jim800121/visionA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
visionA/.dockerignore
jim800121chen eb66a7287a feat(deploy): visionA Cloud dev / stage docker compose + Caddy/nginx + 部署腳本 
新增雲端版部署設定(Phase 0.6 dev + Phase 0.7 stage 分兩套):

dev 環境(docker-compose.dev.yml):
- 5 service all-in-one(postgres + member-center + visionA-backend + frontend + Caddy)
- Caddy 自動 HTTPS for localhost
- .env.dev.example 範本(使用者拷出 .env.dev 後 docker compose up -d)
- Makefile dev-with-mc 9 個 target

stage 環境(docker-compose.stage.yml + docker/Dockerfile.stage):
- multi-stage build(node22 frontend + go1.26 backend × 2 + nginx-alpine runtime)
  最終 image 319 MB,含 nginx + nodejs + tini + bash
- entrypoint.stage.sh 4 process 共命運(nginx + api-server + remote-proxy +
  next.js standalone)用 wait -n + SIGTERM trap
- nginx.stage.conf:白名單 server_name stage-9527.innovedus.com + 444 default_server
  + /healthz 例外(127.0.0.0/8 only)+ /api/ 與 /storage/ 強制 no-store
  + /tunnel/connect WS upgrade + 100M body / 3600s timeout
- 對外 mapping 0.0.0.0:9527:80(公司 host nginx 在外層處理 HTTPS termination
  — Let's Encrypt stage-9527.innovedus.com 自動續簽)
- named volume visiona-data(不用 bind mount,因 stage docker daemon 在 host root
  無 mkdir 權限)

部署腳本(scripts/deploy-stage.sh):
- 仿 edge-ai-platform/scripts/deploy-docker.sh 早期 save/load 模式
- 為什麼不用 internal registry:公司 192.168.0.130:5000 開了 auth、無帳密
- 流程:buildx --load → docker save | gzip → DOCKER_HOST docker load → compose up
- 含 --rollback <tag> / --skip-build / --no-push / --skip-deploy 選項
- timestamp + git SHA tag 留 rollback 餘地

文件(docs/):
- DEV-SETUP.md:dev 環境一鍵起步驟
- SMOKE-TEST.md:手動煙測 checklist(OIDC flow / pairing / tunnel)
- STAGE-DEPLOY.md:stage 完整手冊(架構圖 / 環境前置 / 部署 step / rollback /
  7 種故障排除 / 緊急救回 POC)

.env.stage.example 對齊 backend A1 改造:
- VISIONA_OIDC_CLIENT_SECRET 留空(PKCE-only public client)
- VISIONA_OIDC_SERVICE_CLIENT_ID/_SECRET 留空(Phase 1 預留鉤子)
- 所有 secret 用 placeholder(CHANGE_ME_OPENSSL_RAND_HEX_32)

.dockerignore:避免 node_modules / .next / .git 等進 build context

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 11:22:44 +08:00

66 lines
1.7 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# visionA — 共用 .dockerignore
#
# 任何 docker / docker buildx build 都會用此檔過濾 build context。
# 目的:縮小傳給 daemon 的 contextvisionA repo 含 local-tool 等子產品總計 GB 級)
#
# 對齊:
# - docker/Dockerfile.stageCOPY visionA-frontend/, visionA-backend/
# - visionA-backend/docker/Dockerfile.api-server / Dockerfile.remote-proxy
#
# ⚠️ 注意規則生效範圍是「build context root」buildx build . 時即此 repo 根)
# ────────── 版控 / IDE ──────────
.git
.gitignore
.gitattributes
.github
.vscode
.idea
.DS_Store
Thumbs.db
# ────────── Autoflow / Claude / 文件(不進 image ──────────
.autoflow
.claude
docs
README.md
Makefile
docker-compose.dev.yml
.env.dev.example
.env.dev
.env.dev.generated
.env
.env.local
.env.*.local
.env.stage # 絕不可進 image — 含 secrets
# ────────── 兩個與 stage 無關的子產品(不進 image ──────────
local-tool
local-agent
# ────────── visionA-frontend ──────────
visionA-frontend/node_modules
visionA-frontend/.next
visionA-frontend/out
visionA-frontend/dist
visionA-frontend/build
visionA-frontend/coverage
visionA-frontend/.turbo
# IDE / config 雜項可進 image影響極小不過濾
# ────────── visionA-backend ──────────
visionA-backend/bin
visionA-backend/dist
visionA-backend/data
visionA-backend/coverage.out
visionA-backend/*.test
visionA-backend/.env
visionA-backend/.env.*
# ────────── 雜物 ──────────
*.log
*.tmp
*.swp
*.swo
graphify-out
Reference in New Issue View Git Blame Copy Permalink