denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: denshooter:dev
Branches Tags
denshooter:production denshooter:dev
...
compare: denshooter:9f305d3e7841734e6bda9d74d48f019c0c43db33
Branches Tags
denshooter:production denshooter:dev

43 Commits
dev ... 9f305d3e78

Author SHA1 Message Date
denshooter
9f305d3e78 Fix environment variables in deployment scripts
Some checks failed
CI/CD Pipeline (Reliable & Simple) / production (push) Failing after 8m25s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m28s
Details 
- Export all environment variables before deployment to ensure they're available to child processes
- Add logging to show which variables are configured (without revealing secrets)
- This fixes docker-compose warnings about missing environment variables
- Ensures both docker run and docker-compose scenarios work correctly

Updated scripts:
- scripts/gitea-deploy.sh
- scripts/gitea-deploy-simple.sh
 2025-10-15 15:39:00 +02:00
denshooter
04522d3093 Fix CI/CD root user error in deployment scripts
Some checks failed
CI/CD Pipeline (Reliable & Simple) / production (push) Failing after 9m5s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m29s
Details 
- Modify root checks to allow running as root in CI environments
- Add conditional check: only prevent root when not in CI (CI env var not set)
- Updated scripts:
  - scripts/gitea-deploy.sh
  - scripts/gitea-deploy-simple.sh
  - scripts/deploy.sh
  - scripts/auto-deploy.sh
  - scripts/setup-gitea-runner.sh

This fixes the 'This script should not be run as root' error in Gitea Actions
where containers run as root by default.
 2025-10-15 15:14:22 +02:00
Denshooter
8d65e2d7c3 Merge branch 'production' of https://git.dk0.dev/denshooter/portfolio into production
Some checks failed
CI/CD Pipeline (Reliable & Simple) / production (push) Failing after 8m19s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m15s
Details
2025-09-16 00:30:20 +02:00
Denshooter
dca8cb8973 Fix CI/CD: Switch from Gitea Actions to Woodpecker CI workflow 
- Disabled ci-cd-fast.yml (Gitea Actions syntax)
- Added ci-cd-woodpecker.yml (proper Woodpecker CI syntax)
- Fixed environment variable and secret access
- Should resolve deployment issues with missing variables
 2025-09-16 00:29:23 +02:00
denshooter
f66844870a Fix nginx startup script syntax errors
Some checks failed
CI/CD Pipeline (Fast) / production (push) Successful in 6m41s
Details
CI/CD Pipeline (Reliable & Simple) / production (push) Failing after 8m42s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m15s
Details 
- Simplify nginx startup command to avoid YAML syntax issues
- Remove complex fallback configuration that was causing shell errors
- nginx now starts successfully and serves the application correctly

Tested locally: nginx responds to /health and / endpoints properly.
 2025-09-16 00:03:01 +02:00
denshooter
6be2feb8dd 🔧 Add PowerShell script for Bitwarden .env synchronization
Some checks failed
CI/CD Pipeline (Reliable & Simple) / production (push) Has been cancelled
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Has been cancelled
Details
CI/CD Pipeline (Fast) / production (push) Has been cancelled
Details 
- Introduced `sync-env.ps1` to facilitate the synchronization of environment variables from Bitwarden on Windows.
- Implemented checks for Bitwarden CLI installation and authentication status.
- Added functionality to fetch environment variables from a specified Bitwarden item and create/update a `.env` file.
- Enhanced user feedback with clear error messages and success confirmations.

 This script streamlines the management of environment variables by integrating with Bitwarden, ensuring secure and efficient updates.
 2025-09-16 00:00:07 +02:00
denshooter
efda383bd8 Fix nginx configuration syntax errors
Some checks failed
CI/CD Pipeline (Fast) / production (push) Successful in 6m44s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Has been cancelled
Details
CI/CD Pipeline (Reliable & Simple) / production (push) Has been cancelled
Details 
- Move proxy_set_header directives inside location blocks
- Add DNS resolver for dynamic upstream resolution
- Improve fallback configuration in docker-compose
- Add config validation before starting nginx

This should resolve the nginx startup failures.
 2025-09-15 23:51:59 +02:00
denshooter
9c6b313435 Fix nginx configuration conflict in docker-compose
Some checks failed
CI/CD Pipeline (Reliable & Simple) / production (push) Has been cancelled
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Has been cancelled
Details
CI/CD Pipeline (Fast) / production (push) Has been cancelled
Details 
- Remove default nginx configuration files to prevent conflicts
- Add command to clear /etc/nginx/conf.d/* before starting nginx
- This fixes the 'events directive not allowed here' error
 2025-09-15 23:48:46 +02:00
denshooter
b06151739f 🔧 Add Bitwarden .env sync script for environment variable management
Some checks failed
CI/CD Pipeline (Reliable & Simple) / production (push) Has been cancelled
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Has been cancelled
Details
CI/CD Pipeline (Fast) / production (push) Has been cancelled
Details 
- Introduced `sync-env.sh` to automate the synchronization of environment variables from Bitwarden.
- Implemented authentication with Bitwarden CLI, including session management and error handling.
- Added functionality to fetch environment variables from Bitwarden items and create/update a `.env` file in the specified target directory.
- Included logging for debugging and operational transparency.

 This script enhances the management of environment variables by integrating with Bitwarden, ensuring secure and efficient updates.
 2025-09-15 23:42:52 +02:00
denshooter
ed95163f55 🔧 Improve health check logic in Gitea workflows
Some checks failed
CI/CD Pipeline (Fast) / production (push) Successful in 7m47s
Details
CI/CD Pipeline (Reliable & Simple) / production (push) Failing after 8m46s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m17s
Details 
- Enhanced health check mechanisms in `ci-cd-fast.yml` and `ci-cd-zero-downtime-fixed.yml` to utilize `docker exec` for internal checks, addressing issues with direct port access.
- Updated health check logic to provide better error messages and fallback methods, ensuring more reliable deployment verification.
- Documented changes in `DEPLOYMENT-FIXES.md` to reflect improvements in health check processes.

 These updates enhance the reliability of health checks during deployments and improve debugging capabilities.
 2025-09-15 14:15:49 +02:00
denshooter
fc3f9ebf12 🔧 Enhance Gitea deployment workflows and fix nginx configuration
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 6m12s
Details
CI/CD Pipeline (Reliable & Simple) / production (push) Failing after 8m16s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m19s
Details 
- Added new CI/CD workflow `ci-cd-reliable.yml` for reliable deployments with database support.
- Created `docker-compose.zero-downtime-fixed.yml` to address nginx configuration issues for zero-downtime deployments.
- Improved existing workflows to check for nginx configuration file and create a fallback if missing.
- Updated `DEPLOYMENT-FIXES.md` to document new workflows and fixes.

 These changes improve deployment reliability and ensure proper nginx configuration for seamless updates.
 2025-09-14 19:11:37 +02:00
denshooter
ca2cbc2c92 🔧 Implement deployment fixes and enhance Gitea workflows
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 6m6s
Details
CI/CD Pipeline (Simple & Reliable) / production (push) Failing after 6m15s
Details
CI/CD Pipeline (Zero Downtime - Fixed) / production (push) Failing after 7m59s
Details 
- Created `DEPLOYMENT-FIXES.md` to document issues and solutions for Gitea Actions.
- Fixed Dockerfile path for standalone build.
- Enhanced `gitea-deploy.sh` with improved environment variable handling and extended health check timeouts.
- Introduced `gitea-deploy-simple.sh` for simplified deployments without database dependencies.
- Updated Next.js configuration to resolve build issues.
- Improved health check logic and error handling across all Gitea workflows.

 These changes enhance deployment reliability and provide better debugging information.
 2025-09-13 23:48:50 +02:00
denshooter
cc5009a0d6 🔧 Update Next.js configuration and enhance Gitea deployment script
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 5m1s
Details
CI/CD Pipeline (Zero Downtime - Fixed) / production (push) Has been cancelled
Details 
- Added serverRuntimeConfig to next.config.ts for improved server-side configuration.
- Updated gitea-deploy.sh to include additional environment variables for deployment.
- Increased sleep duration and health check timeout for better container readiness verification.
- Implemented checks to ensure the container is running during health checks and logs container status if it fails.

 Enhancements improve deployment reliability and server configuration management.
 2025-09-13 23:37:53 +02:00
denshooter
116dac89b3 🔧 Fix Gitea Actions for zero-downtime deployment 
- Create new ci-cd-zero-downtime-fixed.yml workflow
- Disable old workflows that try to access port 3000 directly
- New workflow uses docker-compose.zero-downtime.yml
- Health checks now use nginx on port 80 instead of direct port 3000
- Fixes the 'Connection refused' errors in Gitea Actions

 Actions now properly work with zero-downtime nginx setup
 2025-09-13 23:20:51 +02:00
denshooter
3dbe80edcc 🔧 Fix zero-downtime deployment issues
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 5m10s
Details
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m53s
Details
CI/CD Pipeline (Simple) / production (push) Failing after 9m14s
Details 
- Fix Dockerfile standalone build path from /app/.next/standalone/gitea/portfolio to /app/.next/standalone/app
- Fix nginx configuration by removing conflicting server blocks
- Consolidate health check and main proxy into single server block
- Ensure proper load balancing between portfolio-app-1 and portfolio-app-2

 Deployment now working successfully with:
- Application running on both instances (healthy)
- Database and Redis running (healthy)
- Nginx load balancer working
- Health endpoints accessible
- Main portfolio site accessible at http://localhost/
 2025-09-13 22:31:39 +02:00
denshooter
bdc38d8b57 Fix container conflicts and environment variables properly
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 3m40s
Details
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m57s
Details
CI/CD Pipeline (Simple) / production (push) Failing after 9m21s
Details 
- Add aggressive container cleanup including specific problematic container ID
- Export environment variables before docker compose commands
- Remove all containers with 'portfolio' in name to prevent conflicts
- Fix both rolling update and fresh deployment cases
- Tested locally and verified working
- Environment variables now properly passed to docker compose
 2025-09-13 21:12:32 +02:00
denshooter
6338a34612 Fix container conflicts and environment variables
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 3m40s
Details
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m53s
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details 
- Add comprehensive container cleanup before starting services
- Pass environment variables to docker compose commands
- Fix container name conflicts by removing all existing containers first
- Add local test script to verify deployment process
- Ensure clean environment for zero-downtime deployments
 2025-09-13 20:59:01 +02:00
denshooter
58dd60ea64 Force remove problematic container and improve Node.js setup
Some checks failed
CI/CD Pipeline (Fast) / production (push) Failing after 4m18s
Details
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m51s
Details
CI/CD Pipeline (Simple) / production (push) Failing after 7m53s
Details 
- Add specific removal of problematic container afa9a70588844b06e17d5e0527119d589a7a3fde8a17608447cf7d8d448cf261
- Force remove portfolio-app-new container before deployment
- Add container listing for debugging after cleanup
- Upgrade setup-node to v4 for better performance
- Add cache-dependency-path for more efficient caching
- Create fast workflow alternative with manual cache management
 2025-09-13 18:44:54 +02:00
denshooter
65ad26eeae Enhance container cleanup for zero-downtime deployment
Some checks failed
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m57s
Details
CI/CD Pipeline (Simple) / production (push) Failing after 7m54s
Details 
- Add comprehensive cleanup of all portfolio-app containers
- Dynamically find and remove containers with portfolio-app in name
- Remove specific problematic container names (portfolio-app-new, etc.)
- Add container pruning to clean up stopped containers
- Ensure clean environment before starting new temporary container
- Prevents any container name conflicts during deployment
 2025-09-13 18:21:36 +02:00
denshooter
20a6c416e3 Fix container name conflicts in zero-downtime deployment
Some checks failed
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m55s
Details
CI/CD Pipeline (Simple) / production (push) Failing after 7m53s
Details 
- Use unique timestamp-based container names to avoid conflicts
- Clean up existing temporary containers before starting new ones
- Generate unique names like 'portfolio-app-temp-1234567890'
- Prevents 'container name already in use' errors
- Ensures reliable zero-downtime deployments
 2025-09-13 01:24:34 +02:00
denshooter
89e0f9f2f8 Fix port conflict in zero-downtime deployment
Some checks failed
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m49s
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details 
- Remove port mapping for temporary container to avoid conflicts
- Use docker exec for health checks instead of external port access
- Eliminates 'port already allocated' error
- Maintains zero-downtime functionality without port conflicts
 2025-09-13 01:13:43 +02:00
denshooter
8d627028cb Implement zero-downtime deployment strategy
Some checks failed
CI/CD Pipeline (Zero Downtime) / production (push) Failing after 7m51s
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details 
- Add rolling update mechanism for seamless deployments
- Start new container on port 3001, health check, then switch
- Preserve database and redis connections during updates
- Automatic fallback to fresh deployment if no current container
- Add advanced nginx load balancer configuration for future use
- Eliminate container name conflicts with proper cleanup
- Website stays online during deployments
 2025-09-13 01:02:37 +02:00
denshooter
8afc63ef0b Separate CI/CD workflows for clarity
Some checks failed
CI/CD Pipeline (Simple) / production (push) Failing after 7m52s
Details 
- Split CI/CD into two distinct workflows:
  - 'Test and Build' for main branch (testing only)
  - 'CI/CD Pipeline' for production branch (full deployment)
- Remove duplicate test-and-build job from production workflow
- Each workflow now has a single, clear purpose
- Eliminates confusion with multiple job views in Gitea
 2025-09-13 00:39:08 +02:00
denshooter
72456aa7a0 Fix Docker Compose command syntax
Some checks failed
CI/CD Pipeline (Simple) / test-and-build (push) Has been skipped
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details 
- Replace deprecated 'docker-compose' with modern 'docker compose'
- Update all workflow files to use new syntax
- Update documentation with correct commands
- Fixes 'command not found' error in CI/CD pipeline
- Compatible with Docker Compose V2 and newer versions
 2025-09-13 00:35:02 +02:00
denshooter
4ccb2b146d Update workflows to match actual Variables and Secrets configuration
Some checks failed
CI/CD Pipeline (Simple) / test-and-build (push) Has been skipped
Details
CI/CD Pipeline (Simple) / production (push) Failing after 7m54s
Details 
- Use Variables for non-sensitive data (NODE_ENV, LOG_LEVEL, URLs, emails)
- Use Secrets for sensitive data (passwords, auth tokens)
- Add all configured variables: NODE_ENV, LOG_LEVEL, UMAMI analytics
- Update verification checks to match actual configuration
- Improve debug workflow to show Variables vs Secrets clearly
- Fix environment variable mapping in Docker Compose deployment
 2025-09-13 00:16:43 +02:00
denshooter
e245e8afe1 Support both Variables and Secrets in workflows
Some checks failed
CI/CD Pipeline (Simple) / test-and-build (push) Has been skipped
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details 
- Allow NEXT_PUBLIC_BASE_URL to be set as either Variable or Secret
- Update CI/CD workflow to check both secrets and variables
- Update debug workflow to show whether values come from secrets or variables
- Use fallback syntax: secrets.VAR || vars.VAR
- Improve error messages to guide users to correct settings location
 2025-09-13 00:12:20 +02:00
denshooter
5a14efb5fc Make Docker mandatory for pre-push hook
Some checks failed
CI/CD Pipeline (Simple) / test-and-build (push) Has been skipped
Details
CI/CD Pipeline (Simple) / production (push) Failing after 7m53s
Details 
- Docker must be running and functional before push is allowed
- Added comprehensive Docker status checks (info + hello-world test)
- Enhanced error messages with platform-specific Docker start instructions
- Improved build error reporting with detailed log output
- Added common troubleshooting tips for Docker build failures
- Push will fail if Docker is not available or build fails
 2025-09-12 23:36:42 +02:00
denshooter
7f6694622c Fix React DOM warnings and improve pre-push hook
Some checks failed
CI/CD Pipeline (Simple) / test-and-build (push) Has been cancelled
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details 
- Fix fill and priority boolean attributes in Hero component
- Improve next/image mock in Jest setup to handle boolean props correctly
- Enhance pre-push hook with better Docker detection and error handling
- Make Docker build test non-blocking (warnings instead of errors)
- Add executable permissions for secret check script
- Prevent React DOM warnings in tests
 2025-09-12 23:34:11 +02:00
denshooter
83705af7f6 cleanup and Test pre-push hook 2025-09-12 23:31:46 +02:00
denshooter
b34deb3c81 Optimize CI/CD pipeline - remove redundant builds
Some checks failed
CI/CD Pipeline (Simple) / test-and-build (push) Has been cancelled
Details
CI/CD Pipeline (Simple) / production (push) Has been cancelled
Details
CI/CD Pipeline / test (push) Successful in 8m40s
Details
Security Scan / security (push) Successful in 7m47s
Details
CI/CD Pipeline / security (push) Successful in 5m14s
Details
CI/CD Pipeline / build (push) Successful in 4m1s
Details
CI/CD Pipeline / deploy (push) Failing after 24s
Details 
- Replace inefficient multi-job pipeline with simple single-job approach
- Eliminate duplicate builds (npm build + docker build)
- Reduce pipeline complexity and execution time
- Keep old pipeline as backup (ci-cd-old.yml)
- Simple pipeline: Install → Lint → Test → Build → Security → Deploy (production only)
- Non-production branches: Install → Lint → Test → Build → Security
 2025-09-12 23:28:11 +02:00
denshooter
a4c61172f6 Fix Gitea Actions compatibility and improve container configuration
Some checks failed
CI/CD Pipeline / test (push) Successful in 9m19s
Details
CI/CD Pipeline / security (push) Has been cancelled
Details
CI/CD Pipeline / build (push) Has been cancelled
Details
CI/CD Pipeline / deploy (push) Has been cancelled
Details
Security Scan / security (push) Has been cancelled
Details 
- Update all GitHub Actions to v3 for Gitea compatibility
- Fix artifact upload/download actions (v4 -> v3)
- Remove GitHub-specific features (GITHUB_STEP_SUMMARY)
- Add complete Docker Compose configuration with PostgreSQL and Redis
- Add environment secrets support for all workflows
- Add debug workflow for secrets verification
- Add comprehensive documentation for secrets setup
- Improve container networking and health checks
 2025-09-12 23:18:01 +02:00
denshooter
f7e0172111 Refactor security scanning and database setup
Some checks failed
CI/CD Pipeline / test (push) Successful in 10m54s
Details
Security Scan / security (push) Failing after 5m21s
Details
CI/CD Pipeline / security (push) Successful in 5m25s
Details
CI/CD Pipeline / build (push) Failing after 2m27s
Details
CI/CD Pipeline / deploy (push) Has been skipped
Details 
- Update security scan workflow to utilize a dedicated script for checking secrets, improving detection accuracy.
- Modify database connection setup in multiple scripts to use an environment variable fallback for DATABASE_URL, enhancing flexibility in different environments.
 2025-09-11 11:17:35 +02:00
denshooter
c4bc27273e Implement security scanning workflows and scripts
Some checks failed
CI/CD Pipeline / test (push) Successful in 10m59s
Details
Security Scan / security (push) Failing after 5m27s
Details
CI/CD Pipeline / security (push) Successful in 5m57s
Details
CI/CD Pipeline / build (push) Failing after 3m3s
Details
CI/CD Pipeline / deploy (push) Has been skipped
Details 
- Update CI/CD workflow to use specific Trivy version and change output format for vulnerability results.
- Add fallback npm audit step in case Trivy scan fails.
- Create a new security scan workflow that runs on push and pull request events, including scheduled scans.
- Introduce a security scan script to perform npm audit, Trivy scans, and check for potential secrets in the codebase.
- Ensure results are uploaded as artifacts for review and maintain retention policies for scan results.
 2025-09-11 10:44:03 +02:00
denshooter
519ca43168 Update Dockerfile and Next.js configuration; enhance contact components
Some checks failed
CI/CD Pipeline / test (push) Successful in 10m55s
Details
CI/CD Pipeline / security (push) Failing after 5m20s
Details
CI/CD Pipeline / build (push) Has been skipped
Details
CI/CD Pipeline / deploy (push) Has been skipped
Details 
- Modify Dockerfile to install curl without recommended packages for a leaner image.
- Update Next.js configuration to set outputFileTracingRoot for better Docker compatibility.
- Revise contact components to improve messaging and clarity, changing "Get In Touch" to "Contact Me" and enhancing descriptions for collaboration opportunities.
- Clean up Prisma schema by removing unnecessary comments and restructuring the Project model for clarity.
 2025-09-11 10:13:35 +02:00
denshooter
09d925745d Update Docker configuration and add Gitea CI/CD workflows
Some checks failed
CI/CD Pipeline / test (push) Successful in 12m0s
Details
CI/CD Pipeline / security (push) Failing after 6m6s
Details
CI/CD Pipeline / build (push) Has been skipped
Details
CI/CD Pipeline / deploy (push) Has been skipped
Details 
- Change Docker image in docker-compose.prod.yml to use 'portfolio-app:latest'.
- Add new scripts for Gitea deployment and setup of Gitea runner.
- Introduce CI/CD workflows for automated testing, security scanning, and deployment in Gitea.
- Enhance package.json with new deployment scripts for Gitea integration.
 2025-09-10 15:14:55 +02:00
denshooter
07cf999a9e Fix Docker deployment - use built image instead of building locally 
- Change docker-compose.prod.yml to use ghcr.io image instead of building
- Add --force-recreate flag to ensure new container is created
- Add docker image prune to remove old images
- This should fix the issue where old container version is served
 2025-09-10 12:01:56 +02:00
denshooter
8ea4fc3fd3 Fix caching issues - disable static generation and add cache-busting headers 
- Disable generateStaticParams to prevent static generation
- Add Cache-Control headers to force revalidation
- This should fix the issue where new routes are not available after deployment
 2025-09-10 11:46:52 +02:00
denshooter
0bcba1643e Trigger deployment - force rebuild 2025-09-10 11:44:43 +02:00
denshooter
24ecc720c5 Fix final merge conflict marker in email/respond/route.tsx 2025-09-10 11:14:20 +02:00
denshooter
690d9e1cfb Fix remaining merge conflicts and linter errors 
- Remove merge conflict markers from AnalyticsDashboard.tsx
- Fix merge conflicts in email/respond/route.tsx
- Use dev versions of EmailManager and ModernAdminDashboard
- Add eslint-disable for Image icon in editor
 2025-09-10 11:13:27 +02:00
denshooter
b44250fe0e Merge dev branch into production - resolve conflicts 
- Updated admin URLs from /admin to /manage
- Integrated new admin dashboard and email management features
- Added authentication system and project management
- Resolved conflicts in DEV-SETUP.md, README.md, email routes, and components
- Removed old admin page in favor of new manage page
 2025-09-10 11:06:36 +02:00
denshooter
0af21d6fc6 Dev (#51) 
* update

* cleanup

* fixing linting and tests errors

* Refactor API Parameter Handling and Update Email Transport

 Updated API Route Parameters:
- Changed parameter type from `{ id: string }` to `Promise<{ id: string }>` in PUT and DELETE methods for better async handling.

 Fixed Email Transport Creation:
- Updated `nodemailer.createTransporter` to `nodemailer.createTransport` for correct transport configuration.

 Refactored AnalyticsDashboard Component:
- Changed export from default to named export for better modularity.

 Enhanced Email Responder Toast:
- Updated toast structure to include additional properties for better user feedback.

🎯 Overall Improvements:
- Improved async handling in API routes.
- Ensured correct usage of nodemailer.
- Enhanced component exports and user notifications.

* 🔧 Update Redis Configuration in Docker Compose

 Changed Redis URL:
- Updated the Redis connection string in docker-compose.prod.yml to use the new shared Redis service.

 Removed Redis Dependency Check:
- Eliminated the health check dependency for the Redis service as it is no longer required.

🎯 Improvements:
- Streamlined Redis configuration for production deployment.
 2025-09-08 08:53:07 +02:00
denshooter
a842cb04f3 Dev (#50) 
* update

* cleanup

* fixing linting and tests errors

* Refactor API Parameter Handling and Update Email Transport

 Updated API Route Parameters:
- Changed parameter type from `{ id: string }` to `Promise<{ id: string }>` in PUT and DELETE methods for better async handling.

 Fixed Email Transport Creation:
- Updated `nodemailer.createTransporter` to `nodemailer.createTransport` for correct transport configuration.

 Refactored AnalyticsDashboard Component:
- Changed export from default to named export for better modularity.

 Enhanced Email Responder Toast:
- Updated toast structure to include additional properties for better user feedback.

🎯 Overall Improvements:
- Improved async handling in API routes.
- Ensured correct usage of nodemailer.
- Enhanced component exports and user notifications.
 2025-09-08 08:36:16 +02:00
46 changed files with 4064 additions and 595 deletions
Expand all files Collapse all files

318
.gitea/workflows/ci-cd-fast.yml.disabled Normal file
View File

@@ -0,0 +1,318 @@
name: CI/CD Pipeline (Fast)
on:
push:
branches: [ production ]
env:
NODE_VERSION: '20'
DOCKER_IMAGE: portfolio-app
CONTAINER_NAME: portfolio-app
jobs:
production:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js (Fast)
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
# Disable cache to avoid slow validation
cache: ''
- name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm ci --prefer-offline --no-audit
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
- name: Build Docker image
run: |
docker build -t ${{ env.DOCKER_IMAGE }}:latest .
docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S)
- name: Prepare for zero-downtime deployment
run: |
echo "🚀 Preparing zero-downtime deployment..."
# Check if current container is running
if docker ps -q -f name=portfolio-app | grep -q .; then
echo "📊 Current container is running, proceeding with zero-downtime update"
CURRENT_CONTAINER_RUNNING=true
else
echo "📊 No current container running, doing fresh deployment"
CURRENT_CONTAINER_RUNNING=false
fi
# Ensure database and redis are running
echo "🔧 Ensuring database and redis are running..."
docker compose up -d postgres redis
# Wait for services to be ready
sleep 10
- name: Verify secrets and variables before deployment
run: |
echo "🔍 Verifying secrets and variables..."
# Check Variables
if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
# Check Secrets
if [ -z "${{ secrets.MY_PASSWORD }}" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
- name: Deploy with zero downtime
run: |
echo "🚀 Deploying with zero downtime..."
if [ "$CURRENT_CONTAINER_RUNNING" = "true" ]; then
echo "🔄 Performing rolling update..."
# Generate unique container name
TIMESTAMP=$(date +%s)
TEMP_CONTAINER_NAME="portfolio-app-temp-$TIMESTAMP"
echo "🔧 Using temporary container name: $TEMP_CONTAINER_NAME"
# Clean up any existing temporary containers
echo "🧹 Cleaning up any existing temporary containers..."
# Remove specific known problematic containers
docker rm -f portfolio-app-new portfolio-app-temp-* portfolio-app-backup || true
# Find and remove any containers with portfolio-app in the name (except the main one)
EXISTING_CONTAINERS=$(docker ps -a --format "table {{.Names}}" | grep "portfolio-app" | grep -v "^portfolio-app$" || true)
if [ -n "$EXISTING_CONTAINERS" ]; then
echo "🗑️ Removing existing portfolio-app containers:"
echo "$EXISTING_CONTAINERS"
echo "$EXISTING_CONTAINERS" | xargs -r docker rm -f || true
fi
# Also clean up any stopped containers
docker container prune -f || true
# Start new container with unique temporary name (no port mapping needed for health check)
docker run -d \
--name $TEMP_CONTAINER_NAME \
--restart unless-stopped \
--network portfolio_net \
-e NODE_ENV=${{ vars.NODE_ENV }} \
-e LOG_LEVEL=${{ vars.LOG_LEVEL }} \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" \
-e NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-e MY_EMAIL="${{ vars.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
${{ env.DOCKER_IMAGE }}:latest
# Wait for new container to be ready
echo "⏳ Waiting for new container to be ready..."
sleep 15
# Health check new container using docker exec
for i in {1..20}; do
if docker exec $TEMP_CONTAINER_NAME curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ New container is healthy!"
break
fi
echo "⏳ Health check attempt $i/20..."
sleep 3
done
# Stop old container
echo "🛑 Stopping old container..."
docker stop portfolio-app || true
# Remove old container
docker rm portfolio-app || true
# Rename new container
docker rename $TEMP_CONTAINER_NAME portfolio-app
# Update port mapping
docker stop portfolio-app
docker rm portfolio-app
# Start with correct port
docker run -d \
--name portfolio-app \
--restart unless-stopped \
--network portfolio_net \
-p 3000:3000 \
-e NODE_ENV=${{ vars.NODE_ENV }} \
-e LOG_LEVEL=${{ vars.LOG_LEVEL }} \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" \
-e NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-e MY_EMAIL="${{ vars.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
${{ env.DOCKER_IMAGE }}:latest
echo "✅ Rolling update completed!"
else
echo "🆕 Fresh deployment..."
docker compose up -d
fi
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Wait for container to be ready
run: |
echo "⏳ Waiting for container to be ready..."
sleep 15
# Check if container is actually running
if ! docker ps --filter "name=portfolio-app" --format "{{.Names}}" | grep -q "portfolio-app"; then
echo "❌ Container failed to start"
echo "Container logs:"
docker logs portfolio-app --tail=50
exit 1
fi
# Wait for health check with better error handling
echo "🏥 Performing health check..."
for i in {1..40}; do
# First try direct access to port 3000
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Application is healthy (direct access)!"
break
fi
# If direct access fails, try through docker exec (internal container check)
if docker exec portfolio-app curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Application is healthy (internal check)!"
# Check if port is properly exposed
if ! curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "⚠️ Application is running but port 3000 is not exposed to host"
echo "This might be expected in some deployment configurations"
break
fi
fi
# Check if container is still running
if ! docker ps --filter "name=portfolio-app" --format "{{.Names}}" | grep -q "portfolio-app"; then
echo "❌ Container stopped during health check"
echo "Container logs:"
docker logs portfolio-app --tail=50
exit 1
fi
echo "⏳ Health check attempt $i/40..."
sleep 3
done
# Final health check - try both methods
if docker exec portfolio-app curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Final health check passed (internal)"
# Try external access if possible
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ External access also working"
else
echo "⚠️ External access not available (port not exposed)"
fi
else
echo "❌ Health check timeout - application not responding"
echo "Container logs:"
docker logs portfolio-app --tail=100
exit 1
fi
- name: Health check
run: |
echo "🔍 Final health verification..."
# Check container status
docker ps --filter "name=portfolio-app" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# Test health endpoint - try both methods
echo "🏥 Testing health endpoint..."
if curl -f http://localhost:3000/api/health; then
echo "✅ Health endpoint accessible externally"
elif docker exec portfolio-app curl -f http://localhost:3000/api/health; then
echo "✅ Health endpoint accessible internally (external port not exposed)"
else
echo "❌ Health endpoint not accessible"
exit 1
fi
# Test main page - try both methods
echo "🌐 Testing main page..."
if curl -f http://localhost:3000/ > /dev/null; then
echo "✅ Main page is accessible externally"
elif docker exec portfolio-app curl -f http://localhost:3000/ > /dev/null; then
echo "✅ Main page is accessible internally (external port not exposed)"
else
echo "❌ Main page is not accessible"
exit 1
fi
echo "✅ Deployment successful!"
- name: Cleanup old images
run: |
docker image prune -f
docker system prune -f

177
.gitea/workflows/ci-cd-reliable.yml Normal file
View File

@@ -0,0 +1,177 @@
name: CI/CD Pipeline (Reliable & Simple)
on:
push:
branches: [ production ]
env:
NODE_VERSION: '20'
DOCKER_IMAGE: portfolio-app
CONTAINER_NAME: portfolio-app
jobs:
production:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
- name: Verify secrets and variables
run: |
echo "🔍 Verifying secrets and variables..."
# Check Variables
if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
# Check Secrets
if [ -z "${{ secrets.MY_PASSWORD }}" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
- name: Build Docker image
run: |
echo "🏗️ Building Docker image..."
docker build -t ${{ env.DOCKER_IMAGE }}:latest .
docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S)
echo "✅ Docker image built successfully"
- name: Deploy with database services
run: |
echo "🚀 Deploying with database services..."
# Export environment variables
export NODE_ENV="${{ vars.NODE_ENV }}"
export LOG_LEVEL="${{ vars.LOG_LEVEL }}"
export NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}"
export NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}"
export NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}"
export MY_EMAIL="${{ vars.MY_EMAIL }}"
export MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}"
export MY_PASSWORD="${{ secrets.MY_PASSWORD }}"
export MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}"
export ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}"
# Stop old containers
echo "🛑 Stopping old containers..."
docker compose down || true
# Clean up orphaned containers
echo "🧹 Cleaning up orphaned containers..."
docker compose down --remove-orphans || true
# Start new containers
echo "🚀 Starting new containers..."
docker compose up -d
echo "✅ Deployment completed!"
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Wait for containers to be ready
run: |
echo "⏳ Waiting for containers to be ready..."
sleep 20
# Check if all containers are running
echo "📊 Checking container status..."
docker compose ps
# Wait for application container to be healthy
echo "🏥 Waiting for application container to be healthy..."
for i in {1..30}; do
if docker exec portfolio-app curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Application container is healthy!"
break
fi
echo "⏳ Waiting for application container... ($i/30)"
sleep 3
done
- name: Health check
run: |
echo "🔍 Running comprehensive health checks..."
# Check container status
echo "📊 Container status:"
docker compose ps
# Check application container
echo "🏥 Checking application container..."
if docker exec portfolio-app curl -f http://localhost:3000/api/health; then
echo "✅ Application health check passed!"
else
echo "❌ Application health check failed!"
docker logs portfolio-app --tail=50
exit 1
fi
# Check main page
if curl -f http://localhost:3000/ > /dev/null; then
echo "✅ Main page is accessible!"
else
echo "❌ Main page is not accessible!"
exit 1
fi
echo "✅ All health checks passed! Deployment successful!"
- name: Cleanup old images
run: |
echo "🧹 Cleaning up old images..."
docker image prune -f
docker system prune -f
echo "✅ Cleanup completed"

143
.gitea/workflows/ci-cd-simple.yml Normal file
View File

@@ -0,0 +1,143 @@
name: CI/CD Pipeline (Simple & Reliable)
on:
push:
branches: [ production ]
env:
NODE_VERSION: '20'
DOCKER_IMAGE: portfolio-app
CONTAINER_NAME: portfolio-app
jobs:
production:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
- name: Verify secrets and variables
run: |
echo "🔍 Verifying secrets and variables..."
# Check Variables
if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
# Check Secrets
if [ -z "${{ secrets.MY_PASSWORD }}" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
- name: Deploy using improved script
run: |
echo "🚀 Deploying using improved deployment script..."
# Set environment variables for the deployment script
export MY_PASSWORD="${{ secrets.MY_PASSWORD }}"
export MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}"
export ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}"
# Make the script executable
chmod +x ./scripts/gitea-deploy.sh
# Run the deployment script
./scripts/gitea-deploy.sh
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Final verification
run: |
echo "🔍 Final verification..."
# Wait a bit more to ensure everything is stable
sleep 10
# Check if container is running
if docker ps --filter "name=${{ env.CONTAINER_NAME }}" --format "{{.Names}}" | grep -q "${{ env.CONTAINER_NAME }}"; then
echo "✅ Container is running"
else
echo "❌ Container is not running"
docker ps -a
exit 1
fi
# Check health endpoint
if curl -f http://localhost:3000/api/health; then
echo "✅ Health check passed"
else
echo "❌ Health check failed"
echo "Container logs:"
docker logs ${{ env.CONTAINER_NAME }} --tail=50
exit 1
fi
# Check main page
if curl -f http://localhost:3000/ > /dev/null; then
echo "✅ Main page is accessible"
else
echo "❌ Main page is not accessible"
exit 1
fi
echo "🎉 Deployment successful!"
- name: Cleanup old images
run: |
echo "🧹 Cleaning up old images..."
docker image prune -f
docker system prune -f
echo "✅ Cleanup completed"

232
.gitea/workflows/ci-cd-woodpecker.yml Normal file
View File

@@ -0,0 +1,232 @@
name: CI/CD Pipeline (Woodpecker)
when:
event: push
branch: production
steps:
build:
image: node:20-alpine
commands:
- echo "🚀 Starting CI/CD Pipeline"
- echo "📋 Step 1: Installing dependencies..."
- npm ci --prefer-offline --no-audit
- echo "🔍 Step 2: Running linting..."
- npm run lint
- echo "🧪 Step 3: Running tests..."
- npm run test
- echo "🏗️ Step 4: Building application..."
- npm run build
- echo "🔒 Step 5: Running security scan..."
- npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
volumes:
- node_modules:/app/node_modules
docker-build:
image: docker:latest
commands:
- echo "🐳 Building Docker image..."
- docker build -t portfolio-app:latest .
- docker tag portfolio-app:latest portfolio-app:$(date +%Y%m%d-%H%M%S)
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
image: docker:latest
commands:
- echo "🚀 Deploying application..."
# Verify secrets and variables
- echo "🔍 Verifying secrets and variables..."
- |
if [ -z "$NEXT_PUBLIC_BASE_URL" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "$MY_EMAIL" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "$MY_INFO_EMAIL" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
if [ -z "$MY_PASSWORD" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "$MY_INFO_PASSWORD" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "$ADMIN_BASIC_AUTH" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
# Check if current container is running
- |
if docker ps -q -f name=portfolio-app | grep -q .; then
echo "📊 Current container is running, proceeding with zero-downtime update"
CURRENT_CONTAINER_RUNNING=true
else
echo "📊 No current container running, doing fresh deployment"
CURRENT_CONTAINER_RUNNING=false
fi
# Ensure database and redis are running
- echo "🔧 Ensuring database and redis are running..."
- docker compose up -d postgres redis
- sleep 10
# Deploy with zero downtime
- |
if [ "$CURRENT_CONTAINER_RUNNING" = "true" ]; then
echo "🔄 Performing rolling update..."
# Generate unique container name
TIMESTAMP=$(date +%s)
TEMP_CONTAINER_NAME="portfolio-app-temp-$TIMESTAMP"
echo "🔧 Using temporary container name: $TEMP_CONTAINER_NAME"
# Clean up any existing temporary containers
echo "🧹 Cleaning up any existing temporary containers..."
docker rm -f portfolio-app-new portfolio-app-temp-* portfolio-app-backup || true
# Find and remove any containers with portfolio-app in the name (except the main one)
EXISTING_CONTAINERS=$(docker ps -a --format "table {{.Names}}" | grep "portfolio-app" | grep -v "^portfolio-app$" || true)
if [ -n "$EXISTING_CONTAINERS" ]; then
echo "🗑️ Removing existing portfolio-app containers:"
echo "$EXISTING_CONTAINERS"
echo "$EXISTING_CONTAINERS" | xargs -r docker rm -f || true
fi
# Also clean up any stopped containers
docker container prune -f || true
# Start new container with unique temporary name
docker run -d \
--name $TEMP_CONTAINER_NAME \
--restart unless-stopped \
--network portfolio_net \
-e NODE_ENV=$NODE_ENV \
-e LOG_LEVEL=$LOG_LEVEL \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="$NEXT_PUBLIC_BASE_URL" \
-e NEXT_PUBLIC_UMAMI_URL="$NEXT_PUBLIC_UMAMI_URL" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="$NEXT_PUBLIC_UMAMI_WEBSITE_ID" \
-e MY_EMAIL="$MY_EMAIL" \
-e MY_INFO_EMAIL="$MY_INFO_EMAIL" \
-e MY_PASSWORD="$MY_PASSWORD" \
-e MY_INFO_PASSWORD="$MY_INFO_PASSWORD" \
-e ADMIN_BASIC_AUTH="$ADMIN_BASIC_AUTH" \
portfolio-app:latest
# Wait for new container to be ready
echo "⏳ Waiting for new container to be ready..."
sleep 15
# Health check new container
for i in {1..20}; do
if docker exec $TEMP_CONTAINER_NAME curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ New container is healthy!"
break
fi
echo "⏳ Health check attempt $i/20..."
sleep 3
done
# Stop old container
echo "🛑 Stopping old container..."
docker stop portfolio-app || true
docker rm portfolio-app || true
# Rename new container
docker rename $TEMP_CONTAINER_NAME portfolio-app
# Update port mapping
docker stop portfolio-app
docker rm portfolio-app
# Start with correct port
docker run -d \
--name portfolio-app \
--restart unless-stopped \
--network portfolio_net \
-p 3000:3000 \
-e NODE_ENV=$NODE_ENV \
-e LOG_LEVEL=$LOG_LEVEL \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="$NEXT_PUBLIC_BASE_URL" \
-e NEXT_PUBLIC_UMAMI_URL="$NEXT_PUBLIC_UMAMI_URL" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="$NEXT_PUBLIC_UMAMI_WEBSITE_ID" \
-e MY_EMAIL="$MY_EMAIL" \
-e MY_INFO_EMAIL="$MY_INFO_EMAIL" \
-e MY_PASSWORD="$MY_PASSWORD" \
-e MY_INFO_PASSWORD="$MY_INFO_PASSWORD" \
-e ADMIN_BASIC_AUTH="$ADMIN_BASIC_AUTH" \
portfolio-app:latest
echo "✅ Rolling update completed!"
else
echo "🆕 Fresh deployment..."
docker compose up -d
fi
# Wait for container to be ready
- echo "⏳ Waiting for container to be ready..."
- sleep 15
# Health check
- |
echo "🏥 Performing health check..."
for i in {1..40}; do
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Application is healthy!"
break
fi
echo "⏳ Health check attempt $i/40..."
sleep 3
done
# Final verification
- echo "🔍 Final health verification..."
- docker ps --filter "name=portfolio-app" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
- |
if curl -f http://localhost:3000/api/health; then
echo "✅ Health endpoint accessible"
else
echo "❌ Health endpoint not accessible"
exit 1
fi
- |
if curl -f http://localhost:3000/ > /dev/null; then
echo "✅ Main page is accessible"
else
echo "❌ Main page is not accessible"
exit 1
fi
- echo "✅ Deployment successful!"
# Cleanup
- docker image prune -f
- docker system prune -f
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- NODE_ENV
- LOG_LEVEL
- NEXT_PUBLIC_BASE_URL
- NEXT_PUBLIC_UMAMI_URL
- NEXT_PUBLIC_UMAMI_WEBSITE_ID
- MY_EMAIL
- MY_INFO_EMAIL
- MY_PASSWORD
- MY_INFO_PASSWORD
- ADMIN_BASIC_AUTH
volumes:
node_modules:

257
.gitea/workflows/ci-cd-zero-downtime-fixed.yml Normal file
View File

@@ -0,0 +1,257 @@
name: CI/CD Pipeline (Zero Downtime - Fixed)
on:
push:
branches: [ production ]
env:
NODE_VERSION: '20'
DOCKER_IMAGE: portfolio-app
jobs:
production:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
- name: Build Docker image
run: |
docker build -t ${{ env.DOCKER_IMAGE }}:latest .
docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S)
- name: Verify secrets and variables before deployment
run: |
echo "🔍 Verifying secrets and variables..."
# Check Variables
if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
# Check Secrets
if [ -z "${{ secrets.MY_PASSWORD }}" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
- name: Deploy with zero downtime using docker-compose
run: |
echo "🚀 Deploying with zero downtime using docker-compose..."
# Export environment variables for docker compose
export NODE_ENV="${{ vars.NODE_ENV }}"
export LOG_LEVEL="${{ vars.LOG_LEVEL }}"
export NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}"
export NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}"
export NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}"
export MY_EMAIL="${{ vars.MY_EMAIL }}"
export MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}"
export MY_PASSWORD="${{ secrets.MY_PASSWORD }}"
export MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}"
export ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}"
# Check if nginx config file exists
echo "🔍 Checking nginx configuration file..."
if [ ! -f "nginx-zero-downtime.conf" ]; then
echo "⚠️ nginx-zero-downtime.conf not found, creating fallback..."
cat > nginx-zero-downtime.conf << 'EOF'
events {
worker_connections 1024;
}
http {
upstream portfolio_backend {
server portfolio-app-1:3000 max_fails=3 fail_timeout=30s;
server portfolio-app-2:3000 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name _;
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
location / {
proxy_pass http://portfolio_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
EOF
fi
# Stop old containers
echo "🛑 Stopping old containers..."
docker compose -f docker-compose.zero-downtime-fixed.yml down || true
# Clean up any orphaned containers
echo "🧹 Cleaning up orphaned containers..."
docker compose -f docker-compose.zero-downtime-fixed.yml down --remove-orphans || true
# Start new containers
echo "🚀 Starting new containers..."
docker compose -f docker-compose.zero-downtime-fixed.yml up -d
echo "✅ Zero downtime deployment completed!"
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Wait for containers to be ready
run: |
echo "⏳ Waiting for containers to be ready..."
sleep 20
# Check if all containers are running
echo "📊 Checking container status..."
docker compose -f docker-compose.zero-downtime-fixed.yml ps
# Wait for application containers to be healthy (internal check)
echo "🏥 Waiting for application containers to be healthy..."
for i in {1..30}; do
# Check if both app containers are healthy internally
if docker exec portfolio-app-1 curl -f http://localhost:3000/api/health > /dev/null 2>&1 && \
docker exec portfolio-app-2 curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Both application containers are healthy!"
break
fi
echo "⏳ Waiting for application containers... ($i/30)"
sleep 3
done
# Wait for nginx to be healthy and proxy to work
echo "🌐 Waiting for nginx to be healthy and proxy to work..."
for i in {1..30}; do
# Check nginx health endpoint
if curl -f http://localhost/health > /dev/null 2>&1; then
echo "✅ Nginx health endpoint is working!"
# Now check if nginx can proxy to the application
if curl -f http://localhost/api/health > /dev/null 2>&1; then
echo "✅ Nginx proxy to application is working!"
break
fi
fi
echo "⏳ Waiting for nginx and proxy... ($i/30)"
sleep 3
done
- name: Health check
run: |
echo "🔍 Running comprehensive health checks..."
# Check container status
echo "📊 Container status:"
docker compose -f docker-compose.zero-downtime-fixed.yml ps
# Check individual application containers (internal)
echo "🏥 Checking individual application containers..."
if docker exec portfolio-app-1 curl -f http://localhost:3000/api/health; then
echo "✅ portfolio-app-1 health check passed!"
else
echo "❌ portfolio-app-1 health check failed!"
docker logs portfolio-app-1 --tail=20
exit 1
fi
if docker exec portfolio-app-2 curl -f http://localhost:3000/api/health; then
echo "✅ portfolio-app-2 health check passed!"
else
echo "❌ portfolio-app-2 health check failed!"
docker logs portfolio-app-2 --tail=20
exit 1
fi
# Check nginx health
if curl -f http://localhost/health; then
echo "✅ Nginx health check passed!"
else
echo "❌ Nginx health check failed!"
docker logs portfolio-nginx --tail=20
exit 1
fi
# Check application health through nginx (this is the main test)
if curl -f http://localhost/api/health; then
echo "✅ Application health check through nginx passed!"
else
echo "❌ Application health check through nginx failed!"
echo "Nginx logs:"
docker logs portfolio-nginx --tail=20
exit 1
fi
# Check main page through nginx
if curl -f http://localhost/ > /dev/null; then
echo "✅ Main page is accessible through nginx!"
else
echo "❌ Main page is not accessible through nginx!"
exit 1
fi
echo "✅ All health checks passed! Deployment successful!"
- name: Show container status
run: |
echo "📊 Container status:"
docker compose -f docker-compose.zero-downtime-fixed.yml ps
- name: Cleanup old images
run: |
echo "🧹 Cleaning up old images..."
docker image prune -f
docker system prune -f
echo "✅ Cleanup completed"

194
.gitea/workflows/ci-cd-zero-downtime.yml.disabled Normal file
View File

@@ -0,0 +1,194 @@
name: CI/CD Pipeline (Zero Downtime)
on:
push:
branches: [ production ]
env:
NODE_VERSION: '20'
DOCKER_IMAGE: portfolio-app
CONTAINER_NAME: portfolio-app
NEW_CONTAINER_NAME: portfolio-app-new
jobs:
production:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
- name: Build Docker image
run: |
docker build -t ${{ env.DOCKER_IMAGE }}:latest .
docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S)
- name: Verify secrets and variables before deployment
run: |
echo "🔍 Verifying secrets and variables..."
# Check Variables
if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
# Check Secrets
if [ -z "${{ secrets.MY_PASSWORD }}" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
- name: Start new container (zero downtime)
run: |
echo "🚀 Starting new container for zero-downtime deployment..."
# Start new container with different name
docker run -d \
--name ${{ env.NEW_CONTAINER_NAME }} \
--restart unless-stopped \
--network portfolio_net \
-p 3001:3000 \
-e NODE_ENV=${{ vars.NODE_ENV }} \
-e LOG_LEVEL=${{ vars.LOG_LEVEL }} \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" \
-e NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-e MY_EMAIL="${{ vars.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
${{ env.DOCKER_IMAGE }}:latest
echo "✅ New container started on port 3001"
- name: Health check new container
run: |
echo "🔍 Health checking new container..."
sleep 10
# Health check on new container
for i in {1..30}; do
if curl -f http://localhost:3001/api/health > /dev/null 2>&1; then
echo "✅ New container is healthy!"
break
fi
echo "⏳ Waiting for new container to be ready... ($i/30)"
sleep 2
done
# Final health check
if ! curl -f http://localhost:3001/api/health > /dev/null 2>&1; then
echo "❌ New container failed health check!"
docker logs ${{ env.NEW_CONTAINER_NAME }}
exit 1
fi
- name: Switch traffic to new container (zero downtime)
run: |
echo "🔄 Switching traffic to new container..."
# Stop old container
docker stop ${{ env.CONTAINER_NAME }} || true
# Remove old container
docker rm ${{ env.CONTAINER_NAME }} || true
# Rename new container to production name
docker rename ${{ env.NEW_CONTAINER_NAME }} ${{ env.CONTAINER_NAME }}
# Update port mapping (requires container restart)
docker stop ${{ env.CONTAINER_NAME }}
docker rm ${{ env.CONTAINER_NAME }}
# Start with correct port
docker run -d \
--name ${{ env.CONTAINER_NAME }} \
--restart unless-stopped \
--network portfolio_net \
-p 3000:3000 \
-e NODE_ENV=${{ vars.NODE_ENV }} \
-e LOG_LEVEL=${{ vars.LOG_LEVEL }} \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" \
-e NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-e MY_EMAIL="${{ vars.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
${{ env.DOCKER_IMAGE }}:latest
echo "✅ Traffic switched successfully!"
- name: Final health check
run: |
echo "🔍 Final health check..."
sleep 5
for i in {1..10}; do
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ Deployment successful! Zero downtime achieved!"
break
fi
echo "⏳ Final health check... ($i/10)"
sleep 2
done
if ! curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "❌ Final health check failed!"
docker logs ${{ env.CONTAINER_NAME }}
exit 1
fi
- name: Cleanup old images
run: |
echo "🧹 Cleaning up old images..."
docker image prune -f
docker system prune -f
echo "✅ Cleanup completed"

293
.gitea/workflows/ci-cd.yml.disabled Normal file
View File

@@ -0,0 +1,293 @@
name: CI/CD Pipeline (Simple)
on:
push:
branches: [ main, production ]
pull_request:
branches: [ main, production ]
env:
NODE_VERSION: '20'
DOCKER_IMAGE: portfolio-app
CONTAINER_NAME: portfolio-app
jobs:
# Production deployment pipeline
production:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/production'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: 'package-lock.json'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
- name: Build Docker image
run: |
docker build -t ${{ env.DOCKER_IMAGE }}:latest .
docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S)
- name: Prepare for zero-downtime deployment
run: |
echo "🚀 Preparing zero-downtime deployment..."
# FORCE REMOVE the problematic container
echo "🧹 FORCE removing problematic container portfolio-app-new..."
docker rm -f portfolio-app-new || true
docker rm -f afa9a70588844b06e17d5e0527119d589a7a3fde8a17608447cf7d8d448cf261 || true
# Check if current container is running
if docker ps -q -f name=portfolio-app | grep -q .; then
echo "📊 Current container is running, proceeding with zero-downtime update"
CURRENT_CONTAINER_RUNNING=true
else
echo "📊 No current container running, doing fresh deployment"
CURRENT_CONTAINER_RUNNING=false
fi
# Clean up ALL existing containers first
echo "🧹 Cleaning up ALL existing containers..."
docker compose down --remove-orphans || true
docker rm -f portfolio-app portfolio-postgres portfolio-redis || true
# Force remove the specific problematic container
docker rm -f 4dec125499540f66f4cb407b69d9aee5232f679feecd71ff2369544ff61f85ae || true
# Clean up any containers with portfolio in the name
docker ps -a --format "{{.Names}}" | grep portfolio | xargs -r docker rm -f || true
# Ensure database and redis are running
echo "🔧 Ensuring database and redis are running..."
# Export environment variables for docker compose
export NODE_ENV="${{ vars.NODE_ENV }}"
export LOG_LEVEL="${{ vars.LOG_LEVEL }}"
export NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}"
export NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}"
export NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}"
export MY_EMAIL="${{ vars.MY_EMAIL }}"
export MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}"
export MY_PASSWORD="${{ secrets.MY_PASSWORD }}"
export MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}"
export ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}"
# Start services with environment variables
docker compose up -d postgres redis
# Wait for services to be ready
sleep 10
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Verify secrets and variables before deployment
run: |
echo "🔍 Verifying secrets and variables..."
# Check Variables
if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then
echo "❌ NEXT_PUBLIC_BASE_URL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_EMAIL }}" ]; then
echo "❌ MY_EMAIL variable is missing!"
exit 1
fi
if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then
echo "❌ MY_INFO_EMAIL variable is missing!"
exit 1
fi
# Check Secrets
if [ -z "${{ secrets.MY_PASSWORD }}" ]; then
echo "❌ MY_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "❌ MY_INFO_PASSWORD secret is missing!"
exit 1
fi
if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "❌ ADMIN_BASIC_AUTH secret is missing!"
exit 1
fi
echo "✅ All required secrets and variables are present"
- name: Deploy with zero downtime
run: |
echo "🚀 Deploying with zero downtime..."
if [ "$CURRENT_CONTAINER_RUNNING" = "true" ]; then
echo "🔄 Performing rolling update..."
# Generate unique container name
TIMESTAMP=$(date +%s)
TEMP_CONTAINER_NAME="portfolio-app-temp-$TIMESTAMP"
echo "🔧 Using temporary container name: $TEMP_CONTAINER_NAME"
# Clean up any existing temporary containers
echo "🧹 Cleaning up any existing temporary containers..."
# Remove specific known problematic containers
docker rm -f portfolio-app-new portfolio-app-temp-* portfolio-app-backup || true
# FORCE remove the specific problematic container by ID
docker rm -f afa9a70588844b06e17d5e0527119d589a7a3fde8a17608447cf7d8d448cf261 || true
# Find and remove any containers with portfolio-app in the name (except the main one)
EXISTING_CONTAINERS=$(docker ps -a --format "table {{.Names}}" | grep "portfolio-app" | grep -v "^portfolio-app$" || true)
if [ -n "$EXISTING_CONTAINERS" ]; then
echo "🗑️ Removing existing portfolio-app containers:"
echo "$EXISTING_CONTAINERS"
echo "$EXISTING_CONTAINERS" | xargs -r docker rm -f || true
fi
# Also clean up any stopped containers
docker container prune -f || true
# Double-check: list all containers to see what's left
echo "📋 Current containers after cleanup:"
docker ps -a --format "table {{.Names}}\t{{.Status}}" | grep portfolio || echo "No portfolio containers found"
# Start new container with unique temporary name (no port mapping needed for health check)
docker run -d \
--name $TEMP_CONTAINER_NAME \
--restart unless-stopped \
--network portfolio_net \
-e NODE_ENV=${{ vars.NODE_ENV }} \
-e LOG_LEVEL=${{ vars.LOG_LEVEL }} \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" \
-e NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-e MY_EMAIL="${{ vars.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
${{ env.DOCKER_IMAGE }}:latest
# Wait for new container to be ready
echo "⏳ Waiting for new container to be ready..."
sleep 15
# Health check new container using docker exec
for i in {1..20}; do
if docker exec $TEMP_CONTAINER_NAME curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
echo "✅ New container is healthy!"
break
fi
echo "⏳ Health check attempt $i/20..."
sleep 3
done
# Stop old container
echo "🛑 Stopping old container..."
docker stop portfolio-app || true
# Remove old container
docker rm portfolio-app || true
# Rename new container
docker rename $TEMP_CONTAINER_NAME portfolio-app
# Update port mapping
docker stop portfolio-app
docker rm portfolio-app
# Start with correct port
docker run -d \
--name portfolio-app \
--restart unless-stopped \
--network portfolio_net \
-p 3000:3000 \
-e NODE_ENV=${{ vars.NODE_ENV }} \
-e LOG_LEVEL=${{ vars.LOG_LEVEL }} \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" \
-e NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" \
-e NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-e MY_EMAIL="${{ vars.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
${{ env.DOCKER_IMAGE }}:latest
echo "✅ Rolling update completed!"
else
echo "🆕 Fresh deployment..."
# Export environment variables for docker compose
export NODE_ENV="${{ vars.NODE_ENV }}"
export LOG_LEVEL="${{ vars.LOG_LEVEL }}"
export NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}"
export NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}"
export NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}"
export MY_EMAIL="${{ vars.MY_EMAIL }}"
export MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}"
export MY_PASSWORD="${{ secrets.MY_PASSWORD }}"
export MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}"
export ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}"
docker compose up -d
fi
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Wait for container to be ready
run: |
sleep 10
timeout 60 bash -c 'until curl -f http://localhost:3000/api/health; do sleep 2; done'
- name: Health check
run: |
curl -f http://localhost:3000/api/health
echo "✅ Deployment successful!"
- name: Cleanup old images
run: |
docker image prune -f
docker system prune -f

