From 3dcc8e4c5b8218ff0d30e36322f871981d7b9ce9 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Thu, 11 Jun 2026 03:28:58 +0000 Subject: [PATCH] Infra update: Add Dockerfiles, .env template, and Coolify config --- .env.template | 5 ++++ .github/workflows/ci.yml | 50 ++++++++++++++++++++++++++++++++++++++ AGENTS.md | 52 ++++++++++++++++++++++++++++++++++++++++ Dockerfile.api | 13 ++++++++++ Dockerfile.pwa | 25 +++++++++++++++++++ coolify.yml | 49 +++++++++++++++++++++++++++++++++++++ 6 files changed, 194 insertions(+) create mode 100644 .env.template create mode 100644 .github/workflows/ci.yml create mode 100644 AGENTS.md create mode 100644 Dockerfile.api create mode 100644 Dockerfile.pwa create mode 100644 coolify.yml diff --git a/.env.template b/.env.template new file mode 100644 index 0000000..e860211 --- /dev/null +++ b/.env.template @@ -0,0 +1,5 @@ +# .env.template – copy to .env and fill in real values +DB_USER=freight_user +DB_PASSWORD=secure_password_here +SUPABASE_URL=https://your-project.supabase.co +SUPABASE_ANON_KEY=your-anon-key-here \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c2eb37b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,50 @@ +name: CI/CD Pipeline +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + cache: 'npm' + + - name: Install PWA Dependencies + run: | + npm install + npm run type-check + npm run lint + + - name: Build PWA + run: npm run build + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install Backend Dependencies + run: | + pip install fastapi uvicorn pydantic + + - name: Test Backend + run: | + # Add your test command here, e.g., pytest + echo "Running backend tests..." + + deploy: + needs: build-and-test + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: Deploy to Coolify + run: | + curl -X POST "${{ secrets.COOLIFY_WEBHOOK_URL }}" diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..eccffa0 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,52 @@ +# Collaboration Playbook (AGENTS.md) + +## 1. Roles & Responsibilities +- **Frontend Lead** (`@frontend-lead`): Owns the Next.js/TanStack PWA, UI consistency, and Supabase integration. +- **Backend Lead** (`@backend-lead`): Maintains the FastAPI service, data models, audit logging, and security hardening. +- **DevOps / CI‑CD Engineer** (`@devops-engineer`): Manages GitHub Actions pipelines, Docker images, Coolify deployments, and monitoring. +- **Quality Assurance** (`@qa-engineer`): Writes and reviews automated tests, conducts code reviews, and verifies security compliance. +- **Product Owner** (`@product-owner`): Prioritises backlog items, defines acceptance criteria, and ensures alignment with freight‑forwarding use‑cases. + +## 2. Pull‑Request Workflow +1. **Branch Naming** – `feature/` or `bugfix/`. +2. **Commit Conventions** – Use conventional commits (e.g., `feat: add soft‑delete endpoint`, `fix: correct audit timestamp`). +3. **PR Title** – Clear, prefixed with type (`feat:`, `fix:`, `chore:`). +4. **PR Description** – Include: + - What problem it solves. + - How it aligns with the freight‑forwarding roadmap (tracking, bidding, payments). + - Any required migrations or DB changes. + - Screenshots or API examples if UI changes. +5. **Review Process** – At least one reviewer from a different role must approve. + - Frontend PR → reviewed by Backend Lead (or QA). + - Backend PR → reviewed by Frontend Lead (or QA). +6. **Merging** – Squash and merge; delete the branch after merge. +7. **Post‑merge** – CI runs automatically; if successful, the DevOps Engineer triggers the Coolify deployment via the webhook. + +## 3. Backlog & Issue Tagging +- **Labels** (GitHub): + - `enhancement` – new feature (e.g., in‑app bidding). + - `bug` – defect