Stripe Price IDs were hardcoded and duplicated across 4 compose files.
Log levels were hardcoded per-overlay instead of using generate-log-config.sh.
This refactors all environment-specific variables into a single .env file
that CI/CD generates from Gitea repo variables + generate-log-config.sh.
- Add .env.example template with documented variables
- Replace hardcoded values with ${VAR:-default} substitution in base compose
- Simplify prod overlay from 90 to 32 lines (remove redundant env blocks)
- Add YAML anchors to blue-green overlay (eliminate blue/green duplication)
- Remove redundant OCR env block from staging overlay
- Change generate-log-config.sh to output to stdout (pipe into .env)
- Update staging/production CI/CD to generate .env with Stripe + log vars
- Remove dangerous pk_live_ default from VITE_STRIPE_PUBLISHABLE_KEY
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The google-wif-config.json was never synced to the deploy path, so the
Docker bind mount created a directory artifact instead of a file. Vision
client initialization failed on every request, silently falling back to
PaddleOCR.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AUTH0_OCR_CLIENT_ID and AUTH0_OCR_CLIENT_SECRET to inject-secrets.sh
- Add new secrets to staging and production workflow env blocks
- Create .example files for new secret documentation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Promtail 2.9.0 embeds Docker client API v1.42 which is incompatible with
Docker Engine v29 (minimum API v1.44). Grafana Alloy v1.12.2 resolves this
by using a compatible Docker client.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add "Wait for backend health" step using docker exec to verify backend
is responding before attempting external health check. Matches staging
workflow pattern.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Docker healthcheck loop to production verify-prod job matching
staging's 24 attempts x 10 seconds = 4 minutes max wait for backend
migrations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create generate-log-config.sh that maps a single LOG_LEVEL env var to
per-container settings for Backend, Frontend, PostgreSQL, Redis, and
Traefik. Script validates input and generates .env.logging file.
Integrate script into staging and production CI/CD pipelines.
Remove obsolete SPRINTS.md calendar file.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Backend with fresh migrations can take ~3 minutes to start.
Increased from 10x5s (50s) to 24x10s (240s) to accommodate.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add OCR image build/push to staging workflow
- Add OCR service with image override to staging compose
- Add OCR service with image override to blue-green compose
- Add OCR image pull/deploy to production workflow
- Include mvp-ocr-staging in health checks
The OCR container is a shared service (like postgres/redis),
not part of blue-green deployment.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The staging workflow was not copying docker-compose.yml to the server,
causing configuration changes (like Stripe secrets) to not take effect.
Added rsync step to sync config, scripts, and compose files before
deployment, matching the production workflow behavior.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add VITE_STRIPE_PUBLISHABLE_KEY to frontend Dockerfile build args
- Add VITE_STRIPE_PUBLISHABLE_KEY to docker-compose.yml build args
- Add :ro flag to backend Stripe secret volume mounts for consistency
- Update inject-secrets.sh with STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET
- Add Stripe secrets to staging.yaml workflow (build arg + inject step)
- Add Stripe secrets to production.yaml workflow (inject step)
Requires STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET secrets and
VITE_STRIPE_PUBLISHABLE_KEY variable to be configured in Gitea.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds Visual Integration section to prevent design inconsistencies:
- Icons: Must use MUI Rounded icons only, no emoji in UI
- Colors: Theme colors only, no hardcoded hex, dark mode support
- Components: Use existing shared components (GlassCard, Button, etc.)
- Typography & Spacing: MUI variants, consistent spacing multiples
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds Gitea issue templates to prevent missed integration points:
- feature.yaml: Includes Integration Criteria section for navigation,
routing, and state management requirements
- bug.yaml: Structured bug reporting with platform selection
- chore.yaml: Technical debt and maintenance tasks
The Integration Criteria section ensures features specify:
- Desktop sidebar / mobile nav placement
- Route paths and default landing page
- Mobile screen type in navigation store
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: switch-traffic.sh was modifying Traefik config in the CI checkout
directory ($GITHUB_WORKSPACE) instead of the deployment directory ($DEPLOY_PATH).
Additionally, the sed patterns didn't work with multi-line YAML structure.
Changes:
- Add DEPLOY_PATH environment variable support to all CI scripts
- Add --force-recreate flag to ensure containers are recreated with new images
- Fix weight update to use awk for reliable multi-line YAML editing
- Add scripts/ directory to rsync so SREs can run scripts from /opt/motovaultpro
- Add image verification step to confirm containers use expected images
- Add weight verification to confirm Traefik routing was updated
- Add routing validation step to verify traffic switch succeeded
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: switch-traffic.sh was modifying Traefik config in the CI checkout
directory ($GITHUB_WORKSPACE) instead of the deployment directory ($DEPLOY_PATH).
Traefik never saw the weight changes, so traffic stayed on old containers.
Changes:
- Add DEPLOY_PATH environment variable support to all CI scripts
- Add --force-recreate flag to ensure containers are recreated with new images
- Add image verification step to confirm containers use expected images
- Add weight verification to confirm Traefik routing was updated
- Add routing validation step to verify traffic switch succeeded
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
