littleshop/CI_CD_CT109_PREPRODUCTION.md

CI/CD Pre-Production Deployment to CT109

Date: November 14, 2025 Status: ✅ Configured

Overview

Updated CI/CD pipeline to deploy to CT109 Docker container for pre-production testing instead of automatic production deployment.

Changes Made

1. Disabled Automatic Production Deployment ❌

• deploy-production job: Changed to if: false - DISABLED
• Production deployment now requires manual approval
• Prevents accidental deployments to production VPS

2. Created Pre-Production Deployment to CT109 ✅

• New job: deploy-preproduction
• Target: CT109 Docker LXC container
• Triggers:
  • Push to development branch → Auto-deploy
  • Push to main branch → Auto-deploy (for testing before production)

Deployment Architecture

Gitea Actions Runner
  ↓ Build Docker Images
  ↓ Transfer via SSH
  ↓
┌─────────────────────────────────────┐
│ CT109 - Docker LXC Container        │
│ (Pre-Production Environment)        │
│                                     │
│  ┌──────────────────────────────┐  │
│  │ littleshop container         │  │
│  │ Port: 5100 → 5000           │  │
│  │ Volume: littleshop-data     │  │
│  │ Network: littleshop-network │  │
│  └──────────────────────────────┘  │
│                                     │
│  ┌──────────────────────────────┐  │
│  │ telebot-service container    │  │
│  │ Port: 5010                  │  │
│  │ Networks:                   │  │
│  │  - littleshop-network       │  │
│  │  - silverpay-network        │  │
│  └──────────────────────────────┘  │
└─────────────────────────────────────┘

Required Secrets in Gitea

Navigate to: Repository → Settings → Secrets and add:

CT109 Connection Secrets

CT109_HOST         → IP address or hostname of CT109 (e.g., 10.0.0.51 or ct109.local)
CT109_SSH_PORT     → SSH port (typically 22)
CT109_USER         → SSH username (typically sysadmin or docker-user)
CT109_SSH_KEY      → SSH private key for authentication

Example Configuration

# Secret Name: CT109_HOST
# Value: 10.0.0.51

# Secret Name: CT109_SSH_PORT
# Value: 22

# Secret Name: CT109_USER
# Value: sysadmin

# Secret Name: CT109_SSH_KEY
# Value: -----BEGIN OPENSSH PRIVATE KEY-----
# <paste your SSH private key here>
# -----END OPENSSH PRIVATE KEY-----

CT109 Container Setup Requirements

1. Docker Installed in CT109

Ensure Docker is installed and running:

# SSH into Proxmox host
ssh root@proxmox

# Enter CT109 container
pct enter 109

# Verify Docker is installed
docker --version

# If not installed:
apt update
apt install -y docker.io docker-compose
systemctl enable docker
systemctl start docker

2. Create Deployment Directory

mkdir -p /opt/littleshop
cd /opt/littleshop

3. SSH Access Setup

Generate SSH key pair for deployment (on your workstation):

ssh-keygen -t ed25519 -C "gitea-actions-ct109" -f ~/.ssh/gitea_ct109_key

Copy public key to CT109:

ssh-copy-id -i ~/.ssh/gitea_ct109_key.pub sysadmin@10.0.0.51

Add private key to Gitea secrets:

cat ~/.ssh/gitea_ct109_key
# Copy output to CT109_SSH_KEY secret in Gitea

Deployment Process

On Push to development or main:

1. Build Phase (Gitea Actions runner)

   • Builds LittleShop Docker image
   • Builds TeleBot Docker image
   • Creates artifacts

2. Transfer Phase (SSH to CT109)

   • Transfers Docker images via SSH pipe
   • Loads images into CT109 Docker

3. Deploy Phase (Inside CT109)

   • Stops existing containers
   • Creates/verifies Docker networks
   • Starts LittleShop container (port 5100)
   • Starts TeleBot container (port 5010)
   • Connects containers via networks
   • Runs health checks

Access URLs

After deployment, access the pre-production environment:

From LAN:

