admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ec4bbbfe88b6060e17c046e0fe2b321f7110bf1
honeyDueAPI/deploy/cluster.env.example
Trey t 33eee812b6 Harden prod deploy: versioned secrets, healthchecks, migration lock, dry-run 
Swarm stack
- Resource limits on all services, stop_grace_period 60s on api/worker/admin
- Dozzle bound to manager loopback only (ssh -L required for access)
- Worker health server on :6060, admin /api/health endpoint
- Redis 200M LRU cap, B2/S3 env vars wired through to api service

Deploy script
- DRY_RUN=1 prints plan + exits
- Auto-rollback on failed healthcheck, docker logout at end
- Versioned-secret pruning keeps last SECRET_KEEP_VERSIONS (default 3)
- PUSH_LATEST_TAG default flipped to false
- B2 all-or-none validation before deploy

Code
- cmd/api takes pg_advisory_lock on a dedicated connection before
  AutoMigrate, serialising boot-time migrations across replicas
- cmd/worker exposes an HTTP /health endpoint with graceful shutdown

Docs
- deploy/DEPLOYING.md: step-by-step walkthrough for a real deploy
- deploy/shit_deploy_cant_do.md: manual prerequisites + recurring ops
- deploy/README.md updated with storage toggle, worker-replica caveat,
  multi-arch recipe, connection-pool tuning, renumbered sections

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 15:22:43 -05:00

33 lines
1.1 KiB
Plaintext
Raw Blame History

# Swarm manager connection
DEPLOY_MANAGER_HOST=CHANGEME_MANAGER_IP_OR_HOSTNAME
DEPLOY_MANAGER_USER=deploy
DEPLOY_MANAGER_SSH_PORT=22
DEPLOY_SSH_KEY_PATH=~/.ssh/id_ed25519
# Stack settings
DEPLOY_STACK_NAME=honeydue
DEPLOY_REMOTE_DIR=/opt/honeydue/deploy
DEPLOY_WAIT_SECONDS=420
DEPLOY_HEALTHCHECK_URL=https://api.honeyDue.treytartt.com/api/health/
# Replicas and published ports
API_REPLICAS=3
# IMPORTANT: keep WORKER_REPLICAS=1 until Asynq PeriodicTaskManager is wired.
# The current asynq.Scheduler in cmd/worker/main.go has no Redis-based
# leader election, so running >1 replica fires every cron task once per
# replica → duplicate daily digests / onboarding emails / etc.
WORKER_REPLICAS=1
ADMIN_REPLICAS=1
API_PORT=8000
ADMIN_PORT=3000
DOZZLE_PORT=9999
# Build behavior
# PUSH_LATEST_TAG=true also tags and pushes :latest on the registry.
# Leave false in production to keep image tags immutable (SHA-pinned only).
PUSH_LATEST_TAG=false
# Secret retention: number of versioned Swarm secrets to keep per name after each deploy.
# Older unused versions are pruned post-convergence. Default: 3.
SECRET_KEEP_VERSIONS=3
Reference in New Issue View Git Blame Copy Permalink