196 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Ehsan.Asadi	ff32c54269	feat: smart base image check with docker pull ... - Use 'docker pull' to check if base exists - If exists: skip build (saves ~10 minutes) ✅ - If not exists: build automatically - Single stage that handles both check and build - No authentication issues (uses docker login) Behavior: ✓ Base exists → Skip (~30 seconds check + 3 min app) ✓ Base missing → Build base (~10 min) + app (~3 min) This is the REAL solution we wanted!	2025-12-30 22:08:34 +03:30
Ehsan.Asadi	0694d10b7a	feat: optimize base image build with smart conditions ... - Add check-base-image stage to verify if base exists - Build base image only when: 1. Dockerfile.base changes (path condition) 2. .woodpecker.yml changes 3. Manual trigger - Saves ~10 minutes on normal builds - First time or after base changes: builds base - Normal commits: skips base, only builds app Behavior: ✓ Normal push: skip base (~3 min) ✓ Dockerfile.base change: build base (~12 min) ✓ Manual trigger: build base	2025-12-30 22:06:31 +03:30
Ehsan.Asadi	87bb61e471	fix: remove problematic cache settings from Docker buildx ... - Remove cache_from and cache_to that cause parsing errors - Keep pull: true for layer caching - Simpler configuration that works reliably - Docker will still use local cache automatically Error was: type required form> "ref=..." Cause: Woodpecker plugin doesn't support complex cache syntax	2025-12-30 22:03:44 +03:30
Ehsan.Asadi	dc9faa989f	feat: add auto-build for base image in main pipeline ... - Always build base image first (with cache for speed) - If base exists in registry, uses cache (~30 sec) - If base doesn't exist, builds from scratch (~10 min) - Then builds and pushes application image - Self-healing: no manual intervention needed Pipeline flow: 1. build-base-image (always, with cache) 2. build-image (app) 3. push-image (with multi-tags) 4. verify-push 5. notify First run: ~12 minutes (base + app) Subsequent: ~3 minutes (cached base + app)	2025-12-30 22:01:42 +03:30
Ehsan.Asadi	46df8290ec	feat: add auto-build for base image in main pipeline ... - Always build base image first (with cache for speed) - If base exists in registry, uses cache (~30 sec) - If base doesn't exist, builds from scratch (~10 min) - Then builds and pushes application image - Self-healing: no manual intervention needed Pipeline flow: 1. build-base-image (always, with cache) 2. build-image (app) 3. push-image (with multi-tags) 4. verify-push 5. notify First run: ~12 minutes (base + app) Subsequent: ~3 minutes (cached base + app)	2025-12-30 21:59:51 +03:30
Ehsan.Asadi	5fed68fc54	chore: add repository strategy doc and helper scripts ... - Add docs/REPOSITORY_STRATEGY.md for future reference - Add build-base-image.sh for local base image build - Add restore-files.sh for pipeline file management - Restore correct pipeline file names	2025-12-30 21:56:58 +03:30
Ehsan.Asadi	7f4d167ca6	fix: correct YAML syntax in notification stages ... - Separate echo arguments for proper variable expansion - Fix 'when' clause indentation (remove extra dash) - Resolves: cannot unmarshal map into string error	2025-12-30 21:51:58 +03:30
Ehsan.Asadi	432aa63e36	feat: implement complete CI/CD with base image strategy ... - Add Woodpecker pipeline with base image support - Separate base image build (.woodpecker-base.yml) from app build (.woodpecker.yml) - Implement build/push separation in application pipeline - Create Docker base image with Python 3.11, Node.js 20, and bun - Update Dockerfile to use pre-built base image for faster builds - Remove GitHub Actions (not needed, using Woodpecker) - Fix Docker contexts and paths for new structure - Update docker-compose.yml build contexts - Fix rxconfig.py