Compare commits
1 Commits
fix/jenkin
...
feature/cl
| Author | SHA1 | Date | |
|---|---|---|---|
| ab9e4147a7 |
36
.clinerules
36
.clinerules
@@ -1,36 +0,0 @@
|
||||
# Project AI Rules
|
||||
|
||||
This repository contains the Plesk Agency Portal SaaS project.
|
||||
|
||||
Before making changes, read the following documentation files:
|
||||
|
||||
docs/ai-bootstrap.md
|
||||
docs/ai-project-context.md
|
||||
docs/system-architecture.md
|
||||
docs/GUARDRAILS.md
|
||||
docs/next-steps.md
|
||||
docs/handovers/latest.md
|
||||
docs/current-focus.md
|
||||
|
||||
Project guidelines:
|
||||
|
||||
- Treat master branch as production-ready.
|
||||
- Preserve the working Jenkins CI/CD deployment pipeline.
|
||||
- Avoid breaking Supabase Row Level Security policies.
|
||||
- Prefer minimal changes over large rewrites.
|
||||
- Follow existing Next.js App Router structure.
|
||||
|
||||
Deployment architecture:
|
||||
|
||||
Jenkins builds Docker image.
|
||||
Image transferred using:
|
||||
docker save → scp → docker load
|
||||
|
||||
Application host path:
|
||||
/opt/plesk-agency-portal
|
||||
|
||||
Public domain:
|
||||
https://portal.rdbcloud.co.uk
|
||||
|
||||
Supabase domain
|
||||
https://supabase.rdbcloud.co.uk
|
||||
@@ -1,6 +1,3 @@
|
||||
{
|
||||
"extends": ["next/core-web-vitals", "next/typescript"],
|
||||
"rules": {
|
||||
"@typescript-eslint/no-explicit-any": "off"
|
||||
}
|
||||
"extends": ["next/core-web-vitals", "next/typescript"]
|
||||
}
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
# AI Start Here
|
||||
|
||||
Before making changes, read these files in order:
|
||||
|
||||
1. docs/ai-project-context.md
|
||||
2. docs/system-architecture.md
|
||||
3. docs/next-steps.md
|
||||
4. docs/handovers/latest.md (or the newest dated handover file)
|
||||
|
||||
## Project
|
||||
|
||||
Plesk Agency Portal
|
||||
|
||||
## Rules
|
||||
|
||||
- Make minimal safe changes
|
||||
- Do not weaken Supabase RLS
|
||||
- Preserve working deployment pipeline
|
||||
- Prefer extending existing patterns over rewrites
|
||||
- Treat `master` as production-ready
|
||||
|
||||
## Current Focus
|
||||
|
||||
- Fix Supabase HTTPS/public URL
|
||||
- Validate auth flow
|
||||
- Keep CI/CD stable
|
||||
|
||||
## Deployment Summary
|
||||
|
||||
- Jenkins builds Docker image
|
||||
- Image transferred via `docker save -> scp -> docker load`
|
||||
- App runs on `/opt/plesk-agency-portal`
|
||||
- Public app URL: `https://portal.rdbcloud.co.uk`
|
||||
- supabase URL: `https://supabase.rdbcloud.co.uk`
|
||||
|
||||
## Notes
|
||||
|
||||
Use the docs folder as source of truth for current state and handover history.
|
||||
|
||||
## When updating the project
|
||||
|
||||
- update docs/ai-project-context.md for current state
|
||||
- add a new file in docs/handovers/
|
||||
- update docs/next-steps.md
|
||||
- keep this file short
|
||||
25
Dockerfile
25
Dockerfile
@@ -1,43 +1,26 @@
|
||||
FROM node:20-bookworm-slim AS deps
|
||||
FROM cgr.dev/chainguard/node:20-dev AS deps
|
||||
WORKDIR /app
|
||||
|
||||
COPY package.json package-lock.json ./
|
||||
RUN npm ci
|
||||
|
||||
FROM node:20-bookworm-slim AS builder
|
||||
FROM cgr.dev/chainguard/node:20-dev AS builder
|
||||
WORKDIR /app
|
||||
|
||||
ARG NEXT_PUBLIC_SUPABASE_URL
|
||||
ARG NEXT_PUBLIC_SUPABASE_ANON_KEY
|
||||
ARG SUPABASE_URL
|
||||
ARG NEXT_PUBLIC_APP_URL
|
||||
ARG BUILD_CACHE_BUSTER
|
||||
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
|
||||
ENV NEXT_PUBLIC_SUPABASE_ANON_KEY=${NEXT_PUBLIC_SUPABASE_ANON_KEY}
|
||||
ENV SUPABASE_URL=${SUPABASE_URL}
|
||||
ENV NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
|
||||
ENV BUILD_CACHE_BUSTER=${BUILD_CACHE_BUSTER}
|
||||
|
||||
COPY --from=deps /app/node_modules ./node_modules
|
||||
COPY . .
|
||||
RUN npm run build
|
||||
|
||||
FROM node:20-bookworm-slim AS prod-deps
|
||||
FROM cgr.dev/chainguard/node:20-dev AS prod-deps
|
||||
WORKDIR /app
|
||||
|
||||
COPY package.json package-lock.json ./
|
||||
RUN npm ci --omit=dev
|
||||
|
||||
FROM node:20-bookworm-slim AS runner
|
||||
FROM cgr.dev/chainguard/node:20 AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV=production
|
||||
ARG NEXT_PUBLIC_SUPABASE_URL
|
||||
ARG SUPABASE_URL
|
||||
ARG NEXT_PUBLIC_APP_URL
|
||||
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
|
||||
ENV SUPABASE_URL=${SUPABASE_URL}
|
||||
ENV NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
|
||||
|
||||
COPY --from=prod-deps /app/node_modules ./node_modules
|
||||
COPY --from=builder /app/package.json ./package.json
|
||||
|
||||
177
Jenkinsfile
vendored
177
Jenkinsfile
vendored
@@ -1,42 +1,13 @@
|
||||
pipeline {
|
||||
// Build + deploy stages require Docker CLI/daemon access on the Jenkins node.
|
||||
// Ensure this label maps to an agent with Docker installed and usable.
