testing webhook deployment

Author: olsenben

.github/workflows/deploy.yml

@@ -1,46 +1,46 @@
-# name: Trigger Deployment
+name: Trigger Deployment
 
-# # This workflow triggers a webhook that your instance listens for
-# # The instance will then pull the latest code and rebuild
+# This workflow triggers a webhook that your instance listens for
+# The instance will then pull the latest code and rebuild
 
-# on:
-#   push:
-#     branches:
-#       - main
-#       - dev
+on:
+  push:
+    branches:
+      - main
+      - dev
 
-# jobs:
-#   notify:
-#     runs-on: ubuntu-latest
+jobs:
+  notify:
+    runs-on: ubuntu-latest
 
-#     # Determine environment based on branch
-#     environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
+    # Determine environment based on branch
+    environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
 
-#     steps:
-#       - name: Trigger deployment webhook
-#         run: |
-#           ENVIRONMENT="${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}"
-#           WEBHOOK_URL="${{ secrets.WEBHOOK_URL }}"
-#           WEBHOOK_SECRET="${{ secrets.WEBHOOK_SECRET }}"
+    steps:
+      - name: Trigger deployment webhook
+        run: |
+          ENVIRONMENT="${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}"
+          WEBHOOK_URL="${{ secrets.WEBHOOK_URL }}"
+          WEBHOOK_SECRET="${{ secrets.WEBHOOK_SECRET }}"
           
-#           # Create payload
-#           PAYLOAD=$(cat <<EOF
-#           {
-#             "ref": "${{ github.ref }}",
-#             "branch": "${{ github.ref_name }}",
-#             "commit": "${{ github.sha }}",
-#             "environment": "$ENVIRONMENT",
-#             "repository": "${{ github.repository }}"
-#           }
-#           EOF
-#           )
+          # Create payload
+          PAYLOAD=$(cat <<EOF
+          {
+            "ref": "${{ github.ref }}",
+            "branch": "${{ github.ref_name }}",
+            "commit": "${{ github.sha }}",
+            "environment": "$ENVIRONMENT",
+            "repository": "${{ github.repository }}"
+          }
+          EOF
+          )
           
-#           # Send webhook with secret for authentication
-#           curl -X POST "$WEBHOOK_URL" \
-#             -H "Content-Type: application/json" \
-#             -H "X-GitHub-Event: push" \
-#             -H "X-Webhook-Secret: $WEBHOOK_SECRET" \
-#             -d "$PAYLOAD" \
-#             --fail --show-error
+          # Send webhook with secret for authentication
+          curl -X POST "$WEBHOOK_URL" \
+            -H "Content-Type: application/json" \
+            -H "X-GitHub-Event: push" \
+            -H "X-Webhook-Secret: $WEBHOOK_SECRET" \
+            -d "$PAYLOAD" \
+            --fail --show-error
           
-#           echo "Deployment webhook triggered for $ENVIRONMENT"
+          echo "Deployment webhook triggered for $ENVIRONMENT"

README.md

@@ -58,6 +58,8 @@ bun run build
 
 ## Deploy
 
+### Manual Deployment
+
 ```bash
 git pull origin main
 
@@ -75,6 +77,66 @@ pm2 restart ProcessorDB-website
 pm2 reload ProcessorDB-website
 ```
 
+### Automated Webhook Deployment
+
+This repository uses GitHub Actions with webhook-based deployment. The deployment workflow automatically triggers when code is pushed to specific branches.
+
+#### Staging vs Production Deployment
+
+- **Staging Environment:**
+  - **Branch:** `dev`
+  - **Domain:** `staging.processordb.mit.edu`
+  - **Server:** `128.52.141.130`
+  - **GitHub Environment:** `staging`
+  - **Webhook Endpoint:** `http://staging.processordb.mit.edu/api/deploy`
+
+- **Production Environment:**
+  - **Branch:** `main`
+  - **Domain:** `processordb.mit.edu` (or your production domain)
+  - **Server:** Production server IP
+  - **GitHub Environment:** `production`
+  - **Webhook Endpoint:** Production webhook URL
+
+The GitHub Actions workflow automatically selects the environment based on the branch:
+- Pushes to `dev` branch → triggers `staging` environment deployment
+- Pushes to `main` branch → triggers `production` environment deployment
+
+#### GitHub Environments and Secrets Configuration
+
+To enable automated deployments, you must configure environment-specific secrets in GitHub:
+
+1. **Navigate to Repository Settings:**
+   - Go to: `https://github.com/MIT-FutureTech/processordb-website/settings/environments`
+
+2. **Configure Staging Environment:**
+   - Click on `staging` environment (or create it if it doesn't exist)
+   - Add the following secrets:
+     - **`WEBHOOK_URL`:** `http://staging.processordb.mit.edu/api/deploy`
+     - **`WEBHOOK_SECRET`:** The secret token that matches `DEPLOY_WEBHOOK_SECRET` in your staging server's `.env` file
+   - **Note:** Use `http://` until SSL certificate is configured, then update to `https://`
+
+3. **Configure Production Environment:**
+   - Click on `production` environment (or create it if it doesn't exist)
+   - Add the following secrets:
+     - **`WEBHOOK_URL`:** Your production webhook endpoint URL
+     - **`WEBHOOK_SECRET`:** The secret token that matches `DEPLOY_WEBHOOK_SECRET` in your production server's `.env` file
+
+**Important Notes:**
+- Each environment (staging/production) has its own set of secrets
+- The `WEBHOOK_SECRET` must match the `DEPLOY_WEBHOOK_SECRET` value in the corresponding server's `.env` file
+- Environment secrets are only accessible to workflows that explicitly reference that environment
+- The workflow file (`.github/workflows/deploy.yml`) uses `environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}` to automatically select the correct environment based on the branch
+
+#### How It Works
+
+1. Developer pushes code to `dev` or `main` branch
+2. GitHub Actions workflow triggers
+3. Workflow determines environment based on branch (`dev` → `staging`, `main` → `production`)
+4. Workflow retrieves environment-specific secrets (`WEBHOOK_URL` and `WEBHOOK_SECRET`)
+5. Workflow sends POST request to the webhook endpoint with authentication
+6. Server receives webhook, validates secret, and runs deployment script
+7. Deployment script pulls latest code, builds, and restarts the application
+
 ## Reverse Proxy (Nginx)
 
 The application is served through nginx as a reverse proxy. Configuration files are located at:
@@ -117,100 +179,48 @@ sudo systemctl status nginx
 
 ### DNS Record Setup
 
-To set up a staging subdomain (e.g., `staging.processordb.mit.edu`), you'll need to request a DNS record from MIT IT.
+**Status:** The DNS record for `staging.processordb.mit.edu` has been set up by MIT IT and is currently active.
 
-**Information needed for DNS request:**
-- **Subdomain:** `staging.processordb.mit.edu` (or your preferred subdomain)
-- **Record Type:** `A` record (for IPv4)
-- **IP Address:** 
-  - **Same server as production:** `128.52.132.49` (current server IP)
-  - **Different server:** The public IP address of the staging server instance
-
-**Current production server IP:** `128.52.132.49`
-
-**How to request:**
-1. Contact MIT IT/IS&T DNS administrators
-2. Request an A record pointing `staging.processordb.mit.edu` to the appropriate IP address
-3. Wait for DNS propagation (typically 5 minutes to 48 hours, usually within 15-30 minutes)
+**Current Configuration:**
+- **Domain:** `staging.processordb.mit.edu`
+- **Record Type:** `A` record
+- **IP Address:** `128.52.141.130` (staging server IP)
+- **Status:** Active and resolving
 
 **Verify DNS is working:**
 ```bash
 # Check if DNS record exists
 dig +short staging.processordb.mit.edu
 
-# Should return the IP address you requested
+# Should return: 128.52.141.130
 ```
 
-### Recommended Order of Operations
+### Current Staging Setup
 
-**Configure nginx BEFORE requesting DNS** - This ensures everything is ready when DNS propagates:
+**DNS Status:** Configured by MIT IT - `staging.processordb.mit.edu` points to `128.52.141.130`
 
-1. **First: Set up nginx configuration** (including internal-only restrictions if needed)
-2. **Second: Set up SSL certificate** (can use staging cert or wait for DNS)
-3. **Third: Request DNS record** from IT services
-4. **Fourth: Verify everything works** once DNS propagates
+The staging environment is currently configured with:
 