123
.gitea/workflows/debug-secrets.yml Normal file
View File

@@ -0,0 +1,123 @@
name: Debug Secrets
on:
workflow_dispatch:
push:
branches: [ main ]
jobs:
debug-secrets:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Debug Environment Variables
run: |
echo "🔍 Checking if secrets are available..."
echo ""
echo "📊 VARIABLES:"
echo "✅ NODE_ENV: ${{ vars.NODE_ENV }}"
echo "✅ LOG_LEVEL: ${{ vars.LOG_LEVEL }}"
echo "✅ NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}"
echo "✅ NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}"
echo "✅ NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}"
echo "✅ MY_EMAIL: ${{ vars.MY_EMAIL }}"
echo "✅ MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}"
echo ""
echo "🔐 SECRETS:"
if [ -n "${{ secrets.MY_PASSWORD }}" ]; then
echo "✅ MY_PASSWORD: Set (length: ${#MY_PASSWORD})"
else
echo "❌ MY_PASSWORD: Not set"
fi
if [ -n "${{ secrets.MY_INFO_PASSWORD }}" ]; then
echo "✅ MY_INFO_PASSWORD: Set (length: ${#MY_INFO_PASSWORD})"
else
echo "❌ MY_INFO_PASSWORD: Not set"
fi
if [ -n "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
echo "✅ ADMIN_BASIC_AUTH: Set (length: ${#ADMIN_BASIC_AUTH})"
else
echo "❌ ADMIN_BASIC_AUTH: Not set"
fi
echo ""
echo "📋 Summary:"
echo "Variables: 7 configured"
echo "Secrets: 3 configured"
echo "Total environment variables: 10"
env:
NODE_ENV: ${{ vars.NODE_ENV }}
LOG_LEVEL: ${{ vars.LOG_LEVEL }}
NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}
NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }}
NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}
MY_EMAIL: ${{ vars.MY_EMAIL }}
MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}
MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
- name: Test Docker Environment
run: |
echo "🐳 Testing Docker environment with secrets..."
# Create a test container to verify environment variables
docker run --rm \
-e NODE_ENV=production \
-e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
-e REDIS_URL=redis://redis:6379 \
-e NEXT_PUBLIC_BASE_URL="${{ secrets.NEXT_PUBLIC_BASE_URL }}" \
-e MY_EMAIL="${{ secrets.MY_EMAIL }}" \
-e MY_INFO_EMAIL="${{ secrets.MY_INFO_EMAIL }}" \
-e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
-e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
-e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
alpine:latest sh -c '
echo "Environment variables in container:"
echo "NODE_ENV: $NODE_ENV"
echo "DATABASE_URL: $DATABASE_URL"
echo "REDIS_URL: $REDIS_URL"
echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
echo "MY_EMAIL: $MY_EMAIL"
echo "MY_INFO_EMAIL: $MY_INFO_EMAIL"
echo "MY_PASSWORD: [HIDDEN - length: ${#MY_PASSWORD}]"
echo "MY_INFO_PASSWORD: [HIDDEN - length: ${#MY_INFO_PASSWORD}]"
echo "ADMIN_BASIC_AUTH: [HIDDEN - length: ${#ADMIN_BASIC_AUTH}]"
'
- name: Validate Secret Formats
run: |
echo "🔐 Validating secret formats..."
# Check NEXT_PUBLIC_BASE_URL format
if [[ "${{ secrets.NEXT_PUBLIC_BASE_URL }}" =~ ^https?:// ]]; then
echo "✅ NEXT_PUBLIC_BASE_URL: Valid URL format"
else
echo "❌ NEXT_PUBLIC_BASE_URL: Invalid URL format (should start with http:// or https://)"
fi
# Check email formats
if [[ "${{ secrets.MY_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "✅ MY_EMAIL: Valid email format"
else
echo "❌ MY_EMAIL: Invalid email format"
fi
if [[ "${{ secrets.MY_INFO_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "✅ MY_INFO_EMAIL: Valid email format"
else
echo "❌ MY_INFO_EMAIL: Invalid email format"
fi
# Check ADMIN_BASIC_AUTH format (should be username:password)
if [[ "${{ secrets.ADMIN_BASIC_AUTH }}" =~ ^[^:]+:.+$ ]]; then
echo "✅ ADMIN_BASIC_AUTH: Valid format (username:password)"
else
echo "❌ ADMIN_BASIC_AUTH: Invalid format (should be username:password)"
fi

41
.gitea/workflows/test-and-build.yml Normal file
View File

@@ -0,0 +1,41 @@
name: Test and Build
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
NODE_VERSION: '20'
jobs:
test-and-build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: 'package-lock.json'
- name: Install dependencies
run: npm ci
- name: Run linting
run: npm run lint
- name: Run tests
run: npm run test
- name: Build application
run: npm run build
- name: Run security scan
run: |
echo "🔍 Running npm audit..."
npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."

78
.githooks/README.md Normal file
View File

@@ -0,0 +1,78 @@
# Git Hooks
This directory contains Git hooks for the Portfolio project.
## Pre-Push Hook
The pre-push hook runs automatically before every `git push` and performs the following checks:
### Checks Performed:
1. **Node.js Version Check** - Ensures Node.js 20+ is installed
2. **Dependency Installation** - Installs npm dependencies if needed
3. **Linting** - Runs ESLint to check code quality
4. **Tests** - Runs Jest test suite
5. **Build** - Builds the Next.js application
6. **Security Audit** - Runs npm audit for vulnerabilities
7. **Secret Detection** - Checks for accidentally committed secrets
8. **Docker Configuration** - Validates Dockerfile and docker-compose.yml
9. **Production Checks** - Additional checks when pushing to production branch
### Production Branch Special Checks:
- Environment file validation
- Docker build test
- Deployment readiness check
### Usage:
The hook runs automatically on every push. To manually test it:
```bash
# Test the hook manually
.githooks/pre-push
# Or push to trigger it
git push origin main
```
### Bypassing the Hook:
If you need to bypass the hook in an emergency:
```bash
git push --no-verify origin main
```
**Note**: Only bypass in emergencies. The hook prevents broken code from being pushed.
### Troubleshooting:
If the hook fails:
1. **Fix the reported issues** (linting errors, test failures, etc.)
2. **Run the checks manually** to debug:
```bash
npm run lint
npm run test
npm run build
npm audit
```
3. **Check Node.js version**: `node --version` (should be 20+)
4. **Reinstall dependencies**: `rm -rf node_modules && npm ci`
### Configuration:
The hook is configured in `.git/config`:
```
[core]
hooksPath = .githooks
```
To disable hooks temporarily:
```bash
git config core.hooksPath ""
```
To re-enable:
```bash
git config core.hooksPath .githooks
```

202
.githooks/pre-push Executable file
View File

@@ -0,0 +1,202 @@
#!/bin/bash
# Pre-push hook for Portfolio
# Runs CI/CD checks before allowing push
set -e
echo "🚀 Running pre-push checks..."
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if we're in the right directory
if [ ! -f "package.json" ]; then
print_error "Not in project root directory!"
exit 1
fi
# Check if Node.js is available
if ! command -v node &> /dev/null; then
print_error "Node.js is not installed!"
exit 1
fi
# Check Node.js version
NODE_VERSION=$(node --version | cut -d'v' -f2 | cut -d'.' -f1)
if [ "$NODE_VERSION" -lt 20 ]; then
print_error "Node.js version 20+ required, found: $(node --version)"
exit 1
fi
print_success "Node.js version: $(node --version)"
# Install dependencies if node_modules doesn't exist
if [ ! -d "node_modules" ]; then
print_status "Installing dependencies..."
npm ci
else
print_status "Dependencies already installed"
fi
# Run linting
print_status "Running ESLint..."
if npm run lint; then
print_success "Linting passed"
else
print_error "Linting failed! Please fix the issues before pushing."
exit 1
fi
# Run tests
print_status "Running tests..."
if npm run test; then
print_success "Tests passed"
else
print_error "Tests failed! Please fix the issues before pushing."
exit 1
fi
# Build application
print_status "Building application..."
if npm run build; then
print_success "Build successful"
else
print_error "Build failed! Please fix the issues before pushing."
exit 1
fi
# Security audit
print_status "Running security audit..."
if npm audit --audit-level=high; then
print_success "Security audit passed"
else
print_warning "Security audit found issues. Consider running 'npm audit fix'"
# Don't fail the push for security warnings, just warn
fi
# Check for secrets in code
print_status "Checking for secrets in code..."
if [ -f "scripts/check-secrets.sh" ]; then
chmod +x scripts/check-secrets.sh
if ./scripts/check-secrets.sh; then
print_success "No secrets found in code"
else
print_error "Secrets detected in code! Please remove them before pushing."
exit 1
fi
else
print_warning "Secret check script not found, skipping..."
fi
# Check Docker configuration
print_status "Checking Docker configuration..."
if [ -f "Dockerfile" ]; then
print_success "Dockerfile found"
else
print_error "Dockerfile not found!"
exit 1
fi
if [ -f "docker-compose.yml" ]; then
print_success "Docker Compose configuration found"
else
print_error "Docker Compose configuration not found!"
exit 1
fi
# Check if we're pushing to production branch
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
if [ "$CURRENT_BRANCH" = "production" ]; then
print_warning "Pushing to production branch - this will trigger deployment!"
# Additional production checks
print_status "Running production-specific checks..."
# Check if environment file exists
if [ ! -f ".env" ]; then
print_warning "No .env file found. Make sure secrets are configured in Gitea."
fi
# Check if Docker is running and ready
print_status "Checking Docker status..."
if ! docker info > /dev/null 2>&1; then
print_error "Docker is not running! Please start Docker before pushing."
print_status "To start Docker:"
print_status " - macOS: Open Docker Desktop application"
print_status " - Linux: sudo systemctl start docker"
print_status " - Windows: Start Docker Desktop application"
print_status ""
print_status "Wait for Docker to fully start before trying again."
exit 1
fi
# Test Docker functionality
if ! docker run --rm hello-world > /dev/null 2>&1; then
print_error "Docker is running but not functional!"
print_status "Docker might still be starting up. Please wait and try again."
print_status "Or restart Docker if the issue persists."
exit 1
fi
print_success "Docker is running and functional"
# Check Docker image can be built
print_status "Testing Docker build..."
# Create a temporary log file for build output
BUILD_LOG=$(mktemp)
if docker build -t portfolio-app:test . > "$BUILD_LOG" 2>&1; then
print_success "Docker build test passed"
docker rmi portfolio-app:test > /dev/null 2>&1
rm -f "$BUILD_LOG"
else
print_error "Docker build test failed!"
print_status "Build errors:"
echo "----------------------------------------"
cat "$BUILD_LOG"
echo "----------------------------------------"
print_status "Please fix Docker build issues before pushing."
print_status "Common issues:"
print_status " - Missing files referenced in Dockerfile"
print_status " - Network issues during npm install"
print_status " - Insufficient disk space"
rm -f "$BUILD_LOG"
exit 1
fi
fi
# Final success message
echo ""
print_success "All pre-push checks passed! ✅"
print_status "Ready to push to: $CURRENT_BRANCH"
# Show what will be pushed
echo ""
print_status "Files to be pushed:"
git diff --name-only HEAD~1 2>/dev/null || git diff --cached --name-only
echo ""
print_success "🚀 Push will proceed..."

7
.github/workflows/ci-cd.yml vendored
View File

@@ -190,8 +190,11 @@ jobs:
# Stop and remove old container
docker compose -f $COMPOSE_FILE down || true
# Start new container
docker compose -f $COMPOSE_FILE up -d
# Remove old images to force using new one
docker image prune -f
# Start new container with force recreate
docker compose -f $COMPOSE_FILE up -d --force-recreate
# Wait for health check
echo "Waiting for application to be healthy..."

29
.secretsignore Normal file
View File

@@ -0,0 +1,29 @@
# Ignore patterns for secret detection
# These are legitimate authentication patterns, not actual secrets
# Authentication-related code patterns
*password*
*username*
*credentials*
*csrf*
*session*
*token*
*key*
*auth*
# Environment variable references
process.env.*
# Cache and Redis patterns
*cache*
*redis*
# Rate limiting patterns
*rateLimit*
# Next.js build artifacts
.next/
# Generated files
*.d.ts
*.js.map

226
AUTO-DEPLOYMENT.md
View File

@@ -1,226 +0,0 @@
# Automatisches Deployment System
## Übersicht
Dieses Portfolio verwendet ein **automatisches Deployment-System**, das bei jedem Git Push die Codebase prüft, den Container erstellt und startet.
## 🚀 Deployment-Skripte
### **1. Auto-Deploy (Vollständig)**
```bash
# Vollständiges automatisches Deployment
./scripts/auto-deploy.sh
# Oder mit npm
npm run auto-deploy
```
**Was passiert:**
- ✅ Git Status prüfen und uncommitted Changes committen
- ✅ Latest Changes pullen
- ✅ ESLint Linting
- ✅ Tests ausführen
- ✅ Next.js Build
- ✅ Docker Image erstellen
- ✅ Container stoppen/starten
- ✅ Health Check
- ✅ Cleanup alter Images
### **2. Quick-Deploy (Schnell)**
```bash
# Schnelles Deployment ohne Tests
./scripts/quick-deploy.sh
# Oder mit npm
npm run quick-deploy
```
**Was passiert:**
- ✅ Docker Image erstellen
- ✅ Container stoppen/starten
- ✅ Health Check
### **3. Manuelles Deployment**
```bash
# Manuelles Deployment mit Docker Compose
./scripts/deploy.sh
# Oder mit npm
npm run deploy
```
## 🔄 Automatisches Deployment
### **Git Hook Setup**
Das System verwendet einen Git Post-Receive Hook, der automatisch bei jedem Push ausgeführt wird:
```bash
# Hook ist bereits konfiguriert in:
.git/hooks/post-receive
```
### **Wie es funktioniert:**
1. **Git Push** → Hook wird ausgelöst
2. **Auto-Deploy Script** wird ausgeführt
3. **Vollständige Pipeline** läuft automatisch
4. **Deployment** wird durchgeführt
5. **Health Check** bestätigt Erfolg
## 📋 Deployment-Schritte
### **Automatisches Deployment:**
```bash
# 1. Code Quality Checks
git status --porcelain
git pull origin main
npm run lint
npm run test
# 2. Build Application
npm run build
# 3. Docker Operations
docker build -t portfolio-app:latest .
docker tag portfolio-app:latest portfolio-app:$(date +%Y%m%d-%H%M%S)
# 4. Deployment
docker stop portfolio-app || true
docker rm portfolio-app || true
docker run -d --name portfolio-app -p 3000:3000 portfolio-app:latest
# 5. Health Check
curl -f http://localhost:3000/api/health
# 6. Cleanup
docker system prune -f
```
## 🎯 Verwendung
### **Für Entwicklung:**
```bash
# Schnelles Deployment während der Entwicklung
npm run quick-deploy
```
### **Für Production:**
```bash
# Vollständiges Deployment mit Tests
npm run auto-deploy
```
### **Automatisch bei Push:**
```bash
# Einfach committen und pushen
git add .
git commit -m "Update feature"
git push origin main
# → Automatisches Deployment läuft
```
## 📊 Monitoring
### **Container Status:**
```bash
# Status prüfen
npm run monitor status
# Health Check
npm run monitor health
# Logs anzeigen
npm run monitor logs
```
### **Deployment Logs:**
```bash
# Deployment-Logs anzeigen
tail -f /var/log/portfolio-deploy.log
# Git-Deployment-Logs
tail -f /var/log/git-deploy.log
```
## 🔧 Konfiguration
### **Ports:**
- **Standard Port:** 3000
- **Backup Port:** 3001 (falls 3000 belegt)
### **Container:**
- **Name:** portfolio-app
- **Image:** portfolio-app:latest
- **Restart Policy:** unless-stopped
### **Logs:**
- **Deployment Logs:** `/var/log/portfolio-deploy.log`
- **Git Logs:** `/var/log/git-deploy.log`
## 🚨 Troubleshooting
### **Deployment schlägt fehl:**
```bash
# Logs prüfen
docker logs portfolio-app
# Container-Status prüfen
docker ps -a
# Manuell neu starten
npm run quick-deploy
```
### **Port bereits belegt:**
```bash
# Ports prüfen
lsof -i :3000
# Anderen Port verwenden
docker run -d --name portfolio-app -p 3001:3000 portfolio-app:latest
```
### **Tests schlagen fehl:**
```bash
# Tests lokal ausführen
npm run test
# Linting prüfen
npm run lint
# Build testen
npm run build
```
## 📈 Features
### **Automatische Features:**
-**Git Integration** - Automatisch bei Push
-**Code Quality** - Linting und Tests
-**Health Checks** - Automatische Verifikation
-**Rollback** - Alte Container werden gestoppt
-**Cleanup** - Alte Images werden entfernt
-**Logging** - Vollständige Deployment-Logs
### **Sicherheits-Features:**
-**Non-root Container**
-**Resource Limits**
-**Health Monitoring**
-**Error Handling**
-**Rollback bei Fehlern**
## 🎉 Vorteile
1. **Automatisierung** - Keine manuellen Schritte nötig
2. **Konsistenz** - Immer gleiche Deployment-Prozesse
3. **Sicherheit** - Tests vor jedem Deployment
4. **Monitoring** - Vollständige Logs und Health Checks
5. **Schnell** - Quick-Deploy für Entwicklung
6. **Zuverlässig** - Automatische Rollbacks bei Fehlern
## 📞 Support
Bei Problemen:
1. **Logs prüfen:** `tail -f /var/log/portfolio-deploy.log`
2. **Container-Status:** `npm run monitor status`
3. **Health Check:** `npm run monitor health`
4. **Manueller Neustart:** `npm run quick-deploy`

144
DEPLOYMENT-FIXES.md Normal file
View File

@@ -0,0 +1,144 @@
# Deployment Fixes for Gitea Actions
## Problem Summary
The Gitea Actions were failing with "Connection refused" errors when trying to connect to localhost:3000. This was caused by several issues:
1. **Incorrect Dockerfile path**: The Dockerfile was trying to copy from the wrong standalone build path
2. **Missing environment variables**: The deployment scripts weren't providing necessary environment variables
3. **Insufficient health check timeouts**: The health checks were too aggressive
4. **Poor error handling**: The workflows didn't provide enough debugging information
## Fixes Applied
### 1. Fixed Dockerfile
- **Issue**: Dockerfile was trying to copy from `/app/.next/standalone/portfolio` but the actual path was `/app/.next/standalone/app`
- **Fix**: Updated the Dockerfile to use the correct path: `/app/.next/standalone/app`
- **File**: `Dockerfile`
### 2. Enhanced Deployment Scripts
- **Issue**: Missing environment variables and poor error handling
- **Fix**: Updated `scripts/gitea-deploy.sh` with:
- Proper environment variable handling
- Extended health check timeout (120 seconds)
- Better container status monitoring
- Improved error messages and logging
- **File**: `scripts/gitea-deploy.sh`
### 3. Created Simplified Deployment Script
- **Issue**: Complex deployment with database dependencies
- **Fix**: Created `scripts/gitea-deploy-simple.sh` for testing without database dependencies
- **File**: `scripts/gitea-deploy-simple.sh`
### 4. Fixed Next.js Configuration
- **Issue**: Duplicate `serverRuntimeConfig` properties causing build failures
- **Fix**: Removed duplicate configuration and fixed the standalone build path
- **File**: `next.config.ts`
### 5. Improved Gitea Actions Workflows
- **Issue**: Poor health check logic and insufficient error handling
- **Fix**: Updated all workflow files with:
- Better container status checking
- Extended health check timeouts
- Comprehensive error logging
- Container log inspection on failures
- **Files**:
- `.gitea/workflows/ci-cd-fast.yml`
- `.gitea/workflows/ci-cd-zero-downtime-fixed.yml`
- `.gitea/workflows/ci-cd-simple.yml` (new)
- `.gitea/workflows/ci-cd-reliable.yml` (new)
#### **5. ✅ Fixed Nginx Configuration Issue**
- **Issue**: Zero-downtime deployment failing due to missing nginx configuration file in Gitea Actions
- **Fix**: Created `docker-compose.zero-downtime-fixed.yml` with fallback nginx configuration
- **Added**: Automatic nginx config creation if file is missing
- **Files**:
- `docker-compose.zero-downtime-fixed.yml` (new)
#### **6. ✅ Fixed Health Check Logic**
- **Issue**: Health checks timing out even though applications were running correctly
- **Root Cause**: Workflows trying to access `localhost:3000` directly, but containers don't expose port 3000 to host
- **Fix**: Updated health check logic to:
- Use `docker exec` for internal container health checks
- Check nginx proxy endpoints (`localhost/api/health`) for zero-downtime deployments
- Provide fallback health check methods
- Better error messages and debugging information
- **Files**:
- `.gitea/workflows/ci-cd-zero-downtime-fixed.yml` (updated)
- `.gitea/workflows/ci-cd-fast.yml` (updated)
## Available Workflows
### 1. CI/CD Reliable (Recommended)
- **File**: `.gitea/workflows/ci-cd-reliable.yml`
- **Description**: Simple, reliable deployment using docker-compose with database services
- **Best for**: Most reliable deployments with database support
### 2. CI/CD Simple
- **File**: `.gitea/workflows/ci-cd-simple.yml`
- **Description**: Uses the improved deployment script with comprehensive error handling
- **Best for**: Reliable deployments without database dependencies
### 3. CI/CD Fast
- **File**: `.gitea/workflows/ci-cd-fast.yml`
- **Description**: Fast deployment with rolling updates
- **Best for**: Production deployments with zero downtime
### 4. CI/CD Zero Downtime (Fixed)
- **File**: `.gitea/workflows/ci-cd-zero-downtime-fixed.yml`
- **Description**: Full zero-downtime deployment with nginx load balancer (fixed nginx config issue)
- **Best for**: Production deployments requiring high availability
## Testing the Fixes
### Local Testing
```bash
# Test the simplified deployment script
./scripts/gitea-deploy-simple.sh
# Test the full deployment script
./scripts/gitea-deploy.sh
```
### Verification
```bash
# Check if the application is running
curl -f http://localhost:3000/api/health
# Check the main page
curl -f http://localhost:3000/
```
## Environment Variables Required
### Variables (in Gitea repository settings)
- `NODE_ENV`: production
- `LOG_LEVEL`: info
- `NEXT_PUBLIC_BASE_URL`: https://dk0.dev
- `NEXT_PUBLIC_UMAMI_URL`: https://analytics.dk0.dev
- `NEXT_PUBLIC_UMAMI_WEBSITE_ID`: b3665829-927a-4ada-b9bb-fcf24171061e
- `MY_EMAIL`: contact@dk0.dev
- `MY_INFO_EMAIL`: info@dk0.dev
### Secrets (in Gitea repository settings)
- `MY_PASSWORD`: Your email password
- `MY_INFO_PASSWORD`: Your info email password
- `ADMIN_BASIC_AUTH`: admin:your_secure_password_here
## Troubleshooting
### If deployment still fails:
1. Check the Gitea Actions logs for specific error messages
2. Verify all environment variables and secrets are set correctly
3. Check if the Docker image builds successfully locally
4. Ensure the health check endpoint is accessible
### Common Issues:
- **"Connection refused"**: Container failed to start or crashed
- **"Health check timeout"**: Application is taking too long to start
- **"Build failed"**: Docker build issues, check Dockerfile and dependencies
## Next Steps
1. Push these changes to your Gitea repository
2. The Actions should now work without the "Connection refused" errors
3. Monitor the deployment logs for any remaining issues
4. Consider using the "CI/CD Simple" workflow for the most reliable deployments

415
DEPLOYMENT.md
View File

@@ -1,272 +1,229 @@
# Portfolio Deployment Guide
## Übersicht
## Overview
Dieses Portfolio verwendet ein **optimiertes CI/CD-System** mit Docker für Production-Deployment. Das System ist darauf ausgelegt, hohen Traffic zu bewältigen und automatische Tests vor dem Deployment durchzuführen.
This document covers all aspects of deploying the Portfolio application, including local development, CI/CD, and production deployment.
## 🚀 Features
## Prerequisites
### ✅ **CI/CD Pipeline**
- **Automatische Tests** vor jedem Deployment
- **Security Scanning** mit Trivy
- **Multi-Architecture Docker Builds** (AMD64 + ARM64)
- **Health Checks** und Deployment-Verifikation
- **Automatische Cleanup** alter Images
- Docker and Docker Compose installed
- Node.js 20+ for local development
- Access to Gitea repository with Actions enabled
### ⚡ **Performance-Optimierungen**
- **Multi-Stage Docker Build** für kleinere Images
- **Nginx Load Balancer** mit Caching
- **Gzip Compression** und optimierte Headers
- **Rate Limiting** für API-Endpoints
- **Resource Limits** für Container
## Environment Setup
### 🔒 **Sicherheit**
- **Non-root User** im Container
- **Security Headers** (HSTS, CSP, etc.)
- **SSL/TLS Termination** mit Nginx
- **Vulnerability Scanning** in CI/CD
### Required Secrets in Gitea
## 📁 Dateistruktur
Configure these secrets in your Gitea repository (Settings → Secrets):
```
├── .github/workflows/
│ └── ci-cd.yml # CI/CD Pipeline
├── scripts/
│ ├── deploy.sh # Deployment-Skript
│ └── monitor.sh # Monitoring-Skript
├── docker-compose.prod.yml # Production Docker Compose
├── nginx.conf # Nginx Konfiguration
├── Dockerfile # Optimiertes Dockerfile
└── env.example # Environment Template
```
| Secret Name | Description | Example |
|-------------|-------------|---------|
| `NEXT_PUBLIC_BASE_URL` | Public URL of your website | `https://dk0.dev` |
| `MY_EMAIL` | Main email for contact form | `contact@dk0.dev` |
| `MY_INFO_EMAIL` | Info email address | `info@dk0.dev` |
| `MY_PASSWORD` | Password for main email | `your_email_password` |
| `MY_INFO_PASSWORD` | Password for info email | `your_info_email_password` |
| `ADMIN_BASIC_AUTH` | Admin basic auth for protected areas | `admin:your_secure_password` |
## 🛠️ Setup
### Local Environment
### 1. **Environment Variables**
```bash
# Kopiere die Beispiel-Datei
cp env.example .env
1. Copy environment template:
```bash
cp env.example .env
```
# Bearbeite die .env Datei mit deinen Werten
nano .env
```
2. Update `.env` with your values:
```bash
NEXT_PUBLIC_BASE_URL=https://dk0.dev
MY_EMAIL=contact@dk0.dev
MY_INFO_EMAIL=info@dk0.dev
MY_PASSWORD=your_email_password
MY_INFO_PASSWORD=your_info_email_password
ADMIN_BASIC_AUTH=admin:your_secure_password
```
### 2. **GitHub Secrets & Variables**
Konfiguriere in deinem GitHub Repository:
## Deployment Methods
**Secrets:**
- `GITHUB_TOKEN` (automatisch verfügbar)
- `GHOST_API_KEY`
- `MY_PASSWORD`
- `MY_INFO_PASSWORD`
**Variables:**
- `NEXT_PUBLIC_BASE_URL`
- `GHOST_API_URL`
- `MY_EMAIL`
- `MY_INFO_EMAIL`
### 3. **SSL-Zertifikate**
```bash
# Erstelle SSL-Verzeichnis
mkdir -p ssl
# Kopiere deine SSL-Zertifikate
cp your-cert.pem ssl/cert.pem
cp your-key.pem ssl/key.pem
```
## 🚀 Deployment
### **Automatisches Deployment**
Das System deployt automatisch bei Push auf den `production` Branch:
### 1. Local Development
```bash
# Code auf production Branch pushen
git push origin production
# Start all services
docker compose up -d
# View logs
docker compose logs -f portfolio
# Stop services
docker compose down
```
### **Manuelles Deployment**
### 2. CI/CD Pipeline (Automatic)
The CI/CD pipeline runs automatically on:
- **Push to `main`**: Runs tests, linting, build, and security checks
- **Push to `production`**: Full deployment including Docker build and deployment
#### Pipeline Steps:
1. **Install dependencies** (`npm ci`)
2. **Run linting** (`npm run lint`)
3. **Run tests** (`npm run test`)
4. **Build application** (`npm run build`)
5. **Security scan** (`npm audit`)
6. **Build Docker image** (production only)
7. **Deploy with Docker Compose** (production only)
### 3. Manual Deployment
```bash
# Lokales Deployment
./scripts/deploy.sh production
# Build and start services
docker compose up -d --build
# Oder mit npm
npm run deploy
# Check service status
docker compose ps
# View logs
docker compose logs -f
```
### **Docker Commands**
## Service Configuration
### Portfolio App
- **Port**: 3000 (configurable via `PORT` environment variable)
- **Health Check**: `http://localhost:3000/api/health`
- **Environment**: Production
- **Resources**: 512M memory limit, 0.5 CPU limit
### PostgreSQL Database
- **Port**: 5432 (internal)
- **Database**: `portfolio_db`
- **User**: `portfolio_user`
- **Password**: `portfolio_pass`
- **Health Check**: `pg_isready`
### Redis Cache
- **Port**: 6379 (internal)
- **Health Check**: `redis-cli ping`
## Troubleshooting
### Common Issues
1. **Secrets not loading**:
- Run the debug workflow: Actions → Debug Secrets
- Verify all secrets are set in Gitea
- Check secret names match exactly
2. **Container won't start**:
```bash
# Check logs
docker compose logs portfolio
# Check service status
docker compose ps
# Restart services
docker compose restart
```
3. **Database connection issues**:
```bash
# Check PostgreSQL status
docker compose exec postgres pg_isready -U portfolio_user -d portfolio_db
# Check database logs
docker compose logs postgres
```
4. **Redis connection issues**:
```bash
# Test Redis connection
docker compose exec redis redis-cli ping
# Check Redis logs
docker compose logs redis
```
### Debug Commands
```bash
# Container starten
npm run docker:compose
# Check environment variables in container
docker exec portfolio-app env | grep -E "(DATABASE_URL|REDIS_URL|NEXT_PUBLIC_BASE_URL)"
# Container stoppen
npm run docker:down
# Test health endpoints
curl -f http://localhost:3000/api/health
# Health Check
npm run health
# View all service logs
docker compose logs --tail=50
# Check resource usage
docker stats
```
## 📊 Monitoring
## Monitoring
### **Container Status**
### Health Checks
- **Portfolio App**: `http://localhost:3000/api/health`
- **PostgreSQL**: `pg_isready` command
- **Redis**: `redis-cli ping` command
### Logs
```bash
# Status anzeigen
./scripts/monitor.sh status
# Follow all logs
docker compose logs -f
# Oder mit npm
npm run monitor status
# Follow specific service logs
docker compose logs -f portfolio
docker compose logs -f postgres
docker compose logs -f redis
```
### **Health Check**
## Security
### Security Scans
- **NPM Audit**: Runs automatically in CI/CD
- **Dependency Check**: Checks for known vulnerabilities
- **Secret Detection**: Prevents accidental secret commits
### Best Practices
- Never commit secrets to repository
- Use environment variables for sensitive data
- Regularly update dependencies
- Monitor security advisories
## Backup and Recovery
### Database Backup
```bash
# Application Health
./scripts/monitor.sh health
# Create backup
docker compose exec postgres pg_dump -U portfolio_user portfolio_db > backup.sql
# Oder direkt
curl http://localhost:3000/api/health
# Restore backup
docker compose exec -T postgres psql -U portfolio_user portfolio_db < backup.sql
```
### **Logs anzeigen**
### Volume Backup
```bash
# Letzte 50 Zeilen
./scripts/monitor.sh logs 50
# Live-Logs folgen
./scripts/monitor.sh logs 100
# Backup volumes
docker run --rm -v portfolio_postgres_data:/data -v $(pwd):/backup alpine tar czf /backup/postgres_backup.tar.gz /data
docker run --rm -v portfolio_redis_data:/data -v $(pwd):/backup alpine tar czf /backup/redis_backup.tar.gz /data
```
### **Metriken**
```bash
# Detaillierte Metriken
./scripts/monitor.sh metrics
```
## Performance Optimization
## 🔧 Wartung
### Resource Limits
- **Portfolio App**: 512M memory, 0.5 CPU
- **PostgreSQL**: 256M memory, 0.25 CPU
- **Redis**: Default limits
### **Container neustarten**
```bash
./scripts/monitor.sh restart
```
### Caching
- **Next.js**: Built-in caching
- **Redis**: Session and analytics caching
- **Static Assets**: Served from CDN
### **Cleanup**
```bash
# Docker-Ressourcen bereinigen
./scripts/monitor.sh cleanup
```
## Support
### **Updates**
```bash
# Neues Image pullen und deployen
./scripts/deploy.sh production
```
## 📈 Performance-Tuning
### **Nginx Optimierungen**
- **Gzip Compression** aktiviert
- **Static Asset Caching** (1 Jahr)
- **API Rate Limiting** (10 req/s)
- **Load Balancing** bereit für Skalierung
### **Docker Optimierungen**
- **Multi-Stage Build** für kleinere Images
- **Non-root User** für Sicherheit
- **Health Checks** für automatische Recovery
- **Resource Limits** (512MB RAM, 0.5 CPU)
### **Next.js Optimierungen**
- **Standalone Output** für Docker
- **Image Optimization** (WebP, AVIF)
- **CSS Optimization** aktiviert
- **Package Import Optimization**
## 🚨 Troubleshooting
### **Container startet nicht**
```bash
# Logs prüfen
./scripts/monitor.sh logs
# Status prüfen
./scripts/monitor.sh status
# Neustarten
./scripts/monitor.sh restart
```
### **Health Check schlägt fehl**
```bash
# Manueller Health Check
curl -v http://localhost:3000/api/health
# Container-Logs prüfen
docker compose -f docker-compose.prod.yml logs portfolio
```
### **Performance-Probleme**
```bash
# Resource-Usage prüfen
./scripts/monitor.sh metrics
# Nginx-Logs prüfen
docker compose -f docker-compose.prod.yml logs nginx
```
### **SSL-Probleme**
```bash
# SSL-Zertifikate prüfen
openssl x509 -in ssl/cert.pem -text -noout
# Nginx-Konfiguration testen
docker compose -f docker-compose.prod.yml exec nginx nginx -t
```
## 📋 CI/CD Pipeline
### **Workflow-Schritte**
1. **Test** - Linting, Tests, Build
2. **Security** - Trivy Vulnerability Scan
3. **Build** - Multi-Arch Docker Image
4. **Deploy** - Automatisches Deployment
### **Trigger**
- **Push auf `main`** - Build nur
- **Push auf `production`** - Build + Deploy
- **Pull Request** - Test + Security
### **Monitoring**
- **GitHub Actions** - Pipeline-Status
- **Container Health** - Automatische Checks
- **Resource Usage** - Monitoring-Skript
## 🔄 Skalierung
### **Horizontal Scaling**
```yaml
# In nginx.conf - weitere Backend-Server hinzufügen
upstream portfolio_backend {
least_conn;
server portfolio:3000 max_fails=3 fail_timeout=30s;
server portfolio-2:3000 max_fails=3 fail_timeout=30s;
server portfolio-3:3000 max_fails=3 fail_timeout=30s;
}
```
### **Vertical Scaling**
```yaml
# In docker-compose.prod.yml - Resource-Limits erhöhen
deploy:
resources:
limits:
memory: 1G
cpus: '1.0'
```
## 📞 Support
Bei Problemen:
1. **Logs prüfen**: `./scripts/monitor.sh logs`
2. **Status prüfen**: `./scripts/monitor.sh status`
3. **Health Check**: `./scripts/monitor.sh health`
4. **Container neustarten**: `./scripts/monitor.sh restart`
For issues or questions:
1. Check the troubleshooting section above
2. Review CI/CD pipeline logs
3. Run the debug workflow
4. Check service health endpoints

4
Dockerfile
View File

@@ -4,7 +4,7 @@ FROM node:20 AS base
# Install dependencies only when needed
FROM base AS deps
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Install dependencies based on the preferred package manager
@@ -55,7 +55,7 @@ RUN chown nextjs:nodejs .next
# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone/app ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
# Copy Prisma files

10
app/components/Contact.tsx
View File

@@ -93,10 +93,10 @@ const Contact = () => {
className="text-center mb-16"
>
<h2 className="text-4xl md:text-5xl font-bold mb-6 gradient-text">
Get In Touch
Contact Me
</h2>
<p className="text-xl text-gray-400 max-w-2xl mx-auto">
Have a project in mind or want to collaborate? I would love to hear from you!
Interested in working together or have questions about my projects? Feel free to reach out!
</p>
</motion.div>
@@ -111,11 +111,11 @@ const Contact = () => {
>
<div>
<h3 className="text-2xl font-bold text-white mb-6">
Let&apos;s Connect
Get In Touch
</h3>
<p className="text-gray-400 leading-relaxed">
I&apos;m always open to discussing new opportunities, interesting projects,
or just having a chat about technology and innovation.
I&apos;m always available to discuss new opportunities, interesting projects,
or simply chat about technology and innovation.
</p>
</div>

6
app/components/Hero.tsx
View File

@@ -101,9 +101,9 @@ const Hero = () => {
<Image
src="/images/me.jpg"
alt="Dennis Konkol - Software Engineer"
fill={true}
fill
className="object-cover"
priority={true}
priority
/>
{/* Hover overlay effect */}
@@ -216,7 +216,7 @@ const Hero = () => {
whileTap={{ scale: 0.95 }}
className="px-8 py-4 text-lg font-semibold border-2 border-gray-600 text-gray-300 hover:text-white hover:border-gray-500 rounded-lg transition-all duration-200"
>
Get In Touch
Contact Me
</motion.a>
</motion.div>

1
app/editor/page.tsx
View File

@@ -567,6 +567,7 @@ function EditorPageContent() {
className="p-2 rounded-lg text-gray-300"
title="Image"
>
{/* eslint-disable-next-line jsx-a11y/alt-text */}
<Image className="w-4 h-4" />
</button>
</div>

2
app/layout.tsx
View File

@@ -42,7 +42,7 @@ export const metadata: Metadata = {
authors: [{name: "Dennis Konkol", url: "https://dk0.dev"}],
openGraph: {
title: "Dennis Konkol | Portfolio",
description: "Explore my projects and get in touch!",
description: "Explore my projects and contact me for collaboration opportunities!",
url: "https://dk0.dev",
siteName: "Dennis Konkol Portfolio",
images: [

2
components/AnalyticsDashboard.tsx
View File

@@ -581,4 +581,4 @@ export function AnalyticsDashboard({ isAuthenticated }: AnalyticsDashboardProps)
);
}
export default AnalyticsDashboard;
export default AnalyticsDashboard;

34
docker-compose.prod.yml → docker-compose.yml
View File

@@ -1,16 +1,17 @@
# Unified Docker Compose configuration for Portfolio
# Supports both local development and production deployment
services:
portfolio:
build:
context: .
dockerfile: Dockerfile
image: portfolio-app:latest
container_name: portfolio-app
restart: unless-stopped
ports:
- "4000:3000"
- "${PORT:-3000}:3000" # Configurable port, defaults to 3000
environment:
- NODE_ENV=production
- NODE_ENV=${NODE_ENV:-production}
- DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
- REDIS_URL=redis://redis-redis-shared-1:6379
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
- MY_EMAIL=${MY_EMAIL}
- MY_INFO_EMAIL=${MY_INFO_EMAIL}
@@ -25,6 +26,8 @@ services:
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
interval: 30s
@@ -67,6 +70,21 @@ services:
memory: 128M
cpus: '0.1'
redis:
image: redis:7-alpine
container_name: portfolio-redis
restart: unless-stopped
volumes:
- redis_data:/data
networks:
- portfolio_net
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
volumes:
portfolio_data:
driver: local
@@ -77,6 +95,6 @@ volumes:
networks:
portfolio_net:
external: true
driver: bridge
proxy:
external: true
external: true

145
docker-compose.zero-downtime-fixed.yml Normal file
View File

@@ -0,0 +1,145 @@
# Zero-Downtime Deployment Configuration (Fixed)
# Uses nginx as load balancer for seamless updates
# Fixed to work in Gitea Actions environment
services:
nginx:
image: nginx:alpine
container_name: portfolio-nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
# Use a more robust path that works in CI/CD environments
- ./nginx-zero-downtime.conf:/etc/nginx/nginx.conf:ro
# Remove default nginx configuration to prevent conflicts
- /etc/nginx/conf.d
networks:
- portfolio_net
depends_on:
- portfolio-app-1
- portfolio-app-2
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
interval: 10s
timeout: 5s
retries: 3
# Simple startup command
command: >
sh -c "
rm -rf /etc/nginx/conf.d/*
nginx -g 'daemon off;'
"
portfolio-app-1:
image: portfolio-app:latest
container_name: portfolio-app-1
restart: unless-stopped
environment:
- NODE_ENV=${NODE_ENV:-production}
- LOG_LEVEL=${LOG_LEVEL:-info}
- DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
- NEXT_PUBLIC_UMAMI_URL=${NEXT_PUBLIC_UMAMI_URL}
- NEXT_PUBLIC_UMAMI_WEBSITE_ID=${NEXT_PUBLIC_UMAMI_WEBSITE_ID}
- MY_EMAIL=${MY_EMAIL}
- MY_INFO_EMAIL=${MY_INFO_EMAIL}
- MY_PASSWORD=${MY_PASSWORD}
- MY_INFO_PASSWORD=${MY_INFO_PASSWORD}
- ADMIN_BASIC_AUTH=${ADMIN_BASIC_AUTH}
volumes:
- portfolio_data:/app/.next/cache
networks:
- portfolio_net
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
portfolio-app-2:
image: portfolio-app:latest
container_name: portfolio-app-2
restart: unless-stopped
environment:
- NODE_ENV=${NODE_ENV:-production}
- LOG_LEVEL=${LOG_LEVEL:-info}
- DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
- NEXT_PUBLIC_UMAMI_URL=${NEXT_PUBLIC_UMAMI_URL}
- NEXT_PUBLIC_UMAMI_WEBSITE_ID=${NEXT_PUBLIC_UMAMI_WEBSITE_ID}
- MY_EMAIL=${MY_EMAIL}
- MY_INFO_EMAIL=${MY_INFO_EMAIL}
- MY_PASSWORD=${MY_PASSWORD}
- MY_INFO_PASSWORD=${MY_INFO_PASSWORD}
- ADMIN_BASIC_AUTH=${ADMIN_BASIC_AUTH}
volumes:
- portfolio_data:/app/.next/cache
networks:
- portfolio_net
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
postgres:
image: postgres:16-alpine
container_name: portfolio-postgres
restart: unless-stopped
environment:
- POSTGRES_DB=portfolio_db
- POSTGRES_USER=portfolio_user
- POSTGRES_PASSWORD=portfolio_pass
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- portfolio_net
healthcheck:
test: ["CMD-SHELL", "pg_isready -U portfolio_user -d portfolio_db"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
redis:
image: redis:7-alpine
container_name: portfolio-redis
restart: unless-stopped
volumes:
- redis_data:/data
networks:
- portfolio_net
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
volumes:
portfolio_data:
driver: local
postgres_data:
driver: local
redis_data:
driver: local
networks:
portfolio_net:
driver: bridge

135
docker-compose.zero-downtime.yml Normal file
View File

@@ -0,0 +1,135 @@
# Zero-Downtime Deployment Configuration
# Uses nginx as load balancer for seamless updates
services:
nginx:
image: nginx:alpine
container_name: portfolio-nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx-zero-downtime.conf:/etc/nginx/nginx.conf:ro
networks:
- portfolio_net
depends_on:
- portfolio-app-1
- portfolio-app-2
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
interval: 10s
timeout: 5s
retries: 3
portfolio-app-1:
image: portfolio-app:latest
container_name: portfolio-app-1
restart: unless-stopped
environment:
- NODE_ENV=${NODE_ENV:-production}
- LOG_LEVEL=${LOG_LEVEL:-info}
- DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
- NEXT_PUBLIC_UMAMI_URL=${NEXT_PUBLIC_UMAMI_URL}
- NEXT_PUBLIC_UMAMI_WEBSITE_ID=${NEXT_PUBLIC_UMAMI_WEBSITE_ID}
- MY_EMAIL=${MY_EMAIL}
- MY_INFO_EMAIL=${MY_INFO_EMAIL}
- MY_PASSWORD=${MY_PASSWORD}
- MY_INFO_PASSWORD=${MY_INFO_PASSWORD}
- ADMIN_BASIC_AUTH=${ADMIN_BASIC_AUTH}
volumes:
- portfolio_data:/app/.next/cache
networks:
- portfolio_net
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
portfolio-app-2:
image: portfolio-app:latest
container_name: portfolio-app-2
restart: unless-stopped
environment:
- NODE_ENV=${NODE_ENV:-production}
- LOG_LEVEL=${LOG_LEVEL:-info}
- DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
- NEXT_PUBLIC_UMAMI_URL=${NEXT_PUBLIC_UMAMI_URL}
- NEXT_PUBLIC_UMAMI_WEBSITE_ID=${NEXT_PUBLIC_UMAMI_WEBSITE_ID}
- MY_EMAIL=${MY_EMAIL}
- MY_INFO_EMAIL=${MY_INFO_EMAIL}
- MY_PASSWORD=${MY_PASSWORD}
- MY_INFO_PASSWORD=${MY_INFO_PASSWORD}
- ADMIN_BASIC_AUTH=${ADMIN_BASIC_AUTH}
volumes:
- portfolio_data:/app/.next/cache
networks:
- portfolio_net
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
postgres:
image: postgres:16-alpine
container_name: portfolio-postgres
restart: unless-stopped
environment:
- POSTGRES_DB=portfolio_db
- POSTGRES_USER=portfolio_user
- POSTGRES_PASSWORD=portfolio_pass
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- portfolio_net
healthcheck:
test: ["CMD-SHELL", "pg_isready -U portfolio_user -d portfolio_db"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
redis:
image: redis:7-alpine
container_name: portfolio-redis
restart: unless-stopped
volumes:
- redis_data:/data
networks:
- portfolio_net
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
volumes:
portfolio_data:
driver: local
postgres_data:
driver: local
redis_data:
driver: local
networks:
portfolio_net:
driver: bridge

10
jest.setup.ts
View File

@@ -25,8 +25,14 @@ jest.mock('next/link', () => {
// Mock next/image
jest.mock('next/image', () => {
const ImageComponent = ({ src, alt, ...props }: Record<string, unknown>) =>
React.createElement('img', { src, alt, ...props });
const ImageComponent = ({ src, alt, fill, priority, ...props }: Record<string, unknown>) => {
// Convert boolean props to strings for DOM compatibility
const domProps: Record<string, unknown> = { src, alt };
if (fill) domProps.style = { width: '100%', height: '100%', objectFit: 'cover' };
if (priority) domProps.loading = 'eager';
return React.createElement('img', { ...domProps, ...props });
};
ImageComponent.displayName = 'Image';
return ImageComponent;
});

65
logs/gitea-deploy-simple.log Normal file
View File

@@ -0,0 +1,65 @@
[2025-09-13 23:24:42] 🚀 Starting simplified Gitea deployment for portfolio
[2025-09-13 23:24:42] 🔨 Step 1: Building application...
[2025-09-13 23:24:42] 📦 Building Next.js application...
[SUCCESS] ✅ Application built successfully
[2025-09-13 23:25:04] 🐳 Step 2: Docker operations...
[2025-09-13 23:25:04] 🏗️ Building Docker image...
[ERROR] Docker build failed
[2025-09-13 23:26:50] 🚀 Starting simplified Gitea deployment for portfolio
[2025-09-13 23:26:50] 🔨 Step 1: Building application...
[2025-09-13 23:26:50] 📦 Building Next.js application...
[SUCCESS] ✅ Application built successfully
[2025-09-13 23:27:13] 🐳 Step 2: Docker operations...
[2025-09-13 23:27:13] 🏗️ Building Docker image...
[ERROR] Docker build failed
[2025-09-13 23:28:23] 🚀 Starting simplified Gitea deployment for portfolio
[2025-09-13 23:28:23] 🔨 Step 1: Building application...
[2025-09-13 23:28:23] 📦 Building Next.js application...
[SUCCESS] ✅ Application built successfully
[2025-09-13 23:28:49] 🐳 Step 2: Docker operations...
[2025-09-13 23:28:49] 🏗️ Building Docker image...
[ERROR] Docker build failed
[2025-09-13 23:35:08] 🚀 Starting simplified Gitea deployment for portfolio
[2025-09-13 23:35:08] 🔨 Step 1: Building application...
[2025-09-13 23:35:08] 📦 Building Next.js application...
[SUCCESS] ✅ Application built successfully
[2025-09-13 23:35:31] 🐳 Step 2: Docker operations...
[2025-09-13 23:35:31] 🏗️ Building Docker image...
[SUCCESS] ✅ Docker image built successfully
[2025-09-13 23:36:32] 🚀 Step 3: Deploying application...
[2025-09-13 23:36:33] 🚀 Starting new container on port 3000...
[2025-09-13 23:36:33] ⏳ Waiting for container to be ready...
[2025-09-13 23:36:53] 🏥 Performing health check...
[SUCCESS] ✅ Application is healthy!
[2025-09-13 23:36:53] ✅ Step 4: Verifying deployment...
[SUCCESS] ✅ Main page is accessible
[2025-09-13 23:36:53] 📊 Container status:
[2025-09-13 23:36:53] 📈 Resource usage:
[SUCCESS] 🎉 Simplified Gitea deployment completed successfully!
[2025-09-13 23:36:54] 🌐 Application is available at: http://localhost:3000
[2025-09-13 23:36:54] 🏥 Health check endpoint: http://localhost:3000/api/health
[2025-09-13 23:36:54] 📊 Container name: portfolio-app-simple
[2025-09-13 23:36:54] 📝 Logs: docker logs portfolio-app-simple
Sat Sep 13 23:36:54 CEST 2025: Simplified Gitea deployment successful - Port: 3000 - Image: portfolio-app:20250913-233632
[2025-09-13 23:46:31] 🚀 Starting simplified Gitea deployment for portfolio
[2025-09-13 23:46:31] 🔨 Step 1: Building application...
[2025-09-13 23:46:31] 📦 Building Next.js application...
[SUCCESS] ✅ Application built successfully
[2025-09-13 23:46:54] 🐳 Step 2: Docker operations...
[2025-09-13 23:46:54] 🏗️ Building Docker image...
[SUCCESS] ✅ Docker image built successfully
[2025-09-13 23:48:01] 🚀 Step 3: Deploying application...
[2025-09-13 23:48:01] 🚀 Starting new container on port 3000...
[2025-09-13 23:48:01] ⏳ Waiting for container to be ready...
[2025-09-13 23:48:21] 🏥 Performing health check...
[SUCCESS] ✅ Application is healthy!
[2025-09-13 23:48:21] ✅ Step 4: Verifying deployment...
[SUCCESS] ✅ Main page is accessible
[2025-09-13 23:48:22] 📊 Container status:
[2025-09-13 23:48:22] 📈 Resource usage:
[SUCCESS] 🎉 Simplified Gitea deployment completed successfully!
[2025-09-13 23:48:23] 🌐 Application is available at: http://localhost:3000
[2025-09-13 23:48:23] 🏥 Health check endpoint: http://localhost:3000/api/health
[2025-09-13 23:48:23] 📊 Container name: portfolio-app-simple
[2025-09-13 23:48:23] 📝 Logs: docker logs portfolio-app-simple
Sat Sep 13 23:48:23 CEST 2025: Simplified Gitea deployment successful - Port: 3000 - Image: portfolio-app:20250913-234801

31
next.config.ts
View File

@@ -8,6 +8,12 @@ dotenv.config({ path: path.resolve(__dirname, '.env') });
const nextConfig: NextConfig = {
// Enable standalone output for Docker
output: 'standalone',
outputFileTracingRoot: path.join(__dirname, '../../'),
// Ensure proper server configuration
serverRuntimeConfig: {
// Will only be available on the server side
},
// Optimize for production
compress: true,
@@ -22,14 +28,6 @@ const nextConfig: NextConfig = {
env: {
NEXT_PUBLIC_BASE_URL: process.env.NEXT_PUBLIC_BASE_URL
},
serverRuntimeConfig: {
GHOST_API_URL: process.env.GHOST_API_URL,
GHOST_API_KEY: process.env.GHOST_API_KEY,
MY_EMAIL: process.env.MY_EMAIL,
MY_INFO_EMAIL: process.env.MY_INFO_EMAIL,
MY_PASSWORD: process.env.MY_PASSWORD,
MY_INFO_PASSWORD: process.env.MY_INFO_PASSWORD
},
// Performance optimizations
experimental: {
@@ -41,6 +39,23 @@ const nextConfig: NextConfig = {
formats: ['image/webp', 'image/avif'],
minimumCacheTTL: 60,
},
// Dynamic routes are handled automatically by Next.js
// Add cache-busting headers
async headers() {
return [
{
source: '/(.*)',
headers: [
{
key: 'Cache-Control',
value: 'public, max-age=0, must-revalidate',
},
],
},
];
},
};
import bundleAnalyzer from "@next/bundle-analyzer";

67
nginx-zero-downtime.conf Normal file
View File

@@ -0,0 +1,67 @@
events {
worker_connections 1024;
}
http {
upstream portfolio_backend {
# Health check enabled upstream
server portfolio-app-1:3000 max_fails=3 fail_timeout=30s;
server portfolio-app-2:3000 max_fails=3 fail_timeout=30s;
}
# Resolver for dynamic upstream resolution
resolver 127.0.0.11 valid=10s;
# Main server
server {
listen 80;
server_name _;
# Health check endpoint
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# Main location
location / {
proxy_pass http://portfolio_backend;
# Proxy settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeout settings
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
# Health check for upstream
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_next_upstream_tries 2;
proxy_next_upstream_timeout 10s;
}
# Static files caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://portfolio_backend;
# Proxy settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
}

2
package.json
View File

@@ -32,6 +32,8 @@
"deploy": "./scripts/deploy.sh",
"auto-deploy": "./scripts/auto-deploy.sh",
"quick-deploy": "./scripts/quick-deploy.sh",
"gitea-deploy": "./scripts/gitea-deploy.sh",
"setup-gitea-runner": "./scripts/setup-gitea-runner.sh",
"monitor": "./scripts/monitor.sh",
"health": "curl -f http://localhost:3000/api/health"
},

163
prisma/schema.prisma
View File

@@ -1,6 +1,3 @@
// This is your Prisma schema file,
// learn more about it in the docs: https://pris.ly/d/prisma-schema
generator client {
provider = "prisma-client-js"
}
@@ -11,46 +8,37 @@ datasource db {
}
model Project {
id Int @id @default(autoincrement())
title String @db.VarChar(255)
description String @db.Text
content String @db.Text
tags String[] @default([])
featured Boolean @default(false)
category String @db.VarChar(100)
date String @db.VarChar(10)
github String? @db.VarChar(500)
live String? @db.VarChar(500)
published Boolean @default(true)
imageUrl String? @db.VarChar(500)
metaDescription String? @db.Text
keywords String? @db.Text
ogImage String? @db.VarChar(500)
schema Json?
// Advanced features
difficulty Difficulty @default(INTERMEDIATE)
timeToComplete String? @db.VarChar(100)
technologies String[] @default([])
challenges String[] @default([])
lessonsLearned String[] @default([])
futureImprovements String[] @default([])
demoVideo String? @db.VarChar(500)
screenshots String[] @default([])
colorScheme String @db.VarChar(100) @default("Dark")
accessibility Boolean @default(true)
// Performance metrics
performance Json @default("{\"lighthouse\": 90, \"bundleSize\": \"50KB\", \"loadTime\": \"1.5s\"}")
// Analytics
analytics Json @default("{\"views\": 0, \"likes\": 0, \"shares\": 0}")
// Timestamps
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
// Indexes for performance
id Int @id @default(autoincrement())
title String @db.VarChar(255)
description String
content String
tags String[] @default([])
featured Boolean @default(false)
category String @db.VarChar(100)
date String @db.VarChar(10)
github String? @db.VarChar(500)
live String? @db.VarChar(500)
published Boolean @default(true)
imageUrl String? @db.VarChar(500)
metaDescription String?
keywords String?
ogImage String? @db.VarChar(500)
schema Json?
difficulty Difficulty @default(INTERMEDIATE)
timeToComplete String? @db.VarChar(100)
technologies String[] @default([])
challenges String[] @default([])
lessonsLearned String[] @default([])
futureImprovements String[] @default([])
demoVideo String? @db.VarChar(500)
screenshots String[] @default([])
colorScheme String @default("Dark") @db.VarChar(100)
accessibility Boolean @default(true)
performance Json @default("{\"loadTime\": \"1.5s\", \"bundleSize\": \"50KB\", \"lighthouse\": 90}")
analytics Json @default("{\"likes\": 0, \"views\": 0, \"shares\": 0}")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@index([category])
@@index([featured])
@@index([published])
@@ -59,6 +47,49 @@ model Project {
@@index([tags])
}
model PageView {
id Int @id @default(autoincrement())
projectId Int? @map("project_id")
page String @db.VarChar(100)
ip String? @db.VarChar(45)
userAgent String? @map("user_agent")
referrer String? @db.VarChar(500)
timestamp DateTime @default(now())
@@index([projectId])
@@index([timestamp])
@@index([page])
}
model UserInteraction {
id Int @id @default(autoincrement())
projectId Int @map("project_id")
type InteractionType
ip String? @db.VarChar(45)
userAgent String? @map("user_agent")
timestamp DateTime @default(now())
@@index([projectId])
@@index([type])
@@index([timestamp])
}
model Contact {
id Int @id @default(autoincrement())
name String @db.VarChar(255)
email String @db.VarChar(255)
subject String @db.VarChar(500)
message String
responded Boolean @default(false)
responseTemplate String? @map("response_template") @db.VarChar(50)
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@index([email])
@@index([responded])
@@index([createdAt])
}
enum Difficulty {
BEGINNER
INTERMEDIATE
@@ -66,55 +97,9 @@ enum Difficulty {
EXPERT
}
// Analytics tracking
model PageView {
id Int @id @default(autoincrement())
projectId Int? @map("project_id")
page String @db.VarChar(100)
ip String? @db.VarChar(45)
userAgent String? @db.Text @map("user_agent")
referrer String? @db.VarChar(500)
timestamp DateTime @default(now())
@@index([projectId])
@@index([timestamp])
@@index([page])
}
// User interactions
model UserInteraction {
id Int @id @default(autoincrement())
projectId Int @map("project_id")
type InteractionType
ip String? @db.VarChar(45)
userAgent String? @db.Text @map("user_agent")
timestamp DateTime @default(now())
@@index([projectId])
@@index([type])
@@index([timestamp])
}
enum InteractionType {
LIKE
SHARE
BOOKMARK
COMMENT
}
// Contact form submissions
model Contact {
id Int @id @default(autoincrement())
name String @db.VarChar(255)
email String @db.VarChar(255)
subject String @db.VarChar(500)
message String @db.Text
responded Boolean @default(false)
responseTemplate String? @db.VarChar(50) @map("response_template")
createdAt DateTime @default(now()) @map("created_at")
updatedAt DateTime @updatedAt @map("updated_at")
@@index([email])
@@index([responded])
@@index([createdAt])
}