|
||||
//update
|
||||
agent any
|
||||
|
||||
environment {
|
||||
REGISTRY_IMAGE = "plesk-agency-portal"
|
||||
IMAGE_LATEST = "${REGISTRY_IMAGE}:latest"
|
||||
IMAGE_BUILD = "${REGISTRY_IMAGE}:build-${BUILD_NUMBER}"
|
||||
DEPLOY_SSH_CREDENTIAL_ID = "${env.DEPLOY_SSH_CREDENTIAL_ID ?: 'plesk-agency-deploy-key'}"
|
||||
APP_HOST = "${env.APP_HOST ?: '192.168.68.89'}"
|
||||
APP_USER = "${env.APP_USER ?: 'deploy'}"
|
||||
DEPLOY_PATH = "${env.DEPLOY_PATH ?: '/opt/plesk-agency-portal'}"
|
||||
APP_BASE_URL = "${env.APP_BASE_URL ?: 'https://portal.rdbcloud.co.uk'}"
|
||||
NEXT_PUBLIC_APP_URL = "${env.NEXT_PUBLIC_APP_URL ?: 'https://portal.rdbcloud.co.uk'}"
|
||||
|
||||
}
|
||||
|
||||
stages {
|
||||
// stage('Preflight') {
|
||||
// steps {
|
||||
// sh '''
|
||||
// set -euo pipefail
|
||||
|
||||
// if ! command -v docker >/dev/null 2>&1; then
|
||||
// echo "Docker CLI is not available on this Jenkins agent."
|
||||
// echo "Run this pipeline on a Docker-capable node or install Docker on the current agent."
|
||||
// exit 1
|
||||
// fi
|
||||
|
||||
// if ! docker version >/dev/null 2>&1; then
|
||||
// echo "Docker is installed but not usable by Jenkins (daemon/socket/permissions issue)."
|
||||
// exit 1
|
||||
// fi
|
||||
// '''
|
||||
// }
|
||||
// }
|
||||
|
||||
stage('Checkout') {
|
||||
steps {
|
||||
checkout scm
|
||||
@@ -49,123 +20,65 @@ pipeline {
|
||||
}
|
||||
}
|
||||
|
||||
// stage('Lint') {
|
||||
// steps {
|
||||
// script {
|
||||
// def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true)
|
||||
// if (hasLint == 0) {
|
||||
// sh 'npm run lint'
|
||||
// } else {
|
||||
// echo 'No lint script configured; skipping lint stage.'
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
stage('Lint') {
|
||||
steps {
|
||||
script {
|
||||
def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true)
|
||||
if (hasLint == 0) {
|
||||
sh 'npm run lint'
|
||||
} else {
|
||||
echo 'No lint script configured; skipping lint stage.'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Build application') {
|
||||
steps {
|
||||
withCredentials([
|
||||
string(credentialsId: 'supabase-public-url', variable: 'SUPABASE_PUBLIC_URL'),
|
||||
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
|
||||
]) {
|
||||
sh '''
|
||||
NEXT_PUBLIC_SUPABASE_URL="$SUPABASE_PUBLIC_URL" \
|
||||
SUPABASE_URL="$SUPABASE_PUBLIC_URL" \
|
||||
NEXT_PUBLIC_APP_URL="$NEXT_PUBLIC_APP_URL" \
|
||||
npm run build
|
||||
'''
|
||||
}
|
||||
sh 'npm run build'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Build Docker image') {
|
||||
steps {
|
||||
withCredentials([
|
||||
string(credentialsId: 'supabase-public-url', variable: 'SUPABASE_PUBLIC_URL'),
|
||||
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
|
||||
]) {
|
||||
sh 'docker build --build-arg NEXT_PUBLIC_SUPABASE_URL="$SUPABASE_PUBLIC_URL" --build-arg SUPABASE_URL="$SUPABASE_PUBLIC_URL" --build-arg NEXT_PUBLIC_APP_URL="$NEXT_PUBLIC_APP_URL" --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY="$NEXT_PUBLIC_SUPABASE_ANON_KEY" --build-arg BUILD_CACHE_BUSTER="${BUILD_NUMBER}" -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
|
||||
sh 'docker build -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Deploy') {
|
||||
steps {
|
||||
script {
|
||||
if (!env.DEPLOY_SSH_CREDENTIAL_ID) {
|
||||
error 'DEPLOY_SSH_CREDENTIAL_ID is required'
|
||||
}
|
||||
}
|
||||
sshagent(credentials: ["${env.DEPLOY_SSH_CREDENTIAL_ID}"]) {
|
||||
sh '''
|
||||
set -euo pipefail
|
||||
: "${DEPLOY_SSH_HOST:?Missing DEPLOY_SSH_HOST}"
|
||||
: "${DEPLOY_SSH_USER:?Missing DEPLOY_SSH_USER}"
|
||||
: "${DEPLOY_PATH:?Missing DEPLOY_PATH}"
|
||||
|
||||
rsync -az \
|
||||
docker-compose.prod.yml \
|
||||
scripts/deploy-prod.sh \
|
||||
scripts/smoke-check.sh \
|
||||
scripts/rollback-prod.sh \
|
||||
${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST}:${DEPLOY_PATH}/
|
||||
|
||||
docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \
|
||||
| ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} 'docker load'
|
||||
|
||||
ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} \
|
||||
"chmod +x ${DEPLOY_PATH}/deploy-prod.sh ${DEPLOY_PATH}/smoke-check.sh ${DEPLOY_PATH}/rollback-prod.sh && APP_IMAGE='${IMAGE_BUILD}' DEPLOY_PATH='${DEPLOY_PATH}' ${DEPLOY_PATH}/deploy-prod.sh"
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Deploy') {
|
||||
steps {
|
||||
sh '''
|
||||
bash <<'EOF'
|
||||
set -euxo pipefail
|
||||
|
||||
SSH_KEY="/var/lib/jenkins/.ssh/plesk_agency_deploy"
|
||||
SSH_USER="deploy"
|
||||
SSH_COMMON_OPTS="-i ${SSH_KEY} -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
|
||||
SSH_OPTS="-n ${SSH_COMMON_OPTS}"
|
||||
RSYNC_SSH="ssh ${SSH_COMMON_OPTS}"
|
||||
|
||||
echo "SSH user from configured deploy key: ${SSH_USER}"
|
||||
echo "SSH key file path: ${SSH_KEY}"
|
||||
ls -l "${SSH_KEY}"
|
||||
ssh-keygen -y -f "${SSH_KEY}"
|
||||
|
||||
echo "Testing remote SSH connectivity"
|
||||
ssh -n ${SSH_OPTS} "${SSH_USER}@${APP_HOST}" "whoami && hostname && pwd"
|
||||
|
||||
echo "Deploying image tag: ${IMAGE_BUILD}"
|
||||
docker image inspect "${IMAGE_BUILD}" --format='{{.Id}} {{.RepoTags}}'
|
||||
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "mkdir -p $DEPLOY_PATH/scripts"
|
||||
|
||||
rsync -az \
|
||||
-e "${RSYNC_SSH}" \
|
||||
docker-compose.prod.yml \
|
||||
"$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
|
||||
|
||||
rsync -az \
|
||||
-e "${RSYNC_SSH}" \
|
||||
scripts/ \
|
||||
"$SSH_USER@$APP_HOST:$DEPLOY_PATH/scripts/"
|
||||
|
||||
IMAGE_TAR="plesk-agency-portal-build.tar"
|
||||
echo "Creating image archive: ${IMAGE_TAR}"
|
||||
docker save -o "${IMAGE_TAR}" "${IMAGE_BUILD}"
|
||||
ls -lh "${IMAGE_TAR}"
|
||||
sha256sum "${IMAGE_TAR}"
|
||||
