alpine/git sets ENTRYPOINT ["git"], so GitLab's shell executor was invoking
`git sh <script>` instead of `sh <script>`. Override with entrypoint: [""].
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
pytest completes all tests but process never exits in GitLab CI.
Disabling the faulthandler plugin fixes this.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CI now creates v<pipeline_iid> tag after tests pass on master
- Supervisor fetches tags and only deploys when a newer tag is available;
skips if already on latest or no tags exist
- Fix test_seeds_markets_enabled: markets is seeded disabled (enabled=0),
test was asserting the wrong value
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- deploy.sh installs sops/age to ./bin/ (no root/sudo needed)
- Remove CI deploy stage — supervisor auto-pulls and deploys
(zero CI secrets: no SSH keys, no deploy credentials)
- Supervisor sends alert on deploy success/failure via webhook
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
deploy.sh handles decryption on the server. CI only needs SSH credentials
(SSH_PRIVATE_KEY, SSH_KNOWN_HOSTS, DEPLOY_USER, DEPLOY_HOST). All app
secrets removed from GitLab CI variables. Dead ADMIN_PASSWORD removed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove `cd padelnomics` (subdir no longer exists)
- pytest and ruff now target web/tests/ and web/src/
- Deploy stage writes .env to repo root, not padelnomics/ subdir
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
WAITLIST_MODE, LEADS_EMAIL, UMAMI_API_URL were set in GitLab CI but
never written to .env. Paddle vars made optional (:-) so deploys work
without them when in waitlist mode.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Migration atomicity:
- Remove conn.commit() and executescript() from all up() functions (0000,
0011, 0012, 0013, 0014, 0015); executescript() issued implicit COMMITs
which broke the batch-rollback guarantee of the migration runner
- Rewrite 0000 with individual conn.execute() calls (was a single
executescript block)
Deploy hardening:
- Add pre-migration DB backup step to deploy.sh: saves
app.db.pre-deploy-<timestamp> in the volume before every migration
- On health-check failure: restore the backup, then stop + exit
- On success: clean up old backups (keep last 3)
Litestream:
- Enable R2 as primary replica in litestream.yml (env-var placeholders)
- Add local /app/data/backups as secondary replica
- docker-compose: add auto-restore on empty volume (sh entrypoint runs
'litestream restore' before 'litestream replicate' if app.db missing)
- Add LITESTREAM_R2_* vars to .gitlab-ci.yml .env block and .env.example
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Run copier update with payment_provider=paddle to switch all billing
integration: routes, config, schema columns, webhook handling, tests,
and CI deploy secrets. Add one-time migration script for renaming
lemonsqueezy_* columns to paddle_* in production DB.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GitLab CI runs pytest + ruff on master/MRs, then auto-deploys via SSH.
Blue-green strategy using Docker Compose profiles with an nginx router
on port 5000 for zero-downtime switching between slots.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