6
scripts/auto-deploy.sh
View File

@@ -37,9 +37,9 @@ warning() {
echo -e "${YELLOW}[WARNING]${NC} $1" | tee -a "$LOG_FILE"
}
# Check if running as root
if [[ $EUID -eq 0 ]]; then
error "This script should not be run as root"
# Check if running as root (skip in CI environments)
if [[ $EUID -eq 0 ]] && [[ -z "$CI" ]]; then
error "This script should not be run as root (use CI=true to override)"
exit 1
fi

85
scripts/check-secrets.sh Executable file
View File

@@ -0,0 +1,85 @@
#!/bin/bash
# Advanced Secret Detection Script
# This script checks for actual secrets, not legitimate authentication code
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
print_status() {
echo -e "${GREEN}$1${NC}"
}
print_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
print_error() {
echo -e "${RED}$1${NC}"
}
echo "🔍 Advanced secret detection..."
SECRETS_FOUND=false
# Check for hardcoded secrets (more specific patterns)
echo "Checking for hardcoded secrets..."
# Check for actual API keys, tokens, passwords (not variable names)
if grep -r -E "(api[_-]?key|secret[_-]?key|private[_-]?key|access[_-]?token|bearer[_-]?token)\s*[:=]\s*['\"][^'\"]{20,}" \
--include="*.js" --include="*.ts" --include="*.json" --include="*.env*" . | \
grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test"; then
print_error "Hardcoded API keys or tokens found!"
SECRETS_FOUND=true
fi
# Check for database connection strings with credentials (excluding .env files)
if grep -r -E "(postgresql|mysql|mongodb)://[^:]+:[^@]+@" \
--include="*.js" --include="*.ts" --include="*.json" . | \
grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test" | \
grep -v ".env"; then
print_error "Database connection strings with credentials found in source code!"
SECRETS_FOUND=true
fi
# Check for AWS/cloud service credentials
if grep -r -E "(aws[_-]?access[_-]?key[_-]?id|aws[_-]?secret[_-]?access[_-]?key|azure[_-]?account[_-]?key|gcp[_-]?service[_-]?account)" \
--include="*.js" --include="*.ts" --include="*.json" --include="*.env*" . | \
grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test"; then
print_error "Cloud service credentials found!"
SECRETS_FOUND=true
fi
# Check for .env files in git (should be in .gitignore)
if git ls-files | grep -E "\.env$|\.env\."; then
print_error ".env files found in git repository!"
SECRETS_FOUND=true
fi
# Check for common secret file patterns
if find . -name "*.pem" -o -name "*.key" -o -name "*.p12" -o -name "*.pfx" | grep -v node_modules | grep -v ".git"; then
print_error "Certificate or key files found in repository!"
SECRETS_FOUND=true
fi
# Check for JWT secrets or signing keys
if grep -r -E "(jwt[_-]?secret|signing[_-]?key|encryption[_-]?key)\s*[:=]\s*['\"][^'\"]{32,}" \
--include="*.js" --include="*.ts" --include="*.json" --include="*.env*" . | \
grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test"; then
print_error "JWT secrets or signing keys found!"
SECRETS_FOUND=true
fi
if [ "$SECRETS_FOUND" = false ]; then
print_status "No actual secrets found in code"
else
print_error "Potential secrets detected - please review and remove"
exit 1
fi
echo "🔍 Secret detection completed!"

24
scripts/deploy.sh
View File

@@ -10,7 +10,7 @@ ENVIRONMENT=${1:-production}
REGISTRY="ghcr.io"
IMAGE_NAME="dennis-konkol/my_portfolio"
CONTAINER_NAME="portfolio-app"
COMPOSE_FILE="docker-compose.prod.yml"
COMPOSE_FILE="docker-compose.zero-downtime.yml"
# Colors for output
RED='\033[0;31m'
@@ -36,9 +36,9 @@ warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
# Check if running as root
if [[ $EUID -eq 0 ]]; then
error "This script should not be run as root"
# Check if running as root (skip in CI environments)
if [[ $EUID -eq 0 ]] && [[ -z "$CI" ]]; then
error "This script should not be run as root (use CI=true to override)"
exit 1
fi
@@ -79,10 +79,10 @@ echo "$GITHUB_TOKEN" | docker login $REGISTRY -u $GITHUB_ACTOR --password-stdin
warning "Failed to login to registry. Make sure GITHUB_TOKEN and GITHUB_ACTOR are set."
}
# Pull latest image
log "Pulling latest image..."
docker pull $FULL_IMAGE_NAME || {
error "Failed to pull image $FULL_IMAGE_NAME"
# Build latest image locally
log "Building latest image locally..."
docker build -t portfolio-app:latest . || {
error "Failed to build image locally"
exit 1
}
@@ -112,7 +112,7 @@ HEALTH_CHECK_INTERVAL=2
ELAPSED=0
while [ $ELAPSED -lt $HEALTH_CHECK_TIMEOUT ]; do
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
if curl -f http://localhost/api/health > /dev/null 2>&1; then
success "Application is healthy!"
break
fi
@@ -131,7 +131,7 @@ fi
# Verify deployment
log "Verifying deployment..."
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
if curl -f http://localhost/api/health > /dev/null 2>&1; then
success "Deployment successful!"
# Show container status
@@ -156,5 +156,5 @@ docker system prune -f --volumes || {
}
success "Deployment completed successfully!"
log "Application is available at: http://localhost:3000"
log "Health check endpoint: http://localhost:3000/api/health"
log "Application is available at: http://localhost/"
log "Health check endpoint: http://localhost/api/health"

2
scripts/dev-minimal.js
View File

@@ -51,7 +51,7 @@ exec('docker-compose --version', (error) => {
shell: isWindows,
env: {
...process.env,
DATABASE_URL: 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
DATABASE_URL: process.env.DATABASE_URL || 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
REDIS_URL: 'redis://localhost:6379',
NODE_ENV: 'development'
}

2
scripts/dev-simple.js
View File

@@ -12,7 +12,7 @@ console.log('💡 For full development environment with DB, use: npm run dev:ful
const env = {
...process.env,
NODE_ENV: 'development',
DATABASE_URL: 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
DATABASE_URL: process.env.DATABASE_URL || 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
REDIS_URL: 'redis://localhost:6379',
NEXT_PUBLIC_BASE_URL: 'http://localhost:3000'
};

225
scripts/gitea-deploy-simple.sh Executable file
View File

@@ -0,0 +1,225 @@
#!/bin/bash
# Simplified Gitea deployment script for testing
# This version doesn't require database dependencies
set -e
# Configuration
PROJECT_NAME="portfolio"
CONTAINER_NAME="portfolio-app-simple"
IMAGE_NAME="portfolio-app"
PORT=3000
BACKUP_PORT=3001
LOG_FILE="./logs/gitea-deploy-simple.log"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging function
log() {
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1" | tee -a "$LOG_FILE"
}
error() {
echo -e "${RED}[ERROR]${NC} $1" | tee -a "$LOG_FILE"
}
success() {
echo -e "${GREEN}[SUCCESS]${NC} $1" | tee -a "$LOG_FILE"
}
warning() {
echo -e "${YELLOW}[WARNING]${NC} $1" | tee -a "$LOG_FILE"
}
# Check if running as root (skip in CI environments)
if [[ $EUID -eq 0 ]] && [[ -z "$CI" ]]; then
error "This script should not be run as root (use CI=true to override)"
exit 1
fi
# Check if Docker is running
if ! docker info > /dev/null 2>&1; then
error "Docker is not running. Please start Docker and try again."
exit 1
fi
# Check if we're in the right directory
if [ ! -f "package.json" ] || [ ! -f "Dockerfile" ]; then
error "Please run this script from the project root directory"
exit 1
fi
log "🚀 Starting simplified Gitea deployment for $PROJECT_NAME"
# Step 1: Build Application
log "🔨 Step 1: Building application..."
# Build Next.js application
log "📦 Building Next.js application..."
npm run build || {
error "Build failed"
exit 1
}
success "✅ Application built successfully"
# Step 2: Docker Operations
log "🐳 Step 2: Docker operations..."
# Build Docker image
log "🏗️ Building Docker image..."
docker build -t "$IMAGE_NAME:latest" . || {
error "Docker build failed"
exit 1
}
# Tag with timestamp
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
docker tag "$IMAGE_NAME:latest" "$IMAGE_NAME:$TIMESTAMP"
success "✅ Docker image built successfully"
# Step 3: Deployment
log "🚀 Step 3: Deploying application..."
# Export environment variables for docker-compose compatibility
log "📝 Exporting environment variables..."
export NODE_ENV=${NODE_ENV:-production}
export NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL:-https://dk0.dev}
export MY_EMAIL=${MY_EMAIL:-contact@dk0.dev}
export MY_INFO_EMAIL=${MY_INFO_EMAIL:-info@dk0.dev}
export MY_PASSWORD="${MY_PASSWORD}"
export MY_INFO_PASSWORD="${MY_INFO_PASSWORD}"
export ADMIN_BASIC_AUTH="${ADMIN_BASIC_AUTH}"
export LOG_LEVEL=${LOG_LEVEL:-info}
export PORT=${PORT:-3000}
# Log which variables are set (without revealing secrets)
log "Environment variables configured:"
log " - NODE_ENV: ${NODE_ENV}"
log " - NEXT_PUBLIC_BASE_URL: ${NEXT_PUBLIC_BASE_URL}"
log " - MY_EMAIL: ${MY_EMAIL}"
log " - MY_INFO_EMAIL: ${MY_INFO_EMAIL}"
log " - MY_PASSWORD: [SET]"
log " - MY_INFO_PASSWORD: [SET]"
log " - ADMIN_BASIC_AUTH: [SET]"
log " - LOG_LEVEL: ${LOG_LEVEL}"
log " - PORT: ${PORT}"
# Check if container is running
if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" = "true" ]; then
log "📦 Stopping existing container..."
docker stop "$CONTAINER_NAME" || true
docker rm "$CONTAINER_NAME" || true
fi
# Check if port is available
if lsof -Pi :$PORT -sTCP:LISTEN -t >/dev/null ; then
warning "Port $PORT is in use. Trying backup port $BACKUP_PORT"
DEPLOY_PORT=$BACKUP_PORT
else
DEPLOY_PORT=$PORT
fi
# Start new container with minimal environment variables
log "🚀 Starting new container on port $DEPLOY_PORT..."
docker run -d \
--name "$CONTAINER_NAME" \
--restart unless-stopped \
-p "$DEPLOY_PORT:3000" \
-e NODE_ENV=production \
-e NEXT_PUBLIC_BASE_URL=https://dk0.dev \
-e MY_EMAIL=contact@dk0.dev \
-e MY_INFO_EMAIL=info@dk0.dev \
-e MY_PASSWORD=test-password \
-e MY_INFO_PASSWORD=test-password \
-e ADMIN_BASIC_AUTH=admin:test123 \
-e LOG_LEVEL=info \
"$IMAGE_NAME:latest" || {
error "Failed to start container"
exit 1
}
# Wait for container to be ready
log "⏳ Waiting for container to be ready..."
sleep 20
# Check if container is actually running
if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" != "true" ]; then
error "Container failed to start or crashed"
log "Container logs:"
docker logs "$CONTAINER_NAME" --tail=50
exit 1
fi
# Health check
log "🏥 Performing health check..."
HEALTH_CHECK_TIMEOUT=180
HEALTH_CHECK_INTERVAL=5
ELAPSED=0
while [ $ELAPSED -lt $HEALTH_CHECK_TIMEOUT ]; do
# Check if container is still running
if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" != "true" ]; then
error "Container stopped during health check"
log "Container logs:"
docker logs "$CONTAINER_NAME" --tail=50
exit 1
fi
# Try health check endpoint
if curl -f "http://localhost:$DEPLOY_PORT/api/health" > /dev/null 2>&1; then
success "✅ Application is healthy!"
break
fi
sleep $HEALTH_CHECK_INTERVAL
ELAPSED=$((ELAPSED + HEALTH_CHECK_INTERVAL))
echo -n "."
done
if [ $ELAPSED -ge $HEALTH_CHECK_TIMEOUT ]; then
error "Health check timeout. Application may not be running properly."
log "Container status:"
docker inspect "$CONTAINER_NAME" --format='{{.State.Status}} - {{.State.Health.Status}}'
log "Container logs:"
docker logs "$CONTAINER_NAME" --tail=100
exit 1
fi
# Step 4: Verification
log "✅ Step 4: Verifying deployment..."
# Test main page
if curl -f "http://localhost:$DEPLOY_PORT/" > /dev/null 2>&1; then
success "✅ Main page is accessible"
else
error "❌ Main page is not accessible"
exit 1
fi
# Show container status
log "📊 Container status:"
docker ps --filter "name=$CONTAINER_NAME" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# Show resource usage
log "📈 Resource usage:"
docker stats --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" "$CONTAINER_NAME"
# Final success message
success "🎉 Simplified Gitea deployment completed successfully!"
log "🌐 Application is available at: http://localhost:$DEPLOY_PORT"
log "🏥 Health check endpoint: http://localhost:$DEPLOY_PORT/api/health"
log "📊 Container name: $CONTAINER_NAME"
log "📝 Logs: docker logs $CONTAINER_NAME"
# Update deployment log
echo "$(date): Simplified Gitea deployment successful - Port: $DEPLOY_PORT - Image: $IMAGE_NAME:$TIMESTAMP" >> "$LOG_FILE"
exit 0

257
scripts/gitea-deploy.sh Executable file
View File

@@ -0,0 +1,257 @@
#!/bin/bash
# Gitea-specific deployment script
# Optimiert für lokalen Gitea Runner
set -e
# Configuration
PROJECT_NAME="portfolio"
CONTAINER_NAME="portfolio-app"
IMAGE_NAME="portfolio-app"
PORT=3000
BACKUP_PORT=3001
LOG_FILE="./logs/gitea-deploy.log"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging function
log() {
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1" | tee -a "$LOG_FILE"
}
error() {
echo -e "${RED}[ERROR]${NC} $1" | tee -a "$LOG_FILE"
}
success() {
echo -e "${GREEN}[SUCCESS]${NC} $1" | tee -a "$LOG_FILE"
}
warning() {
echo -e "${YELLOW}[WARNING]${NC} $1" | tee -a "$LOG_FILE"
}
# Check if running as root (skip in CI environments)
if [[ $EUID -eq 0 ]] && [[ -z "$CI" ]]; then
error "This script should not be run as root (use CI=true to override)"
exit 1
fi
# Check if Docker is running
if ! docker info > /dev/null 2>&1; then
error "Docker is not running. Please start Docker and try again."
exit 1
fi
# Check if we're in the right directory
if [ ! -f "package.json" ] || [ ! -f "Dockerfile" ]; then
error "Please run this script from the project root directory"
exit 1
fi
log "🚀 Starting Gitea deployment for $PROJECT_NAME"
# Step 1: Code Quality Checks
log "📋 Step 1: Running code quality checks..."
# Run linting
log "🔍 Running ESLint..."
npm run lint || {
error "ESLint failed. Please fix the issues before deploying."
exit 1
}
# Run tests
log "🧪 Running tests..."
npm run test || {
error "Tests failed. Please fix the issues before deploying."
exit 1
}
success "✅ Code quality checks passed"
# Step 2: Build Application
log "🔨 Step 2: Building application..."
# Build Next.js application
log "📦 Building Next.js application..."
npm run build || {
error "Build failed"
exit 1
}
success "✅ Application built successfully"
# Step 3: Docker Operations
log "🐳 Step 3: Docker operations..."
# Build Docker image
log "🏗️ Building Docker image..."
docker build -t "$IMAGE_NAME:latest" . || {
error "Docker build failed"
exit 1
}
# Tag with timestamp
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
docker tag "$IMAGE_NAME:latest" "$IMAGE_NAME:$TIMESTAMP"
success "✅ Docker image built successfully"
# Step 4: Deployment
log "🚀 Step 4: Deploying application..."
# Export environment variables for docker-compose compatibility
log "📝 Exporting environment variables..."
export NODE_ENV=${NODE_ENV:-production}
export NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL:-https://dk0.dev}
export MY_EMAIL=${MY_EMAIL:-contact@dk0.dev}
export MY_INFO_EMAIL=${MY_INFO_EMAIL:-info@dk0.dev}
export MY_PASSWORD="${MY_PASSWORD}"
export MY_INFO_PASSWORD="${MY_INFO_PASSWORD}"
export ADMIN_BASIC_AUTH="${ADMIN_BASIC_AUTH}"
export LOG_LEVEL=${LOG_LEVEL:-info}
export PORT=${PORT:-3000}
# Log which variables are set (without revealing secrets)
log "Environment variables configured:"
log " - NODE_ENV: ${NODE_ENV}"
log " - NEXT_PUBLIC_BASE_URL: ${NEXT_PUBLIC_BASE_URL}"
log " - MY_EMAIL: ${MY_EMAIL}"
log " - MY_INFO_EMAIL: ${MY_INFO_EMAIL}"
log " - MY_PASSWORD: [SET]"
log " - MY_INFO_PASSWORD: [SET]"
log " - ADMIN_BASIC_AUTH: [SET]"
log " - LOG_LEVEL: ${LOG_LEVEL}"
log " - PORT: ${PORT}"
# Check if container is running
if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" = "true" ]; then
log "📦 Stopping existing container..."
docker stop "$CONTAINER_NAME" || true
docker rm "$CONTAINER_NAME" || true
fi
# Check if port is available
if lsof -Pi :$PORT -sTCP:LISTEN -t >/dev/null ; then
warning "Port $PORT is in use. Trying backup port $BACKUP_PORT"
DEPLOY_PORT=$BACKUP_PORT
else
DEPLOY_PORT=$PORT
fi
# Start new container with environment variables
log "🚀 Starting new container on port $DEPLOY_PORT..."
docker run -d \
--name "$CONTAINER_NAME" \
--restart unless-stopped \
-p "$DEPLOY_PORT:3000" \
-e NODE_ENV=production \
-e NEXT_PUBLIC_BASE_URL=https://dk0.dev \
-e MY_EMAIL=contact@dk0.dev \
-e MY_INFO_EMAIL=info@dk0.dev \
-e MY_PASSWORD="${MY_PASSWORD:-your-email-password}" \
-e MY_INFO_PASSWORD="${MY_INFO_PASSWORD:-your-info-email-password}" \
-e ADMIN_BASIC_AUTH="${ADMIN_BASIC_AUTH:-admin:your_secure_password_here}" \
-e LOG_LEVEL=info \
"$IMAGE_NAME:latest" || {
error "Failed to start container"
exit 1
}
# Wait for container to be ready
log "⏳ Waiting for container to be ready..."
sleep 15
# Check if container is actually running
if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" != "true" ]; then
error "Container failed to start or crashed"
log "Container logs:"
docker logs "$CONTAINER_NAME" --tail=50
exit 1
fi
# Health check
log "🏥 Performing health check..."
HEALTH_CHECK_TIMEOUT=120
HEALTH_CHECK_INTERVAL=3
ELAPSED=0
while [ $ELAPSED -lt $HEALTH_CHECK_TIMEOUT ]; do
# Check if container is still running
if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" != "true" ]; then
error "Container stopped during health check"
log "Container logs:"
docker logs "$CONTAINER_NAME" --tail=50
exit 1
fi
# Try health check endpoint
if curl -f "http://localhost:$DEPLOY_PORT/api/health" > /dev/null 2>&1; then
success "✅ Application is healthy!"
break
fi
sleep $HEALTH_CHECK_INTERVAL
ELAPSED=$((ELAPSED + HEALTH_CHECK_INTERVAL))
echo -n "."
done
if [ $ELAPSED -ge $HEALTH_CHECK_TIMEOUT ]; then
error "Health check timeout. Application may not be running properly."
log "Container status:"
docker inspect "$CONTAINER_NAME" --format='{{.State.Status}} - {{.State.Health.Status}}'
log "Container logs:"
docker logs "$CONTAINER_NAME" --tail=100
exit 1
fi
# Step 5: Verification
log "✅ Step 5: Verifying deployment..."
# Test main page
if curl -f "http://localhost:$DEPLOY_PORT/" > /dev/null 2>&1; then
success "✅ Main page is accessible"
else
error "❌ Main page is not accessible"
exit 1
fi
# Show container status
log "📊 Container status:"
docker ps --filter "name=$CONTAINER_NAME" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# Show resource usage
log "📈 Resource usage:"
docker stats --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" "$CONTAINER_NAME"
# Step 6: Cleanup
log "🧹 Step 6: Cleaning up old images..."
# Remove old images (keep last 3 versions)
docker images "$IMAGE_NAME" --format "table {{.Tag}}\t{{.ID}}" | tail -n +2 | head -n -3 | awk '{print $2}' | xargs -r docker rmi || {
warning "No old images to remove"
}
# Clean up unused Docker resources
docker system prune -f --volumes || {
warning "Failed to clean up Docker resources"
}
# Final success message
success "🎉 Gitea deployment completed successfully!"
log "🌐 Application is available at: http://localhost:$DEPLOY_PORT"
log "🏥 Health check endpoint: http://localhost:$DEPLOY_PORT/api/health"
log "📊 Container name: $CONTAINER_NAME"
log "📝 Logs: docker logs $CONTAINER_NAME"
# Update deployment log
echo "$(date): Gitea deployment successful - Port: $DEPLOY_PORT - Image: $IMAGE_NAME:$TIMESTAMP" >> "$LOG_FILE"
exit 0

