CAST/cast-ghl-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cast-ghl-plugin/docker-compose.yaml
Head of Product & Engineering 7745d205cb feat: add production deployment artifacts for ghl.cast.ph (Vultr) 
Align Woodpecker CI pipeline with team standard (cast-backend pattern):
- Replace plugins/docker with woodpeckerci/plugin-docker-buildx
- Use git.sds.dev registry; tag with CI_COMMIT_SHA short + latest
- Use team secret names: registry_user/password, deploy_ssh_key
- Add golangci-lint, semgrep, gosec, trivy-fs, trivy-secrets security gates
- Deploy on push to main (not on tag): build-and-push then deploy step
  calls bash /opt/cast-ghl-provider/deploy/deploy.sh on server
- Add Telegram notification on success/failure

docker-compose.yaml: add image: git.sds.dev/cast/cast-ghl-provider:latest
(server pulls from registry; build: kept for local dev only)

deploy/deploy.sh: simplified to docker compose pull + up
(build now happens in CI, not on the server)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-05 14:12:27 +02:00

51 lines
1.4 KiB
YAML
Raw Blame History

services:
bridge:
image: git.sds.dev/cast/cast-ghl-provider:latest
build: . # used only for local dev (docker compose up --build); production uses the registry image
# No port binding — nginx-proxy routes traffic via the shared proxy network
env_file: .env
environment:
# nginx-proxy / acme-companion auto-routing
- VIRTUAL_HOST=${VIRTUAL_HOST:-hl.cast.ph}
- VIRTUAL_PORT=${PORT:-3002}
- LETSENCRYPT_HOST=${VIRTUAL_HOST:-hl.cast.ph}
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL:-ops@cast.ph}
depends_on:
mongo:
condition: service_healthy
networks:
- internal
- proxy # shared nginx-proxy network — must match the nginx-proxy container's network
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
mongo:
image: mongo:7
# No ports exposed — only reachable by bridge on the internal network
volumes:
- mongo-data:/data/db
networks:
- internal
restart: unless-stopped
healthcheck:
test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
interval: 10s
timeout: 5s
retries: 5
start_period: 20s
networks:
internal:
# Private network for bridge ↔ mongo
proxy:
external: true
# Must match the name of the existing nginx-proxy Docker network on the server.
# Check with: docker network ls | grep proxy
volumes:
mongo-data:
Reference in New Issue View Git Blame Copy Permalink