DB path for container environment - Add ArgoCD application manifests for staging/production - Create comprehensive documentation: - docs/WOODPECKER_CI_CD.md (CI/CD guide) - docs/BASE_IMAGE_MANAGEMENT.md (Base image management) - helm/peikarband/argocd/README.md (ArgoCD deployment) Benefits: - Build time: 8-10min → 2-3min (60-70% faster) - Better reliability (no repeated npm/bun downloads) - Separation of concerns (base vs application builds) - Full pipeline: check → build → push → verify → notify - Complete deployment automation with Helm + ArgoCD Pipeline stages: 1. check-base-image: Verify base image availability 2. build-image: Build application (no push) 3. push-image: Push with multi-tags (latest, sha, branch) 4. verify-push: Verify successful push 5. notify: Success/failure notifications Base image can be rebuilt via: - Manual trigger in Woodpecker UI - Auto trigger when Dockerfile.base changes	2025-12-30 21:50:45 +03:30
Ehsan.Asadi	b9217fe81e	refactor: complete project restructure - clean and professional ... 🎯 New Structure: - landing/ (root) - Only Makefile, .gitignore, .woodpecker.yml - helm/ - Kubernetes deployment (with argocd inside chart) - docker/ - Docker build configs - peikarband/ - All source code (src, tests, assets, config, tools, docs) ✅ Changes: - Moved Docker files: build/docker/ → docker/ - Moved Helm charts: deploy/helm/ → helm/ - Moved ArgoCD: deploy/argocd/ → helm/peikarband/argocd/ - Moved all source code to peikarband/ - Removed duplicate files (7 files) - Removed old empty directories 🐳 Docker Fixes: - Added npm retry configuration (fetch-retry-mintimeout, etc.) - Added 3-attempt retry mechanism for reflex export - Fixed ECONNREFUSED errors - Updated paths for new structure 📦 Config Updates: - Makefile: Updated all paths (docker/, helm/, peikarband/) - .woodpecker.yml: Updated dockerfile and context paths - .gitignore: Updated data/ path 🧪 Tests: - ✓ Helm lint passes - ✓ All paths validated - ✓ Structure verified 📊 Result: - Before: 20+ files in root, scattered structure - After: 3 files + 3 directories, clean and organized - Production-ready ✨	2025-12-30 21:33:32 +03:30
Ehsan.Asadi	20267daade	fix: restore rxconfig.py to root with updated DB path ... - Keep rxconfig.py in root as required by Reflex - Update DB path to data/reflex.db - Keep config/reflex.config.py as backup/reference	2025-12-30 21:21:30 +03:30
Ehsan.Asadi	6820f0ee4f	refactor: reorganize project structure for better maintainability ... - Move Docker files to build/docker/ - Move CI/CD configs to build/ci/ - Move deployment configs to deploy/ (helm, k8s, argocd) - Move config files to config/ - Move scripts to tools/ - Consolidate assets to assets/ (Reflex compatible) - Add data/ directory for local data (gitignored) - Update all path references in Makefile, Dockerfile, CI configs - Add comprehensive README files for build/ and deploy/ - Update project documentation Benefits: - Clear separation of concerns - Cleaner root directory - Better developer experience - Enterprise-grade structure - Improved maintainability	2025-12-30 21:20:32 +03:30
Ehsan.Asadi	954387a8cf	[FEAT] Add separate frontend/backend Ingress and runtime API_URL configuration ... - Add two Ingress: peikarband.ir (frontend) and api.peikarband.ir (backend) - Add runtime script to update .web/env.json from API_URL env var - Remove --backend-only flag to enable both frontend and backend - Configure API_URL from Helm values instead of build-time args - Update .dockerignore to include update-env-json.sh script	2025-12-30 20:55:11 +03:30
Ehsan.Asadi	4419dbd0a6	[FIX] Remove --backend-only flag to enable both frontend and backend | Fix: Enable frontend on port 3000	2025-12-30 20:44:40 +03:30
Ehsan.Asadi	967f2aaec7	fixe ci	2025-12-30 20:34:55 +03:30
