updating docs
This commit is contained in:
lila
parent
fef7c82a3e
commit
fbc611c49f
4 changed files with 216 additions and 64 deletions
|
|
@ -91,7 +91,7 @@ Each phase produces a working increment. Nothing is built speculatively.
|
|||
|
||||
---
|
||||
|
||||
## Phase 3 — Auth
|
||||
## Phase 3 — Auth ✅
|
||||
|
||||
**Goal:** Users can log in via Google or GitHub and stay logged in.
|
||||
**Done when:** Better Auth session is validated on protected routes; unauthenticated users are redirected to login; user row is created on first social login.
|
||||
|
|
@ -109,6 +109,68 @@ Each phase produces a working increment. Nothing is built speculatively.
|
|||
|
||||
---
|
||||
|
||||
## Phase 6 — Production Deployment ✅
|
||||
|
||||
**Goal:** App is live on Hetzner, accessible via HTTPS on all subdomains.
|
||||
**Done when:** `https://lilastudy.com` loads; `https://api.lilastudy.com` responds; auth flow works end-to-end; CI/CD deploys on push to main.
|
||||
|
||||
_Note: Deployment was moved ahead of multiplayer — the app is useful without multiplayer but not without deployment._
|
||||
|
||||
### Infrastructure
|
||||
|
||||
- [x] Hetzner VPS provisioned (Debian 13, ARM64, 4GB RAM)
|
||||
- [x] SSH hardening, ufw firewall, fail2ban
|
||||
- [x] Docker + Docker Compose installed
|
||||
- [x] Domain DNS: A record + wildcard `*.lilastudy.com` pointing to VPS
|
||||
|
||||
### Reverse proxy
|
||||
|
||||
- [x] Caddy container with automatic HTTPS (Let's Encrypt)
|
||||
- [x] Subdomain routing: `lilastudy.com` → web, `api.lilastudy.com` → API, `git.lilastudy.com` → Forgejo
|
||||
|
||||
### Docker stack
|
||||
|
||||
- [x] Production `docker-compose.yml` with all services on shared network
|
||||
- [x] No ports exposed on internal services — only Caddy (80/443) and Forgejo SSH (2222)
|
||||
- [x] Production Dockerfile stages for API (runner) and frontend (nginx:alpine)
|
||||
- [x] Monorepo package exports fixed for production (dist/src paths)
|
||||
- [x] Production `.env` with env-driven CORS, auth URLs, cookie domain
|
||||
|
||||
### Git server + container registry
|
||||
|
||||
- [x] Forgejo running with built-in container registry
|
||||
- [x] SSH on port 2222, dev laptop `~/.ssh/config` configured
|
||||
- [x] Repository created, code pushed
|
||||
|
||||
### CI/CD
|
||||
|
||||
- [x] Forgejo Actions enabled
|
||||
- [x] Forgejo Runner container on VPS with Docker socket access
|
||||
- [x] `.forgejo/workflows/deploy.yml` — build, push, deploy via SSH on push to main
|
||||
- [x] Registry and SSH secrets configured in Forgejo
|
||||
|
||||
### Database
|
||||
|
||||
- [x] Initial seed via pg_dump from dev laptop
|
||||
- [x] Seeding script is idempotent (onConflictDoNothing) for future data additions
|
||||
- [x] Schema migrations via Drizzle (migrate first, deploy second)
|
||||
|
||||
### OAuth
|
||||
|
||||
- [x] Google and GitHub OAuth redirect URIs configured for production
|
||||
- [x] Cross-subdomain cookies via COOKIE_DOMAIN=.lilastudy.com
|
||||
|
||||
### Backups
|
||||
|
||||
- [x] Daily cron job (3 AM) with pg_dump, 7-day retention
|
||||
- [x] Dev laptop auto-syncs backups on login via rsync
|
||||
|
||||
### Documentation
|
||||
|
||||
- [x] `deployment.md` covering full infrastructure setup
|
||||
|
||||
---
|
||||
|
||||
## Phase 4 — Multiplayer Lobby
|
||||
|
||||
**Goal:** Players can create and join rooms; the host sees all joined players in real time.
|
||||
|
|
@ -148,32 +210,21 @@ Each phase produces a working increment. Nothing is built speculatively.
|
|||
|
||||
---
|
||||
|
||||
## Phase 6 — Production Deployment
|
||||
|
||||
**Goal:** App is live on Hetzner, accessible via HTTPS on all subdomains.
|
||||
**Done when:** `https://app.yourdomain.com` loads; `wss://api.yourdomain.com` connects; auth flow works end-to-end.
|
||||
|
||||
- [ ] `docker-compose.prod.yml`: all services + `nginx-proxy` + `acme-companion`
|
||||
- [ ] Nginx config per container: `VIRTUAL_HOST` + `LETSENCRYPT_HOST`
|
||||
- [ ] Production `.env` files on VPS
|
||||
- [ ] Drizzle migration runs on `api` container start
|
||||
- [ ] Seed production DB
|
||||
- [ ] Smoke test: login → solo game → multiplayer game end-to-end
|
||||
|
||||
---
|
||||
|
||||
## Phase 7 — Polish & Hardening
|
||||
|
||||
**Goal:** Production-ready for real users.
|
||||
|
||||
- [x] CI/CD pipeline (Forgejo Actions → SSH deploy)
|
||||
- [x] Database backups (cron → dev laptop sync)
|
||||
- [ ] Rate limiting on API endpoints
|
||||
- [ ] Graceful WS reconnect with exponential back-off
|
||||
- [ ] React error boundaries
|
||||
- [ ] `GET /users/me/stats` endpoint + profile page
|
||||
- [ ] Accessibility pass (keyboard nav, ARIA on quiz buttons)
|
||||
- [ ] Favicon, page titles, Open Graph meta
|
||||
- [ ] CI/CD pipeline (GitHub Actions → SSH deploy)
|
||||
- [ ] Database backups (cron → Hetzner Object Storage)
|
||||
- [ ] Offsite backup storage (Hetzner Object Storage)
|
||||
- [ ] Monitoring/logging (uptime, centralized logs)
|
||||
- [ ] Valkey for game session store (replace in-memory)
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -183,9 +234,9 @@ Each phase produces a working increment. Nothing is built speculatively.
|
|||
Phase 0 (Foundation) ✅
|
||||
└── Phase 1 (Vocabulary Data + API) ✅
|
||||
└── Phase 2 (Singleplayer UI) ✅
|
||||
└── Phase 3 (Auth)
|
||||
├── Phase 4 (Multiplayer Lobby)
|
||||
│ └── Phase 5 (Multiplayer Game)
|
||||
│ └── Phase 6 (Deployment)
|
||||
└── Phase 7 (Hardening)
|
||||
├── Phase 3 (Auth) ✅
|
||||
│ └── Phase 6 (Deployment + CI/CD) ✅
|
||||
└── Phase 4 (Multiplayer Lobby)
|
||||
└── Phase 5 (Multiplayer Game)
|
||||
└── Phase 7 (Hardening)
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue