qzl
28 lines
1.4 KiB
Markdown
28 lines
1.4 KiB
Markdown
# CI/CD ECR Deployment Flow Record
|
|
|
|
## Goal
|
|
|
|
Record the current production CI/CD state for the backend Docker deployment path and preserve the handoff point before EC2 manual service startup.
|
|
|
|
## Scope
|
|
|
|
- Document that pushes to `main` trigger the Gitea workflow to build the backend Docker image.
|
|
- Document that the workflow validates the image and pushes `${GITHUB_SHA}` and `latest` tags to AWS ECR.
|
|
- Document that Cloudflare IPv4 CIDR ingress rules were added for `tcp/80` and `tcp/443` on security group `sg-064bf6675c881fde3` in `us-east-2`.
|
|
- Document that the open `0.0.0.0/0` ingress rules for `tcp/80` and `tcp/443` remain in place until the API is healthy.
|
|
- Document that final EC2 service startup is intentionally manual: the operator will log in to the single EC2 host and run Docker Compose after confirming the image exists in ECR.
|
|
|
|
## Out of Scope
|
|
|
|
- Automated SSH or SSM deployment to EC2.
|
|
- ECS task definition or service deployment.
|
|
- Removing the public `0.0.0.0/0` security group rules before API health is confirmed.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- Trellis task records the completed CI/CD preparation work.
|
|
- The task is archived after recording completion.
|
|
- The temporary root-level `DEPLOYMENT_REPORT.md` is removed.
|
|
- Current repository changes are committed on `dev`, pushed, and proposed for merge to `main`.
|
|
- After merge or main push triggers CI, ECR is checked for the uploaded backend image.
|