feat(infra): create staging docker-compose and environment configuration (#67)

This pull request introduces a production-grade, security-hardened Docker Staging environment configuration for **NexusReader**, prepared directly from the `develop` branch.

### 🚀 Key Additions

1. **`docker-compose.stage.yml`**:
   - Deploys five isolated containers (`nexus-web-stage`, `nexus-db-stage`, `nexus-qdrant-stage`, `nexus-neo4j-stage`) inside a dedicated `nexus-stage` bridge network.
   - Sets non-conflicting port mappings to allow staging to run concurrently with other environments on the same host (e.g., Web on `5080`, Postgres on `5438`, Neo4j HTTP on `7488`).
   - Configures robust container healthchecks (`curl` for Qdrant, `wget` for Neo4j, `pg_isready` for Postgres).
   - Maps dedicated named persistent volumes for databases (`pgdata_stage`, `qdrant_stage_data`, `neo4j_stage_data`) to prevent data loss.
   - Maps separate persistent volumes specifically for dynamic web uploads (`stage_www_uploads` for EPUBs, `stage_www_covers` for covers) without overriding the compiled static web client files.

2. **`.env.stage.template`**:
   - A clean deployment environment template providing a blueprint of all variables.
   - Copied to `.env.stage` locally during deployment to inject secrets securely.
   - Mandates a secure `NEXUS_ADMIN_PASSWORD` (checked by `DbInitializer` for staging/production builds).

3. **`.gitignore`**:
   - Explicitly ignores local environment configurations (such as `.env.stage`) to prevent accidentally committing credentials, while keeping the `.env.stage.template` tracked.

---

### 🧪 Verification Performed

- **Docker Compose Validation**: Ran `docker compose -f docker-compose.stage.yml --env-file .env.stage config` successfully with zero configuration or parsing errors.
- **Solution Compilation**: Ran `dotnet build NexusReader.slnx --no-restore` from root — **SUCCESS** with `0` compile errors.
- **Automated Tests**: Ran `dotnet test --no-restore` — **SUCCESS** (all 20/20 unit tests passed).

---------

Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #67
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
This commit was merged in pull request #67.
This commit is contained in:
2026-06-01 17:27:34 +00:00
committed by Marek Jaisński
parent 711480f8f6
commit 00004ce433
3 changed files with 145 additions and 0 deletions
+42
View File
@@ -0,0 +1,42 @@
# ===================================================================
# NexusReader — Staging (Stage) Environment Variables
# ===================================================================
# Copy this file to `.env.stage` and fill in the values before deployment:
# cp .env.stage.template .env.stage
#
# Then deploy with:
# docker compose -f docker-compose.stage.yml --env-file .env.stage up -d --build
# ===================================================================
# === PostgreSQL ===
POSTGRES_USER=nexus_user_stage
POSTGRES_PASSWORD=CHANGE_ME_TO_STRONG_PASSWORD
POSTGRES_DB=nexus_stage_db
POSTGRES_PORT=5438
# === Neo4j ===
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=CHANGE_ME_TO_STRONG_PASSWORD
# === Qdrant (leave empty to disable API key auth in staging) ===
QDRANT_API_KEY=
# === Web App ===
WEB_PORT=5080
# === Google OAuth (Staging credentials) ===
GOOGLE_CLIENT_ID=placeholder_google_client_id_stage
GOOGLE_CLIENT_SECRET=placeholder_google_client_secret_stage
# === Gemini AI ===
GOOGLE_AI_API_KEY=placeholder_gemini_api_key_stage
# === Secure Admin Seed Password (MANDATORY in Staging environment) ===
# This password is used by DbInitializer during startup. Cannot be empty or 'Admin123!'.
NEXUS_ADMIN_PASSWORD=CHANGE_ME_TO_SECURE_ADMIN_PASSWORD
# === Non-standard ports for auxiliary services ===
QDRANT_HTTP_PORT=6383
QDRANT_GRPC_PORT=6384
NEO4J_HTTP_PORT=7488
NEO4J_BOLT_PORT=7688