docs: switch active deployment runbooks from dokploy to ssh compose

2026-02-22 01:51:44 -08:00 · 2026-02-22 01:51:44 -08:00 · a0514f0823
commit a0514f0823
parent 8495fe5f1f
3 changed files with 46 additions and 39 deletions
--- a/docs/07_PUBLIC_LAUNCH_CHECKLIST.md
+++ b/docs/07_PUBLIC_LAUNCH_CHECKLIST.md
@ -8,19 +8,23 @@
 - [ ] Postgres port `5432` is not public.
 ## B) App and Deployment
- [ ] Dokploy project connected to Gitea repo.
+- [ ] SSH deployment host is prepared (`/opt/fiddy`, Docker Engine, Compose plugin).
- [ ] Secrets configured:
+- [ ] Deploy host runtime env is configured in `/opt/fiddy/.env`:
  - [ ] `DATABASE_URL`
  - [ ] `DATABASE_SSL`
  - [ ] `ALLOWED_DB_NAMES`
  - [ ] `SESSION_COOKIE_NAME`
  - [ ] `SESSION_TTL_DAYS`
-  - [ ] `DEBUG_API=0`
+  - [ ] `DEBUG_API`
-  - [ ] `DOKPLOY_DEPLOY_HOOK`
+- [ ] Gitea Actions secrets configured:
-  - [ ] `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
+  - [ ] `REGISTRY_USER`
-  - [ ] `DOKPLOY_HEALTHCHECK_URL`
+  - [ ] `REGISTRY_PASS`
  - [ ] `DEPLOY_KEY`
  - [ ] `DEPLOY_HOST`
  - [ ] `DEPLOY_USER`
  - [ ] `DEPLOY_HEALTHCHECK_URL`
 - [ ] Deploy workflow passes build/test/push/deploy.
- [ ] Scheduler deploy workflow step passes.
+- [ ] Deploy guard confirms `web` and `scheduler` are running.
 - [ ] Post-deploy health gate passes (`scripts/wait-for-health.sh`).
 - [ ] Manual smoke passes (`scripts/smoke-public-launch.sh`).
@ -47,6 +51,6 @@
 - [ ] Measured RTO is acceptable.
 ## F) Rollback Readiness
- [ ] Previous stable release retained in Dokploy.
+- [ ] Previous stable image tags retained in registry (for rollback).
- [ ] Rollback runbook tested once in staging or low-risk window.
+- [ ] Rollback runbook tested once in staging or low-risk window (SSH Compose deploy by older image tag).
 - [ ] Rollback smoke check verified.
--- a/docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md
+++ b/docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md
@ -25,28 +25,30 @@ Use these in execution updates for fast scanning:
  - [ ] `docs/08_NGINX_PROXY_MANAGER_SETUP.md`
  - [ ] `docs/06_SECURITY_REVIEW.md`
-## Phase 1: Registry + Dokploy Wiring (Operator Needed)
+## Phase 1: Registry + SSH Compose Wiring (Operator Needed)
 First-time reference: `docs/11_DOKPLOY_FIRST_TIME_WALKTHROUGH.md`.
 Hands-on checkpoints:
 1. Create/verify secrets in Gitea:
  - `REGISTRY_USER`
  - `REGISTRY_PASS`
-  - `DOKPLOY_DEPLOY_HOOK`
+  - `DEPLOY_KEY`
-  - `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
+  - `DEPLOY_HOST`
-  - `DOKPLOY_HEALTHCHECK_URL`
+  - `DEPLOY_USER`
-2. In Dokploy app settings (Web):
+  - `DEPLOY_HEALTHCHECK_URL`
-  - image source points to `git.nicosaya.com/nalalangan/fiddy/web`
+2. Prepare deploy host for SSH Compose:
-  - health endpoint is `/api/health/ready`
+  - install Docker Engine + Compose plugin
-  - release history retention is enabled
+  - create `/opt/fiddy/.env` with production variables
-3. In Dokploy app settings (Scheduler):
+  - run `docker login git.nicosaya.com` as deploy user
-  - image source points to `git.nicosaya.com/nalalangan/fiddy/scheduler`
+3. Confirm production compose contract:
-  - no public port exposed
+  - web image source: `git.nicosaya.com/nalalangan/fiddy/web`
-  - env vars set: `DATABASE_URL`, `DATABASE_SSL`, `ALLOWED_DB_NAMES`
+  - scheduler image source: `git.nicosaya.com/nalalangan/fiddy/scheduler`
  - web publishes `3010:3000`
  - scheduler has no public port
 Validation:
- [ ] Push-to-main triggers `.gitea/workflows/deploy-dokploy.yml`
+- [ ] Push-to-main triggers `.gitea/workflows/deploy-ssh-compose.yml`
- [ ] Web and Scheduler deploy hooks fire successfully
+- [ ] SSH deploy updates both web and scheduler containers
 - [ ] Deploy guard confirms web and scheduler are running
 - [ ] Health gate completes via `scripts/wait-for-health.sh`
 ## Phase 2: NPM Edge Setup (Operator Needed)
--- a/docs/public-launch-runbook.md
+++ b/docs/public-launch-runbook.md
@ -1,4 +1,4 @@
-# Public Launch Runbook (Self-Hosted + Dokploy)
+# Public Launch Runbook (Self-Hosted + SSH Compose)
 ## 1) Goals
 - Deploy Fiddy publicly without stack rewrite.
@ -6,14 +6,14 @@
 - Enable fast rollback and basic operational visibility.
 - Keep security baseline enforceable for direct home-IP exposure.
-## 2) Deploy Control Plane (Dokploy)
+## 2) Deploy Host (SSH Compose)
-1. Install Dokploy on your Proxmox Docker host.
+1. Prepare Linux deploy host with Docker Engine + Compose plugin.
-2. Add project in Dokploy and connect Gitea repository.
+2. Ensure deploy target directory exists (`/opt/fiddy`).
 3. Configure web image source: `git.nicosaya.com/nalalangan/fiddy/web`.
 4. Configure scheduler image source: `git.nicosaya.com/nalalangan/fiddy/scheduler`.
-4. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
+5. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
-5. Configure health check endpoint: `/api/health/ready`.
+6. Configure health check endpoint: `/api/health/ready`.
-6. Keep previous releases for rollback and verify rollback button path.
+7. Keep previous image tags for rollback.
 ### Required secrets/variables
 - `DATABASE_URL`
@ -26,15 +26,16 @@
 - `SCHEDULER_BATCH_SIZE` (scheduler app, optional)
 ## 3) CI/CD (Gitea Actions)
- Use `.gitea/workflows/deploy-dokploy.yml`.
+- Use `.gitea/workflows/deploy-ssh-compose.yml`.
 - Required secrets:
  - `REGISTRY_USER`
  - `REGISTRY_PASS`
-  - `DOKPLOY_DEPLOY_HOOK`
+  - `DEPLOY_KEY`
-  - `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
+  - `DEPLOY_HOST`
-  - `DOKPLOY_HEALTHCHECK_URL`
+  - `DEPLOY_USER`
  - `DEPLOY_HEALTHCHECK_URL`
 - Health gate:
-  - workflow calls `scripts/wait-for-health.sh` against `DOKPLOY_HEALTHCHECK_URL`
+  - workflow calls `scripts/wait-for-health.sh` against `DEPLOY_HEALTHCHECK_URL`
  - default retry window: 5 minutes (30 attempts x 10s)
 ## 4) Reverse Proxy + Network Hardening
@ -100,12 +101,12 @@
 1. Identify failing request and `request_id`.
 2. Correlate application logs (Loki) by `request_id`.
 3. Check `/api/health/ready` status and DB connectivity.
-4. Roll back to previous known-good Dokploy release if needed.
+4. Roll back to previous known-good image tag via SSH Compose if needed.
 5. Capture root cause and update this runbook/checklist.
 ## 8) Rollback Checklist
-1. Select previous healthy image in Dokploy release history.
+1. Select previous healthy image tag for both `web` and `scheduler`.
-2. Trigger rollback and wait for deployment completion.
+2. Trigger rollback deploy and wait for completion.
 3. Run `scripts/smoke-public-launch.sh https://your-domain`.
 4. Verify error-rate drop in Grafana/Loki and confirm no DB migration mismatch.
 5. Log the rolled back version, timestamp, and reason.