feat: Add production Docker Compose configuration and implement production CI/CD triggered by tags or releases.

pongsaphakmw · pongsaphakmw · commit ffba4c666b1a · 2025-11-26T01:52:47.000+07:00
diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
   push:
     branches: [ main ]
+    tags: [ 'v*' ]
+  release:
+    types: [ published ]
 
 jobs:
   scan_ruby:
@@ -129,6 +132,7 @@ jobs:
           images: ghcr.io/${{ github.repository }}
           tags: |
             type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value=production,enable=${{ github.event_name == 'release' || startsWith(github.ref, 'refs/tags/v') }}
             type=ref,event=branch
             type=ref,event=tag
             type=sha
@@ -143,7 +147,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           no-cache: true
 
-  deploy:
+  deploy_uat:
     runs-on: ubuntu-latest
     needs: build_and_push_docker_image
     if: github.ref == 'refs/heads/main'
@@ -160,18 +164,18 @@ jobs:
           source: "docker-compose.yml,nginx.conf"
           target: "/root"
 
-      - name: Deploy to server
+      - name: Deploy to server (UAT)
         uses: appleboy/ssh-action@v0.1.10
         with:
           host: ${{ secrets.SERVER_HOST }}
           username: ${{ secrets.SERVER_USER }}
           key: ${{ secrets.SERVER_SSH_KEY }}
           script: |
             cd /root
-            docker compose pull
-            docker compose up -d
+            docker compose -f docker-compose.yml pull
+            docker compose -f docker-compose.yml up -d
             # Clean up old images from ghcr.io registry (keep only the latest)
-            docker images 'ghcr.io/oddsteam/dailynews-e-newspaper' --format '{{.ID}} {{.Tag}}' | grep -v 'latest' | awk '{print $1}' | xargs -r docker rmi -f || true
+            docker images 'ghcr.io/oddsteam/dailynews-e-newspaper' --format '{{.ID}} {{.Tag}}' | grep -v 'latest' | grep -v 'production' | awk '{print $1}' | xargs -r docker rmi -f || true
 
       - name: Health check
         run: |
@@ -190,4 +194,52 @@ jobs:
 
           echo "✗ Health check failed after 5 attempts"
           exit 1
+
+  deploy_production:
+    runs-on: ubuntu-latest
+    needs: build_and_push_docker_image
+    if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'release'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Copy docker-compose.prod.yml to server
+        uses: appleboy/scp-action@v0.1.7
+        with:
+          host: ${{ secrets.SERVER_PRODUCTION_HOST }}
+          username: ${{ secrets.SERVER_PRODUCTION_USER }}
+          key: ${{ secrets.SERVER_PRODUCTION_SSH_KEY }}
+          source: "docker-compose.prod.yml,nginx.conf"
+          target: "/home/${{ secrets.SERVER_PRODUCTION_USER }}"
+
+      - name: Deploy to server (Production)
+        uses: appleboy/ssh-action@v0.1.10
+        with:
+          host: ${{ secrets.SERVER_PRODUCTION_HOST }}
+          username: ${{ secrets.SERVER_PRODUCTION_USER }}
+          key: ${{ secrets.SERVER_PRODUCTION_SSH_KEY }}
+          script: |
+            cd /home/${{ secrets.SERVER_PRODUCTION_USER }}
+            docker compose -f docker-compose.prod.yml pull
+            docker compose -f docker-compose.prod.yml up -d
+            # Clean up old images from ghcr.io registry (keep only the latest and production)
+            docker images 'ghcr.io/oddsteam/dailynews-e-newspaper' --format '{{.ID}} {{.Tag}}' | grep -v 'latest' | grep -v 'production' | awk '{print $1}' | xargs -r docker rmi -f || true
+
+      - name: Health check
+        run: |
+          echo "Waiting for services to start..."
+          sleep 15
+
+          echo "Checking application health..."
+          for i in {1..5}; do
+            if curl -f -s http://${{ secrets.SERVER_PRODUCTION_HOST }}/e-newspaper/up > /dev/null; then
+              echo "✓ Health check passed!"
+              exit 0
+            fi
+            echo "Attempt $i failed, retrying in 10 seconds..."
+            sleep 10
+          done
+
+          echo "✗ Health check failed after 5 attempts"
+          exit 1
                   
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -0,0 +1,59 @@
+services:
+  db:
+    image: postgres:17.2-alpine
+    volumes:
+      - 'postgres:/var/lib/postgresql/data'
+    restart: always
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: dailynews_production
+    ports:
+      - '5432:5432'
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U postgres -d dailynews_production" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - rails_network
+
+  rails:
+    image: ghcr.io/oddsteam/dailynews-e-newspaper:production
+    platform: linux/amd64
+    depends_on:
+      db:
+        condition: service_healthy
+    expose:
+      - "3000"
+    ports:
+      - "3000:3000"
+    environment:
+      - RAILS_MASTER_KEY=${RAILS_MASTER_KEY}
+      - APP_ENV=production
+      - SCRIPT_NAME=/e-newspaper
+      - SOLID_QUEUE_IN_PUMA=true
+      - WEB_CONCURRENCY=auto
+      - RAILS_MAX_THREADS=8
+    networks:
+      - rails_network
+
+  nginx:
+    image: nginx:alpine
+    ports:
+      - "80:80"
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - rails
+    networks:
+      - rails_network
+    restart: always
+
+networks:
+  rails_network:
+
+
+volumes:
+  postgres:
+  bundle:
