.beans/nuzlocke-tracker-ahza--deployment-strategy.md

---
# nuzlocke-tracker-ahza
title: Deployment Strategy
status: in-progress
type: epic
priority: normal
created_at: 2026-02-09T14:03:53Z
updated_at: 2026-02-10T08:16:36Z
---

Define and implement a deployment strategy for running the nuzlocke-tracker in production on a local Unraid server while keeping laptop/PC as the development environment.

## Context

- **Components:** API (Python/FastAPI), Frontend (Vite/React), PostgreSQL database
- **Dev environment:** Laptop/PC — continue using the existing `docker-compose.yml` for local development
- **Production host:** Unraid server running Docker containers
- **Networking:** LAN-only access, Nginx Proxy Manager already in place on Unraid
- **Orchestration:** Docker Compose for production (matching dev workflow). Deploy via SSH from the dev machine.

## Decided Approach

**Docker Compose + SSH + Gitea (source hosting, container registry)**

1. **Gitea** runs on Unraid behind Nginx Proxy Manager with SSL (e.g., `gitea.nerdboden.de`). It serves as the self-hosted Git remote and container registry.
2. **Images are built on the dev machine** (podman or docker, cross-compiled for linux/amd64) and pushed to Gitea's container registry as **user-level packages** (e.g., `gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest`, `gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest`).
3. **Production runs docker compose** on Unraid at `/mnt/user/appdata/nuzlocke-tracker/`, pulling images from the Gitea container registry instead of mounting source.
4. **A deploy script** on the dev machine automates the full flow: build images → push to Gitea registry → SCP compose file to Unraid → generate `.env` if missing → SSH to pull images and (re)start containers.
5. **Nginx Proxy Manager** handles routing on the LAN (e.g., `nuzlocke.nerdboden.de` → frontend container, `gitea.nerdboden.de` → Gitea).
6. **Database** uses a bind mount (`./data/postgres`) for persistence on the Unraid disk; migrations run automatically on API container startup.

## Branching Strategy

**`main` + `develop` + feature branches**

- **`main`** — always production-ready. Only receives merges from `develop` when ready to deploy. The deploy script builds from `main`.
- **`develop`** — integration branch for day-to-day work. Features are merged here and tested before promoting to `main`.
- **`feature/*`** — short-lived branches off `develop` for individual features/fixes. Merged back into `develop` via PR or direct merge when complete.

**Workflow:**
1. Create `feature/xyz` from `develop`
2. Work on the feature, commit, merge into `develop`
3. When ready to deploy: merge `develop` → `main`
4. Run `./deploy.sh` (builds from `main`, pushes to Gitea registry, deploys to Unraid via SSH)

