDDING_MODEL_WRITE:-text-embedding-v4} + - EMBEDDING_MODEL_READ=${EMBEDDING_MODEL_READ:-text-embedding-v3} + - BASE_URL=${BASE_URL:-https://gwoe-dev.toppyr.de} + - GITEA_TOKEN=${GITEA_TOKEN} + - GITEA_API_URL=${GITEA_API_URL:-https://repo.toppyr.de/api/v1} + - GITEA_REPO_OWNER=${GITEA_REPO_OWNER:-tobias} + - GITEA_REPO_NAME=${GITEA_REPO_NAME:-gwoe-antragspruefer} + - GITEA_FEEDBACK_LABELS=${GITEA_FEEDBACK_LABELS:-feedback,dev} + - APP_ENV=dev + volumes: + - ./data:/app/data + - ./reports:/app/reports + labels: + - "traefik.enable=true" + - "traefik.http.routers.gwoe-dev.rule=Host(`gwoe-dev.toppyr.de`)" + - "traefik.http.routers.gwoe-dev.entrypoints=websecure" + - "traefik.http.routers.gwoe-dev.tls=true" + - "traefik.http.routers.gwoe-dev.tls.certresolver=letsencrypt" + - "traefik.http.services.gwoe-dev.loadbalancer.server.port=8000" + networks: + - collaboration_collaboration + +networks: + collaboration_collaboration: + external: true diff --git a/scripts/deploy.sh b/scripts/deploy.sh index ad012bb..e32d81e 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -24,6 +24,28 @@ fi cd "$PROJECT_DIR" +# Branch-Guard: Prod (gwoe.toppyr.de) ist auf release/1.0 festgelegt. +# 1.x-Entwicklung laeuft auf gwoe-dev.toppyr.de via Cron-Auto-Deploy aus main. +CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "") +EXPECTED_BRANCH="release/1.0" +if [ "${1:-}" = "--force" ]; then + shift + echo "⚠ --force aktiv: Branch-Guard übersprungen ($CURRENT_BRANCH)" +elif [ "$CURRENT_BRANCH" != "$EXPECTED_BRANCH" ]; then + cat <