|
||||
echo "Copying image archive to remote host via scp"
|
||||
scp ${SSH_COMMON_OPTS} "${IMAGE_TAR}" "$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
|
||||
|
||||
echo "Verifying image archive exists on remote host"
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "ls -lh $DEPLOY_PATH/plesk-agency-portal-build.tar"
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "sha256sum $DEPLOY_PATH/plesk-agency-portal-build.tar"
|
||||
|
||||
echo "Loading image archive on remote host"
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker load -i $DEPLOY_PATH/plesk-agency-portal-build.tar"
|
||||
|
||||
echo "Verifying exact image tag is available on remote host"
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker image inspect ${IMAGE_BUILD} --format='{{.Id}} {{.RepoTags}}'"
|
||||
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
|
||||
"cd $DEPLOY_PATH && chmod +x ./scripts/deploy-prod.sh ./scripts/smoke-check.sh ./scripts/rollback-prod.sh"
|
||||
|
||||
echo "Running remote deploy script with exact image tag"
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
|
||||
"cd $DEPLOY_PATH && APP_IMAGE='${IMAGE_BUILD}' ./scripts/deploy-prod.sh"
|
||||
|
||||
echo "Printing final running container image metadata"
|
||||
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker inspect plesk-agency-portal --format='{{.Image}} {{.Created}}'"
|
||||
EOF
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
stage('Smoke check') {
|
||||
steps {
|
||||
sh '''
|
||||
bash -eo pipefail << EOF
|
||||
set -euo pipefail
|
||||
chmod +x scripts/smoke-check.sh
|
||||
scripts/smoke-check.sh "${APP_BASE_URL}"
|
||||
EOF
|
||||
'''
|
||||
sh 'chmod +x scripts/smoke-check.sh && scripts/smoke-check.sh ${APP_BASE_URL}'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ export async function POST() {
|
||||
}
|
||||
|
||||
const stripe = getStripeClient();
|
||||
const supabase = createSupabaseRouteClient() as any;
|
||||
const supabase = createSupabaseRouteClient();
|
||||
|
||||
const { data: billing, error: billingError } = await supabase
|
||||
.from("billing_accounts")
|
||||
@@ -42,10 +42,7 @@ export async function POST() {
|
||||
};
|
||||
|
||||
if (billing?.id) {
|
||||
await supabase
|
||||
.from("billing_accounts")
|
||||
.update(upsertPayload)
|
||||
.eq("id", billing.id);
|
||||
await supabase.from("billing_accounts").update(upsertPayload).eq("id", billing.id);
|
||||
} else {
|
||||
await supabase.from("billing_accounts").insert(upsertPayload);
|
||||
}
|
||||
@@ -65,12 +62,7 @@ export async function POST() {
|
||||
return NextResponse.json({ url: session.url });
|
||||
} catch (error) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error:
|
||||
error instanceof Error
|
||||
? error.message
|
||||
: "Failed to create checkout session",
|
||||
},
|
||||
{ error: error instanceof Error ? error.message : "Failed to create checkout session" },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ export async function POST() {
|
||||
const context = await getRouteAgencyContextOrThrow();
|
||||
assertAgencyAdmin(context);
|
||||
|
||||
const supabase = createSupabaseRouteClient() as any;
|
||||
const supabase = createSupabaseRouteClient();
|
||||
const stripe = getStripeClient();
|
||||
|
||||
const { data: billing, error } = await supabase
|
||||
@@ -32,12 +32,7 @@ export async function POST() {
|
||||
return NextResponse.json({ url: session.url });
|
||||
} catch (error) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error:
|
||||
error instanceof Error
|
||||
? error.message
|
||||
: "Failed to open billing portal",
|
||||
},
|
||||
{ error: error instanceof Error ? error.message : "Failed to open billing portal" },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ async function upsertBillingByCustomer(
|
||||
current_period_end?: string | null;
|
||||
},
|
||||
) {
|
||||
const supabase = createSupabaseAdminClient() as any;
|
||||
const supabase = createSupabaseAdminClient();
|
||||
|
||||
const { data: existing } = await supabase
|
||||
.from("billing_accounts")
|
||||
@@ -28,33 +28,22 @@ async function upsertBillingByCustomer(
|
||||
.maybeSingle();
|
||||
|
||||
if (existing?.id) {
|
||||
await supabase
|
||||
.from("billing_accounts")
|
||||
.update(updates)
|
||||
.eq("id", existing.id);
|
||||
await supabase.from("billing_accounts").update(updates).eq("id", existing.id);
|
||||
}
|
||||
}
|
||||
|
||||
async function handleCheckoutSessionCompleted(
|
||||
session: Stripe.Checkout.Session,
|
||||
) {
|
||||
const agencyId =
|
||||
typeof session.metadata?.agency_id === "string"
|
||||
? session.metadata.agency_id
|
||||
: null;
|
||||
const customerId =
|
||||
typeof session.customer === "string" ? session.customer : null;
|
||||
async function handleCheckoutSessionCompleted(session: Stripe.Checkout.Session) {
|
||||
const agencyId = typeof session.metadata?.agency_id === "string" ? session.metadata.agency_id : null;
|
||||
const customerId = typeof session.customer === "string" ? session.customer : null;
|
||||
|
||||
if (!agencyId || !customerId) return;
|
||||
|
||||
const supabase = createSupabaseAdminClient() as any;
|
||||
const supabase = createSupabaseAdminClient();
|
||||
const payload = {
|
||||
agency_id: agencyId,
|
||||
stripe_customer_id: customerId,
|
||||
stripe_subscription_id:
|
||||
typeof session.subscription === "string"
|
||||
? (session.subscription as string)
|
||||
: null,
|
||||
typeof session.subscription === "string" ? (session.subscription as string) : null,
|
||||
subscription_status: "active",
|
||||
};
|
||||
|
||||
@@ -65,10 +54,7 @@ async function handleCheckoutSessionCompleted(
|
||||
.maybeSingle();
|
||||
|
||||
if (existing?.id) {
|
||||
await supabase
|
||||
.from("billing_accounts")