-**Why configure first?**
-- When DNS propagates, the site will work immediately
-- You can test nginx config using the IP address before DNS is ready
-- Avoids confusion if DNS is ready but site doesn't work
+1. **Nginx Configuration:** `/etc/nginx/sites-available/staging.processordb.mit.edu`
+   - Frontend proxy: `http://localhost:3000` (Nuxt.js)
+   - Backend API proxy: `http://localhost:3001/api/` (via `/backend/api/` path)
+   - Webhook endpoint: `/api/deploy` → `http://localhost:3000` (with IP restrictions for GitHub Actions)
 
-### After DNS is Configured
+2. **Application Services:**
+   - **Frontend:** PM2 app `ProcessorDB-website-staging` running on port `3000`
+   - **Backend API:** Docker container `processordb` running on port `3001`
+   - **Database:** Docker container `hardware-db-postgres` running on port `5432`
 
-Once DNS is set up, you'll need to:
+3. **Environment Variables:**
+   - Frontend `.env`: `SITE_URL`, `BACKEND_URL`, `DEPLOY_WEBHOOK_SECRET`
+   - Backend `.env`: Database credentials and JWT secrets
+   - PM2 ecosystem config loads `.env` file automatically
 
-1. **Create nginx configuration** (on staging server at 128.52.141.130):
-   ```bash
-   # SSH into staging server
-   ssh ubuntu@128.52.141.130
-   
-   # Copy production config as template
-   sudo cp /etc/nginx/sites-available/processordb.mit.edu /etc/nginx/sites-available/staging.processordb.mit.edu
-   sudo nano /etc/nginx/sites-available/staging.processordb.mit.edu
-   ```
-   
-   Update the config:
-   - Change `server_name` to `staging.processordb.mit.edu`
-   - Update `proxy_pass` ports if staging uses different ports
-   - **Add internal-only IP restrictions** (see "Restricting Access" section below)
-
-2. **Enable the site:**
-   ```bash
-   sudo ln -s /etc/nginx/sites-available/staging.processordb.mit.edu /etc/nginx/sites-enabled/
-   sudo nginx -t
-   sudo systemctl reload nginx
-   ```
-
-3. **Set up SSL certificate** (can be done before or after DNS):
-   ```bash
-   # Option A: Wait for DNS, then run:
-   sudo certbot --nginx -d staging.processordb.mit.edu
-   
-   # Option B: Use staging certificate before DNS (if you have one)
-   # Or use self-signed cert for testing
-   ```
-
-4. **Configure staging application:**
-   - Set up PM2 with a different app name (e.g., `ProcessorDB-website-staging`)
-   - Use different ports if needed (e.g., `3002` for frontend, `3003` for backend)
-   - Update nginx proxy_pass accordingly
-
-5. **Test nginx config** (before DNS is ready):
-   ```bash
-   # Test using IP address
-   curl -H "Host: staging.processordb.mit.edu" http://128.52.141.130
-   
-   # Or add to /etc/hosts for local testing:
-   # 128.52.141.130 staging.processordb.mit.edu
-   ```
-
-6. **Request DNS record** from IT services (see section above)
+4. **Deployment:**
+   - Webhook endpoint: `http://staging.processordb.mit.edu/api/deploy`
+   - Deployment script: `~/processordb-website-staging/scripts/deploy.sh`
+   - Git credentials: Configured via credential helper
 
-7. **After DNS propagates**, verify everything works:
-   ```bash
-   dig +short staging.processordb.mit.edu  # Should return 128.52.141.130
-   curl -I https://staging.processordb.mit.edu  # Should work from MIT network
-   ```
 
 ## Restricting Access to Internal MIT Networks
 

ecosystem.staging.config.cjs

@@ -1,7 +1,7 @@
 module.exports = {
   apps : [{
     name: "ProcessorDB-website-staging",
-    port: "3001",
+    port: "3000",
     exec_mode: "cluster",
     instances: "max",
     script: "./.output/server/index.mjs",
@@ -12,3 +12,5 @@ module.exports = {
   }]
 }
 
+
+