You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/deployment.md
+1-9Lines changed: 1 addition & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -71,14 +71,6 @@ Firebase:
71
71
72
72
-`FIREBASE_CREDENTIALS_BASE64`
73
73
74
-
Development server:
75
-
76
-
-`DEV_EC2_HOST`
77
-
-`DEV_EC2_USER`
78
-
-`DEV_EC2_SSH_KEY`
79
-
-`DEV_BACKEND_HTTP_PORT` (optional, defaults to `8081`)
80
-
- Runtime secrets matching the production names with a `DEV_` prefix, for example `DEV_SPRING_DATASOURCE_URL`, `DEV_JWT_SECRETKEY`, and `DEV_FIREBASE_CREDENTIALS_BASE64`
81
-
82
74
Set the base64 secrets from the ignored local credential files:
Use branch-based deployments with separate GitHub Actions environments:
83
+
Use branch-based CI and production deployment:
86
84
87
85
```text
88
-
push to dev-> development environment -> dev server
86
+
pull_request to dev/main -> test workflow
89
87
push to main -> production environment -> production server
90
88
```
91
89
92
90
Recommended GitHub environments:
93
91
94
92
| Environment | Source Branch | Server | Approval |
95
93
| --- | --- | --- | --- |
96
-
|`development`|`dev`| Dev server | Usually automatic |
97
94
|`production`|`main`| Production server | Manual approval recommended |
98
95
99
96
## CI/CD Workflow
100
97
101
-
Use either two workflows or one branch-aware workflow.
102
-
103
98
Recommended simple setup:
104
99
105
100
```text
106
101
.github/workflows/test.yml
107
-
.github/workflows/deploy-dev.yml
108
-
.github/workflows/deploy-prod.yml
102
+
.github/workflows/deploy.yml
109
103
```
110
104
111
105
Expected triggers:
112
106
113
107
```text
114
108
pull_request to dev -> run tests
115
109
pull_request to main -> run tests
116
-
push to dev -> deploy to dev server
110
+
push to dev -> no deployment
117
111
push to main -> deploy to production server
118
112
workflow_dispatch -> allow manual redeploy or rollback support
119
113
```
120
114
121
-
Development deploy should use development secrets only:
122
-
123
-
```text
124
-
DEV_EC2_HOST
125
-
DEV_EC2_USER
126
-
DEV_EC2_SSH_KEY
127
-
DEV_DATASOURCE_URL
128
-
DEV_DATASOURCE_USERNAME
129
-
DEV_DATASOURCE_PASSWORD
130
-
```
131
-
132
115
Production deploy should use production secrets only:
133
116
134
117
```text
135
-
PROD_EC2_HOST
136
-
PROD_EC2_USER
137
-
PROD_EC2_SSH_KEY
138
-
PROD_DATASOURCE_URL
139
-
PROD_DATASOURCE_USERNAME
140
-
PROD_DATASOURCE_PASSWORD
118
+
EC2_HOST
119
+
EC2_USER
120
+
EC2_SSH_KEY
121
+
SPRING_DATASOURCE_URL
122
+
SPRING_DATASOURCE_USERNAME
123
+
SPRING_DATASOURCE_PASSWORD
141
124
```
142
125
143
-
Do not share databases, Firebase credentials, OAuth redirect URIs, or private keys between development and production unless there is a deliberate reason.
126
+
Do not add `DEV_*` deployment secrets or a dev-server workflow unless the infrastructure plan changes deliberately.
144
127
145
128
## Branch Protection
146
129
@@ -188,7 +171,7 @@ The current repository has `main` and `deploy` as separate long-lived branches.
188
171
```text
189
172
deploy branch -> retired
190
173
main branch -> production
191
-
dev branch -> development server
174
+
dev branch -> integration and CI only
192
175
```
193
176
194
177
Recommended migration sequence:
@@ -206,8 +189,8 @@ git push origin dev
206
189
```
207
190
208
191
5. Change production deployment to trigger from `main`.
209
-
6.Add development deployment to trigger from `dev`.
210
-
7. Update GitHub environment secrets for `development` and `production`.
192
+
6.Ensure there is no workflow that deploys from `dev`.
193
+
7. Update GitHub production environment secrets.
211
194
8. Protect `main` and `dev`.
212
195
9. Stop using `deploy` for new work.
213
196
10. Delete or archive stale merged feature branches after confirming they are no longer needed.
@@ -218,7 +201,7 @@ git push origin dev
218
201
- Normal PR target is `dev`.
219
202
- Release PR target is `main`.
220
203
- Production deploys only from `main`.
221
-
-Development deploys only from `dev`.
204
+
-`dev` runs CI only and does not deploy.
222
205
- Do not commit directly to `main`.
223
206
- Do not commit directly to `dev` unless it is an emergency coordination fix.
Copy file name to clipboardExpand all lines: ontime-back/docs/deployment/ec2.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ This service deploys to Amazon EC2 through `.github/workflows/deploy.yml`.
6
6
7
7
1. Make sure the EC2 instance has Docker installed and the security group allows inbound traffic for the service port, currently `8080`.
8
8
2. Add the required GitHub Actions secrets listed below.
9
-
3. Run the `Deploy` workflow manually from GitHub Actions, or push to the `deploy` branch.
9
+
3. Run the `Deploy` workflow manually from GitHub Actions, or push to the `main` branch.
10
10
11
11
The workflow builds a Docker image, pushes it to GHCR, uploads `docker-compose.yml` to `/home/ubuntu/OnTime-back`, writes a production `.env` from GitHub Secrets, verifies private RDS connectivity, and restarts Docker Compose on the EC2 instance.
0 commit comments