cms.fellies.org/docs/product-engineering/delivery-pipeline.md

# Delivery Pipeline

## Scope

Operational pipeline baseline for image build/push, staging deploy, production promotion, and rollback.

## Registry Credentials Strategy

Use scoped Gitea secrets:

- `CMS_IMAGE_REGISTRY`
- `CMS_IMAGE_NAMESPACE`
- `CMS_IMAGE_REGISTRY_USER`
- `CMS_IMAGE_REGISTRY_PASSWORD`

Policy:

- credentials only in CI secrets
- no plaintext credentials in repo
- least privilege: push/pull for target namespace only

## Build and Push Flow

- Workflow: `.gitea/workflows/release.yml`
- Trigger:
  - tag push `vX.Y.Z`
  - manual `workflow_dispatch`
- Steps:
  1. validate tag vs root `package.json` version
  2. generate changelog
  3. docker login
  4. build and push `cms-web` and `cms-admin` images

## Staging Deployment Automation

- Workflow: `.gitea/workflows/deploy.yml`
- Manual input:
  - `environment=staging`
  - `image_tag=vX.Y.Z`
- Remote deployment uses SSH + compose file:
  - `docker-compose.staging.yml`

Required secrets:

- `CMS_STAGING_HOST`
- `CMS_STAGING_USER`
- `CMS_DEPLOY_KEY`
- `CMS_REMOTE_DEPLOY_PATH`

## Production Promotion and Rollback

Promotion:

- run deploy workflow with:
  - `environment=production`
  - `image_tag=vX.Y.Z`

Rollback:

- release workflow supports rollback placeholder by image tag
- deploy workflow supports `rollback_tag` input
- recovery action:
  - rerun deploy with previous known-good tag

## Deployment Verification

After deploy:

1. app health checks (web/admin)
2. auth smoke flow
3. i18n smoke flow
4. critical route checks (`/`, `/login`, `/todo`)

## Notes

- Current workflows are production-oriented scaffolds and require secret provisioning in Gitea.
- Host hardening, network ACLs, and backup policy remain mandatory operational controls.