diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..3977757 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,85 @@ +pipeline { + agent any + + environment { + REGISTRY_IMAGE = "plesk-agency-portal" + IMAGE_LATEST = "${REGISTRY_IMAGE}:latest" + IMAGE_BUILD = "${REGISTRY_IMAGE}:build-${BUILD_NUMBER}" + } + + stages { + stage('Checkout') { + steps { + checkout scm + } + } + + stage('Install dependencies') { + steps { + sh 'npm ci' + } + } + + stage('Lint') { + steps { + script { + def hasLint = sh(script: "node -e \"const fs=require('fs');const p=require('./package.json');process.exit(p?.scripts?.lint?0:1)\"", returnStatus: true) + if (hasLint == 0) { + sh 'npm run lint' + } else { + echo 'No lint script configured; skipping lint stage.' + } + } + } + } + + stage('Build application') { + steps { + sh 'npm run build' + } + } + + stage('Build Docker image') { + steps { + sh 'docker build -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .' + } + } + + stage('Deploy') { + steps { + script { + if (!env.DEPLOY_SSH_CREDENTIAL_ID) { + error 'DEPLOY_SSH_CREDENTIAL_ID is required' + } + } + sshagent(credentials: ["${env.DEPLOY_SSH_CREDENTIAL_ID}"]) { + sh ''' + set -euo pipefail + : "${DEPLOY_SSH_HOST:?Missing DEPLOY_SSH_HOST}" + : "${DEPLOY_SSH_USER:?Missing DEPLOY_SSH_USER}" + : "${DEPLOY_PATH:?Missing DEPLOY_PATH}" + + rsync -az \ + docker-compose.prod.yml \ + scripts/deploy-prod.sh \ + scripts/smoke-check.sh \ + scripts/rollback-prod.sh \ + ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST}:${DEPLOY_PATH}/ + + docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \ + | ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} 'docker load' + + ssh ${DEPLOY_SSH_USER}@${DEPLOY_SSH_HOST} \ + "chmod +x ${DEPLOY_PATH}/deploy-prod.sh ${DEPLOY_PATH}/smoke-check.sh ${DEPLOY_PATH}/rollback-prod.sh && APP_IMAGE='${IMAGE_BUILD}' DEPLOY_PATH='${DEPLOY_PATH}' ${DEPLOY_PATH}/deploy-prod.sh" + ''' + } + } + } + + stage('Smoke check') { + steps { + sh 'chmod +x scripts/smoke-check.sh && scripts/smoke-check.sh ${APP_BASE_URL}' + } + } + } +} diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 79620cb..2439829 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -1,6 +1,7 @@ services: web: container_name: plesk-agency-portal + image: ${APP_IMAGE:-plesk-agency-portal:latest} build: context: . dockerfile: Dockerfile diff --git a/docs/deployment-production.md b/docs/deployment-production.md index 50ffb2f..4cdca7a 100644 --- a/docs/deployment-production.md +++ b/docs/deployment-production.md @@ -56,3 +56,66 @@ Before deploying, set production-safe values in `.env` (using `.env.example` as - cron/job shared secrets Keep secrets out of source control. + +## Jenkins pipeline flow + +The repository includes a declarative `Jenkinsfile` with the following stages: + +1. **Checkout** +2. **Install dependencies** (`npm ci`) +3. **Lint** (runs only when `package.json` contains a `lint` script) +4. **Build application** (`npm run build`) +5. **Build Docker image** (tags `latest` and `build-${BUILD_NUMBER}`) +6. **Deploy** over SSH to the app host +7. **Smoke check** against `/api/health` + +## Required Jenkins configuration + +Configure these values in Jenkins job/folder/global environment or credentials-backed environment variables: + +- `DEPLOY_SSH_HOST` - remote app host +- `DEPLOY_SSH_USER` - SSH user on remote host +- `DEPLOY_SSH_CREDENTIAL_ID` - Jenkins SSH Agent credential ID +- `DEPLOY_PATH` - remote deployment path (for example `/opt/plesk-agency-portal`) +- `APP_BASE_URL` - externally reachable app URL used by smoke check + +The pipeline assumes Jenkins credentials are managed outside this repository. + +## Deploy flow + +Deployment