## Checklist

- [x] **Set up branching structure** — create `develop` branch from `main`, establish the `main`/`develop`/`feature/*` workflow
- [x] **Update CLAUDE.md with branching rules** — once the branching structure is in place, add instructions to CLAUDE.md that the branching strategy must be adhered to (always work on feature branches, never commit directly to `main`, merge flow is `feature/*` → `develop` → `main`)
- [ ] **Configure Gitea container registry** — create an access token with `read:package` and `write:package` scopes, verify `docker login gitea.nerdboden.de` works, test pushing and pulling an image as a user-level package
- [x] **Create production docker-compose file** (`docker-compose.prod.yml`) — uses images from the Gitea container registry, production env vars, no source volume mounts, proper restart policies
- [x] **Create production Dockerfiles (or multi-stage builds)** — ensure frontend is built and served statically (e.g., via the API or a lightweight nginx container), API runs without debug mode
- [x] **Create deploy script** — `./deploy.sh` builds images (podman/docker, linux/amd64), pushes to Gitea registry, SCPs compose file, generates `.env` if needed, pulls and starts containers via SSH
- [x] **Configure Nginx Proxy Manager** — add proxy host entries for Gitea and the nuzlocke-tracker frontend/API on the appropriate ports
- [x] **Environment & secrets management** — deploy script auto-generates `.env` with `POSTGRES_PASSWORD` on Unraid if missing; file lives at `/mnt/user/appdata/nuzlocke-tracker/.env`
- [ ] **Implement Gitea Actions CI/CD pipeline** — set up Gitea Actions runner on Unraid, create CI workflow (lint/test on `develop`) and deploy workflow (build/push/deploy on `main`); uses GitHub Actions-compatible syntax for portability
- [x] **Database backup strategy** — set up a simple scheduled backup for the PostgreSQL data (e.g., cron + `pg_dump` script on Unraid)
- [ ] **Document the deployment workflow** — README or docs covering how to deploy, redeploy, rollback, and manage the production instance
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00			`---`
			`# nuzlocke-tracker-ahza`
			`title: Deployment Strategy`
Add DEPLOYMENT.md as living deployment documentation Covers architecture overview, Gitea container registry setup, branching strategy, and deployment workflow. Sections not yet implemented are marked with TODO to be filled in as the deployment epic progresses. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 17:56:06 +01:00			`status: in-progress`
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00			`type: epic`
			`priority: normal`
			`created_at: 2026-02-09T14:03:53Z`
Use bind mount for prod database storage instead of named volume Store PostgreSQL data at ./data/postgres relative to the compose file so persistent data lives on the Unraid disk at /mnt/user/appdata/nuzlocke-tracker/data/postgres. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 09:17:14 +01:00			`updated_at: 2026-02-10T08:16:36Z`
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00			`---`

			`Define and implement a deployment strategy for running the nuzlocke-tracker in production on a local Unraid server while keeping laptop/PC as the development environment.`

			`## Context`

			`- Components: API (Python/FastAPI), Frontend (Vite/React), PostgreSQL database`
			- Dev environment: Laptop/PC — continue using the existing `docker-compose.yml` for local development
			`- Production host: Unraid server running Docker containers`
			`- Networking: LAN-only access, Nginx Proxy Manager already in place on Unraid`
Update deployment beans to reflect SSH-based approach Remove Portainer references, mark NPM and env management as completed, update epic checklist and decided approach. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 09:45:58 +01:00			`- Orchestration: Docker Compose for production (matching dev workflow). Deploy via SSH from the dev machine.`
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00
			`## Decided Approach`

Update deployment beans to reflect SSH-based approach Remove Portainer references, mark NPM and env management as completed, update epic checklist and decided approach. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 09:45:58 +01:00			`Docker Compose + SSH + Gitea (source hosting, container registry)`
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00
Update deployment beans to reflect SSH-based approach Remove Portainer references, mark NPM and env management as completed, update epic checklist and decided approach. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 09:45:58 +01:00			1. Gitea runs on Unraid behind Nginx Proxy Manager with SSL (e.g., `gitea.nerdboden.de`). It serves as the self-hosted Git remote and container registry.
			2. Images are built on the dev machine (podman or docker, cross-compiled for linux/amd64) and pushed to Gitea's container registry as user-level packages (e.g., `gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest`, `gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest`).
			3. Production runs docker compose on Unraid at `/mnt/user/appdata/nuzlocke-tracker/`, pulling images from the Gitea container registry instead of mounting source.
			4. A deploy script on the dev machine automates the full flow: build images → push to Gitea registry → SCP compose file to Unraid → generate `.env` if missing → SSH to pull images and (re)start containers.
			5. Nginx Proxy Manager handles routing on the LAN (e.g., `nuzlocke.nerdboden.de` → frontend container, `gitea.nerdboden.de` → Gitea).
			6. Database uses a bind mount (`./data/postgres`) for persistence on the Unraid disk; migrations run automatically on API container startup.
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00
			`## Branching Strategy`

			`main` + `develop` + feature branches

			- `main` — always production-ready. Only receives merges from `develop` when ready to deploy. The deploy script builds from `main`.
			- `develop` — integration branch for day-to-day work. Features are merged here and tested before promoting to `main`.
			- *`feature/`** — short-lived branches off `develop` for individual features/fixes. Merged back into `develop` via PR or direct merge when complete.

