developer/scrabble-game
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Stage 16: deploy infra & test contour
CI / unit (pull_request) Successful in 9s
Details
CI / integration (pull_request) Successful in 11s
Details
CI / ui (pull_request) Successful in 19s
Details
CI / deploy (pull_request) Failing after 1s
Details

Browse Source 
- backend + gateway multi-stage distroless Dockerfiles; the gateway embeds and
  serves the SPA at / and /telegram/ via go:embed (committed dist placeholder,
  real build baked in by the image's node stage)
- deploy/docker-compose.yml: backend + gateway + Postgres + Telegram connector
  (VPN sidecar) + OTel Collector + Prometheus (15d) + Tempo (72h) + Grafana,
  fronted by a caddy owning a single /_gm Basic-Auth (admin console + Grafana
  subpath); inter-service on a private network, only caddy on the edge network
- new metrics: backend accounts_created_total{kind} (robots excluded) and an
  in-memory gateway active_users{window=24h,7d} gauge
- CI: single .gitea/workflows/ci.yaml (unit/integration/ui + a gated test-contour
  deploy) on the new feature/* -> development -> master branch model; the old
  go-unit/integration/ui-test workflows are folded in; the connector-scoped
  compose is retired (superseded by deploy/)
- docs: ARCHITECTURE §11/§12/§13, root + gateway READMEs, CLAUDE.md branching,
  PLAN.md (stage 16 done + refinements + Stage 17 forward-notes)
This commit is contained in:
Ilia Denisov
2026-06-05 11:42:26 +02:00
parent 8c8f8c4d42
commit 8700fbfae1
35 changed files with 1413 additions and 318 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/caddy/Caddyfile
+35
View File
@@ -0,0 +1,35 @@
# Edge reverse proxy for the Scrabble contour. A single Basic-Auth gate covers
# every operator surface under /_gm (the backend-rendered admin console and the
# Grafana subpath); everything else (the SPA at / and /telegram/, plus the
# Connect edge) goes to the gateway. Mirrors ../galaxy-game's /_gm model.
#
# CADDY_SITE_ADDRESS is ":80" in the test contour (the host caddy terminates TLS
# and forwards); set it to a domain in prod (Stage 17) so this caddy does its own
# ACME and the contour is self-contained.
{
admin off
}
{$CADDY_SITE_ADDRESS::80} {
# Operator surfaces under /_gm: a single shared Basic-Auth, then route.
@gm path /_gm /_gm/*
handle @gm {
basic_auth {
{$GM_BASICAUTH_USER:gm} {$GM_BASICAUTH_HASH}
}
# Grafana serves from this sub-path (GF_SERVER_SERVE_FROM_SUB_PATH=true), so
# the prefix is forwarded intact, not stripped.
handle /_gm/grafana* {
reverse_proxy grafana:3000
}
# Everything else under /_gm is the backend-rendered admin console.
handle {
reverse_proxy backend:8080
}
}
# The SPA (/, /telegram/) and the Connect edge are served by the gateway.
handle {
reverse_proxy gateway:8081
}
}