is intentionally simple and bash-based: + +1. Jenkins builds Docker image tags locally. +2. Jenkins syncs deployment files (`docker-compose.prod.yml`, deploy/smoke/rollback scripts) to the remote deploy path. +3. Jenkins streams Docker images to the remote host (`docker save | ssh docker load`). +4. Jenkins runs `scripts/deploy-prod.sh` remotely. +5. Script applies the selected image tag via: + +```bash +APP_IMAGE= docker compose -f docker-compose.prod.yml up -d --no-build +``` + +6. Script prints `docker compose ps` status. + +## Rollback flow + +Rollback uses `scripts/rollback-prod.sh` with a previously built image tag: + +```bash +DEPLOY_PATH=/opt/plesk-agency-portal \ +APP_BASE_URL=https://your-app.example.com \ +scripts/rollback-prod.sh plesk-agency-portal:build-123 +``` + +Rollback redeploys that image with compose, then immediately reruns smoke checks. + +## Smoke check behavior + +`scripts/smoke-check.sh`: + +- accepts a base URL argument +- requests `${BASE_URL}/api/health` +- fails on non-200 responses +- fails on invalid JSON or missing expected fields (`ok: true`, `service` string) + +This gives a quick post-deploy validation gate for both deploy and rollback operations. diff --git a/scripts/deploy-prod.sh b/scripts/deploy-prod.sh new file mode 100755 index 0000000..296cc10 --- /dev/null +++ b/scripts/deploy-prod.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}" +APP_IMAGE="${APP_IMAGE:-plesk-agency-portal:latest}" +SOURCE_PATH="${SOURCE_PATH:-${DEPLOY_PATH}}" + +mkdir -p "${DEPLOY_PATH}" + +for file in docker-compose.prod.yml deploy-prod.sh smoke-check.sh rollback-prod.sh; do + if [ -f "${SOURCE_PATH}/${file}" ]; then + cp "${SOURCE_PATH}/${file}" "${DEPLOY_PATH}/${file}" + fi +done + +chmod +x "${DEPLOY_PATH}/deploy-prod.sh" \ + "${DEPLOY_PATH}/smoke-check.sh" \ + "${DEPLOY_PATH}/rollback-prod.sh" 2>/dev/null || true + +if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then + echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2 + exit 1 +fi + +cd "${DEPLOY_PATH}" + +APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build + +docker compose -f docker-compose.prod.yml ps diff --git a/scripts/rollback-prod.sh b/scripts/rollback-prod.sh new file mode 100755 index 0000000..2f72201 --- /dev/null +++ b/scripts/rollback-prod.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +PREVIOUS_IMAGE_TAG="${1:-}" +DEPLOY_PATH="${DEPLOY_PATH:-/opt/plesk-agency-portal}" +APP_BASE_URL="${APP_BASE_URL:-}" + +if [ -z "${PREVIOUS_IMAGE_TAG}" ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +if [ -z "${APP_BASE_URL}" ]; then + echo "APP_BASE_URL is required" >&2 + exit 1 +fi + +if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then + echo "Missing docker-compose.prod.yml in ${DEPLOY_PATH}" >&2 + exit 1 +fi + +cd "${DEPLOY_PATH}" + +APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build + +"${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}" + +docker compose -f docker-compose.prod.yml ps diff --git a/scripts/smoke-check.sh b/scripts/smoke-check.sh new file mode 100755 index 0000000..5249abb --- /dev/null +++ b/scripts/smoke-check.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +set -euo pipefail + +BASE_URL="${1:-}" + +if [ -z "${BASE_URL}" ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +URL="${BASE_URL%/}/api/health" +TMP_FILE="$(mktemp)" + +trap 'rm -f "${TMP_FILE}"' EXIT + +HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}") + +if [ "${HTTP_CODE}" != "200" ]; then + echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2 + cat "${TMP_FILE}" >&2 || true + exit 1 +fi + +node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}" + +echo "Smoke check passed: ${URL}"