Compare commits

..

2 Commits

Author SHA1 Message Date
87246181a9 update 2026-03-07 07:25:57 +00:00
1bb61a0acc fix(ci): inject public Supabase env into app and Docker build stages 2026-03-07 07:20:02 +00:00
14 changed files with 34 additions and 608 deletions

View File

@@ -1,36 +0,0 @@
# Project AI Rules
This repository contains the Plesk Agency Portal SaaS project.
Before making changes, read the following documentation files:
docs/ai-bootstrap.md
docs/ai-project-context.md
docs/system-architecture.md
docs/GUARDRAILS.md
docs/next-steps.md
docs/handovers/latest.md
docs/current-focus.md
Project guidelines:
- Treat master branch as production-ready.
- Preserve the working Jenkins CI/CD deployment pipeline.
- Avoid breaking Supabase Row Level Security policies.
- Prefer minimal changes over large rewrites.
- Follow existing Next.js App Router structure.
Deployment architecture:
Jenkins builds Docker image.
Image transferred using:
docker save → scp → docker load
Application host path:
/opt/plesk-agency-portal
Public domain:
https://portal.rdbcloud.co.uk
Supabase domain
https://supabase.rdbcloud.co.uk

View File

@@ -1,45 +0,0 @@
# AI Start Here
Before making changes, read these files in order:
1. docs/ai-project-context.md
2. docs/system-architecture.md
3. docs/next-steps.md
4. docs/handovers/latest.md (or the newest dated handover file)
## Project
Plesk Agency Portal
## Rules
- Make minimal safe changes
- Do not weaken Supabase RLS
- Preserve working deployment pipeline
- Prefer extending existing patterns over rewrites
- Treat `master` as production-ready
## Current Focus
- Fix Supabase HTTPS/public URL
- Validate auth flow
- Keep CI/CD stable
## Deployment Summary
- Jenkins builds Docker image
- Image transferred via `docker save -> scp -> docker load`
- App runs on `/opt/plesk-agency-portal`
- Public app URL: `https://portal.rdbcloud.co.uk`
- supabase URL: `https://supabase.rdbcloud.co.uk`
## Notes
Use the docs folder as source of truth for current state and handover history.
## When updating the project
- update docs/ai-project-context.md for current state
- add a new file in docs/handovers/
- update docs/next-steps.md
- keep this file short

View File

@@ -9,10 +9,8 @@ WORKDIR /app
ARG NEXT_PUBLIC_SUPABASE_URL ARG NEXT_PUBLIC_SUPABASE_URL
ARG NEXT_PUBLIC_SUPABASE_ANON_KEY ARG NEXT_PUBLIC_SUPABASE_ANON_KEY
ARG BUILD_CACHE_BUSTER ENV NEXT_PUBLIC_SUPABASE_URL=$NEXT_PUBLIC_SUPABASE_URL
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL} ENV NEXT_PUBLIC_SUPABASE_ANON_KEY=$NEXT_PUBLIC_SUPABASE_ANON_KEY
ENV NEXT_PUBLIC_SUPABASE_ANON_KEY=${NEXT_PUBLIC_SUPABASE_ANON_KEY}
ENV BUILD_CACHE_BUSTER=${BUILD_CACHE_BUSTER}
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY . . COPY . .

