chore: P1 - stage.dzcode.io to new more powerful VPS

[ZibanPirate]

this is part one of the migration:

• removed ./web/cloudflare workspace
• created a new workspace ./web-server: express server with Open-Graph functionalities
• update CD workflows to deploy frontend (./web and ./web-server) to cluster (example run)
• Removed lighthouse job from CD

Next steps:

• deploy ./api to stage chore: P2 deploy ./api stage to zcluster #655
• production deployment
• Cleanup of scripts and files we no longer need
• Optimization of ./web-server (rate limiting and such)

End goal

before:

• two cheap vps to deploy ./api, one for each environement
• two page apps in cloudflare to deploy ./web
• two cloudflare workers to handle SEO URLs
• SSL done through Cloudflare proxy (limited to one subdomain level, so can't do SSL for api.stage.dzcode.io, we had to rename it to api-stage.dzcode.io)

after:
we only ever need one VPS (zcluster; basically a VPS with a Rust server that handles infra stuff, you connect to via zcluster cli app)
Inside it we can define as many containers as we want, so:

• docker container for ./api (including postgress and meilisearch containers)
• docker container for ./web (also handles SEO)

a nice bonus, is we already have grafana monitoring setup for this server, so we can even replace/remove the analytics tools we have:

• sentry on ./api
• sentry on ./web
• Google Analytics on ./web
• lighthouse-ci on ./web

change:

• Bug fix
• New feature
• Other

[omdxp]

can you share what is this tool and why it's needed here?

[ZibanPirate]

• as shown in line 110, it takes a docker-compose file
• replaces any {{string}} with env variables
• then send it to this endpoint: https://infra.zak-man.com/project/stage-dzcode/deploy
• on the infra backend (cx32 VPS from hetzner), an axum server will take that docker compose file
• save it on a directory as shown in the logs
• then runs docker compose up as shown here as well

and since in that VPS we have nginx-proxy and acme-companion running, they will auto handle both redirecting traffic from stage.dzcode.io to this docker compose file, as well as handling SSL automatically, all using these two variables

[omdxp]

We can still write the Dockerfil this way (or just copy package.json and package-lock.json and install on the server) here but we can add a security step (audit fix) to ensure that these packages are safe to use

[omdxp]

nice cargo script ❤️

[omdxp]

Should we add a bot commit to CI if this file change (maybe because of adding or deleting local packages)?

It's not necessary for deployment but at least it will be readable to the readers

[ZibanPirate]

i thought about it, i don't see a clean way of doing this:

• postinstall script would run the script file
• pre-commit hook
• CI check for dirty git status

still, this will be an extra check, the actual correctness of dockerfile is guaranteed because we run this script before each deployment, so we may be trying to solve no actual problems here

[omdxp]

There is no problem to solve here except for readability

[omdxp]

Do we cache these generations between cron jobs?

[ZibanPirate]

nope, we can have that as improevemnt later, thoe it is not an issue now (don't tell k6s about it 👀)