|
||||
.update(payload)
|
||||
.eq("id", existing.id);
|
||||
await supabase.from("billing_accounts").update(payload).eq("id", existing.id);
|
||||
} else {
|
||||
await supabase.from("billing_accounts").insert(payload);
|
||||
}
|
||||
@@ -76,14 +62,7 @@ async function handleCheckoutSessionCompleted(
|
||||
|
||||
async function handleSubscriptionUpdated(subscription: Stripe.Subscription) {
|
||||
const customerId =
|
||||
typeof subscription.customer === "string"
|
||||
? subscription.customer
|
||||
: subscription.customer?.id;
|
||||
const currentPeriodEnd =
|
||||
"current_period_end" in subscription
|
||||
? (subscription as { current_period_end?: number | null })
|
||||
.current_period_end
|
||||
: null;
|
||||
typeof subscription.customer === "string" ? subscription.customer : subscription.customer?.id;
|
||||
|
||||
if (!customerId) return;
|
||||
|
||||
@@ -91,27 +70,20 @@ async function handleSubscriptionUpdated(subscription: Stripe.Subscription) {
|
||||
stripe_subscription_id: subscription.id,
|
||||
plan_id: subscription.items.data[0]?.price.id ?? null,
|
||||
subscription_status: subscription.status,
|
||||
current_period_end: toIsoOrNull(currentPeriodEnd),
|
||||
current_period_end: toIsoOrNull(subscription.current_period_end),
|
||||
});
|
||||
}
|
||||
|
||||
async function handleSubscriptionDeleted(subscription: Stripe.Subscription) {
|
||||
const customerId =
|
||||
typeof subscription.customer === "string"
|
||||
? subscription.customer
|
||||
: subscription.customer?.id;
|
||||
const currentPeriodEnd =
|
||||
"current_period_end" in subscription
|
||||
? (subscription as { current_period_end?: number | null })
|
||||
.current_period_end
|
||||
: null;
|
||||
typeof subscription.customer === "string" ? subscription.customer : subscription.customer?.id;
|
||||
|
||||
if (!customerId) return;
|
||||
|
||||
await upsertBillingByCustomer(customerId, {
|
||||
stripe_subscription_id: subscription.id,
|
||||
subscription_status: "canceled",
|
||||
current_period_end: toIsoOrNull(currentPeriodEnd),
|
||||
current_period_end: toIsoOrNull(subscription.current_period_end),
|
||||
});
|
||||
}
|
||||
|
||||
@@ -123,35 +95,22 @@ export async function POST(req: Request) {
|
||||
|
||||
const signature = req.headers.get("stripe-signature");
|
||||
if (!signature) {
|
||||
return NextResponse.json(
|
||||
{ error: "Missing stripe-signature header" },
|
||||
{ status: 400 },
|
||||
);
|
||||
return NextResponse.json({ error: "Missing stripe-signature header" }, { status: 400 });
|
||||
}
|
||||
|
||||
const stripe = getStripeClient();
|
||||
const body = await req.text();
|
||||
const event = stripe.webhooks.constructEvent(
|
||||
body,
|
||||
signature,
|
||||
env.stripeWebhookSecret,
|
||||
);
|
||||
const event = stripe.webhooks.constructEvent(body, signature, env.stripeWebhookSecret);
|
||||
|
||||
switch (event.type) {
|
||||
case "checkout.session.completed":
|
||||
await handleCheckoutSessionCompleted(
|
||||
event.data.object as Stripe.Checkout.Session,
|
||||
);
|
||||
await handleCheckoutSessionCompleted(event.data.object as Stripe.Checkout.Session);
|
||||
break;
|
||||
case "customer.subscription.updated":
|
||||
await handleSubscriptionUpdated(
|
||||
event.data.object as Stripe.Subscription,
|
||||
);
|
||||
await handleSubscriptionUpdated(event.data.object as Stripe.Subscription);
|
||||
break;
|
||||
case "customer.subscription.deleted":
|
||||
await handleSubscriptionDeleted(
|
||||
event.data.object as Stripe.Subscription,
|
||||
);
|
||||
await handleSubscriptionDeleted(event.data.object as Stripe.Subscription);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
@@ -160,10 +119,7 @@ export async function POST(req: Request) {
|
||||
return NextResponse.json({ received: true });
|
||||
} catch (error) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error:
|
||||
error instanceof Error ? error.message : "Webhook handling failed",
|
||||
},
|
||||
{ error: error instanceof Error ? error.message : "Webhook handling failed" },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
|
||||
@@ -4,8 +4,6 @@ import { getServerAgencyContextOrRedirect } from "@/lib/agency";
|
||||
import { createSupabaseServerClient } from "@/lib/supabase/server";
|
||||
import { formatDateTime } from "@/lib/dates";
|
||||
|
||||
export const dynamic = "force-dynamic";
|
||||
|
||||
const PAGE_SIZE = 50;
|
||||
|
||||
type SearchParams = {
|
||||
@@ -90,11 +88,9 @@ export default async function ActivityPage({
|
||||
.order("created_at", { ascending: false })
|
||||
.limit(200);
|
||||
|
||||
const actionOptions: string[] = Array.from(
|
||||
new Set<string>(
|
||||
(recentForActions ?? []).map((entry: any) => String(entry.action)),
|
||||
),
|
||||
).sort((a, b) => a.localeCompare(b));
|
||||
const actionOptions = Array.from(
|
||||
new Set((recentForActions ?? []).map((entry: any) => String(entry.action))),
|
||||
).sort();
|
||||
|
||||
const instanceNameById = new Map<string, string>(
|
||||
(instances ?? []).map((instance: any) => [
|
||||
|
||||
@@ -6,8 +6,6 @@ import type { Database } from "@/lib/types";
|
||||
import { createSupabaseServerClient } from "@/lib/supabase/server";
|
||||
import Link from "next/link";
|
||||
|
||||
export const dynamic = "force-dynamic";
|
||||
|
||||
type AgencySummary = Pick<
|
||||
Database["public"]["Tables"]["agencies"]["Row"],
|
||||
"id" | "name"
|
||||
|
||||
@@ -2,6 +2,9 @@ services:
|
||||
web:
|
||||
container_name: plesk-agency-portal
|
||||
image: ${APP_IMAGE:-plesk-agency-portal:latest}
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- .env
|
||||
|
||||
@@ -1,245 +0,0 @@
|
||||
# GUARDRAILS
|
||||
|
||||
These systems are **currently working** and must **not be broken by AI refactors**.
