Skip to content

Commit 6a9aa5a

Browse files
committed
DEPLOYMENT: add ./deployment/* with bot docker-compose deploy
1 parent 7b491dd commit 6a9aa5a

File tree

11 files changed

+203
-5
lines changed

11 files changed

+203
-5
lines changed

.github/workflows/docker-publish.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,18 +7,16 @@ name: Docker
77

88
on:
99
push:
10-
branches: [ "main" ]
10+
branches: ["main"]
1111

1212
env:
1313
# Use docker.io for Docker Hub if empty
1414
REGISTRY: ghcr.io
1515
# github.repository as <account>/<repo>
1616
IMAGE_NAME: ${{ github.repository }}
1717

18-
1918
jobs:
2019
build:
21-
2220
runs-on: ubuntu-latest
2321
permissions:
2422
contents: read
@@ -37,7 +35,7 @@ jobs:
3735
if: github.event_name != 'pull_request'
3836
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
3937
with:
40-
cosign-release: 'v2.2.4'
38+
cosign-release: "v2.2.4"
4139

4240
# Set up BuildKit Docker container builder to be able to build
4341
# multi-platform images and export cache
@@ -75,6 +73,7 @@ jobs:
7573
labels: ${{ steps.meta.outputs.labels }}
7674
cache-from: type=gha
7775
cache-to: type=gha,mode=max
76+
platforms: linux/amd64,linux/arm64
7877

7978
# Sign the resulting Docker image digest except on PRs.
8079
# This will only write to the public Rekor transparency log when the Docker

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@
88
*.so
99
*.dylib
1010

11+
# Mac related
12+
.DS_Store
13+
1114
# Test binary, built with `go test -c`
1215
*.test
1316

bot

11 MB
Binary file not shown.

deployment/.env.template

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# Bot configuration
2+
TELEGRAM_BOT_PUBLIC_URL=your_public_url_or_localhost
3+
4+
# Note: Sensitive credentials are stored in the ./secrets/ directory
5+
# ./secrets/telegram_token.txt - Your Telegram bot token
6+
# ./secrets/db_user.txt - Database username
7+
# ./secrets/db_password.txt - Database password

deployment/README.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Digikeeper Bot Deployment
2+
3+
Production-ready Docker Compose setup with TimescaleDB and database migrations.
4+
5+
## Usage
6+
7+
```bash
8+
#!/bin/bash
9+
# Script to setup secrets directory and files
10+
11+
# Create secrets directory with secure permissions
12+
mkdir -p ./secrets
13+
chmod 700 ./secrets
14+
15+
echo "postgres" > ./secrets/db_user
16+
echo "$(openssl rand -base64 32 | tr -d '\n')" > ./secrets/db_password
17+
echo "your_telegram_token_here" > ./secrets/telegram_token
18+
19+
chmod 600 ./secrets/*
20+
```
21+
22+
## Structure
23+
24+
- `docker-compose.yml` - Container configuration
25+
- `migrations/` - Database migration scripts golang-migrate