70
Jenkinsfile vendored
View File

@@ -78,74 +78,44 @@ pipeline {
string(credentialsId: 'supabase-public-url', variable: 'NEXT_PUBLIC_SUPABASE_URL'), string(credentialsId: 'supabase-public-url', variable: 'NEXT_PUBLIC_SUPABASE_URL'),
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY') string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
]) { ]) {
sh 'docker build --build-arg NEXT_PUBLIC_SUPABASE_URL="$NEXT_PUBLIC_SUPABASE_URL" --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY="$NEXT_PUBLIC_SUPABASE_ANON_KEY" --build-arg BUILD_CACHE_BUSTER="${BUILD_NUMBER}" -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .' sh 'docker build --build-arg NEXT_PUBLIC_SUPABASE_URL="$NEXT_PUBLIC_SUPABASE_URL" --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY="$NEXT_PUBLIC_SUPABASE_ANON_KEY" -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
} }
} }
} }
stage('Deploy') { stage('Deploy') {
steps { steps {
sh ''' withCredentials([sshUserPrivateKey(
bash <<'EOF' credentialsId: "${env.DEPLOY_SSH_CREDENTIAL_ID}",
set -euxo pipefail keyFileVariable: 'SSH_KEY'
)]) {
sh '''
bash -eo pipefail << 'EOF'
set -euo pipefail
SSH_KEY="/var/lib/jenkins/.ssh/plesk_agency_deploy" ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" "mkdir -p $DEPLOY_PATH/scripts"
SSH_USER="deploy"
SSH_OPTS="-i ${SSH_KEY} -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
echo "SSH user from configured deploy key: ${SSH_USER}"
echo "SSH key file path: ${SSH_KEY}"
ls -l "${SSH_KEY}"
ssh-keygen -y -f "${SSH_KEY}"
echo "Testing remote SSH connectivity"
ssh -n ${SSH_OPTS} "${SSH_USER}@${APP_HOST}" "whoami && hostname && pwd"
echo "Deploying image tag: ${IMAGE_BUILD}"
docker image inspect "${IMAGE_BUILD}" --format='{{.Id}} {{.RepoTags}}'
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "mkdir -p $DEPLOY_PATH/scripts"
rsync -az \ rsync -az \
-e "ssh -n ${SSH_OPTS}" \ -e "ssh -i $SSH_KEY" \
docker-compose.prod.yml \ docker-compose.prod.yml \
"$SSH_USER@$APP_HOST:$DEPLOY_PATH/" "$APP_USER@$APP_HOST:$DEPLOY_PATH/"
rsync -az \ rsync -az \
-e "ssh -n ${SSH_OPTS}" \ -e "ssh -i $SSH_KEY" \
scripts/ \ scripts/ \
"$SSH_USER@$APP_HOST:$DEPLOY_PATH/scripts/" "$APP_USER@$APP_HOST:$DEPLOY_PATH/scripts/"
IMAGE_TAR="plesk-agency-portal-build.tar" docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \
echo "Creating image archive: ${IMAGE_TAR}" | ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" 'docker load'
docker save -o "${IMAGE_TAR}" "${IMAGE_BUILD}"
ls -lh "${IMAGE_TAR}"
sha256sum "${IMAGE_TAR}"
echo "Copying image archive to remote host via scp" ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" \
scp ${SSH_OPTS} "${IMAGE_TAR}" "$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
echo "Verifying image archive exists on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "ls -lh $DEPLOY_PATH/plesk-agency-portal-build.tar"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "sha256sum $DEPLOY_PATH/plesk-agency-portal-build.tar"
echo "Loading image archive on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker load -i $DEPLOY_PATH/plesk-agency-portal-build.tar"
echo "Verifying exact image tag is available on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker image inspect ${IMAGE_BUILD} --format='{{.Id}} {{.RepoTags}}'"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
"cd $DEPLOY_PATH && chmod +x ./scripts/deploy-prod.sh ./scripts/smoke-check.sh ./scripts/rollback-prod.sh" "cd $DEPLOY_PATH && chmod +x ./scripts/deploy-prod.sh ./scripts/smoke-check.sh ./scripts/rollback-prod.sh"
echo "Running remote deploy script with exact image tag" ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" \
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \ "cd $DEPLOY_PATH && ./scripts/deploy-prod.sh"
"cd $DEPLOY_PATH && APP_IMAGE='${IMAGE_BUILD}' ./scripts/deploy-prod.sh"
echo "Printing final running container image metadata"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker inspect plesk-agency-portal --format='{{.Image}} {{.Created}}'"
EOF EOF
''' '''
}
} }
} }

View File

@@ -1,38 +0,0 @@
# GUARDRAILS
These systems are currently working and must not be broken by AI refactors.
## CI/CD
Jenkins pipeline builds Docker image and deploys it.
Deployment process:
docker save → scp → docker load
## Container
Name:
plesk-agency-portal
Deploy path:
/opt/plesk-agency-portal
## Reverse Proxy
Managed by Nginx Proxy Manager
Public URL:
https://portal.rdbcloud.co.uk
## Auth
Supabase Magic Link authentication
Environment variables:
NEXT_PUBLIC_SUPABASE_URL
SUPABASE_URL
AI tools must avoid large rewrites or architectural changes without explicit instruction.

View File

@@ -1,43 +0,0 @@
# PROJECT-STATE
## Stable Systems
The following are stable and working:
CI/CD pipeline
Docker deployment
Reverse proxy routing
Application container startup
Smoke test endpoint
## Deployment
Jenkins → Build → Docker image → docker save → SCP → docker load → container recreate
App path:
/opt/plesk-agency-portal
Container:
plesk-agency-portal
## Public Endpoint
https://portal.rdbcloud.co.uk
## Current Work
Fix Supabase HTTPS endpoint and authentication flow.
## Known Risk
Supabase currently exposed via HTTP internally causing browser mixed content blocking.
## Update Rules
When system changes:
1. Update PROJECT-STATE.md
2. Update ai-project-context.md
3. Add a new handover file

View File

@@ -1,58 +0,0 @@
# RUNBOOK
## Production App
Host:
192.168.68.89
Deploy path:
/opt/plesk-agency-portal
Container:
plesk-agency-portal
Public URL:
https://portal.rdbcloud.co.uk
---
## Health Check
Public:
curl https://portal.rdbcloud.co.uk/api/health
Local:
curl http://127.0.0.1:3000/api/health
---
## Check Running Container
docker ps
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
docker images | grep plesk-agency-portal
---
## View Logs
cd /opt/plesk-agency-portal
docker compose -f docker-compose.prod.yml logs --tail=200
Follow logs:
docker logs -f plesk-agency-portal
---
## Rollback
cd /opt/plesk-agency-portal
APP_IMAGE=plesk-agency-portal:build-37 ./scripts/rollback-prod.sh
Verify:
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
curl http://127.0.0.1:3000/api/health

View File

@@ -1,191 +0,0 @@
# AI Bootstrap Context -- Plesk Agency Portal
This document is intended to be uploaded into a new AI conversation so
the assistant can quickly understand the project state.
------------------------------------------------------------------------
# Project Overview
The **Plesk Agency Portal** is a multi-tenant SaaS platform that allows
agencies to manage multiple Plesk servers, hosting subscriptions, and
domains from a single interface.
Goals:
- Connect multiple Plesk servers
- Sync subscriptions and domains
- Manage hosting environments
- Provide SaaS billing integration
- Enforce tenant isolation using Supabase Row Level Security (RLS)
------------------------------------------------------------------------
# Technology Stack
Frontend Next.js (App Router)
Backend Next.js API routes
Authentication Supabase Auth (Magic Link)
Database Supabase PostgreSQL
CI/CD Jenkins
Containerisation Docker
Reverse Proxy Nginx Proxy Manager
Infrastructure Self-hosted Linux servers
------------------------------------------------------------------------
# Current Deployment Architecture
CI/CD Pipeline:
1. Code pushed to repository
2. Jenkins pipeline runs
3. Next.js application builds
4. Docker image builds
5. Image exported via `docker save`
6. Image transferred via SSH/SCP
7. Image loaded on application host
8. Container recreated
9. Smoke test verifies service
Images are transferred using:
docker save → scp → docker load
This avoids requiring a Docker registry during early development.
------------------------------------------------------------------------
# Infrastructure
Jenkins Host Responsible for:
- building Docker images
- running CI/CD pipeline
- deploying containers
Application Host
Deployment path:
/opt/plesk-agency-portal
Docker container:
plesk-agency-portal
Application port:
3000
Reverse Proxy:
Nginx Proxy Manager
Public domain:
https://portal.rdbcloud.co.uk
------------------------------------------------------------------------
# Database & Auth
Supabase is self-hosted on an internal server.
Current API endpoint:
http://192.168.68.52:54321
Because the portal runs via HTTPS, this causes a browser mixed-content
error.
------------------------------------------------------------------------
# Current Blocking Issue
Supabase authentication fails because the frontend attempts to call:
http://192.168.68.52:54321
while the portal itself is served via HTTPS.
Browsers block the request.
------------------------------------------------------------------------
# Planned Fix
Expose Supabase through HTTPS using Nginx Proxy Manager.
Target domain:
https://supabase.rdbcloud.co.uk
Proxy configuration:
Forward host: 192.168.68.52\
Forward port: 54321
After that update environment variables:
NEXT_PUBLIC_SUPABASE_URL SUPABASE_URL
Then redeploy the portal.
------------------------------------------------------------------------
# Deployment Verification
Example deployed image:
plesk-agency-portal:build-62
Verification command:
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
Health endpoint:
/api/health
------------------------------------------------------------------------
# Repository Documentation
Important docs:
docs/ai-project-context.md\
docs/system-architecture.md\
docs/next-steps.md\
docs/handovers/\*
------------------------------------------------------------------------
# Typical AI Assistance Areas
- CI/CD debugging
- Docker deployment
- Next.js development
- Supabase integration
- SaaS multi-tenant architecture
- Stripe billing integration
- Plesk API integration
------------------------------------------------------------------------
# Current Development Stage
Infrastructure and deployment pipeline are working.
Next priorities:
1. Fix Supabase HTTPS endpoint
2. Verify authentication flow
3. Continue SaaS portal feature development