• Admin Panel: http://ct109.local:5100/Admin
• API: http://ct109.local:5100/api
• Health Check: http://ct109.local:5100/api/catalog/products

From Proxmox Host:

• Admin Panel: http://10.0.0.51:5100/Admin
• API: http://10.0.0.51:5100/api

Testing the Pre-Production Deployment

1. Push to Development Branch

git checkout development
git add .
git commit -m "test: Pre-production deployment to CT109"
git push origin development

2. Monitor Deployment

In Gitea:

• Navigate to Repository → Actions
• Click on the running workflow
• Watch the deploy-preproduction job logs

3. Verify Deployment

# SSH into CT109
ssh sysadmin@10.0.0.51

# Check running containers
docker ps

# Check container logs
docker logs littleshop --tail 50
docker logs telebot-service --tail 50

# Test API
curl http://localhost:5100/api/catalog/products

4. Access Admin Panel

Open browser: http://ct109.local:5100/Admin

Troubleshooting

Issue: "Permission denied (publickey)"

Solution: Verify SSH key is correctly added to Gitea secrets

# Test SSH connection manually
ssh -i ~/.ssh/gitea_ct109_key sysadmin@10.0.0.51

# Verify key permissions
chmod 600 ~/.ssh/gitea_ct109_key

Issue: "docker: command not found"

Solution: Install Docker in CT109 container

pct enter 109
apt update
apt install -y docker.io
systemctl start docker

Issue: "Cannot connect to Docker daemon"

Solution: Enable Docker features in Proxmox container

# On Proxmox host
pct set 109 -features nesting=1,keyctl=1
pct stop 109
pct start 109

Issue: Health check fails

Solution: Check container logs and network connectivity

# Inside CT109
docker logs littleshop --tail 100
docker logs telebot-service --tail 100

# Test internal connectivity
docker exec littleshop curl http://localhost:5000/api/catalog/products

# Check networks
docker network ls
docker network inspect littleshop-network

Production Deployment (Manual Only)

Production deployment to VPS (srv1002428.hstgr.cloud) is disabled by default.

To deploy to production:

1. Option A: Manual Workflow Trigger

   • Navigate to Repository → Actions → Workflows
   • Select "Build and Deploy LittleShop"
   • Click "Run Workflow"
   • (Note: deploy-production job is currently disabled)

2. Option B: SSH Deployment

   • Use manual SSH deployment to VPS
   • Follow production deployment guide in CI_CD_MIGRATION_GITEA.md

Rollback

If pre-production deployment fails, rollback is automatic (old containers remain running).

For manual rollback:

# SSH into CT109
ssh sysadmin@10.0.0.51

# List available images
docker images | grep littleshop
docker images | grep telebot

# Stop current containers
docker stop littleshop telebot-service
docker rm littleshop telebot-service

# Start previous version
docker run -d --name littleshop ... littleshop:<previous-version>
docker run -d --name telebot-service ... telebot:<previous-version>

Next Steps

1. Configure Secrets ⏳

• Add CT109_HOST secret to Gitea
• Add CT109_SSH_PORT secret to Gitea
• Add CT109_USER secret to Gitea
• Add CT109_SSH_KEY secret to Gitea

2. Configure CT109 Environment ⏳

• Create pre-production environment in Gitea
• Set environment URL: http://ct109.local:5100

3. Test Deployment ⏳

• Push to development branch
• Verify build jobs complete
• Verify deployment to CT109 succeeds
• Access admin panel at http://ct109.local:5100/Admin
• Test functionality in pre-production

4. Production Deployment Strategy

• After testing in CT109, manually deploy to production VPS
• Consider re-enabling production deployment with approval workflow
• Update production deployment documentation

Summary

✅ Production deployment disabled - No automatic deployments to VPS ✅ Pre-production deployment created - Auto-deploy to CT109 on push ✅ Simplified workflow - Faster testing in isolated Docker environment ✅ Manual production control - Deploy to VPS only when ready

---

Pre-production environment configured successfully! 🎉

All pushes to development and main branches will now deploy to CT109 for testing before manual production deployment.