feat(infra): create staging docker-compose and environment configuration #67

Merged
mjasin merged 1 commits from infra/stage-deploy into develop 2026-06-01 17:27:35 +00:00
Collaborator

This pull request introduces a production-grade, security-hardened Docker Staging environment configuration for NexusReader, prepared directly from the develop branch.

🚀 Key Additions

  1. docker-compose.stage.yml:

    • Deploys five isolated containers (nexus-web-stage, nexus-db-stage, nexus-qdrant-stage, nexus-neo4j-stage) inside a dedicated nexus-stage bridge network.
    • Sets non-conflicting port mappings to allow staging to run concurrently with other environments on the same host (e.g., Web on 5080, Postgres on 5438, Neo4j HTTP on 7488).
    • Configures robust container healthchecks (curl for Qdrant, wget for Neo4j, pg_isready for Postgres).
    • Maps dedicated named persistent volumes for databases (pgdata_stage, qdrant_stage_data, neo4j_stage_data) to prevent data loss.
    • Maps separate persistent volumes specifically for dynamic web uploads (stage_www_uploads for EPUBs, stage_www_covers for covers) without overriding the compiled static web client files.
  2. .env.stage.template:

    • A clean deployment environment template providing a blueprint of all variables.
    • Copied to .env.stage locally during deployment to inject secrets securely.
    • Mandates a secure NEXUS_ADMIN_PASSWORD (checked by DbInitializer for staging/production builds).
  3. .gitignore:

    • Explicitly ignores local environment configurations (such as .env.stage) to prevent accidentally committing credentials, while keeping the .env.stage.template tracked.

🧪 Verification Performed

  • Docker Compose Validation: Ran docker compose -f docker-compose.stage.yml --env-file .env.stage config successfully with zero configuration or parsing errors.
  • Solution Compilation: Ran dotnet build NexusReader.slnx --no-restore from root — SUCCESS with 0 compile errors.
  • Automated Tests: Ran dotnet test --no-restoreSUCCESS (all 20/20 unit tests passed).
This pull request introduces a production-grade, security-hardened Docker Staging environment configuration for **NexusReader**, prepared directly from the `develop` branch. ### 🚀 Key Additions 1. **`docker-compose.stage.yml`**: - Deploys five isolated containers (`nexus-web-stage`, `nexus-db-stage`, `nexus-qdrant-stage`, `nexus-neo4j-stage`) inside a dedicated `nexus-stage` bridge network. - Sets non-conflicting port mappings to allow staging to run concurrently with other environments on the same host (e.g., Web on `5080`, Postgres on `5438`, Neo4j HTTP on `7488`). - Configures robust container healthchecks (`curl` for Qdrant, `wget` for Neo4j, `pg_isready` for Postgres). - Maps dedicated named persistent volumes for databases (`pgdata_stage`, `qdrant_stage_data`, `neo4j_stage_data`) to prevent data loss. - Maps separate persistent volumes specifically for dynamic web uploads (`stage_www_uploads` for EPUBs, `stage_www_covers` for covers) without overriding the compiled static web client files. 2. **`.env.stage.template`**: - A clean deployment environment template providing a blueprint of all variables. - Copied to `.env.stage` locally during deployment to inject secrets securely. - Mandates a secure `NEXUS_ADMIN_PASSWORD` (checked by `DbInitializer` for staging/production builds). 3. **`.gitignore`**: - Explicitly ignores local environment configurations (such as `.env.stage`) to prevent accidentally committing credentials, while keeping the `.env.stage.template` tracked. --- ### 🧪 Verification Performed - **Docker Compose Validation**: Ran `docker compose -f docker-compose.stage.yml --env-file .env.stage config` successfully with zero configuration or parsing errors. - **Solution Compilation**: Ran `dotnet build NexusReader.slnx --no-restore` from root — **SUCCESS** with `0` compile errors. - **Automated Tests**: Ran `dotnet test --no-restore` — **SUCCESS** (all 20/20 unit tests passed).
Antigravity added 1 commit 2026-06-01 17:27:12 +00:00
mjasin merged commit 00004ce433 into develop 2026-06-01 17:27:35 +00:00
mjasin deleted branch infra/stage-deploy 2026-06-01 17:27:35 +00:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mjasin/Nexus.Reader#67