# GitHub Actions Deployment Setup

This document describes the setup for automatic deployment to a testing server when creating a Pull Request to the `develop` branch.

## Required GitHub Secrets

Go to repository settings → Settings → Secrets and variables → Actions and add the following secrets:

### SSH Connection

- `TESTING_SERVER_HOST` - IP address or domain of the testing server
- `TESTING_SERVER_USER` - User for SSH connection (e.g., `deploy`)
- `TESTING_SERVER_SSH_KEY` - Private SSH key for server connection
- `TESTING_SERVER_PORT` - (optional) SSH port (default: 22)

### Database Configuration

- `TESTING_DB_ROOT_PASSWORD` - Root password for MariaDB
- `TESTING_DB_USERNAME` - Database user
- `TESTING_DB_PASSWORD` - Database user password

## Required GitHub Variables

Go to repository settings → Settings → Secrets and variables → Actions → Variables and add:

- `TESTING_BASE_PORT` - Base port for applications (default: 3000)
- `TESTING_BASE_DB_PORT` - Base port for databases (default: 3306)
- `TESTING_BASE_REDIS_PORT` - Base port for Redis (default: 6379)

## Testing Server Setup

### 1. Installing Docker and Docker Compose

```bash
# System update
sudo apt update && sudo apt upgrade -y

# Docker installation
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# Add user to docker group
sudo usermod -aG docker $USER

# Install Docker Compose
sudo apt install docker-compose-plugin -y
```

### 2. Creating deployment user

```bash
# Create user
sudo useradd -m -s /bin/bash deploy
sudo usermod -aG docker deploy

# Create SSH keys directory
sudo mkdir -p /home/deploy/.ssh
sudo chmod 700 /home/deploy/.ssh

# Add public SSH key
sudo nano /home/deploy/.ssh/authorized_keys
# Insert public key corresponding to private key in TESTING_SERVER_SSH_KEY

sudo chmod 600 /home/deploy/.ssh/authorized_keys
sudo chown -R deploy:deploy /home/deploy/.ssh

# Create applications directory
sudo mkdir -p /opt/low-code-engine
sudo chown deploy:deploy /opt/low-code-engine
```

### 3. Nginx Setup (Optional)

If you want to use domain names instead of ports:

```bash
sudo apt install nginx -y

# Create configuration for testing applications
sudo nano /etc/nginx/sites-available/testing-apps
```

File content:

```nginx
server {
    listen 80;
    server_name ~^pr-(?<pr_number>\d+)\.testing\.yourdomain\.com$;

    location / {
        set $app_port 3000$pr_number;
        proxy_pass http://127.0.0.1:$app_port;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

```bash
# Activate configuration
sudo ln -s /etc/nginx/sites-available/testing-apps /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
```

## How Deployment Works

### Deployment Process

1. **Trigger**: Creating or updating Pull Request to `develop` branch
2. **Build**: Building application and creating Docker image
3. **Deploy**: Copying files to server and starting containers
4. **Health Check**: Checking application availability
5. **Comment**: Adding comment to PR with deployment information

### Server Structure

```
/opt/low-code-engine/
├── testing-pr-123/           # Separate directory for each PR
│   ├── docker-compose.yml    # Main docker-compose file
│   ├── docker-compose.override.yml  # Testing overrides
│   ├── .env                  # Environment variables
│   ├── docker/               # Docker configurations
│   └── low-code-engine-testing.tar.gz  # Docker image
├── testing-pr-124/
└── ...
```

### Ports

Each PR is assigned unique ports:

- Application: `TESTING_BASE_PORT + PR_NUMBER` (e.g., 3000 + 123 = 3123)
- Database: `TESTING_BASE_DB_PORT + PR_NUMBER` (e.g., 3306 + 123 = 3429)
- Redis: `TESTING_BASE_REDIS_PORT + PR_NUMBER` (e.g., 6379 + 123 = 6502)

### Cleanup

When PR is closed or merged, automatically:

1. Stop and remove containers
2. Remove Docker images
3. Remove files on server
4. Add cleanup comment

## Security

1. **SSH Keys**: Use separate SSH key only for deployment
2. **User**: Create separate user with minimal privileges
3. **Firewall**: Configure firewall to restrict port access
4. **SSL/TLS**: Consider using SSL certificates for HTTPS

## Monitoring and Logs

### View Application Logs

```bash
cd /opt/low-code-engine/testing-pr-{PR_NUMBER}
docker-compose logs -f app
```

### View Container Status

```bash
docker-compose ps
```

### Resource Monitoring

```bash
docker stats
```

## Troubleshooting

### Port Issues

If port is occupied, check which applications are using it:

```bash
sudo netstat -tulpn | grep :{PORT}
```

### Docker Issues

Clean up unused resources:

```bash
docker system prune -f
```

### Database Issues

Check database connection:

```bash
docker-compose exec mariadb mysql -u root -p -e "SHOW DATABASES;"
```

### Migration Issues

Manual migration run:

```bash
docker-compose exec app yarn migration:run
```