diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 0bd0e66..e7cf4d0 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -28,6 +28,10 @@ jobs: rsync -az --delete \ -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=yes" \ --exclude ".git" \ + --exclude ".venv" \ + --exclude "venv" \ + --exclude "backend/.venv" \ + --exclude "backend/venv" \ --exclude "frontend/node_modules" \ --exclude "frontend/.next" \ --exclude "**/__pycache__" \ @@ -54,7 +58,9 @@ jobs: env = { # Core "ENVIRONMENT": "production", - "ENABLE_SCHEDULER": "true", + # Scheduler will run in separate container (pounce-scheduler) + "ENABLE_SCHEDULER": "false", + "DEBUG": "false", "COOKIE_SECURE": "true", "CORS_ORIGINS": "https://pounce.ch,https://www.pounce.ch", "SITE_URL": "https://pounce.ch", @@ -68,6 +74,8 @@ jobs: # DB/Redis "DATABASE_URL": os.environ["DATABASE_URL"], "REDIS_URL": "redis://pounce-redis:6379/0", + # Rate limiting must be shared across workers in production + "RATE_LIMIT_STORAGE_URI": "redis://pounce-redis:6379/2", # Auth "SECRET_KEY": os.environ["SECRET_KEY"], diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index a9ca8b1..9ee558f 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -11,8 +11,9 @@ services: - pounce-network - supabase-network environment: - - DATABASE_URL=postgresql+asyncpg://pounce:PounceDB2024!@supabase-db-n0488s44osgoow4wgo04ogg0:5432/pounce - - JWT_SECRET=${JWT_SECRET:-pounce-super-secret-jwt-key-2024-production} + # NOTE: Do NOT hardcode credentials in git. + - DATABASE_URL=${DATABASE_URL} + - JWT_SECRET=${JWT_SECRET} - FRONTEND_URL=http://pounce.185-142-213-170.sslip.io - ENVIRONMENT=production - ENABLE_SCHEDULER=true