or security issue. + - `tech‑debt` – refactoring, performance, or security improvements. + - `api‑change` – breaking change to the FastAPI contract. + - `frontend` – UI/PWA related work. + - `backend` – backend service changes. +- **Milestones** – Align with release cycles (e.g., `v1.0‑beta`, `v1.0‑release`). +- **Sprint Planning** – Use the `kanban-worker` skill to break down high‑level epics into actionable tickets. + +## 4. Commit & Release Cadence +- **Daily** – Small, incremental commits; push to `main` after CI passes. +- **Weekly** – Dedicated “integration” day to test end‑to‑end flows (API ↔ PWA ↔ Supabase). +- **Release** – Tag a new version (`vX.Y.Z`) after a successful deployment to Coolify and verification of critical paths (auth, soft‑delete, audit log). + +## 5. Security & Compliance +- All API endpoints must validate input and return proper HTTP status codes. +- Sensitive data (DB passwords, Supabase keys) are stored in GitHub Secrets and injected at runtime. +- Audit logs are immutable; they are shipped to a separate log store (e.g., CloudWatch) via a background worker. +- Run `npm audit` and `pip audit` in CI; fail the job on high‑severity findings. + +## 6. Communication Channels +- **Slack/Discord** – `#freight‑dev` for quick questions; `#announcements` for release notes. +- **GitHub Discussions** – For design proposals and long‑term roadmap discussions. +- **Weekly Sync** – 30‑minute video call to review progress, blockers, and upcoming priorities. + +*Document last updated: 2026‑06‑10* \ No newline at end of file diff --git a/Dockerfile.api b/Dockerfile.api new file mode 100644 index 0000000..0b47548 --- /dev/null +++ b/Dockerfile.api @@ -0,0 +1,13 @@ +# Dockerfile.api - FastAPI Backend +FROM python:3.11-slim + +WORKDIR /app + +# Install uvicorn for async server +RUN pip install uvicorn fastapi pydantic + +COPY ./backend.py . + +EXPOSE 8000 + +CMD ["uvicorn", "backend:app", "--host", "0.0.0.0", "--port", "8000"] \ No newline at end of file diff --git a/Dockerfile.pwa b/Dockerfile.pwa new file mode 100644 index 0000000..d43d9ba --- /dev/null +++ b/Dockerfile.pwa @@ -0,0 +1,25 @@ +# Dockerfile.pwa - Next.js PWA +FROM node:20-alpine AS builder + +WORKDIR /app + +COPY package*.json ./ +RUN npm ci + +COPY . . +RUN npm run build + +FROM node:20-alpine AS runtime +WORKDIR /app + +COPY package*.json ./ +RUN npm ci --omit=dev + +COPY --from=builder /app/.next ./.next +COPY --from=builder /app/public ./public +COPY --from=builder /app/node_modules ./node_modules + +EXPOSE 3000 + +ENV NODE_ENV=production +CMD ["npm", "run", "start"] \ No newline at end of file diff --git a/coolify.yml b/coolify.yml new file mode 100644 index 0000000..932d26b --- /dev/null +++ b/coolify.yml @@ -0,0 +1,49 @@ +version: '3.8' + +services: + postgres: + image: postgres:15-alpine + environment: + POSTGRES_DB: freight + POSTGRES_USER: ${DB_USER} + POSTGRES_PASSWORD: ${DB_PASSWORD} + volumes: + - postgres_data:/var/lib/postgresql/data + ports: + - "5432:5432" + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d freight"] + interval: 10s + timeout: 5s + retries: 5 + + fastapi: + build: + context: . + dockerfile: Dockerfile.api + environment: + DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@postgres:5432/freight + SUPABASE_URL: ${SUPABASE_URL} + SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY} + ports: + - "8000:8000" + depends_on: + postgres: + condition: service_healthy + deploy: + replicas: 2 + + pwa: + build: + context: . + dockerfile: Dockerfile.pwa + environment: + NEXT_PUBLIC_SUPABASE_URL: ${SUPABASE_URL} + NEXT_PUBLIC_SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY} + ports: + - "3000:3000" + deploy: + replicas: 2 + +volumes: + postgres_data: