build: update config/deploy.yml

ronald2wing · ronald2wing · commit 2d2b1a687930 · 2025-05-02T14:42:23.000-04:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,52 @@
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files.
+# Ignore git directory
+/.git/
+
+# Ignore all environment files (except templates)
+/.env*
+!/.env.example
+
+# Ignore all logfiles and tempfiles
+/storage/logs/*
+!/storage/logs/.gitkeep
+/storage/framework/cache/*
+!/storage/framework/cache/.gitkeep
+/storage/framework/sessions/*
+!/storage/framework/sessions/.gitkeep
+/storage/framework/testing/*
+!/storage/framework/testing/.gitkeep
+/storage/framework/views/*
+!/storage/framework/views/.gitkeep
+/storage/app/*
+!/storage/app/.gitkeep
+/storage/app/public/*
+!/storage/app/public/.gitkeep
+
+# Ignore temporary files
+/bootstrap/cache/*
+!/bootstrap/cache/.gitkeep
+
+# Ignore dependencies
+/node_modules/
+/vendor/
+
+# Ignore compiled assets
+/public/build/*
+/public/hot
+/public/storage
+/public/css
+/public/js
+/public/mix-manifest.json
+
+# IDE specific files
+/.idea
+/.vscode
+/.fleet
+/.phpstorm.meta.php
+/_ide_helper*.php
+
+# Testing and documentation
+/phpunit.xml
+/.phpunit.cache
+/tests/coverage
+/docs
diff --git a/.env.example b/.env.example
@@ -67,3 +67,6 @@ PADDLE_WEBHOOK_SECRET=pdl_...
 STRIPE_PUBLISHABLE_KEY=pk_test_...
 STRIPE_SECRET_KEY=sk_test_...
 STRIPE_WEBHOOK_SECRET=whsec_...
+
+PROD_HOST=site-domain
+SSH_HOST=ssh-ip-address
diff --git a/.kamal/hooks/docker-setup b/.kamal/hooks/docker-setup
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ssh root@$KAMAL_HOSTS 'bash -s' <.kamal/hooks/setup-server.sh
diff --git a/.kamal/hooks/setup-server.sh b/.kamal/hooks/setup-server.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+docker network inspect private || docker network create -d bridge private
diff --git a/.kamal/secrets b/.kamal/secrets
@@ -15,3 +15,8 @@ KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
 # SECRETS=$(kamal secrets fetch --adapter 1password --account my-account --from MyVault/MyItem KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
 # KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS)
 # RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS)
+
+APP_KEY=$APP_KEY
+AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
+AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
+DB_PASSWORD=$DB_PASSWORD
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,31 @@
+FROM serversideup/php:8.4-unit AS base
+ENV AUTORUN_ENABLED=true PHP_OPCACHE_ENABLE=1
+WORKDIR /var/www/html/
+USER root
+RUN apt-get update && install-php-extensions gd exif intl
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+
+FROM base AS deps
+COPY composer.* ./
+USER www-data
+RUN composer install --no-dev --no-interaction --no-scripts --prefer-dist
+
+FROM node:22-slim AS frontend
+WORKDIR /app
+COPY package*.json *.config.js ./
+COPY public/ ./public
+COPY resources/ ./resources
+COPY --from=deps /var/www/html/vendor ./vendor
+RUN npm ci && npm run build
+
+FROM base
+COPY --chown=www-data:www-data . .
+COPY --from=deps --chown=www-data:www-data /var/www/html/vendor ./vendor
+COPY --from=frontend --chown=www-data:www-data /app/public/build ./public/build
+
+RUN composer dump-autoload --classmap-authoritative --no-dev --no-interaction --no-scripts --optimize
+USER root
+RUN rm -rf /usr/bin/composer
+
+USER www-data
+COPY --chmod=755 ./entrypoint.d/ /etc/entrypoint.d/
diff --git a/config/deploy.yml b/config/deploy.yml
@@ -1,13 +1,23 @@
 # Name of your application. Used to uniquely configure containers.
-service: my-app
+service: wave
 
-# Name of the container image.
-image: my-user/my-app
+# Name of the container image. Change ronald2wing to your username
+image: ronald2wing/wave
 
