f

.dockerignore

@@ -0,0 +1,13 @@
+node_modules
+npm-debug.log
+yarn-error.log
+.git
+.gitignore
+README.md
+coverage
+dist
+.tmp
+.cache
+.env
+.env.*
+**/*.log

.gitlab-ci.yml

@@ -0,0 +1,28 @@
+stages:
+  - deploy
+
+deploy_production:
+  stage: deploy
+  image: alpine:3.20
+  environment:
+    name: production
+    url: https://api-finance.ai-assistant-bot.xyz
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "main"'
+  before_script:
+    - apk add --no-cache openssh-client rsync
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
+  script:
+    - ssh "$DEPLOY_USER@$DEPLOY_HOST" "mkdir -p /opt/apps/api-finance"
+    - rsync -az --delete \
+        --exclude='.git' \
+        --exclude='.env' \
+        --exclude='.env.*' \
+        --exclude='node_modules' \
+        --exclude='coverage' \
+        --exclude='dist' \
+        ./ "$DEPLOY_USER@$DEPLOY_HOST:/opt/apps/api-finance/"
+    - ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/apps/api-finance && docker compose -f docker-compose.server.yml up -d --build"

docker-compose.server.yml

@@ -0,0 +1,65 @@
+version: '3.8'
+
+services:
+  postgres:
+    image: postgres:14-alpine
+    container_name: api_finance_postgres
+    environment:
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_DB: ${DB_NAME}
+    volumes:
+      - api_finance_postgres_data:/var/lib/postgresql/data
+      - ./docker/postgres/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME} -d ${DB_NAME}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - api_finance_internal
+    restart: unless-stopped
+
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      target: production
+    container_name: api_finance_app
+    environment:
+      NODE_ENV: production
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_USERNAME: ${DB_USERNAME}
+      DB_PASSWORD: ${DB_PASSWORD}
+      DB_NAME: ${DB_NAME}
+      JWT_SECRET: ${JWT_SECRET}
+      JWT_REFRESH_SECRET: ${JWT_REFRESH_SECRET}
+      FRONTEND_URL: ${FRONTEND_URL}
+      COOKIE_DOMAIN: ${COOKIE_DOMAIN}
+      COOKIE_SECURE: ${COOKIE_SECURE}
+      CORS_ORIGINS: ${CORS_ORIGINS}
+      PORT: 3000
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - proxy
+      - api_finance_internal
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      - traefik.http.routers.api-finance.rule=Host(`api-finance.ai-assistant-bot.xyz`)
+      - traefik.http.routers.api-finance.entrypoints=web,websecure
+      - traefik.http.routers.api-finance.tls.certresolver=le
+      - traefik.http.services.api-finance.loadbalancer.server.port=3000
+
+volumes:
+  api_finance_postgres_data:
+
+networks:
+  proxy:
+    external: true
+  api_finance_internal:
+    driver: bridge