|
||||
|
||||
AI tools must **prefer minimal changes** and avoid architecture changes unless explicitly instructed.
|
||||
|
||||
---
|
||||
|
||||
# Core Principle
|
||||
|
||||
If a task can be solved with a **small change**, the AI must **not perform a large rewrite**.
|
||||
|
||||
---
|
||||
|
||||
# Git Workflow Rules
|
||||
|
||||
The AI must **NEVER commit directly to `master` or `main`.**
|
||||
|
||||
All changes must be made via a branch.
|
||||
|
||||
## Branch naming conventions
|
||||
|
||||
Feature work:
|
||||
|
||||
feature/<short-description>
|
||||
|
||||
Bug fixes:
|
||||
|
||||
fix/<short-description>
|
||||
|
||||
Examples:
|
||||
|
||||
feature/supabase-public-endpoint
|
||||
fix/smoke-check-url
|
||||
fix/magic-link-auth
|
||||
|
||||
## Required workflow
|
||||
|
||||
1. Create a branch from `master`
|
||||
2. Make the required changes
|
||||
3. Commit changes to that branch
|
||||
4. Show the diff
|
||||
5. Do **not merge automatically**
|
||||
6. Raise a pull request
|
||||
7. User performs merge after review
|
||||
|
||||
---
|
||||
|
||||
# Infrastructure Protection
|
||||
|
||||
The AI must **not modify infrastructure** unless explicitly instructed.
|
||||
|
||||
This includes:
|
||||
|
||||
- DNS records
|
||||
- reverse proxy configuration
|
||||
- SSL certificates
|
||||
- server networking
|
||||
- firewall rules
|
||||
- Proxmox configuration
|
||||
- VM/LXC creation
|
||||
- Nginx Proxy Manager configuration
|
||||
- Supabase server configuration
|
||||
|
||||
These systems are **managed manually**.
|
||||
|
||||
---
|
||||
|
||||
# CI/CD
|
||||
|
||||
The Jenkins pipeline currently **builds and deploys the application**.
|
||||
|
||||
Deployment process:
|
||||
|
||||
docker save → scp → docker load
|
||||
|
||||
The AI must **not change the deployment architecture** without instruction.
|
||||
|
||||
Allowed CI changes:
|
||||
|
||||
- fixing pipeline bugs
|
||||
- improving reliability
|
||||
- adding environment variables
|
||||
- improving logs
|
||||
|
||||
Not allowed:
|
||||
|
||||
- replacing Jenkins
|
||||
- replacing Docker deployment
|
||||
- changing deployment host
|
||||
- introducing Kubernetes
|
||||
- major CI architecture changes
|
||||
|
||||
---
|
||||
|
||||
# Container
|
||||
|
||||
Container name:
|
||||
|
||||
plesk-agency-portal
|
||||
|
||||
Deployment path:
|
||||
|
||||
/opt/plesk-agency-portal
|
||||
|
||||
The AI must **not rename containers or paths** without explicit approval.
|
||||
|
||||
---
|
||||
|
||||
# Reverse Proxy
|
||||
|
||||
Reverse proxy is managed by:
|
||||
|
||||
Nginx Proxy Manager
|
||||
|
||||
Public application URL:
|
||||
|
||||
https://portal.rdbcloud.co.uk
|
||||
|
||||
Supabase public endpoint:
|
||||
|
||||
https://supabase.rdbcloud.co.uk
|
||||
|
||||
The AI must **not change reverse proxy configuration**.
|
||||
|
||||
---
|
||||
|
||||
# Authentication
|
||||
|
||||
Authentication system:
|
||||
|
||||
Supabase Magic Link
|
||||
|
||||
Required environment variables:
|
||||
|
||||
NEXT_PUBLIC_SUPABASE_URL
|
||||
SUPABASE_URL
|
||||
NEXT_PUBLIC_SUPABASE_ANON_KEY
|
||||
|
||||
The AI must **not replace the authentication system**.
|
||||
|
||||
---
|
||||
|
||||
# Environment Variables
|
||||
|
||||
Secrets must **never be committed to the repository**.
|
||||
|
||||
Secrets must come from:
|
||||
|
||||
- Jenkins credentials
|
||||
- environment variables
|
||||
- deployment configuration
|
||||
|
||||
Never commit:
|
||||
|
||||
API keys
|
||||
private tokens
|
||||
database passwords
|
||||
service keys
|
||||
|
||||
---
|
||||
|
||||
# Docker
|
||||
|
||||
Docker is used for **build and deployment**.
|
||||
|
||||
The AI may:
|
||||
|
||||
- update Dockerfile
|
||||
- fix build issues
|
||||
- improve caching
|
||||
|
||||
The AI must **not introduce complex container orchestration**.
|
||||
|
||||
Not allowed:
|
||||
|
||||
kubernetes
|
||||
docker swarm
|
||||
nomad
|
||||
terraform
|
||||
|
||||
Unless explicitly requested.