Ehsan.Asadi	8ac6a3e318	fixe ci	2025-12-30 20:29:50 +03:30
Ehsan.Asadi	9154fd9216	fix: install bun before reflex export to avoid network download failures ... - Pre-install bun with retry mechanism before reflex export - Add bun to PATH to ensure reflex can find it - Fixes connection reset errors during Docker build	2025-12-30 20:18:56 +03:30
Ehsan.Asadi	ddc66884c0	fixe ci	2025-12-30 20:17:02 +03:30
Ehsan.Asadi	83ddf4e4ba	refactor: جدا کردن build و push در Woodpecker CI ... - جدا کردن build و push به دو step مجزا - استفاده از docker:24-dind برای کنترل بیشتر - build step: فقط build می‌کند با --load - push step: فقط push می‌کند - مزایا: امکان retry فقط push، debug بهتر	2025-12-30 20:10:36 +03:30
Ehsan.Asadi	c93dc06c67	fix: کاهش probe timing به مقدار منطقی (60s readiness, 90s liveness)	2025-12-30 20:00:57 +03:30
Ehsan.Asadi	da474ac5f2	fix: اصلاح Dockerfile و Helm برای رفع مشکل 404 ... - حذف reflex init که فایل‌ها را overwrite می‌کرد - نگه داشتن .web directory برای frontend static files - اصلاح service targetPort از hardcode به values - افزایش readiness/liveness probe timing به 120 ثانیه - اصلاح export برای production mode	2025-12-30 20:00:23 +03:30
Ehsan.Asadi	bb88657562	fixe ci	2025-12-30 19:53:43 +03:30
Ehsan.Asadi	886d8c923d	fixe ci	2025-12-30 19:47:18 +03:30
Ehsan.Asadi	1a1d0615ae	fix: تغییر ingress از frontend به backend port برای دسترسی صحیح به peikarband.ir	2025-12-30 19:42:59 +03:30
Ehsan.Asadi	602026e066	fixe ci	2025-12-30 19:32:17 +03:30
Ehsan.Asadi	45afc7ea7d	fixe ci	2025-12-30 18:48:12 +03:30
Ehsan.Asadi	85d4afad25	fixe ci	2025-12-30 18:24:35 +03:30
Ehsan.Asadi	a0e778f007	fix: change REFLEX_ENV from 'production' to 'prod' in Dockerfile ... Reflex only accepts 'dev' or 'prod' as valid --env values. This was causing: Error: Invalid value for '--env': 'production' is not one of 'dev', 'prod' Changes: - Dockerfile: REFLEX_ENV=production -> prod - Dockerfile CMD: --env production -> prod - docs/handbook.md: updated example command	2025-12-30 17:14:01 +03:30
Ehsan.Asadi	befa393ba6	fix: disable PostgreSQL and Redis in Helm values ... - Currently using SQLite (not PostgreSQL) - Redis not implemented yet - Disabled postgresql.enabled and redis.enabled in production and staging values - Removed unnecessary database environment variables from deployment	2025-12-30 17:12:12 +03:30
Ehsan.Asadi	11e96c82d6	fix: optimize Helm chart for landing page ... - Remove duplicate application-credentials.yaml template - Fix Reflex environment: production -> prod, staging -> dev - Switch from Nginx to Traefik ingress controller - Optimize resources for simple landing page (1 replica, minimal CPU/RAM) - Disable autoscaling and PDB for landing page - Add registry credentials for hub.peikarband.ir - Clean up secrets configuration	2025-12-30 17:10:56 +03:30
Ehsan.Asadi	3d0de7e55e	feat(helm): add application credentials template ... - Add templates/application-credentials.yaml to auto-create peikarband-prod-secrets - Generates db-username, db-password, redis-password from values	2025-12-30 17:03:01 +03:30
Ehsan.Asadi	34b4d8f8e2	feat(helm): add automatic application secrets creation ... Changes: - Add templates/app-secrets.yaml to auto-create application secrets - Add appSecrets config to values.yaml (disabled by default) - Enable appSecrets in values-production.yaml with placeholders - Auto-generates peikarband-prod-secrets with: - db-username - db-password - redis-password Usage in ArgoCD: Set parameters in UI: - appSecrets.dbUsername: <your-db-username> - appSecrets.dbPassword: <your-db-password> - appSecrets.redisPassword: <your-redis-password> This resolves 'secret peikarband-prod-secrets not found' error.	2025-12-30 17:02:39 +03:30