 # Deploy to these servers.
 servers:
+  cron:
+    cmd: php /var/www/html/artisan schedule:work
+    hosts:
+      - <%= ENV['SSH_HOST'] %>
+    options:
+      health-cmd: pgrep -f "php artisan schedule:work" || exit 1
+      network: private
   web:
-    - 192.168.0.1
+    hosts:
+      - <%= ENV['SSH_HOST'] %>
+    options:
+      network: private
   # job:
   #   hosts:
   #     - 192.168.0.1
@@ -18,16 +28,18 @@ servers:
 #
 # Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
 proxy:
+  app_port: 8080
+  host: <%= ENV['PROD_HOST'] %>
   ssl: true
-  host: app.example.com
   # Proxy connects to your container on port 80 by default.
   # app_port: 3000
 
 # Credentials for your image host.
 registry:
   # Specify the registry server, if you're not using Docker Hub
   # server: registry.digitalocean.com / ghcr.io / ...
-  username: my-user
+  # Change ronald2wing to your username
+  username: ronald2wing
 
   # Always use an access token rather than real password (pulled from .kamal/secrets).
   password:
@@ -47,12 +59,30 @@ builder:
 #     DB_HOST: 192.168.0.2
 #   secret:
 #     - RAILS_MASTER_KEY
+env:
+  clear:
+    APP_DEBUG: false
+    APP_ENV: production
+    APP_NAME: Wave
+    APP_URL: https://<%= ENV['PROD_HOST'] %>
+    DB_CONNECTION: mysql
+    DB_DATABASE: wave_production
+    DB_HOST: wave-db
+    DB_USERNAME: wave
+    REDIS_HOST: wave-redis
+    SESSION_DRIVER: redis
+  secret:
+    - APP_KEY
+    - DB_PASSWORD
 
 # Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
 # "bin/kamal app logs -r job" will tail logs from the first server in the job section.
 #
 # aliases:
 #   shell: app exec --interactive --reuse "bash"
+aliases:
+  shell: app exec --interactive --reuse "bash"
+  tinker: app exec --interactive --reuse "php artisan tinker"
 
 # Use a different ssh user than root
 #
@@ -69,6 +99,7 @@ builder:
 # version inside the asset_path.
 #
 # asset_path: /app/public/assets
+asset_path: /var/www/html/public/build
 
 # Configure rolling deploys by setting a wait time between batches of restarts.
 #
@@ -99,3 +130,47 @@ builder:
 #     port: 6379
 #     directories:
 #       - data:/data
+accessories:
+  db:
+    directories:
+      - data:/var/lib/mysql
+    env:
+      clear:
+        MYSQL_DATABASE: wave_production
+        MYSQL_PASSWORD: <%= ENV['DB_PASSWORD'] %>
+        MYSQL_ROOT_PASSWORD: <%= ENV['DB_PASSWORD'] %>
+        MYSQL_USER: wave
+    host: <%= ENV['SSH_HOST'] %>
+    image: mysql:9.3
+    options:
+      network: private
+  db_backup:
+    env:
+      clear:
+        AWS_BUCKET_NAME: wave
+        AWS_DEFAULT_REGION: us-east-1
+        DB_DUMP_INCLUDE: wave_production
+        DB_DUMP_RETENTION: 30d
+        DB_DUMP_TARGET: s3://wave/backups/
+        DB_NAME: wave_production
+        DB_PASS: <%= ENV['DB_PASSWORD'] %>
+        DB_RESTORE_TARGET: s3://wave/backups/
+        DB_SERVER: wave-db
+        DB_USER: wave
+        SINGLE_DATABASE: true
+      secret:
+        - AWS_ACCESS_KEY_ID
+        - AWS_SECRET_ACCESS_KEY
+    host: <%= ENV['SSH_HOST'] %>
+    image: databack/mysql-backup:1.2.2
+    options:
+      network: private
+    volumes:
+      - backup-data:/db
+  redis:
+    directories:
+      - redis-data:/data
+    host: <%= ENV['SSH_HOST'] %>
+    image: valkey/valkey:8.1.1
+    options:
+      network: private
diff --git a/entrypoint.d/100-custom-laravel-automation.sh b/entrypoint.d/100-custom-laravel-automation.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+artisan filament:upgrade
+artisan route:clear
diff --git a/routes/web.php b/routes/web.php
@@ -16,3 +16,7 @@
 
 // Wave routes
 Wave::routes();
+
+Route::get('/up', function () {
+    return response('OK', 200);
+});

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/sh`
	`2`	`+`
	`3`	`+ssh root@$KAMAL_HOSTS 'bash -s' <.kamal/hooks/setup-server.sh`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/sh`
	`2`	`+`
	`3`	`+docker network inspect private \|\| docker network create -d bridge private`