			`Workflow:`
			1. Create `feature/xyz` from `develop`
			2. Work on the feature, commit, merge into `develop`
			3. When ready to deploy: merge `develop` → `main`
Update deployment beans to reflect SSH-based approach Remove Portainer references, mark NPM and env management as completed, update epic checklist and decided approach. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 09:45:58 +01:00			4. Run `./deploy.sh` (builds from `main`, pushes to Gitea registry, deploys to Unraid via SSH)
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00
			`## Checklist`

Set up branching structure and add branching rules to CLAUDE.md Create develop branch from main and document the branching strategy (main/develop/feature/*) in CLAUDE.md to enforce the workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 11:50:11 +01:00			- [x] Set up branching structure — create `develop` branch from `main`, establish the `main`/`develop`/`feature/*` workflow
			- [x] Update CLAUDE.md with branching rules — once the branching structure is in place, add instructions to CLAUDE.md that the branching strategy must be adhered to (always work on feature branches, never commit directly to `main`, merge flow is `feature/*` → `develop` → `main`)
Add deploy script and update prod compose Deploy script builds and pushes images to Gitea registry, then triggers Portainer stack redeployment via API. Includes preflight checks for branch and uncommitted changes. Also renames prod DB volume to avoid conflicts with dev and changes frontend port to 9080. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 18:28:17 +01:00			- [ ] Configure Gitea container registry — create an access token with `read:package` and `write:package` scopes, verify `docker login gitea.nerdboden.de` works, test pushing and pulling an image as a user-level package
Add production Dockerfiles and nginx config Backend: installs non-editable, runs uvicorn without reload. Frontend: multi-stage build, serves static files via nginx with API proxy to the backend service and SPA fallback routing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 18:00:28 +01:00			- [x] Create production docker-compose file (`docker-compose.prod.yml`) — uses images from the Gitea container registry, production env vars, no source volume mounts, proper restart policies
Add deploy script and update prod compose Deploy script builds and pushes images to Gitea registry, then triggers Portainer stack redeployment via API. Includes preflight checks for branch and uncommitted changes. Also renames prod DB volume to avoid conflicts with dev and changes frontend port to 9080. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 18:28:17 +01:00			`- [x] Create production Dockerfiles (or multi-stage builds) — ensure frontend is built and served statically (e.g., via the API or a lightweight nginx container), API runs without debug mode`
Update deployment beans to reflect SSH-based approach Remove Portainer references, mark NPM and env management as completed, update epic checklist and decided approach. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 09:45:58 +01:00			- [x] Create deploy script — `./deploy.sh` builds images (podman/docker, linux/amd64), pushes to Gitea registry, SCPs compose file, generates `.env` if needed, pulls and starts containers via SSH
			`- [x] Configure Nginx Proxy Manager — add proxy host entries for Gitea and the nuzlocke-tracker frontend/API on the appropriate ports`
			- [x] Environment & secrets management — deploy script auto-generates `.env` with `POSTGRES_PASSWORD` on Unraid if missing; file lives at `/mnt/user/appdata/nuzlocke-tracker/.env`
Add Gitea Actions CI/CD pipeline task to deployment epic Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 10:38:59 +01:00			- [ ] Implement Gitea Actions CI/CD pipeline — set up Gitea Actions runner on Unraid, create CI workflow (lint/test on `develop`) and deploy workflow (build/push/deploy on `main`); uses GitHub Actions-compatible syntax for portability
Add database backup script with daily cron and 7-day retention pg_dump-based backup script deployed alongside compose file. Deploy script now installs a daily cron job (03:00) on Unraid automatically. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-10 11:55:27 +01:00			- [x] Database backup strategy — set up a simple scheduled backup for the PostgreSQL data (e.g., cron + `pg_dump` script on Unraid)
Add deployment strategy epic bean Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-09 16:29:28 +01:00			`- [ ] Document the deployment workflow — README or docs covering how to deploy, redeploy, rollback, and manage the production instance`