# CI/CD Pre-Production Deployment to CT109 **Date:** November 14, 2025 **Status:** ✅ Configured ## Overview Updated CI/CD pipeline to deploy to **CT109 Docker container** for pre-production testing instead of automatic production deployment. ## Changes Made ### 1. Disabled Automatic Production Deployment ❌ - **deploy-production job:** Changed to `if: false` - **DISABLED** - Production deployment now **requires manual approval** - Prevents accidental deployments to production VPS ### 2. Created Pre-Production Deployment to CT109 ✅ - **New job:** `deploy-preproduction` - **Target:** CT109 Docker LXC container - **Triggers:** - Push to `development` branch → Auto-deploy - Push to `main` branch → Auto-deploy (for testing before production) ## Deployment Architecture ``` Gitea Actions Runner ↓ Build Docker Images ↓ Transfer via SSH ↓ ┌─────────────────────────────────────┐ │ CT109 - Docker LXC Container │ │ (Pre-Production Environment) │ │ │ │ ┌──────────────────────────────┐ │ │ │ littleshop container │ │ │ │ Port: 5100 → 5000 │ │ │ │ Volume: littleshop-data │ │ │ │ Network: littleshop-network │ │ │ └──────────────────────────────┘ │ │ │ │ ┌──────────────────────────────┐ │ │ │ telebot-service container │ │ │ │ Port: 5010 │ │ │ │ Networks: │ │ │ │ - littleshop-network │ │ │ │ - silverpay-network │ │ │ └──────────────────────────────┘ │ └─────────────────────────────────────┘ ``` ## Required Secrets in Gitea Navigate to: **Repository → Settings → Secrets** and add: ### CT109 Connection Secrets ``` CT109_HOST → IP address or hostname of CT109 (e.g., 10.0.0.51 or ct109.local) CT109_SSH_PORT → SSH port (typically 22) CT109_USER → SSH username (typically sysadmin or docker-user) CT109_SSH_KEY → SSH private key for authentication ``` ### Example Configuration ```yaml # Secret Name: CT109_HOST # Value: 10.0.0.51 # Secret Name: CT109_SSH_PORT # Value: 22 # Secret Name: CT109_USER # Value: sysadmin # Secret Name: CT109_SSH_KEY # Value: -----BEGIN OPENSSH PRIVATE KEY----- # # -----END OPENSSH PRIVATE KEY----- ``` ## CT109 Container Setup Requirements ### 1. Docker Installed in CT109 Ensure Docker is installed and running: ```bash # SSH into Proxmox host ssh root@proxmox # Enter CT109 container pct enter 109 # Verify Docker is installed docker --version # If not installed: apt update apt install -y docker.io docker-compose systemctl enable docker systemctl start docker ``` ### 2. Create Deployment Directory ```bash mkdir -p /opt/littleshop cd /opt/littleshop ``` ### 3. SSH Access Setup Generate SSH key pair for deployment (on your workstation): ```bash ssh-keygen -t ed25519 -C "gitea-actions-ct109" -f ~/.ssh/gitea_ct109_key ``` Copy public key to CT109: ```bash ssh-copy-id -i ~/.ssh/gitea_ct109_key.pub sysadmin@10.0.0.51 ``` Add private key to Gitea secrets: ```bash cat ~/.ssh/gitea_ct109_key # Copy output to CT109_SSH_KEY secret in Gitea ``` ## Deployment Process ### On Push to `development` or `main`: 1. **Build Phase** (Gitea Actions runner) - Builds LittleShop Docker image - Builds TeleBot Docker image - Creates artifacts 2. **Transfer Phase** (SSH to CT109) - Transfers Docker images via SSH pipe - Loads images into CT109 Docker 3. **Deploy Phase** (Inside CT109) - Stops existing containers - Creates/verifies Docker networks - Starts LittleShop container (port 5100) - Starts TeleBot container (port 5010) - Connects containers via networks - Runs health checks ## Access URLs After deployment, access the pre-production environment: ### From LAN: - **Admin Panel:** `http://ct109.local:5100/Admin` - **API:** `http://ct109.local:5100/api` - **Health Check:** `http://ct109.local:5100/api/catalog/products` ### From Proxmox Host: - **Admin Panel:** `http://10.0.0.51:5100/Admin` - **API:** `http://10.0.0.51:5100/api` ## Testing the Pre-Production Deployment ### 1. Push to Development Branch ```bash git checkout development git add . git commit -m "test: Pre-production deployment to CT109" git push origin development ``` ### 2. Monitor Deployment In Gitea: - Navigate to **Repository → Actions** - Click on the running workflow - Watch the `deploy-preproduction` job logs ### 3. Verify Deployment ```bash # SSH into CT109 ssh sysadmin@10.0.0.51 # Check running containers docker ps # Check container logs docker logs littleshop --tail 50 docker logs telebot-service --tail 50 # Test API curl http://localhost:5100/api/catalog/products ``` ### 4. Access Admin Panel Open browser: `http://ct109.local:5100/Admin` ## Troubleshooting ### Issue: "Permission denied (publickey)" **Solution:** Verify SSH key is correctly added to Gitea secrets ```bash # Test SSH connection manually ssh -i ~/.ssh/gitea_ct109_key sysadmin@10.0.0.51 # Verify key permissions chmod 600 ~/.ssh/gitea_ct109_key ``` ### Issue: "docker: command not found" **Solution:** Install Docker in CT109 container ```bash pct enter 109 apt update apt install -y docker.io systemctl start docker ``` ### Issue: "Cannot connect to Docker daemon" **Solution:** Enable Docker features in Proxmox container ```bash # On Proxmox host pct set 109 -features nesting=1,keyctl=1 pct stop 109 pct start 109 ``` ### Issue: Health check fails **Solution:** Check container logs and network connectivity ```bash # Inside CT109 docker logs littleshop --tail 100 docker logs telebot-service --tail 100 # Test internal connectivity docker exec littleshop curl http://localhost:5000/api/catalog/products # Check networks docker network ls docker network inspect littleshop-network ``` ## Production Deployment (Manual Only) Production deployment to VPS (srv1002428.hstgr.cloud) is **disabled by default**. To deploy to production: 1. **Option A: Manual Workflow Trigger** - Navigate to **Repository → Actions → Workflows** - Select "Build and Deploy LittleShop" - Click "Run Workflow" - *(Note: deploy-production job is currently disabled)* 2. **Option B: SSH Deployment** - Use manual SSH deployment to VPS - Follow production deployment guide in `CI_CD_MIGRATION_GITEA.md` ## Rollback If pre-production deployment fails, rollback is automatic (old containers remain running). For manual rollback: ```bash # SSH into CT109 ssh sysadmin@10.0.0.51 # List available images docker images | grep littleshop docker images | grep telebot # Stop current containers docker stop littleshop telebot-service docker rm littleshop telebot-service # Start previous version docker run -d --name littleshop ... littleshop: docker run -d --name telebot-service ... telebot: ``` ## Next Steps ### 1. Configure Secrets ⏳ - [ ] Add `CT109_HOST` secret to Gitea - [ ] Add `CT109_SSH_PORT` secret to Gitea - [ ] Add `CT109_USER` secret to Gitea - [ ] Add `CT109_SSH_KEY` secret to Gitea ### 2. Configure CT109 Environment ⏳ - [ ] Create `pre-production` environment in Gitea - [ ] Set environment URL: `http://ct109.local:5100` ### 3. Test Deployment ⏳ - [ ] Push to `development` branch - [ ] Verify build jobs complete - [ ] Verify deployment to CT109 succeeds - [ ] Access admin panel at `http://ct109.local:5100/Admin` - [ ] Test functionality in pre-production ### 4. Production Deployment Strategy - [ ] After testing in CT109, manually deploy to production VPS - [ ] Consider re-enabling production deployment with approval workflow - [ ] Update production deployment documentation ## Summary ✅ **Production deployment disabled** - No automatic deployments to VPS ✅ **Pre-production deployment created** - Auto-deploy to CT109 on push ✅ **Simplified workflow** - Faster testing in isolated Docker environment ✅ **Manual production control** - Deploy to VPS only when ready --- **Pre-production environment configured successfully! 🎉** All pushes to `development` and `main` branches will now deploy to CT109 for testing before manual production deployment.