From fd1b50c8103cffc06b749de2821d00d3e1c8e291 Mon Sep 17 00:00:00 2001
From: Leopere <colin@nixc.us>
Date: Thu, 20 Mar 2025 22:24:19 -0400
Subject: [PATCH] Update README with Woodpecker CI configuration and required
 secrets

---
 .woodpecker.yml      | 22 +++++++++++++++++++-
 README.md            | 48 +++++++++++++++++++++++++++++++++++++++++++-
 stack.production.yml | 18 +++++++++--------
 3 files changed, 78 insertions(+), 10 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 76a5ccb..944230d 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -110,12 +110,32 @@ steps:
         from_secret: REGISTRY_USER
       REGISTRY_PASSWORD:
         from_secret: REGISTRY_PASSWORD
+      # Add production secrets
+      POSTGRES_PASSWORD:
+        from_secret: PROD_POSTGRES_PASSWORD
+      POSTGRES_USER:
+        from_secret: PROD_POSTGRES_USER
+      POSTGRES_DB:
+        from_secret: PROD_POSTGRES_DB
+      JWT_SECRET:
+        from_secret: PROD_JWT_SECRET
+      MAIN_URL:
+        from_secret: PROD_MAIN_URL
+      FRONTEND_URL:
+        from_secret: PROD_FRONTEND_URL
+      NEXT_PUBLIC_BACKEND_URL:
+        from_secret: PROD_NEXT_PUBLIC_BACKEND_URL
+      LINKEDIN_CLIENT_ID:
+        from_secret: PROD_LINKEDIN_CLIENT_ID
+      LINKEDIN_CLIENT_SECRET:
+        from_secret: PROD_LINKEDIN_CLIENT_SECRET
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     commands:
       - echo "Deploying to production environment"
       - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
-      - docker stack deploy --with-registry-auth -c ./stack.production.yml $${CI_REPO_NAME}
+      - envsubst < ./stack.production.yml > ./stack.production.env.yml
+      - docker stack deploy --with-registry-auth -c ./stack.production.env.yml $${CI_REPO_NAME}
     when:
       branch: main
       event: [push, cron]
diff --git a/README.md b/README.md
index 1c788b7..8bb2d13 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,47 @@
-<!-- build 0 -->
\ No newline at end of file
+<!-- build 0 -->
+
+# Postiz
+
+## Deployment
+
+This project uses Woodpecker CI for continuous integration and deployment to staging and production environments.
+
+### Woodpecker CI Configuration
+
+The `.woodpecker.yml` file defines the CI/CD pipeline with the following steps:
+- Building and pushing Docker images for staging
+- Deploying to staging environment
+- Cleaning up staging environment
+- Building and pushing Docker images for production
+- Deploying to production environment
+
+### Required Secrets
+
+The following secrets need to be configured in your Woodpecker CI instance:
+
+#### Registry and Docker Hub Access
+- `REGISTRY_USER` - Registry username
+- `REGISTRY_PASSWORD` - Registry password
+- `DOCKER_REGISTRY_USER` - Docker Hub username
+- `DOCKER_REGISTRY_PASSWORD` - Docker Hub password
+
+#### Production Environment Variables
+The following secrets are injected into the `stack.production.yml` file during deployment:
+
+- `PROD_POSTGRES_PASSWORD` - PostgreSQL database password
+- `PROD_POSTGRES_USER` - PostgreSQL username
+- `PROD_POSTGRES_DB` - PostgreSQL database name
+- `PROD_JWT_SECRET` - Secret key for JWT token generation
+- `PROD_MAIN_URL` - Main application URL
+- `PROD_FRONTEND_URL` - Frontend URL
+- `PROD_NEXT_PUBLIC_BACKEND_URL` - Backend URL for public access
+- `PROD_LINKEDIN_CLIENT_ID` - LinkedIn OAuth client ID
+- `PROD_LINKEDIN_CLIENT_SECRET` - LinkedIn OAuth client secret
+
+## Development
+
+To run the application locally:
+
+```bash
+docker compose up --build
+```
\ No newline at end of file
diff --git a/stack.production.yml b/stack.production.yml
index aa4b8bb..8ee762b 100644
--- a/stack.production.yml
+++ b/stack.production.yml
@@ -2,9 +2,9 @@ services:
   postiz-postgres:
     image: postgres:17-alpine
     environment:
-      POSTGRES_PASSWORD: postiz-password
-      POSTGRES_USER: postiz-user
-      POSTGRES_DB: postiz-db-local
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_DB: ${POSTGRES_DB}
     volumes:
       - /mnt/tank/persist/nixc.us/postiz/production/postiz-postgres:/var/lib/postgresql/data
     networks:
@@ -28,12 +28,14 @@ services:
   postiz:
     image: ghcr.io/gitroomhq/postiz-app:latest
     environment:
-      MAIN_URL: "https://postiz.nixc.us"
-      FRONTEND_URL: "https://postiz.nixc.us"
-      NEXT_PUBLIC_BACKEND_URL: "https://postiz.nixc.us/api"
-      JWT_SECRET: "zKdyVqnsLx8PrGKnFUz9AnSjrcu003kuzxBpHiNI6MU="
+      MAIN_URL: "${MAIN_URL}"
+      FRONTEND_URL: "${FRONTEND_URL}"
+      NEXT_PUBLIC_BACKEND_URL: "${NEXT_PUBLIC_BACKEND_URL}"
+      JWT_SECRET: "${JWT_SECRET}"
+      LINKEDIN_CLIENT_ID: "${LINKEDIN_CLIENT_ID}"
+      LINKEDIN_CLIENT_SECRET: "${LINKEDIN_CLIENT_SECRET}"
 
-      DATABASE_URL: "postgresql://postiz-user:postiz-password@postiz-postgres:5432/postiz-db-local"
+      DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postiz-postgres:5432/${POSTGRES_DB}"
       REDIS_URL: "redis://postiz-keydb:6379"
 
       BACKEND_INTERNAL_URL: "http://localhost:3000"