Update bluegreen

bcb · bcb · commit becadc075798 · 2025-09-10T11:28:44.000+10:00
diff --git a/docs/bluegreen.md b/docs/bluegreen.md
@@ -8,9 +8,10 @@ near-zero downtime and easy rollback.
 
 ### Remove exposed ports
 
+Remove the `caddy` service's `ports:` section in `compose.yaml`.
+
 We'll no longer expose ports in the stacks, instead a simple "front proxy" will
-sit in front of the two stacks, exposing ports and proxying to the active
-stack. So remove the Caddy service's `ports:` section in `compose.yaml`.
+sit in front of the two stacks, proxying to the active stack.
 
 ### Set the Caddy container name explicitly
 
@@ -45,14 +46,38 @@ volumes:
     name: user-data
 ```
 
+## 3. Bring up two Stacks
+
+Deploying is the same as [before](deploying.md), but now we're deploying the
+_idle stack_. For this example, `green` is idle so that's the one we're
+deploying.
+
+Create `blue` and `green` directories on the server and copy `compose.yaml`
+into the idle stack's directory:
+
+```sh
+scp compose.yaml youruser@yourserver:green/compose.yaml
+```
+
+Shell into the server and bring up the idle stack:
+
+```sh
+cd green
+docker compose pull
+docker compose up -d
+```
+
+Docker will use the directory name `green` as the project name, creating
+different containers, volumes and networks than the `blue` stack.
+
 ## 3. Add a Front Proxy
 
 The _front proxy_ is a single container that binds ports `80` and `443` on the
 server and routes requests into either the Blue or Green stack.
 
 On the server, create a simple `Caddyfile`:
 
-```caddyfile title="Caddyfile"
+```caddyfile title="caddy/Caddyfile"
 api.myapp.com {
   reverse_proxy blue_caddy:80
 }
@@ -73,38 +98,16 @@ be up first, so the networks exist:
 docker run -d \
   --name front-proxy \
   -p 80:80 -p 443:443 \
-  -v ./Caddyfile:/etc/caddy/Caddyfile \
+  -v ./caddy:/etc/caddy \
   -v caddy_data:/data \
   --network blue_default \
   --network green_default \
   caddy:2
 ```
 
-## 4. Deploying/Upgrading
+## 4. Upgrading
 
-Deploying is the same as [before](deploying.md), but now we're deploying the
-_idle stack_. For this example, `green` is idle so that's the one we're
-deploying.
-
-Create `blue` and `green` directories on the server and copy `compose.yaml`
-into the idle stack's directory:
-
-```sh
-scp compose.yaml youruser@yourserver:green/compose.yaml
-```
-
-Shell into the server and bring up the idle stack:
-
-```sh
-cd green
-docker compose pull
-docker compose up -d
-```
-
-Docker will use the directory name `green` as the project name, creating
-different containers, volumes and networks than the `blue` stack.
-
-### Flip traffic
+## Flip traffic
 
 Point traffic to the `green` stack:
 
@@ -132,7 +135,7 @@ Here's a workflow for B/G deploys:
 <summary>Click to expand</summary>
 
 ```yaml title=".github/workflows/ci.yaml"
-name: Deploy to VPS
+name: Deploy
 
 on:
   push:
@@ -142,8 +145,6 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    environment: production
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -177,28 +178,22 @@ jobs:
           source: "compose.yaml"
           target: "${{ steps.idle.outputs.IDLE }}/"
 
-      - name: Deploy with Docker Compose
+      - name: Deploy idle stack
         uses: appleboy/ssh-action@v1.0.3
         with:
           host: ${{ secrets.VPS_HOST }}
           username: ${{ secrets.VPS_USER }}
           key: ${{ secrets.VPS_SSH_KEY }}
-          envs: GHCR_PAT,JWT_SECRET,POSTGRES_USER,PGUSER,POSTGRES_PASSWORD,PGPASS,PGRST_AUTHENTICATOR_PASS
+          envs: GHCR_PAT
           script: |
             set -euo pipefail
-            echo $GHCR_PAT | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            echo "${{ steps.idle.outputs.ACTIVE }}" > active_stack
             cd ${{ steps.idle.outputs.IDLE }}
-            docker compose pull -q
+            echo "$GHCR_PAT" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
+            DOCKER_CLIENT_TIMEOUT=300 COMPOSE_HTTP_TIMEOUT=300 docker compose pull -q
             STACK_NAME=${{ steps.idle.outputs.IDLE }} docker compose up -d
-            echo "${{ steps.idle.outputs.ACTIVE }}" > active_stack
         env:
           GHCR_PAT: ${{ secrets.GHCR_PAT }}
-          JWT_SECRET: ${{ secrets.JWT_SECRET }}
-          PGRST_AUTHENTICATOR_PASS: ${{ secrets.PGRST_AUTHENTICATOR_PASS }}
-          PGUSER: ${{ secrets.PGUSER }}
-          PGPASS: ${{ secrets.PGPASS }}
-          POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
-          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
 ```
 
 </details>