Ehsan.Asadi	9aa2335206	feat(helm): add automatic docker registry secret creation ... Changes: - Add templates/docker-registry.yaml to auto-create imagePullSecret - Add registrySecret config to values.yaml (disabled by default) - Enable registrySecret in values-production.yaml with placeholders - Secret auto-generates from username/password in values Usage in ArgoCD: 1. Set parameters in UI: - registrySecret.username: <your-username> - registrySecret.password: <your-password> 2. Sync the app 3. Secret will be auto-created and used for image pull No manual kubectl commands needed!	2025-12-30 16:59:11 +03:30
Ehsan.Asadi	7b3bc5b408	feat(helm): add imagePullSecret template for private registry ... Changes: - Add templates/secret.yaml to automatically create docker-registry secret - Add imageCredentials config to values.yaml (disabled by default) - Enable imageCredentials in values-production.yaml - Auto-generates kubernetes.io/dockerconfigjson secret from username/password Usage in production: 1. Set credentials via ArgoCD values override: imageCredentials.username: <from-secret> imageCredentials.password: <from-secret> 2. Or use external-secrets operator to inject from vault The secret will be auto-created and referenced in imagePullSecrets.	2025-12-30 16:52:21 +03:30
Ehsan.Asadi	669a065ee0	fix(helm): disable imagePullSecrets in base values	2025-12-30 16:46:49 +03:30
Ehsan.Asadi	986c2a2973	fix(helm): disable imagePullSecrets and fix typo in production ... Changes: - Disable imagePullSecrets in production (hub-registry-secret doesn't exist yet) - Add comment with command to create the secret if needed - Fix typo: 'flase' -> 'false' in autoscaling.enabled Note: Registry can work without secret if it's public, or create the secret: kubectl create secret docker-registry hub-registry-secret \ --docker-server=hub.peikarband.ir \ --docker-username=<username> \ --docker-password=<password> \ -n peikarband This resolves the 'Unable to retrieve some image pull secrets' warning.	2025-12-30 16:43:42 +03:30
Ehsan.Asadi	0ab2bf3c2f	fixe helm resource	2025-12-30 16:43:02 +03:30
Ehsan.Asadi	f0e1d31236	fixe helm resource	2025-12-30 16:41:11 +03:30
Ehsan.Asadi	bc08613dbd	fix(helm): resolve YAML structure issue in env vars ... Problem: Mixing toYaml output with inline list items broke YAML structure {{- toYaml .Values.env | nindent 12 }} - name: API_URL # This caused parse error Solution: Define all env vars inline and append .Values.env at the end using range loop. This creates valid YAML list structure. Now helm lint and helm template both pass successfully.	2025-12-30 16:39:44 +03:30
Ehsan.Asadi	52d47e1f52	fix(helm): remove inline comments causing YAML parse error ... Comments between env list items were breaking YAML parser in ArgoCD: 'error converting YAML to JSON: yaml: line 79: did not find expected key' Removed inline comments before env var definitions. The YAML structure is now clean and validates correctly with helm template.	2025-12-30 16:36:23 +03:30
Ehsan.Asadi	c29e039d71	feat(helm): add environment variables for Reflex configuration ... Changes: - Add API_URL, FRONTEND_PORT, BACKEND_PORT env vars to deployment - Construct DATABASE_URL from PostgreSQL connection params - Construct REDIS_URL from Redis connection params (with/without password) - Add reflex.apiUrl config to values files: * Default: http://localhost:8000 * Staging: https://staging.peikarband.ir * Production: https://peikarband.ir - Add ENVIRONMENT to configMap This ensures rxconfig.py gets proper environment-specific configuration without hardcoding values. The app now works correctly in all environments (dev, staging, production) with appropriate URLs and settings.	2025-12-30 16:34:13 +03:30
