ummary:
Changes to environment configuration currently require a manual docker compose up on the test server. This means merged PRs can be green in CI but not actually deployed with updated runtime config, causing drift between repo state and running containers.
Problem:
PR jobs validate/build/test but do not execute deployment on the test VM.
Env or compose changes do not take effect until someone manually runs compose up.
This creates hidden deployment debt and can block verification of merged changes.
Desired outcome:
After merge to main (or selected deploy branch), test environment should automatically pull latest images and apply compose/env updates without manual intervention.
Proposed implementation:
Add a deploy-to-test workflow triggered on push to main.
SSH to the test VM from GitHub Actions using a deploy key/secret.
Run:
docker compose pull
docker compose up -d --remove-orphans
Optionally force recreate for env-sensitive changes:
docker compose up -d --force-recreate --remove-orphans
Add post-deploy health checks:
API health endpoint returns healthy.
Optional smoke test for one read endpoint.
Fail workflow if deploy or health check fails.
Publish deployment status in workflow summary.
Acceptance criteria:
A merge to main triggers deploy workflow automatically.
Test server containers are updated without manual terminal action.
Env/compose changes are applied in running services after workflow completion.
Workflow fails visibly if deployment or health checks fail.
Deployment logs are retained in GitHub Actions artifacts/summary.
Documented rollback command is available.
Security and ops notes:
Use least-privilege SSH key dedicated to CI deploy.
Restrict allowed source IPs where possible.
Avoid printing secrets in logs.
Keep test/prod workflows separate to prevent accidental prod deploy.
Definition of done:
Workflow merged and active.
One successful auto-deploy recorded in Actions.
README updated with deployment flow and rollback.
Team confirms no manual compose step needed for normal test deploys.
ummary:
Changes to environment configuration currently require a manual docker compose up on the test server. This means merged PRs can be green in CI but not actually deployed with updated runtime config, causing drift between repo state and running containers.
Problem:
PR jobs validate/build/test but do not execute deployment on the test VM.
Env or compose changes do not take effect until someone manually runs compose up.
This creates hidden deployment debt and can block verification of merged changes.
Desired outcome:
After merge to main (or selected deploy branch), test environment should automatically pull latest images and apply compose/env updates without manual intervention.
Proposed implementation:
Add a deploy-to-test workflow triggered on push to main.
SSH to the test VM from GitHub Actions using a deploy key/secret.
Run:
docker compose pull
docker compose up -d --remove-orphans
Optionally force recreate for env-sensitive changes:
docker compose up -d --force-recreate --remove-orphans
Add post-deploy health checks:
API health endpoint returns healthy.
Optional smoke test for one read endpoint.
Fail workflow if deploy or health check fails.
Publish deployment status in workflow summary.
Acceptance criteria:
A merge to main triggers deploy workflow automatically.
Test server containers are updated without manual terminal action.
Env/compose changes are applied in running services after workflow completion.
Workflow fails visibly if deployment or health checks fail.
Deployment logs are retained in GitHub Actions artifacts/summary.
Documented rollback command is available.
Security and ops notes:
Use least-privilege SSH key dedicated to CI deploy.
Restrict allowed source IPs where possible.
Avoid printing secrets in logs.
Keep test/prod workflows separate to prevent accidental prod deploy.
Definition of done:
Workflow merged and active.
One successful auto-deploy recorded in Actions.
README updated with deployment flow and rollback.
Team confirms no manual compose step needed for normal test deploys.