|
||||
|
||||
---
|
||||
|
||||
# Database
|
||||
|
||||
Database system:
|
||||
|
||||
Supabase Postgres
|
||||
|
||||
The AI must **not perform destructive database changes**.
|
||||
|
||||
Not allowed automatically:
|
||||
|
||||
DROP TABLE
|
||||
DROP COLUMN
|
||||
DELETE large datasets
|
||||
schema rewrites
|
||||
|
||||
Schema changes must be **reviewed first**.
|
||||
|
||||
---
|
||||
|
||||
# Safe Refactoring Rules
|
||||
|
||||
Allowed:
|
||||
|
||||
- small code improvements
|
||||
- bug fixes
|
||||
- performance improvements
|
||||
- logging improvements
|
||||
- type fixes
|
||||
- lint fixes
|
||||
|
||||
Avoid:
|
||||
|
||||
- large rewrites
|
||||
- framework changes
|
||||
- directory restructuring
|
||||
- renaming large parts of the codebase
|
||||
|
||||
Unless specifically requested.
|
||||
|
||||
---
|
||||
|
||||
# When AI Is Unsure
|
||||
|
||||
If the AI is unsure:
|
||||
|
||||
1. Explain the risk
|
||||
2. Ask for clarification
|
||||
3. Do **not proceed with risky changes**
|
||||
|
||||
---
|
||||
|
||||
# Priority Order
|
||||
|
||||
When making decisions, the AI must prioritise:
|
||||
|
||||
1. **Do not break production**
|
||||
2. **Respect guardrails**
|
||||
3. **Make minimal safe changes**
|
||||
4. **Preserve deployment pipeline**
|
||||
5. **Follow branch workflow**
|
||||
@@ -1,43 +0,0 @@
|
||||
# PROJECT-STATE
|
||||
|
||||
## Stable Systems
|
||||
|
||||
The following are stable and working:
|
||||
|
||||
CI/CD pipeline
|
||||
Docker deployment
|
||||
Reverse proxy routing
|
||||
Application container startup
|
||||
Smoke test endpoint
|
||||
|
||||
## Deployment
|
||||
|
||||
Jenkins → Build → Docker image → docker save → SCP → docker load → container recreate
|
||||
|
||||
App path:
|
||||
|
||||
/opt/plesk-agency-portal
|
||||
|
||||
Container:
|
||||
|
||||
plesk-agency-portal
|
||||
|
||||
## Public Endpoint
|
||||
|
||||
https://portal.rdbcloud.co.uk
|
||||
|
||||
## Current Work
|
||||
|
||||
Fix Supabase HTTPS endpoint and authentication flow.
|
||||
|
||||
## Known Risk
|
||||
|
||||
Supabase currently exposed via HTTP internally causing browser mixed content blocking.
|
||||
|
||||
## Update Rules
|
||||
|
||||
When system changes:
|
||||
|
||||
1. Update PROJECT-STATE.md
|
||||
2. Update ai-project-context.md
|
||||
3. Add a new handover file
|
||||
@@ -1,58 +0,0 @@
|
||||
# RUNBOOK
|
||||
|
||||
## Production App
|
||||
|
||||
Host:
|
||||
192.168.68.89
|
||||
|
||||
Deploy path:
|
||||
/opt/plesk-agency-portal
|
||||
|
||||
Container:
|
||||
plesk-agency-portal
|
||||
|
||||
Public URL:
|
||||
https://portal.rdbcloud.co.uk
|
||||
|
||||
---
|
||||
|
||||
## Health Check
|
||||
|
||||
Public:
|
||||
|
||||
curl https://portal.rdbcloud.co.uk/api/health
|
||||
|
||||
Local:
|
||||
|
||||
curl http://127.0.0.1:3000/api/health
|
||||
|
||||
---
|
||||
|
||||
## Check Running Container
|
||||
|
||||
docker ps
|
||||
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
|
||||
docker images | grep plesk-agency-portal
|
||||
|
||||
---
|
||||
|
||||
## View Logs
|
||||
|
||||
cd /opt/plesk-agency-portal
|
||||
docker compose -f docker-compose.prod.yml logs --tail=200
|
||||
|
||||
Follow logs:
|
||||
|
||||
docker logs -f plesk-agency-portal
|
||||
|
||||
---
|
||||
|
||||
## Rollback
|
||||
|
||||
cd /opt/plesk-agency-portal
|
||||
APP_IMAGE=plesk-agency-portal:build-37 ./scripts/rollback-prod.sh
|
||||
|
||||
Verify:
|
||||
|
||||
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
|
||||
curl http://127.0.0.1:3000/api/health
|
||||
@@ -1,191 +0,0 @@
|
||||
# AI Bootstrap Context -- Plesk Agency Portal
|
||||
|
||||
This document is intended to be uploaded into a new AI conversation so
|
||||
the assistant can quickly understand the project state.
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Project Overview
|
||||
|
||||
The **Plesk Agency Portal** is a multi-tenant SaaS platform that allows
|
||||
agencies to manage multiple Plesk servers, hosting subscriptions, and
|
||||
domains from a single interface.
|
||||
|
||||
Goals:
|
||||
|
||||
- Connect multiple Plesk servers
|
||||
- Sync subscriptions and domains
|
||||
- Manage hosting environments
|
||||
- Provide SaaS billing integration
|
||||
- Enforce tenant isolation using Supabase Row Level Security (RLS)
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Technology Stack
|
||||
|
||||
Frontend Next.js (App Router)
|
||||
|
||||
Backend Next.js API routes
|
||||
|
||||
Authentication Supabase Auth (Magic Link)
|
||||
|
||||
Database Supabase PostgreSQL
|
||||
|
||||
CI/CD Jenkins
|
||||
|
||||
Containerisation Docker
|
||||
|
||||
Reverse Proxy Nginx Proxy Manager
|
||||
|
||||
Infrastructure Self-hosted Linux servers
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Current Deployment Architecture
|
||||
|
||||
CI/CD Pipeline:
|
||||
|
||||
1. Code pushed to repository
|
||||
2. Jenkins pipeline runs
|
||||
3. Next.js application builds
|
||||
4. Docker image builds
|
||||
5. Image exported via `docker save`
|
||||
6. Image transferred via SSH/SCP
|
||||
7. Image loaded on application host
|
||||
8. Container recreated
|
||||
9. Smoke test verifies service
|
||||
|
||||
Images are transferred using:
|
||||
|
||||
docker save → scp → docker load
|
||||
|
||||
This avoids requiring a Docker registry during early development.
