feat(dev-deploy): expose Grafana + Mailpit UIs via Caddy; seed monitoring config
Deploy wiring for the observability stack (the services and collector config landed in the previous commit): - Caddyfile.dev: route /grafana/* to galaxy-grafana:3000 (Caddy sub-path mode, Grafana keeps its own login) and /mailpit/* to galaxy-mailpit:8025 behind dev basic-auth, so the captured-mail UI (every message, relayed or not) and Grafana are reachable through the single dev origin. - dev-deploy.yaml: seed the monitoring config tree to a stable, reboot-surviving host path (GALAXY_DEV_MONITORING_DIR) before bringing the stack up, and inject the Grafana admin password from a Gitea secret (GALAXY_DEV_GRAFANA_ADMIN_PASSWORD; empty falls back to the compose default).
This commit is contained in:
Ilia Denisov
@@ -261,11 +261,19 @@ jobs:
|
|||||||
# Unset/empty → the compose default (non-routable) keeps the
|
# Unset/empty → the compose default (non-routable) keeps the
|
||||||
# stack capture-only.
|
# stack capture-only.
|
||||||
GALAXY_DEV_MAIL_RELAY_MATCH: ${{ vars.GALAXY_DEV_MAIL_RELAY_MATCH }}
|
GALAXY_DEV_MAIL_RELAY_MATCH: ${{ vars.GALAXY_DEV_MAIL_RELAY_MATCH }}
|
||||||
|
# Grafana admin password; unset/empty -> compose default 'admin'.
|
||||||
|
GALAXY_DEV_GRAFANA_ADMIN_PASSWORD: ${{ secrets.GALAXY_DEV_GRAFANA_ADMIN_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
# Resolve in the shell, not in YAML expressions — `env.HOME`
|
# Resolve in the shell, not in YAML expressions — `env.HOME`
|
||||||
# is empty at the workflow-evaluation stage.
|
# is empty at the workflow-evaluation stage.
|
||||||
export GALAXY_DEV_GAME_STATE_DIR="$HOME/.galaxy-dev/game-state"
|
export GALAXY_DEV_GAME_STATE_DIR="$HOME/.galaxy-dev/game-state"
|
||||||
mkdir -p "$GALAXY_DEV_GAME_STATE_DIR"
|
mkdir -p "$GALAXY_DEV_GAME_STATE_DIR"
|
||||||
|
# Seed the monitoring config to a stable, reboot-surviving host
|
||||||
|
# path (compose binds \${GALAXY_DEV_MONITORING_DIR} read-only).
|
||||||
|
export GALAXY_DEV_MONITORING_DIR="$HOME/.galaxy-dev/monitoring"
|
||||||
|
rm -rf "$GALAXY_DEV_MONITORING_DIR"
|
||||||
|
mkdir -p "$GALAXY_DEV_MONITORING_DIR"
|
||||||
|
cp -r monitoring/. "$GALAXY_DEV_MONITORING_DIR/"
|
||||||
docker compose up -d --wait --remove-orphans
|
docker compose up -d --wait --remove-orphans
|
||||||
|
|
||||||
- name: Probe the stack
|
- name: Probe the stack
|
||||||
|
|||||||
@@ -37,6 +37,22 @@
|
|||||||
reverse_proxy galaxy-api:8080
|
reverse_proxy galaxy-api:8080
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Grafana (observability UI) under /grafana/ — Caddy sub-path mode
|
||||||
|
# (Grafana set with GF_SERVER_SERVE_FROM_SUB_PATH); its own login.
|
||||||
|
handle /grafana/* {
|
||||||
|
reverse_proxy galaxy-grafana:3000
|
||||||
|
}
|
||||||
|
|
||||||
|
# Mailpit captured-mail UI under /mailpit/. Shows every message the
|
||||||
|
# backend sent (relayed or not); basic-auth (dev: gm / gm-dev-password)
|
||||||
|
# guards the OTP codes it exposes. Mailpit runs with MP_WEBROOT=/mailpit.
|
||||||
|
handle /mailpit/* {
|
||||||
|
basic_auth {
|
||||||
|
gm "$2a$14$xVh1TLaZxh8fazlKrI9Mx.NQMQlMarYWtr3FRELmZIXuac/DeeTRO"
|
||||||
|
}
|
||||||
|
reverse_proxy galaxy-mailpit:8025
|
||||||
|
}
|
||||||
|
|
||||||
# Bare `/game` (no trailing slash) -> `/game/` so the SPA root
|
# Bare `/game` (no trailing slash) -> `/game/` so the SPA root
|
||||||
# resolves before the site catch-all can claim it.
|
# resolves before the site catch-all can claim it.
|
||||||
handle /game {
|
handle /game {
|
||||||
|
|||||||
Reference in New Issue
Block a user