feat: merge execution traceability feature to production

Author: varunr89

.github/workflows/deploy.yml

@@ -2,7 +2,7 @@ name: Build Docker Image
 
 on:
   push:
-    branches: [main]
+    branches: [main, execution-traceability, 'preview/**']
   schedule:
     - cron: '0 2 * * 0'  # Weekly rebuild (Sunday 2am UTC) for base image security patches
   workflow_dispatch:  # Manual trigger option
@@ -13,7 +13,7 @@ env:
 
 # Prevent overlapping deployments
 concurrency:
-  group: deploy-main
+  group: deploy-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
@@ -37,14 +37,39 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
+      - name: Determine image tag
+        id: tag
+        run: |
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            TAG="latest"
+            BRANCH_TAG="main-${{ github.sha }}"
+          elif [[ "${{ github.ref }}" == "refs/heads/execution-traceability" ]]; then
+            TAG="execution-traceability"
+            BRANCH_TAG="execution-traceability-${{ github.sha }}"
+          elif [[ "${{ github.ref }}" =~ ^refs/heads/preview/ ]]; then
+            # Extract branch name from refs/heads/preview/feature-name -> feature-name
+            BRANCH_NAME="${{ github.ref }}"
+            BRANCH_NAME="${BRANCH_NAME#refs/heads/preview/}"
+            TAG="preview-${BRANCH_NAME}"
+            BRANCH_TAG="preview-${BRANCH_NAME}-${{ github.sha }}"
+          else
+            # For other branches (manual workflow_dispatch), use branch name
+            BRANCH_NAME="${{ github.ref_name }}"
+            TAG="${BRANCH_NAME}"
+            BRANCH_TAG="${BRANCH_NAME}-${{ github.sha }}"
+          fi
+
+          echo "TAG=${TAG}" >> $GITHUB_OUTPUT
+          echo "BRANCH_TAG=${BRANCH_TAG}" >> $GITHUB_OUTPUT
+
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=sha,prefix={{branch}}-
-            type=raw,value=latest
+            type=raw,value=${{ steps.tag.outputs.TAG }}
+            type=raw,value=${{ steps.tag.outputs.BRANCH_TAG }}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
@@ -60,10 +85,15 @@ jobs:
         run: |
           echo "✅ Docker image built and pushed successfully"
           echo ""
-          echo "📦 Image: ghcr.io/${{ github.repository }}:latest"
-          echo ""
-          echo "🚀 To deploy, run locally:"
-          echo "   ./scripts/deploy.sh"
+          echo "📦 Images:"
+          echo "   ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.TAG }}"
+          echo "   ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.BRANCH_TAG }}"
           echo ""
-          echo "⚡ Or for quick deploy:"
-          echo "   ./scripts/quick-deploy.sh"
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            echo "🚀 To deploy production, run:"
+            echo "   ./scripts/deploy.sh"
+          else
+            BRANCH_NAME="${{ github.ref_name }}"
+            echo "🧪 To deploy preview, add to docker-compose.yml:"
+            echo "   image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.TAG }}"
+          fi

.gitignore

@@ -109,3 +109,4 @@ docker-config.json
 # Caddy data (volumes)
 caddy_data/
 caddy_config/
+data/backups/oews.db.*

Caddyfile

@@ -1,14 +1,9 @@
 api.oews.bhavanaai.com {
-    reverse_proxy oews-api:8000 {
-        # 5 minute timeout for long-running queries
-        timeout 5m
-    }
-
     # Automatic HTTPS with Let's Encrypt
     # Recommended: Add email for renewal notifications
     tls [email protected]
 
-    # Security headers
+    # Security headers applied to all routes
     header {
         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
         X-Frame-Options "DENY"
@@ -17,6 +12,19 @@ api.oews.bhavanaai.com {
         Referrer-Policy "no-referrer"
     }
 
+    # Route /trace/* to execution-traceability preview container
+    handle /trace/* {
+        uri strip_prefix /trace
+        reverse_proxy oews-trace:8000 {
+            header_up Host {http.request.host}
+        }
+    }
+
+    # Route all other requests to main API
+    handle {
+        reverse_proxy oews-api:8000
+    }
+
     # Access log to stdout (Docker log driver handles rotation)
     log {
         output stdout

docker-compose.yml

@@ -20,6 +20,26 @@ services:
         max-size: "10m"
         max-file: "3"
 
+  oews-trace:
+    image: ghcr.io/varunr89/oews:execution-traceability
+    container_name: oews-trace
+    restart: unless-stopped
+    env_file:
+      - .env
+    volumes:
+      - ./data-trace:/app/data  # Separate data volume for preview
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 10s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
   caddy:
     image: caddy:2-alpine
     container_name: caddy