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Infrastructure
|
||||
|
||||
Jenkins Host Responsible for:
|
||||
|
||||
- building Docker images
|
||||
- running CI/CD pipeline
|
||||
- deploying containers
|
||||
|
||||
Application Host
|
||||
|
||||
Deployment path:
|
||||
|
||||
/opt/plesk-agency-portal
|
||||
|
||||
Docker container:
|
||||
|
||||
plesk-agency-portal
|
||||
|
||||
Application port:
|
||||
|
||||
3000
|
||||
|
||||
Reverse Proxy:
|
||||
|
||||
Nginx Proxy Manager
|
||||
|
||||
Public domain:
|
||||
|
||||
https://portal.rdbcloud.co.uk
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Database & Auth
|
||||
|
||||
Supabase is self-hosted on an internal server.
|
||||
|
||||
Current API endpoint:
|
||||
|
||||
http://192.168.68.52:54321
|
||||
|
||||
Because the portal runs via HTTPS, this causes a browser mixed-content
|
||||
error.
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Current Blocking Issue
|
||||
|
||||
Supabase authentication fails because the frontend attempts to call:
|
||||
|
||||
http://192.168.68.52:54321
|
||||
|
||||
while the portal itself is served via HTTPS.
|
||||
|
||||
Browsers block the request.
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Planned Fix
|
||||
|
||||
Expose Supabase through HTTPS using Nginx Proxy Manager.
|
||||
|
||||
Target domain:
|
||||
|
||||
https://supabase.rdbcloud.co.uk
|
||||
|
||||
Proxy configuration:
|
||||
|
||||
Forward host: 192.168.68.52\
|
||||
Forward port: 54321
|
||||
|
||||
After that update environment variables:
|
||||
|
||||
NEXT_PUBLIC_SUPABASE_URL SUPABASE_URL
|
||||
|
||||
Then redeploy the portal.
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Deployment Verification
|
||||
|
||||
Example deployed image:
|
||||
|
||||
plesk-agency-portal:build-62
|
||||
|
||||
Verification command:
|
||||
|
||||
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
|
||||
|
||||
Health endpoint:
|
||||
|
||||
/api/health
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Repository Documentation
|
||||
|
||||
Important docs:
|
||||
|
||||
docs/ai-project-context.md\
|
||||
docs/system-architecture.md\
|
||||
docs/next-steps.md\
|
||||
docs/handovers/\*
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Typical AI Assistance Areas
|
||||
|
||||
- CI/CD debugging
|
||||
- Docker deployment
|
||||
- Next.js development
|
||||
- Supabase integration
|
||||
- SaaS multi-tenant architecture
|
||||
- Stripe billing integration
|
||||
- Plesk API integration
|
||||
|
||||
------------------------------------------------------------------------
|
||||
|
||||
# Current Development Stage
|
||||
|
||||
Infrastructure and deployment pipeline are working.
|
||||
|
||||
Next priorities:
|
||||
|
||||
1. Fix Supabase HTTPS endpoint
|
||||
2. Verify authentication flow
|
||||
3. Continue SaaS portal feature development
|
||||
@@ -1,7 +0,0 @@
|
||||
# Current Focus
|
||||
|
||||
Immediate tasks:
|
||||
|
||||
1. Fix Supabase HTTPS endpoint
|
||||
2. Verify authentication flow
|
||||
3. Continue SaaS portal feature development
|
||||
@@ -109,14 +109,6 @@ Configure these values in Jenkins job/folder/global environment or credentials-b
|
||||
|
||||
The pipeline assumes Jenkins credentials are managed outside this repository.
|
||||
|
||||
Jenkins runtime requirements:
|
||||
|
||||
- The pipeline must run on a Jenkins agent with the `docker` label.
|
||||
- That agent must have Docker CLI installed and permission to access Docker daemon/socket.
|
||||
- `rsync` and `ssh` must also be available on the Jenkins agent.
|
||||
|
||||
If Docker is missing or inaccessible, the pipeline now fails early in a dedicated preflight stage with an explicit message.
|
||||
|
||||
## Deploy flow
|
||||
|
||||
Deployment is intentionally simple and bash-based:
|
||||
|
||||
@@ -1,100 +0,0 @@
|
||||
# Handover – 2026-03-07 – CI/CD Deploy Working
|
||||
|
||||
## Status
|
||||
|
||||
The Plesk Agency Portal deployment pipeline is now working end‑to‑end.
|
||||
|
||||
### Jenkins Pipeline
|
||||
|
||||
Pipeline successfully performs:
|
||||
|
||||
1. Build Next.js application
|
||||
2. Build Docker image
|
||||
3. Save image archive
|
||||
4. Transfer archive to app host
|
||||
5. Load image on remote server
|
||||
6. Recreate container
|
||||
7. Run smoke test
|
||||
|
||||
Example deployed image:
|
||||
|
||||
plesk-agency-portal:build-62
|
||||
|
||||
Verification command:
|
||||
|
||||
docker inspect plesk-agency-portal --format '{{.Image}} {{.Created}}'
|
||||
|
||||
---
|
||||
|
||||
## Infrastructure
|
||||
|
||||
### Jenkins Host
|
||||
|
||||
Responsibilities:
|
||||
|
||||
- Build Docker images
|
||||
- Execute CI/CD pipeline
|
||||
- Transfer deployment artifacts
|
||||
|
||||
### Application Host
|
||||
|
||||
Deployment path:
|
||||
|
||||
/opt/plesk-agency-portal
|
||||
|
||||
Container:
|
||||
|
||||
plesk-agency-portal
|
||||
|
||||
Application port:
|
||||
|
||||
3000
|
||||
|
||||
---
|
||||
|
||||
## Reverse Proxy
|
||||
|
||||
Managed using:
|
||||
|
||||
Nginx Proxy Manager
|
||||
|
||||
Public domain:
|
||||
|
||||
https://portal.rdbcloud.co.uk
|
||||
|
||||
---
|
||||
|
||||
## Known Issue
|
||||
|
||||
Supabase authentication blocked due to mixed content.
|
||||
|
||||
Frontend attempts:
|
||||
|
||||
http://192.168.68.52:54321
|
||||
|
||||
while the site runs via HTTPS.
|
||||
|
||||
---
|
||||
|
||||
## Next Task
|
||||
|
||||
Expose Supabase API through HTTPS:
|
||||
|
||||
https://supabase.rdbcloud.co.uk
|
||||
|
||||
Then update environment variables:
|
||||
|
||||
NEXT_PUBLIC_SUPABASE_URL
|
||||
SUPABASE_URL
|
||||
|
||||
and redeploy the application.
|
||||
|
||||
---
|
||||
|
||||
## Deployment Strategy
|
||||
|
||||
Docker registry intentionally avoided.
|
||||
|
||||
Images transferred using:
|
||||
|
||||
docker save → scp → docker load
|
||||
@@ -35,8 +35,7 @@ export const env = {
|
||||
stripeSecretKey: process.env.STRIPE_SECRET_KEY ?? "",
|
||||
stripeWebhookSecret: process.env.STRIPE_WEBHOOK_SECRET ?? "",
|
||||
stripePriceId: process.env.STRIPE_PRICE_ID ?? "",
|
||||
supabaseUrl:
|
||||
process.env.SUPABASE_URL ?? process.env.NEXT_PUBLIC_SUPABASE_URL ?? "",
|
||||
supabaseUrl: process.env.NEXT_PUBLIC_SUPABASE_URL ?? "",
|
||||
supabaseAnonKey: process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY ?? "",
|
||||
supabaseServiceRoleKey: process.env.SUPABASE_SERVICE_ROLE_KEY ?? "",
|
||||
};
|
||||
|
||||
@@ -11,7 +11,7 @@ export function getStripeClient() {
|
||||
|
||||
if (!stripeClient) {
|
||||
stripeClient = new Stripe(env.stripeSecretKey, {
|
||||
apiVersion: "2025-08-27.basil",
|
||||
apiVersion: "2025-02-24.acacia",
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,15 @@
|
||||
/** @type {import('next').NextConfig} */
|
||||
const nextConfig = {
|
||||
eslint: {
|
||||
// Temporary: repository has existing no-explicit-any violations.
|
||||
// Keep dedicated lint stage in CI; do not block production build on legacy lint debt.
|
||||
ignoreDuringBuilds: true,
|
||||
},
|
||||
typescript: {
|
||||
// Temporary: repository has existing unrelated type errors in billing/stripe flows.
|
||||
// Keep separate typecheck/lint quality gates while allowing production image build.
|
||||
ignoreBuildErrors: true,
|
||||
},
|
||||
experimental: {
|
||||
serverActions: {
|
||||
bodySizeLimit: "2mb",
|
||||
|
||||
@@ -4,21 +4,27 @@ set -euo pipefail
|
||||
|
||||
DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}"
|
||||
APP_IMAGE="${APP_IMAGE:-plesk-agency-portal:latest}"
|
||||
SOURCE_PATH="${SOURCE_PATH:-${DEPLOY_PATH}}"
|
||||
|
||||
mkdir -p "${DEPLOY_PATH}"
|
||||
|
||||
for file in docker-compose.prod.yml deploy-prod.sh smoke-check.sh rollback-prod.sh; do
|
||||
if [ -f "${SOURCE_PATH}/${file}" ]; then
|
||||
cp "${SOURCE_PATH}/${file}" "${DEPLOY_PATH}/${file}"
|
||||
fi
|
||||
done
|
||||
|
||||
chmod +x "${DEPLOY_PATH}/deploy-prod.sh" \
|
||||
"${DEPLOY_PATH}/smoke-check.sh" \
|
||||
"${DEPLOY_PATH}/rollback-prod.sh" 2>/dev/null || true
|
||||
|
||||
if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
|
||||
echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
|
||||
echo "Missing .env in ${DEPLOY_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd "${DEPLOY_PATH}"
|
||||
|
||||
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate
|
||||
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build
|
||||
|
||||
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml ps
|
||||
docker compose -f docker-compose.prod.yml ps
|
||||
|
||||
@@ -21,20 +21,10 @@ if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
|
||||
echo "Missing .env in ${DEPLOY_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "${DEPLOY_PATH}/scripts/smoke-check.sh" ]; then
|
||||
echo "Missing scripts/smoke-check.sh in ${DEPLOY_PATH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd "${DEPLOY_PATH}"
|
||||
|
||||
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate
|
||||
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build
|
||||
|
||||
"${DEPLOY_PATH}/scripts/smoke-check.sh" "${APP_BASE_URL}"
|
||||
"${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}"
|
||||
|
||||
docker compose -f docker-compose.prod.yml ps
|
||||
|
||||
@@ -11,26 +11,17 @@ fi
|
||||
|
||||
URL="${BASE_URL%/}/api/health"
|
||||
TMP_FILE="$(mktemp)"
|
||||
MAX_ATTEMPTS=20
|
||||
SLEEP_SECONDS=3
|
||||
|
||||
trap 'rm -f "${TMP_FILE}"' EXIT
|
||||
|
||||
for attempt in $(seq 1 "${MAX_ATTEMPTS}"); do
|
||||
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}" || echo "000")
|
||||
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}")
|
||||
|
||||
if [ "${HTTP_CODE}" = "200" ]; then
|
||||
if node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"; then
|
||||
echo "Smoke check passed: ${URL} (attempt ${attempt}/${MAX_ATTEMPTS})"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
if [ "${HTTP_CODE}" != "200" ]; then
|
||||
echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2
|
||||
cat "${TMP_FILE}" >&2 || true
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${attempt}" -lt "${MAX_ATTEMPTS}" ]; then
|
||||
sleep "${SLEEP_SECONDS}"
|
||||
fi
|
||||
done
|
||||
node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"
|
||||
|
||||
echo "Smoke check failed after ${MAX_ATTEMPTS} attempts: ${URL}" >&2
|
||||
cat "${TMP_FILE}" >&2 || true
|
||||
exit 1
|
||||
echo "Smoke check passed: ${URL}"
|
||||
|
||||
Reference in New Issue
Block a user