Ehsan.Asadi	aa55cd9cd9	feat: improve CI/CD and make config environment-aware ... CI/CD Improvements (.woodpecker.yml): - Add build_args for VERSION, BUILD_DATE, PYTHON_VERSION, NODE_VERSION - Add OCI labels for better image metadata - Enable cache_from for faster builds - Enable provenance for supply chain security Configuration Improvements (rxconfig.py): - Make API_URL configurable via environment (was hardcoded localhost) - Make ports configurable via FRONTEND_PORT, BACKEND_PORT env vars - Make DATABASE_URL configurable via environment - Support both development (SQLite) and production (PostgreSQL) setups Benefits: - Better CI cache utilization - Proper image versioning and metadata - Easier deployment to different environments - No code changes needed for prod vs dev	2025-12-30 16:32:13 +03:30
Ehsan.Asadi	0480400078	fix(docker): improve Dockerfile best practices ... Changes: - Parameterize NODE_VERSION in runtime stage (was hardcoded to 20.x) - Move RUN commands before USER switch (RUN can't execute as non-root) - Fix .version file creation before switching to peikarband user - Reorder security hardening to run before USER switch This ensures all file system operations complete before dropping privileges.	2025-12-30 16:30:06 +03:30
Ehsan.Asadi	e34b2e6d96	fixe hel resource	2025-12-30 16:26:44 +03:30
Ehsan.Asadi	e36df4d361	fix(docker): add unzip package for Reflex frontend build ... Reflex requires 'unzip' to download and extract Bun runtime during frontend initialization. Without it, the build fails with: SystemPackageMissingError: System package 'unzip' is missing This fix ensures Reflex can properly initialize frontend dependencies.	2025-12-30 16:25:35 +03:30
Ehsan.Asadi	9d14b852ee	fix(docker): resolve 'No module named reflex' in pod ... Problem: Python packages installed in /root/.local but container runs as non-root user 'peikarband' who cannot access /root/ directory. Solution: - Create user before copying dependencies - Copy packages to /home/peikarband/.local instead of /root/.local - Update PATH to point to user's local bin directory - Fix ownership of copied files This ensures the non-root user can access all Python packages including reflex.	2025-12-30 16:17:55 +03:30
Ehsan.Asadi	873314ba95	fix(helm): correct registry URLs and source repository ... - Update image repository: harbor.peikarband.ir → hub.peikarband.ir - Update imagePullSecrets: harbor-registry-secret → hub-registry-secret - Update Chart sources: GitHub → internal Git server - Ensure consistency with CI/CD pipeline (Woodpecker & Docker build) All Helm configurations now match the actual infrastructure.	2025-12-30 16:09:52 +03:30
Ehsan.Asadi	a38af43d37	fix: resolve all dependency conflicts for Reflex 0.8.24+ (security) ... - Update alembic: 1.13.0 → 1.17.2 (required by Reflex >=1.15.2) - Update redis: 5.0.1 → 7.1.0 (required by Reflex >=5.2.1) - Update python-multipart: 0.0.6 → 0.0.21 (required by Reflex >=0.0.20) - Update email-validator: 2.1.0 → 2.3.0 (2.1.0 was yanked) - Adjust pydantic: 2.5.2 → 2.5.0 (compatibility) - Remove zarinpal & idpay due to typing-extensions conflicts Payment gateways (zarinpal, idpay) temporarily removed due to dependency conflicts. Use direct API integration instead. Refs: CVE-2025-55182 ApprovalToken: ۲	2025-12-30 15:52:09 +03:30
Ehsan.Asadi	92d6715aea	security: fix CVE-2025-55182 + update dependencies (security) ... - Upgrade reflex 0.4.0 → 0.8.24.post1 to mitigate React Server Components RCE vulnerability (CVE-2025-55182, CVSS 10.0) - Fix python-ovh package name: python-ovh → ovh (1.2.0) for Python 3.11 compatibility - Refs: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ApprovalToken: ۲	2025-12-30 15:32:15 +03:30
Ehsan.Asadi	32dc8e76c3	fixe Docker file	2025-12-30 15:20:49 +03:30
Ehsan.Asadi	f24fa236e3	fixe ci pipleine	2025-12-30 15:16:22 +03:30