Initial commit - realms platform

2026-01-05 22:54:27 -05:00 · 2026-01-05 22:54:27 -05:00 · c717c3751c
commit c717c3751c
parent c590ab6d18
234 changed files with 74103 additions and 15231 deletions
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -0,0 +1,127 @@
+# =============================================================================
+# Build and Push Docker Images to Forgejo Registry
+# =============================================================================
+# Triggers on push to main branch and pull requests
+# Builds: backend, frontend, chat-service, openresty
+# =============================================================================
+
+name: Build and Push
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+env:
+  REGISTRY: qbit.realms.pub
+  IMAGE_PREFIX: realms
+
+jobs:
+  # ===========================================================================
+  # Build Backend (C++/Drogon)
+  # ===========================================================================
+  build-backend:
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Login to Forgejo Registry
+        if: github.event_name == 'push'
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+
+      - name: Build Backend Image
+        run: |
+          docker build \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/backend:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/backend:latest \
+            ./backend
+
+      - name: Push Backend Image
+        if: github.event_name == 'push'
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/backend:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/backend:latest
+
+  # ===========================================================================
+  # Build Frontend (SvelteKit)
+  # ===========================================================================
+  build-frontend:
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Login to Forgejo Registry
+        if: github.event_name == 'push'
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+
+      - name: Build Frontend Image
+        run: |
+          docker build \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:latest \
+            ./frontend
+
+      - name: Push Frontend Image
+        if: github.event_name == 'push'
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:latest
+
+  # ===========================================================================
+  # Build Chat Service
+  # ===========================================================================
+  build-chat:
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Login to Forgejo Registry
+        if: github.event_name == 'push'
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+
+      - name: Build Chat Service Image
+        run: |
+          docker build \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/chat-service:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/chat-service:latest \
+            ./chat-service
+
+      - name: Push Chat Service Image
+        if: github.event_name == 'push'
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/chat-service:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/chat-service:latest
+
+  # ===========================================================================
+  # Build OpenResty (Nginx + Lua)
+  # ===========================================================================
+  build-openresty:
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Login to Forgejo Registry
+        if: github.event_name == 'push'
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+
+      - name: Build OpenResty Image
+        run: |
+          docker build \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/openresty:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/openresty:latest \
+            ./openresty
+
+      - name: Push OpenResty Image
+        if: github.event_name == 'push'
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/openresty:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/openresty:latest
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -0,0 +1,84 @@
+# =============================================================================
+# Deploy to Production Server
+# =============================================================================
+# Triggers after successful build on main/master branch
+# SSHs to production server and updates containers
+# =============================================================================
+
+name: Deploy to Production
+
+on:
+  workflow_run:
+    workflows: ["Build and Push"]
+    types: [completed]
+    branches: [main, master]
+
+env:
+  REGISTRY: qbit.realms.pub
+  IMAGE_PREFIX: realms
+
+jobs:
+  deploy:
+    # Only deploy if the build succeeded
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: docker
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+          # Add host key (skip strict checking for first connection)
+          ssh-keyscan -p ${{ secrets.DEPLOY_PORT }} ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Copy docker-compose to server
+        run: |
+          scp -i ~/.ssh/deploy_key -P ${{ secrets.DEPLOY_PORT }} \
+            -o StrictHostKeyChecking=no \
+            docker-compose.prod.yml \
+            root@${{ secrets.DEPLOY_HOST }}:/opt/realms/docker-compose.yml
+
+      - name: Deploy to Production
+        run: |
+          ssh -i ~/.ssh/deploy_key -p ${{ secrets.DEPLOY_PORT }} \
+            -o StrictHostKeyChecking=no \
+            root@${{ secrets.DEPLOY_HOST }} '
+            set -e
+            cd /opt/realms
+
+            # Login to registry
+            echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+
+            # Pull latest images
+            docker compose pull
+
+            # Bring up services with zero-downtime restart
+            docker compose up -d --remove-orphans
+
+            # Prune old images
+            docker image prune -f
+
+            # Show running containers
+            docker compose ps
+          '
+
+      - name: Cleanup SSH key
+        if: always()
+        run: rm -f ~/.ssh/deploy_key
+
+      - name: Health Check
+        run: |
+          sleep 10
+          ssh -i ~/.ssh/deploy_key -p ${{ secrets.DEPLOY_PORT }} \
+            -o StrictHostKeyChecking=no \
+            root@${{ secrets.DEPLOY_HOST }} '
+            # Check if services are running
+            docker compose ps --format "table {{.Name}}\t{{.Status}}"
+
+            # Basic health check for frontend
+            curl -sf http://localhost:80/health || echo "Frontend health check pending"
+          ' || true