feat(devops): CI/CD + Docker + Monitoring infrastructure
- Multi-stage Dockerfile (builder+runner, <500MB target) - docker-compose.yml: app(x4) + postgres + redis + prometheus + grafana + nginx - .env.example with all required secrets (never hardcoded) - requirements.txt with all dependencies including prometheus-client, alembic - GitHub Actions CI: lint (flake8+bandit+safety) + tests + Docker build/push - GitHub Actions CD: staging deploy -> smoke tests -> production deploy + rollback - Alembic migration setup + initial PostgreSQL schema (001_initial_schema) - SQLite→PostgreSQL data migration script - Prometheus metrics module (HTTP, ML, DB, business metrics) - Prometheus alert rules (5xx >1%, latency >2s, disk >80%, ML accuracy) - Grafana dashboard (overview: req/s, p95, ML accuracy, error rate) - Nginx reverse proxy config (HTTPS/TLS, rate limiting, security headers) - Structured JSON logging module - Automated daily DB backup script (pg_dump + 30-day retention) Branch: feature/devops-cicd Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
82
.env.example
Normal file
82
.env.example
Normal file
@@ -0,0 +1,82 @@
|
||||
# =============================================================
|
||||
# H3R7Tech Turf SaaS — Environment Variables Template
|
||||
# Copy this file to .env and fill in your values.
|
||||
# NEVER commit .env to version control.
|
||||
# =============================================================
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# PostgreSQL
|
||||
# ----------------------------------------------------------------
|
||||
POSTGRES_HOST=postgres
|
||||
POSTGRES_PORT=5432
|
||||
POSTGRES_DB=turf_saas
|
||||
POSTGRES_USER=turf
|
||||
POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD
|
||||
|
||||
# Full DSN used by SQLAlchemy / Alembic
|
||||
DATABASE_URL=postgresql://turf:CHANGE_ME_STRONG_PASSWORD@postgres:5432/turf_saas
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# Redis
|
||||
# ----------------------------------------------------------------
|
||||
REDIS_HOST=redis
|
||||
REDIS_PORT=6379
|
||||
REDIS_PASSWORD=CHANGE_ME_REDIS_PASSWORD
|
||||
REDIS_URL=redis://:CHANGE_ME_REDIS_PASSWORD@redis:6379/0
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# Flask / App
|
||||
# ----------------------------------------------------------------
|
||||
FLASK_ENV=production
|
||||
SECRET_KEY=CHANGE_ME_FLASK_SECRET_KEY_64CHARS
|
||||
DEBUG=false
|
||||
LOG_LEVEL=INFO
|
||||
|
||||
# DB path for legacy SQLite (kept for migration, set to /app/data/db/)
|
||||
DB_PATH=/app/data/db/turf_saas.db
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# Domain & TLS
|
||||
# ----------------------------------------------------------------
|
||||
DOMAIN=turf.h3r7.tech
|
||||
ADMIN_EMAIL=admin@h3r7.tech
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# Stripe (Billing)
|
||||
# ----------------------------------------------------------------
|
||||
STRIPE_SECRET_KEY=sk_live_CHANGE_ME
|
||||
STRIPE_WEBHOOK_SECRET=whsec_CHANGE_ME
|
||||
STRIPE_PUBLISHABLE_KEY=pk_live_CHANGE_ME
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# LLM / AI API keys
|
||||
# ----------------------------------------------------------------
|
||||
OPENROUTER_API_KEY=CHANGE_ME
|
||||
OPENAI_API_KEY=CHANGE_ME
|
||||
LLM_BASE_URL=https://openrouter.ai/v1
|
||||
LLM_MODEL=liquid/lfm-2.5-1.2b-instruct:free
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# External APIs
|
||||
# ----------------------------------------------------------------
|
||||
RESEND_API=CHANGE_ME
|
||||
BRAVE_SEARCH_API=CHANGE_ME
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# Monitoring
|
||||
# ----------------------------------------------------------------
|
||||
GRAFANA_ADMIN_USER=admin
|
||||
GRAFANA_ADMIN_PASSWORD=CHANGE_ME_GRAFANA_PASSWORD
|
||||
|
||||
# Slack webhook for CI/CD notifications (optional)
|
||||
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/CHANGE_ME
|
||||
|
||||
# Telegram bot for notifications (optional)
|
||||
TELEGRAM_BOT_TOKEN=CHANGE_ME
|
||||
TELEGRAM_CHAT_ID=CHANGE_ME
|
||||
|
||||
# ----------------------------------------------------------------
|
||||
# Docker registry (for CD pipeline)
|
||||
# ----------------------------------------------------------------
|
||||
REGISTRY=ghcr.io
|
||||
IMAGE_NAME=h3r7tech/turf-saas
|
||||
Reference in New Issue
Block a user