View File

@@ -1,7 +0,0 @@
# Current Focus
Immediate tasks:
1. Fix Supabase HTTPS endpoint
2. Verify authentication flow
3. Continue SaaS portal feature development

View File

@@ -1,100 +0,0 @@
# Handover 2026-03-07 CI/CD Deploy Working
## Status
The Plesk Agency Portal deployment pipeline is now working endtoend.
### Jenkins Pipeline
Pipeline successfully performs:
1. Build Next.js application
2. Build Docker image
3. Save image archive
4. Transfer archive to app host
5. Load image on remote server
6. Recreate container
7. Run smoke test
Example deployed image:
plesk-agency-portal:build-62
Verification command:
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
---
## Infrastructure
### Jenkins Host
Responsibilities:
- Build Docker images
- Execute CI/CD pipeline
- Transfer deployment artifacts
### Application Host
Deployment path:
/opt/plesk-agency-portal
Container:
plesk-agency-portal
Application port:
3000
---
## Reverse Proxy
Managed using:
Nginx Proxy Manager
Public domain:
https://portal.rdbcloud.co.uk
---
## Known Issue
Supabase authentication blocked due to mixed content.
Frontend attempts:
http://192.168.68.52:54321
while the site runs via HTTPS.
---
## Next Task
Expose Supabase API through HTTPS:
https://supabase.rdbcloud.co.uk
Then update environment variables:
NEXT_PUBLIC_SUPABASE_URL
SUPABASE_URL
and redeploy the application.
---
## Deployment Strategy
Docker registry intentionally avoided.
Images transferred using:
docker save → scp → docker load

View File

@@ -12,13 +12,8 @@ if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
exit 1 exit 1
fi fi
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
echo "Missing .env in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}" cd "${DEPLOY_PATH}"
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml ps docker compose -f docker-compose.prod.yml ps

View File

@@ -21,20 +21,10 @@ if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
exit 1 exit 1
fi fi
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
echo "Missing .env in ${DEPLOY_PATH}" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/scripts/smoke-check.sh" ]; then
echo "Missing scripts/smoke-check.sh in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}" cd "${DEPLOY_PATH}"
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build
"${DEPLOY_PATH}/scripts/smoke-check.sh" "${APP_BASE_URL}" "${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}"
docker compose -f docker-compose.prod.yml ps docker compose -f docker-compose.prod.yml ps

View File

@@ -11,26 +11,17 @@ fi
URL="${BASE_URL%/}/api/health" URL="${BASE_URL%/}/api/health"
TMP_FILE="$(mktemp)" TMP_FILE="$(mktemp)"
MAX_ATTEMPTS=20
SLEEP_SECONDS=3
trap 'rm -f "${TMP_FILE}"' EXIT trap 'rm -f "${TMP_FILE}"' EXIT
for attempt in $(seq 1 "${MAX_ATTEMPTS}"); do HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}")
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}" || echo "000")
if [ "${HTTP_CODE}" = "200" ]; then if [ "${HTTP_CODE}" != "200" ]; then
if node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"; then echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2
echo "Smoke check passed: ${URL} (attempt ${attempt}/${MAX_ATTEMPTS})" cat "${TMP_FILE}" >&2 || true
exit 0 exit 1
fi fi
fi
if [ "${attempt}" -lt "${MAX_ATTEMPTS}" ]; then node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"
sleep "${SLEEP_SECONDS}"
fi
done
echo "Smoke check failed after ${MAX_ATTEMPTS} attempts: ${URL}" >&2 echo "Smoke check passed: ${URL}"
cat "${TMP_FILE}" >&2 || true
exit 1