2
scripts/monitor.sh
View File

@@ -37,7 +37,7 @@ warning() {
check_health() {
log "Checking application health..."
if curl -f http://localhost:3000/api/health > /dev/null 2>&1; then
if curl -f http://localhost/api/health > /dev/null 2>&1; then
success "Application is healthy"
return 0
else

85
scripts/security-scan.sh Executable file
View File

@@ -0,0 +1,85 @@
#!/bin/bash
# Security Scan Script
# This script runs various security checks on the portfolio project
set -e
echo "🔒 Starting security scan..."
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${GREEN}$1${NC}"
}
print_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
print_error() {
echo -e "${RED}$1${NC}"
}
# Check if we're in the right directory
if [ ! -f "package.json" ]; then
print_error "Please run this script from the project root directory"
exit 1
fi
# 1. NPM Audit
echo "🔍 Running npm audit..."
if npm audit --audit-level=high; then
print_status "NPM audit passed - no high/critical vulnerabilities found"
else
print_warning "NPM audit found vulnerabilities - check the output above"
fi
# 2. Trivy scan (if available)
echo "🔍 Running Trivy vulnerability scan..."
if command -v trivy &> /dev/null; then
if trivy fs --scanners vuln,secret --format table .; then
print_status "Trivy scan completed successfully"
else
print_warning "Trivy scan found issues - check the output above"
fi
else
print_warning "Trivy not installed - skipping Trivy scan"
echo "To install Trivy: brew install trivy"
fi
# 3. Check for secrets using advanced detection
echo "🔍 Checking for potential secrets in code..."
if ./scripts/check-secrets.sh; then
print_status "No secrets found in code"
else
print_error "Secrets detected - please review"
fi
# 4. Check for outdated dependencies
echo "🔍 Checking for outdated dependencies..."
if npm outdated; then
print_status "All dependencies are up to date"
else
print_warning "Some dependencies are outdated - consider updating"
fi
# 5. Check for known vulnerable packages
echo "🔍 Checking for known vulnerable packages..."
if npm audit --audit-level=moderate; then
print_status "No moderate+ vulnerabilities found"
else
print_warning "Some vulnerabilities found - run 'npm audit fix' to attempt fixes"
fi
echo ""
echo "🔒 Security scan completed!"
echo "For more detailed security analysis, consider:"
echo " - Running 'npm audit fix' to fix vulnerabilities"
echo " - Installing Trivy for comprehensive vulnerability scanning"
echo " - Using tools like Snyk or GitHub Dependabot for ongoing monitoring"

2
scripts/setup-database.js
View File

@@ -6,7 +6,7 @@ const { exec } = require('child_process');
console.log('🗄️ Setting up database...');
// Set environment variables for development
process.env.DATABASE_URL = 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public';
process.env.DATABASE_URL = process.env.DATABASE_URL || 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public';
// Function to run command and return promise
function runCommand(command) {

192
scripts/setup-gitea-runner.sh Executable file
View File

@@ -0,0 +1,192 @@
#!/bin/bash
# Gitea Runner Setup Script
# Installiert und konfiguriert einen lokalen Gitea Runner
set -e
# Configuration
GITEA_URL="${GITEA_URL:-http://localhost:3000}"
RUNNER_NAME="${RUNNER_NAME:-portfolio-runner}"
RUNNER_LABELS="${RUNNER_LABELS:-ubuntu-latest,self-hosted,portfolio}"
RUNNER_WORK_DIR="${RUNNER_WORK_DIR:-/tmp/gitea-runner}"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging function
log() {
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
}
error() {
echo -e "${RED}[ERROR]${NC} $1"
}
success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
# Check if running as root (skip in CI environments)
if [[ $EUID -eq 0 ]] && [[ -z "$CI" ]]; then
error "This script should not be run as root (use CI=true to override)"
exit 1
fi
log "🚀 Setting up Gitea Runner for Portfolio"
# Check if Gitea URL is accessible
log "🔍 Checking Gitea server accessibility..."
if ! curl -f "$GITEA_URL" > /dev/null 2>&1; then
error "Cannot access Gitea server at $GITEA_URL"
error "Please make sure Gitea is running and accessible"
exit 1
fi
success "✅ Gitea server is accessible"
# Create runner directory
log "📁 Creating runner directory..."
mkdir -p "$RUNNER_WORK_DIR"
cd "$RUNNER_WORK_DIR"
# Download Gitea Runner
log "📥 Downloading Gitea Runner..."
RUNNER_VERSION="latest"
RUNNER_ARCH="linux-amd64"
# Get latest version
if [ "$RUNNER_VERSION" = "latest" ]; then
RUNNER_VERSION=$(curl -s https://api.github.com/repos/woodpecker-ci/woodpecker/releases/latest | grep -o '"tag_name": "[^"]*' | grep -o '[^"]*$')
fi
RUNNER_URL="https://github.com/woodpecker-ci/woodpecker/releases/download/${RUNNER_VERSION}/woodpecker-agent_${RUNNER_VERSION}_${RUNNER_ARCH}.tar.gz"
log "Downloading from: $RUNNER_URL"
curl -L -o woodpecker-agent.tar.gz "$RUNNER_URL"
# Extract runner
log "📦 Extracting Gitea Runner..."
tar -xzf woodpecker-agent.tar.gz
chmod +x woodpecker-agent
success "✅ Gitea Runner downloaded and extracted"
# Create systemd service
log "⚙️ Creating systemd service..."
sudo tee /etc/systemd/system/gitea-runner.service > /dev/null <<EOF
[Unit]
Description=Gitea Runner for Portfolio
After=network.target
[Service]
Type=simple
User=$USER
WorkingDirectory=$RUNNER_WORK_DIR
ExecStart=$RUNNER_WORK_DIR/woodpecker-agent
Restart=always
RestartSec=5
Environment=WOODPECKER_SERVER=$GITEA_URL
Environment=WOODPECKER_AGENT_SECRET=
Environment=WOODPECKER_LOG_LEVEL=info
[Install]
WantedBy=multi-user.target
EOF
# Reload systemd
sudo systemctl daemon-reload
success "✅ Systemd service created"
# Instructions for manual registration
log "📋 Manual registration required:"
echo ""
echo "1. Go to your Gitea instance: $GITEA_URL"
echo "2. Navigate to: Settings → Actions → Runners"
echo "3. Click 'Create new Runner'"
echo "4. Copy the registration token"
echo "5. Run the following command:"
echo ""
echo " cd $RUNNER_WORK_DIR"
echo " ./woodpecker-agent register --server $GITEA_URL --token YOUR_TOKEN"
echo ""
echo "6. After registration, start the service:"
echo " sudo systemctl enable gitea-runner"
echo " sudo systemctl start gitea-runner"
echo ""
echo "7. Check status:"
echo " sudo systemctl status gitea-runner"
echo ""
# Create helper scripts
log "📝 Creating helper scripts..."
# Start script
cat > "$RUNNER_WORK_DIR/start-runner.sh" << 'EOF'
#!/bin/bash
echo "Starting Gitea Runner..."
sudo systemctl start gitea-runner
sudo systemctl status gitea-runner
EOF
# Stop script
cat > "$RUNNER_WORK_DIR/stop-runner.sh" << 'EOF'
#!/bin/bash
echo "Stopping Gitea Runner..."
sudo systemctl stop gitea-runner
EOF
# Status script
cat > "$RUNNER_WORK_DIR/status-runner.sh" << 'EOF'
#!/bin/bash
echo "Gitea Runner Status:"
sudo systemctl status gitea-runner
echo ""
echo "Logs (last 20 lines):"
sudo journalctl -u gitea-runner -n 20 --no-pager
EOF
# Logs script
cat > "$RUNNER_WORK_DIR/logs-runner.sh" << 'EOF'
#!/bin/bash
echo "Gitea Runner Logs:"
sudo journalctl -u gitea-runner -f
EOF
chmod +x "$RUNNER_WORK_DIR"/*.sh
success "✅ Helper scripts created"
# Create environment file
cat > "$RUNNER_WORK_DIR/.env" << EOF
# Gitea Runner Configuration
GITEA_URL=$GITEA_URL
RUNNER_NAME=$RUNNER_NAME
RUNNER_LABELS=$RUNNER_LABELS
RUNNER_WORK_DIR=$RUNNER_WORK_DIR
EOF
log "📋 Setup Summary:"
echo " • Runner Directory: $RUNNER_WORK_DIR"
echo " • Gitea URL: $GITEA_URL"
echo " • Runner Name: $RUNNER_NAME"
echo " • Labels: $RUNNER_LABELS"
echo " • Helper Scripts: $RUNNER_WORK_DIR/*.sh"
echo ""
log "🎯 Next Steps:"
echo "1. Register the runner in Gitea web interface"
echo "2. Enable and start the service"
echo "3. Test with a workflow run"
echo ""
success "🎉 Gitea Runner setup completed!"
log "📁 All files are in: $RUNNER_WORK_DIR"

79
sync-env.ps1 Normal file
View File

@@ -0,0 +1,79 @@
# Simple Bitwarden .env Sync for Windows
# Run with: powershell -ExecutionPolicy Bypass -File sync-env.ps1
Write-Host "=== Bitwarden .env Sync ===" -ForegroundColor Cyan
# Check if bw is installed
if (!(Get-Command bw -ErrorAction SilentlyContinue)) {
Write-Host "Error: Bitwarden CLI (bw) is not installed" -ForegroundColor Red
Write-Host "Install it from: https://bitwarden.com/help/cli/"
exit 1
}
# Check status
$statusOutput = bw status 2>$null
if ($LASTEXITCODE -ne 0) {
Write-Host "Error: Failed to get Bitwarden status" -ForegroundColor Red
exit 1
}
$status = $statusOutput | ConvertFrom-Json
if ($status.status -eq "unauthenticated") {
Write-Host "Please login to Bitwarden:"
bw login
if ($LASTEXITCODE -ne 0) {
Write-Host "Error: Failed to login to Bitwarden" -ForegroundColor Red
exit 1
}
$statusOutput = bw status 2>$null
$status = $statusOutput | ConvertFrom-Json
}
# Unlock if needed
if ($status.status -eq "locked") {
Write-Host "Unlocking vault..."
Write-Host "Please enter your Bitwarden master password:"
$sessionKey = bw unlock --raw
if ($LASTEXITCODE -ne 0) {
Write-Host "Error: Failed to unlock vault" -ForegroundColor Red
exit 1
}
$env:BW_SESSION = $sessionKey
}
# Sync
Write-Host "Syncing with Bitwarden..."
bw sync 2>$null | Out-Null
if ($LASTEXITCODE -ne 0) {
Write-Host "Error: Failed to sync with Bitwarden" -ForegroundColor Red
exit 1
}
# CHANGE THIS to your Bitwarden item name
$itemName = "portfolio-env"
Write-Host "Fetching environment variables..."
# Get item
$itemOutput = bw get item $itemName 2>$null
if ($LASTEXITCODE -ne 0) {
Write-Host "Error: Could not find item '$itemName' in Bitwarden" -ForegroundColor Red
Write-Host "Make sure you have an item with this exact name in your vault"
exit 1
}
$item = $itemOutput | ConvertFrom-Json
# Get notes and process them
if (!$item.notes) {
Write-Host "Error: No notes found in item '$itemName'" -ForegroundColor Red
Write-Host "Add your environment variables to the notes field"
exit 1
}
# Process notes - handle escaped newlines and other JSON formatting
$notes = $item.notes -replace '\\n', "`n" -replace '\\r', "`r" -replace '\\t', "`t"
# Create .env file
$envPath = Join-Path (Get-Location) ".env"
$notes | Out-File -FilePath $envPath -Encoding UTF8 -NoNewline
Write-Host "Created .env file successfully at: $envPath" -ForegroundColor Green

64
sync-env.sh Executable file
View File

@@ -0,0 +1,64 @@
#!/bin/bash
# Simple Bitwarden .env Sync
# Works on Mac and Windows (Git Bash)
echo "=== Bitwarden .env Sync ==="
# Check if bw is installed
if ! command -v bw &> /dev/null; then
echo "Error: Bitwarden CLI (bw) is not installed"
echo "Install it from: https://bitwarden.com/help/cli/"
exit 1
fi
# Check if logged in
STATUS=$(bw status | grep -o '"status":"[^"]*' | cut -d'"' -f4)
if [ "$STATUS" = "unauthenticated" ]; then
echo "Please login to Bitwarden:"
bw login
STATUS="locked"
fi
# Unlock vault if needed
if [ "$STATUS" = "locked" ]; then
echo "Unlocking vault..."
export BW_SESSION=$(bw unlock --raw)
if [ $? -ne 0 ]; then
echo "Error: Failed to unlock vault"
exit 1
fi
fi
# Sync with Bitwarden
echo "Syncing with Bitwarden..."
bw sync
# CHANGE THIS to your Bitwarden item name
ITEM_NAME="portfolio-env"
echo "Fetching environment variables..."
# Get the item from Bitwarden
ITEM=$(bw get item "$ITEM_NAME" 2>/dev/null)
if [ -z "$ITEM" ]; then
echo "Error: Could not find item '$ITEM_NAME' in Bitwarden"
echo "Make sure you have an item with this exact name in your vault"
exit 1
fi
# Extract notes (where env vars should be stored)
NOTES=$(echo "$ITEM" | grep -o '"notes":"[^"]*' | cut -d'"' -f4 | sed 's/\\n/\n/g')
if [ -z "$NOTES" ]; then
echo "Error: No notes found in item '$ITEM_NAME'"
echo "Add your environment variables to the notes field"
exit 1
fi
# Create .env file
echo "$NOTES" > .env
echo "✓ Created .env file successfully!"

36
test-deployment.sh Executable file
View File

@@ -0,0 +1,36 @@
#!/bin/bash
# Test script for deployment issues
echo "🧪 Testing deployment locally..."
# Set test environment variables
export NODE_ENV=production
export LOG_LEVEL=info
export NEXT_PUBLIC_BASE_URL=https://dk0.dev
export NEXT_PUBLIC_UMAMI_URL=https://analytics.dk0.dev
export NEXT_PUBLIC_UMAMI_WEBSITE_ID=b3665829-927a-4ada-b9bb-fcf24171061e
export MY_EMAIL=contact@dk0.dev
export MY_INFO_EMAIL=info@dk0.dev
export MY_PASSWORD=test_password
export MY_INFO_PASSWORD=test_info_password
export ADMIN_BASIC_AUTH=admin:test_password
echo "🔧 Environment variables set:"
echo "NODE_ENV: $NODE_ENV"
echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
echo "MY_EMAIL: $MY_EMAIL"
echo "🧹 Cleaning up existing containers..."
docker compose down --remove-orphans || true
docker rm -f portfolio-app portfolio-postgres portfolio-redis || true
echo "🔧 Starting database and redis..."
docker compose up -d postgres redis
echo "⏳ Waiting for services to be ready..."
sleep 10
echo "📋 Checking running containers:"
docker ps --format "table {{.Names}}\t{{.Status}}"
echo "✅ Test completed!"

42
test-fix.sh Executable file
View File

@@ -0,0 +1,42 @@
#!/bin/bash
# Test the fix for container conflicts and environment variables
echo "🧪 Testing the fix..."
# Set test environment variables
export NODE_ENV=production
export LOG_LEVEL=info
export NEXT_PUBLIC_BASE_URL=https://dk0.dev
export NEXT_PUBLIC_UMAMI_URL=https://analytics.dk0.dev
export NEXT_PUBLIC_UMAMI_WEBSITE_ID=b3665829-927a-4ada-b9bb-fcf24171061e
export MY_EMAIL=contact@dk0.dev
export MY_INFO_EMAIL=info@dk0.dev
export MY_PASSWORD=test_password
export MY_INFO_PASSWORD=test_info_password
export ADMIN_BASIC_AUTH=admin:test_password
echo "🔧 Environment variables set:"
echo "NODE_ENV: $NODE_ENV"
echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
echo "MY_EMAIL: $MY_EMAIL"
echo "🧹 Cleaning up ALL existing containers..."
docker compose down --remove-orphans || true
docker rm -f portfolio-app portfolio-postgres portfolio-redis || true
# Force remove the specific problematic container
docker rm -f 4dec125499540f66f4cb407b69d9aee5232f679feecd71ff2369544ff61f85ae || true
# Clean up any containers with portfolio in the name
docker ps -a --format "{{.Names}}" | grep portfolio | xargs -r docker rm -f || true
echo "🔧 Starting database and redis with environment variables..."
docker compose up -d postgres redis
echo "⏳ Waiting for services to be ready..."
sleep 10
echo "📋 Checking running containers:"
docker ps --format "table {{.Names}}\t{{.Status}}"
echo "✅ Test completed!"