chore: update staging deployment config

.github/workflows/production.yml

@@ -0,0 +1,63 @@
+name: Production deployment
+
+on:
+  release:
+    types: [published]
+
+env:
+  TAG: ${{ github.event.release.tag_name }}
+  STACK_FILE: docker/production.yml
+  REPOSITORY: website
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/appwrite/website:${{ env.TAG }}
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Execute SSH commands
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.PRD_SSH_HOST }}
+          username: ${{ secrets.PRD_SSH_USERNAME }}
+          key: ${{ secrets.PRD_SSH_KEY }}
+          script: |
+            url="https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/appwrite/${{ env.REPOSITORY }}.git"
+            if ! git clone "${url}" "${{ env.REPOSITORY }}" 2>/dev/null && [ -d "${{ env.REPOSITORY }}" ] ; then
+                echo "Clone failed because the folder ${{ env.REPOSITORY }} exists"
+            fi
+
+            cd ${{ env.REPOSITORY }}
+            git reset --hard HEAD
+            git remote set-url origin $url
+            git fetch origin
+            git checkout ${{ env.TAG }}
+
+            rm -f .env
+            echo "_APP_VERSION=${{ env.TAG }}" >> .env
+            echo "_APP_DOMAIN=${{ secrets.PRD_APP_DOMAIN }}" >> .env
+            echo "_APP_SYSTEM_SECURITY_EMAIL_ADDRESS=${{ secrets.APP_SYSTEM_SECURITY_EMAIL_ADDRESS }}" >> .env
+            echo "SEMATEXT_TOKEN=${{ secrets.SEMATEXT_TOKEN }}" >> .env
+
+            echo ${{ secrets.GH_REGISTRY_TOKEN }} | docker login ghcr.io --username ${{ github.actor }} --password-stdin
+            docker-compose -f ${{ env.STACK_FILE }} config
+            env $(cat .env | xargs) docker stack deploy --prune --resolve-image always --with-registry-auth -c ${{ env.STACK_FILE }} ${{ env.REPOSITORY }}

.github/workflows/staging.yml

@@ -3,13 +3,11 @@ name: Staging deployment
 on:
   push:
     branches:
-      - dev
       - main
-      - feat-dockerize-app
 
 env:
   TAG: ${{ github.sha }}
-  STACK_FILE: docker/docker-stack.stage.yml
+  STACK_FILE: docker/stage.yml
   REPOSITORY: website
 
 jobs:

docker/docker-stack.stage.yml → docker/production.yml

@@ -57,7 +57,7 @@ services:
         constraints:
           - node.role == manager
 
-  website:
+  server:
     image: ghcr.io/appwrite/website:$_APP_VERSION
     <<: *x-logging
     networks:

docker/stage.yml

@@ -0,0 +1,116 @@
+x-logging: &x-logging
+  logging:
+    driver: 'json-file'
+    options:
+      max-file: '5'
+      max-size: '20m'
+
+x-update-config: &x-update-config
+  update_config:
+    order: stop-first
+    failure_action: rollback
+    parallelism: 2
+    delay: 5s
+  rollback_config:
+    failure_action: pause
+    monitor: 5s
+    parallelism: 2
+    order: stop-first
+
+version: '3.8'
+
+services:
+  traefik:
+    image: traefik:2.9
+    <<: *x-logging
+    command:
+      - --log.level=DEBUG
+      - --api.insecure=true
+      - --providers.docker=true
+      - --providers.docker.watch=true
+      - --providers.docker.swarmMode=true
+      - --providers.docker.exposedByDefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --providers.docker.constraints=Label(`traefik.constraint-label-stack`,`appwrite`)
+      - --certificatesresolvers.myresolver.acme.httpchallenge=true
+      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
+      - --certificatesresolvers.myresolver.acme.email=$_APP_SYSTEM_SECURITY_EMAIL_ADDRESS
+      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/${_APP_DOMAIN}.json
+      - --accesslog=true
+    ports:
+      - 80:80
+      - 443:443
+      - 8080:8080
+    volumes:
+      - /letsencrypt:/letsencrypt
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - cloud
+    deploy:
+      mode: global
+      <<: *x-update-config
+      placement:
+        constraints:
+          - node.role == manager
+
+  server:
+    image: ghcr.io/appwrite/website:$_APP_VERSION
+    <<: *x-logging
+    networks:
+      - cloud
+    deploy:
+      <<: *x-update-config
+      mode: replicated
+      replicas: 6
+      max_replicas_per_node: 2
+      placement:
+        constraints:
+          - node.role == worker
+        preferences: 
+          - spread: node.role == worker
+      labels:
+        - traefik.enable=true
+        - traefik.constraint-label-stack=appwrite
+        - traefik.http.services.appwrite_api.loadbalancer.server.port=3000
+        #http
+        - traefik.http.routers.appwrite.entrypoints=web
+        - traefik.http.routers.appwrite.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`)
+        - traefik.http.routers.appwrite.service=appwrite_api
+        # https
+        - traefik.http.routers.appwrite_secure.entrypoints=websecure
+        - traefik.http.routers.appwrite_secure.rule=Host(`$_APP_DOMAIN`) || Host(`www.$_APP_DOMAIN`)
+        - traefik.http.routers.appwrite_secure.service=appwrite_api
+        - traefik.http.routers.appwrite_secure.tls=true
+        - traefik.http.routers.appwrite_secure.tls.certresolver=myresolver
+
+  janitor:
+    image: appwrite/docker-janitor
+    deploy:
+      mode: global
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  sematext-agent:
+    image: sematext/agent:latest
+    environment:
+      REGION: EU
+      INFRA_TOKEN: $SEMATEXT_TOKEN
+    deploy:
+      mode: global
+      restart_policy:
+        condition: any
+    volumes:
+      - /:/hostfs:ro
+      - /etc/passwd:/etc/passwd:ro
+      - /etc/group:/etc/group:ro
+      - /sys:/host/sys:ro
+      - /dev:/hostfs/dev:ro
+      - /var/run:/var/run
+      - /sys/kernel/debug:/sys/kernel/debug
+
+networks:
+  cloud:
+    driver: overlay