From 9fe172702fee36129627a9f8efbe346bbe1b0011 Mon Sep 17 00:00:00 2001 From: VPN SaaS Dev Date: Sat, 16 May 2026 19:35:07 +0900 Subject: [PATCH] docker-deploy-smoke --- .env.example | 2 -- DEPLOY.md | 17 +++++++++++++++-- README.md | 2 ++ app/core/config.py | 2 -- docker-compose.yml | 4 ---- scripts/backup.sh | 4 ++++ scripts/deploy.sh | 1 + scripts/restore.sh | 4 ++++ scripts/smoke_test.sh | 16 ++++++++++++++++ 9 files changed, 42 insertions(+), 10 deletions(-) create mode 100755 scripts/backup.sh create mode 100755 scripts/restore.sh create mode 100755 scripts/smoke_test.sh diff --git a/.env.example b/.env.example index a1d69ed..5d8d1c4 100644 --- a/.env.example +++ b/.env.example @@ -20,7 +20,5 @@ SECRET_KEY=change-this-long-random-secret REDIS_URL=redis://redis:6379/0 OCR_PROVIDER=tesseract OCR_LANGUAGES=eng+rus+kor -LLM_BASE_URL= -LLM_MODEL= ADMIN_TELEGRAM_IDS= ADMIN_BOOTSTRAP_TOKEN= diff --git a/DEPLOY.md b/DEPLOY.md index 2efac98..49d4998 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -19,7 +19,7 @@ Edit `.env` and set real secrets: - `INTERNAL_API_TOKEN` - `SECRET_KEY` - `REDIS_URL` if Redis is external -- `VAPID_PUBLIC_KEY` / `VAPID_PRIVATE_KEY` when browser push is enabled +- `VAPID_PUBLIC_KEY` / `VAPID_PRIVATE_KEY` only when browser push beta is enabled - `ADMIN_TELEGRAM_IDS` Production must use public HTTPS URLs and `ALLOW_DEV_AUTH=false`. @@ -34,6 +34,7 @@ curl -fsS http://127.0.0.1:8000/ready ``` The default compose stack includes Postgres, Redis, API and bot services with health checks, restart policies and log rotation. +Telegram notifications are the primary pilot notification channel. Browser push currently stores subscriptions and is treated as beta until server-side Web Push delivery is enabled. ## Git-Based Update @@ -51,7 +52,7 @@ The script runs: - Docker build/up - `alembic upgrade head` - Python smoke compile -- `/ready` health check +- `/health`, `/ready` and `/metrics` smoke checks Do not use rsync as the primary deploy mechanism. @@ -75,12 +76,24 @@ Create a compressed custom-format dump before risky deploys: BACKUP_DIR=/opt/carpass/backups ./scripts/backup_db.sh ``` +Compatibility wrapper: + +```bash +BACKUP_DIR=/opt/carpass/backups ./scripts/backup.sh +``` + Restore only during a maintenance window: ```bash ./scripts/restore_db.sh /opt/carpass/backups/carpass-drivers-YYYYMMDDTHHMMSSZ.dump ``` +Compatibility wrapper: + +```bash +./scripts/restore.sh /opt/carpass/backups/carpass-drivers-YYYYMMDDTHHMMSSZ.dump +``` + For volume-level recovery, back up the Docker named volumes `pgdata` and `redisdata` according to the host backup policy. ## Logs diff --git a/README.md b/README.md index 0d73630..df68495 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,8 @@ CarPass создает рекомендации обслуживания из д Уведомления имеют статусы `pending`, `processing`, `sent`, `failed`, `retrying`, `abandoned`, `read`, счетчик повторов и idempotency key, чтобы не плодить дубли. +Telegram-уведомления являются основным каналом закрытого пилота. Browser push уже умеет сохранять подписки в Mini App и принимать push-события в service worker, но серверная Web Push-доставка помечена как beta и не считается критическим каналом пилота. + ## Безопасность данных CarPass не раскрывает историю автомобиля по одному VIN или госномеру. СТО видит только разрешенный владельцем объем данных: базовую карточку, историю обслуживания или полный доступ. Любые чувствительные изменения, включая VIN, номер, пробег и технические параметры, проходят подтверждение владельца. diff --git a/app/core/config.py b/app/core/config.py index 97f6073..4e12116 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -22,8 +22,6 @@ class Settings(BaseSettings): allow_dev_auth: bool = False ocr_provider: str = "tesseract" ocr_languages: str = "eng+rus+kor" - llm_base_url: str = "" - llm_model: str = "" admin_telegram_ids: str = "" admin_bootstrap_token: str = "" diff --git a/docker-compose.yml b/docker-compose.yml index f0e4cc4..c302093 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -54,8 +54,6 @@ services: ALLOW_DEV_AUTH: ${ALLOW_DEV_AUTH:-false} OCR_PROVIDER: ${OCR_PROVIDER:-tesseract} OCR_LANGUAGES: ${OCR_LANGUAGES:-eng+rus+kor} - LLM_BASE_URL: ${LLM_BASE_URL:-} - LLM_MODEL: ${LLM_MODEL:-} REDIS_URL: ${REDIS_URL:-redis://redis:6379/0} SECRET_KEY: ${SECRET_KEY:-} VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-} @@ -91,8 +89,6 @@ services: APP_ENV: ${APP_ENV:-development} OCR_PROVIDER: ${OCR_PROVIDER:-tesseract} OCR_LANGUAGES: ${OCR_LANGUAGES:-eng+rus+kor} - LLM_BASE_URL: ${LLM_BASE_URL:-} - LLM_MODEL: ${LLM_MODEL:-} REDIS_URL: ${REDIS_URL:-redis://redis:6379/0} SECRET_KEY: ${SECRET_KEY:-} depends_on: diff --git a/scripts/backup.sh b/scripts/backup.sh new file mode 100755 index 0000000..3f1ee81 --- /dev/null +++ b/scripts/backup.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +set -euo pipefail + +exec "$(dirname "$0")/backup_db.sh" "$@" diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 2a2a3dd..6b5b5d3 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -44,6 +44,7 @@ for attempt in {1..30}; do if curl -fsS "$HEALTH_URL" >/tmp/carpass-ready.json; then cat /tmp/carpass-ready.json echo + BASE_URL="${BASE_URL:-${HEALTH_URL%/ready}}" ./scripts/smoke_test.sh $COMPOSE ps exit 0 fi diff --git a/scripts/restore.sh b/scripts/restore.sh new file mode 100755 index 0000000..46c4e8f --- /dev/null +++ b/scripts/restore.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +set -euo pipefail + +exec "$(dirname "$0")/restore_db.sh" "$@" diff --git a/scripts/smoke_test.sh b/scripts/smoke_test.sh new file mode 100755 index 0000000..a72517b --- /dev/null +++ b/scripts/smoke_test.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +set -euo pipefail + +BASE_URL="${BASE_URL:-http://127.0.0.1:8000}" + +echo "Checking health..." +curl -fsS "$BASE_URL/health" +echo + +echo "Checking readiness..." +curl -fsS "$BASE_URL/ready" +echo + +echo "Checking metrics..." +curl -fsS "$BASE_URL/metrics" | grep -q "carpass_requests_total" +echo "Smoke test passed."