deployment/docker-compose.yml

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
services:
2+
dk-timescale:
3+
image: timescale/timescaledb:2.19.2-pg17
4+
container_name: timescaledb
5+
environment:
6+
- POSTGRES_USER_FILE=/run/secrets/db_user
7+
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
8+
- POSTGRES_DB=digikeeper
9+
ports:
10+
- target: 5432
11+
published: 5432
12+
volumes:
13+
- timescaledb_data:/var/lib/postgresql/data
14+
healthcheck:
15+
test: ["CMD-SHELL", "pg_isready -U $(cat /run/secrets/db_user)"]
16+
interval: 5s
17+
timeout: 5s
18+
retries: 5
19+
networks:
20+
- db
21+
secrets:
22+
- db_user
23+
- db_password
24+
mem_limit: 1G
25+
mem_reservation: 512M
26+
cpus: 1.0
27+
28+
digikeeper-bot:
29+
image: ghcr.io/gitrus/digikeeper-bot:main
30+
container_name: digikeeper-bot
31+
environment:
32+
- LOCAL_PORT=8081
33+
- LOCAL_HOST=0.0.0.0
34+
- TELEGRAM_BOT_TOKEN_FILE=/run/secrets/telegram_token
35+
- TELEGRAM_BOT_PUBLIC_URL=${TELEGRAM_BOT_PUBLIC_URL:-localhost}
36+
- TELEGRAM_ALLOWED_UPDATES=message
37+
- POSTGRES_HOST=timescaledb
38+
- POSTGRES_PORT=5432
39+
- POSTGRES_USER_FILE=/run/secrets/db_user
40+
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
41+
- POSTGRES_DB=digikeeper
42+
ports:
43+
- target: 8081
44+
published: 8081
45+
- target: 8091
46+
published: 8091
47+
volumes:
48+
- ..:/usr/app:ro
49+
depends_on:
50+
dk-timescale:
51+
condition: service_healthy
52+
networks:
53+
- db
54+
restart: unless-stopped
55+
secrets:
56+
- db_user
57+
- db_password
58+
- telegram_token
59+
mem_limit: 512M
60+
mem_reservation: 256M
61+
cpus: 0.5
62+
63+
healthcheck:
64+
test: ["CMD", "wget", "-qO-", "http://localhost:8091/health"]
65+
interval: 30s
66+
timeout: 10s
67+
retries: 3
68+
start_period: 40s
69+
70+
volumes:
71+
timescaledb_data:
72+
driver: local
73+
pgbackup_data:
74+
driver: local
75+
76+
networks:
77+
db:
78+
driver: bridge
79+
internal: true
80+
81+
secrets:
82+
db_user:
83+
file: ./secrets/db_user
84+
db_password:
85+
file: ./secrets/db_password
86+
telegram_token:
87+
file: ./secrets/telegram_token
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;
Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
DROP SCHEMA IF EXISTS digikeeper;
2+
3+
DROP TABLE IF EXISTS digikeeper.user;
4+
5+
DROP SCHEMA IF EXISTS digikeeper_tg;
6+
7+
DROP TABLE IF EXISTS digikeeper_tg.tg_user_sessions;
8+
9+
DROP TABLE IF EXISTS digikeeper.message_logs;
Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
CREATE SCHEMA IF NOT EXISTS digikeeper;
2+
3+
CREATE TABLE IF NOT EXISTS digikeeper.user (
4+
user_uid UUID PRIMARY KEY,
5+
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW (),
6+
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW ()
7+
);
8+
9+
CREATE SCHEMA IF NOT EXISTS digikeeper_tg;
10+
11+
CREATE TABLE IF NOT EXISTS digikeeper_tg.tg_user_sessions (
12+
user_uid UUID NOT NULL references digikeeper.user (user_uid),
13+
tg_user_id BIGINT PRIMARY KEY,
14+
chat_id BIGINT NOT NULL,
15+
data JSONB,
16+
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW (),
17+
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW ()
18+
);
19+
20+
CREATE INDEX IF NOT EXISTS idx_user_sessions_updated_at ON digikeeper_tg.user_sessions (updated_at);
21+
22+
CREATE TABLE IF NOT EXISTS digikeeper.message_logs (
23+
timestamp TIMESTAMPTZ NOT NULL DEFAULT NOW (),
24+
user_id BIGINT NOT NULL,
25+
chat_id BIGINT NOT NULL,
26+
message_id BIGINT NOT NULL,
27+
message_text TEXT,
28+
message_type TEXT NOT NULL
29+
);
30+
31+
CREATE INDEX IF NOT EXISTS idx_message_logs_user_id ON digikeeper.message_logs (user_id);
32+
33+
CREATE INDEX IF NOT EXISTS idx_message_logs_chat_id ON digikeeper.message_logs (chat_id);
34+
35+
SELECT
36+
create_hypertable (
37+
'digikeeper.message_logs',
38+
by_range ('timestamp', INTERVAL '1 day'),
39+
if_not_exists = > TRUE
40+
);
41+
42+
SELECT
43+
add_retention_policy (
44+
'digikeeper.message_logs',
45+
INTERVAL '30 days',
46+
if_not_exists = > TRUE
47+
);

go.mod

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,9 @@ require (
7272
github.com/go-xmlfmt/xmlfmt v1.1.3 // indirect
7373
github.com/gobwas/glob v0.2.3 // indirect
7474
github.com/gofrs/flock v0.12.1 // indirect
75-
github.com/golang/protobuf v1.5.3 // indirect
75+
github.com/golang-migrate/migrate v3.5.4+incompatible // indirect
76+
github.com/golang-migrate/migrate/v4 v4.18.2 // indirect
77+
github.com/golang/protobuf v1.5.4 // indirect
7678
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
7779
github.com/golangci/go-printf-func-name v0.1.0 // indirect
7880
github.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d // indirect
@@ -88,7 +90,9 @@ require (
8890
github.com/gostaticanalysis/forcetypeassert v0.2.0 // indirect
8991
github.com/gostaticanalysis/nilerr v0.1.1 // indirect
9092
github.com/grbit/go-json v0.11.0 // indirect
93+
github.com/hashicorp/errwrap v1.1.0 // indirect
9194
github.com/hashicorp/go-immutable-radix/v2 v2.1.0 // indirect
95+
github.com/hashicorp/go-multierror v1.1.1 // indirect
9296
github.com/hashicorp/go-version v1.7.0 // indirect
9397
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
9498
github.com/hashicorp/hcl v1.0.0 // indirect
@@ -191,6 +195,7 @@ require (
191195
gitlab.com/bosi/decorder v0.4.2 // indirect
192196
go-simpler.org/musttag v0.13.0 // indirect
193197
go-simpler.org/sloglint v0.9.0 // indirect
198+
go.uber.org/atomic v1.7.0 // indirect
194199
go.uber.org/automaxprocs v1.6.0 // indirect
195200
go.uber.org/multierr v1.10.0 // indirect
196201
golang.org/x/arch v0.6.0 // indirect
@@ -213,3 +218,5 @@ require (
213218
tool github.com/golangci/golangci-lint/cmd/golangci-lint
214219

215220
tool github.com/WAY29/icecream-go
221+
222+
tool github.com/golang-migrate/migrate/v4/cmd/migrate

0 commit comments

Comments
 (0)