Initial MinIO setup with CI/CD

.gitea/workflows/README.md

@@ -0,0 +1,349 @@
+# MinIO Storage - Gitea Actions
+
+This directory contains automated CI/CD workflows for MinIO deployment and maintenance.
+
+## Workflows
+
+### 1. `deploy.yml` - Production Deployment
+**Trigger:** Push to `main` or `master` branch
+
+**What it does:**
+- Uploads docker-compose.prod.yml to server
+- Creates/updates MinIO production container
+- Sets up buckets automatically
+- Performs health checks
+
+**Deployment location:** `/var/www/apps/minio-storage`
+
+**Access:**
+- S3 API: https://minio.crewsportswear.com
+- Console: https://console.crewsportswear.com
+
+---
+
+### 2. `deploy-dev.yml` - Development Deployment
+**Trigger:** Push to `dev` branch
+
+**What it does:**
+- Deploys MinIO to development environment
+- Uses default credentials (minioadmin/minioadmin123)
+- Exposed on ports 9000/9001
+- Sets up development buckets
+
+**Deployment location:** `/var/www/apps/minio-storage-dev`
+
+**Access:**
+- S3 API: http://dev.crewsportswear.com:9000
+- Console: http://dev.crewsportswear.com:9001
+
+---
+
+### 3. `backup.yml` - Automated Backups
+**Trigger:** 
+- Daily at 2 AM (cron: `0 2 * * *`)
+- Manual via workflow_dispatch
+
+**What it does:**
+- Backs up all MinIO buckets
+- Compresses backups (.tar.gz)
+- Stores in `/var/backups/minio/`
+- Keeps last 7 days of backups
+- Verifies backup completion
+
+**Manual trigger:**
+```bash
+# Via Gitea UI: Actions → Backup MinIO Buckets → Run Workflow
+```
+
+---
+
+## Required Secrets
+
+Configure these in your Gitea repository settings:  
+**Settings → Secrets → Actions**
+
+| Secret | Description | Example |
+|--------|-------------|---------|
+| `DEPLOY_SSH_KEY` | Private SSH key for deployment | `-----BEGIN OPENSSH PRIVATE KEY-----...` |
+| `DEPLOY_HOST` | Production server hostname/IP | `123.45.67.89` or `server.example.com` |
+| `DEPLOY_USER` | SSH username on server | `deploy` or `ubuntu` |
+
+### Generate SSH Key
+
+```bash
+# On your local machine
+ssh-keygen -t ed25519 -C "gitea-minio-deploy" -f ~/.ssh/gitea_minio_deploy
+
+# Copy public key to server
+ssh-copy-id -i ~/.ssh/gitea_minio_deploy.pub user@server
+
+# Copy private key content to Gitea secret
+cat ~/.ssh/gitea_minio_deploy
+```
+
+---
+
+## Deployment Process
+
+### Production Deployment
+
+1. **Make changes** to docker-compose.prod.yml or setup scripts
+2. **Commit and push** to `main` branch:
+   ```bash
+   git add .
+   git commit -m "Update MinIO configuration"
+   git push origin main
+   ```
+3. **Watch workflow** in Gitea: Repository → Actions
+4. **Verify deployment:**
+   ```bash
+   curl https://minio.crewsportswear.com/minio/health/live
+   # Should return: OK
+   ```
+
+### Development Deployment
+
+1. **Create/switch to dev branch:**
+   ```bash
+   git checkout -b dev
+   ```
+2. **Push changes:**
+   ```bash
+   git push origin dev
+   ```
+3. **Access dev environment:**
+   - Console: http://dev.crewsportswear.com:9001
+
+### Manual Workflow Trigger
+
+You can manually trigger any workflow:
+
+1. Go to: **Repository → Actions**
+2. Select workflow (e.g., "Deploy MinIO Production")
+3. Click **"Run Workflow"**
+4. Select branch
+5. Click **"Run Workflow"** button
+
+---
+
+## First-Time Setup
+
+### 1. Configure Server
+
+Ensure your server has:
+- Docker and Docker Compose installed
+- Networks created: `traefik-public`, `crew-app-net`
+- Traefik running (for production HTTPS)
+
+```bash
+# On server
+docker network create traefik-public
+docker network create crew-app-net
+```
+
+### 2. Configure Gitea Secrets
+
+Add the three required secrets (see table above).
+
+### 3. Initial Deployment
+
+```bash
+# Clone repo
+git clone your-gitea-url/minio-storage.git
+cd minio-storage
+
+# Push to trigger deployment
+git push origin main
+```
+
+### 4. Post-Deployment Setup
+
+After first deployment, SSH into server and configure:
+
+```bash
+ssh user@server
+
+# Set production credentials
+cd /var/www/apps/minio-storage
+nano .env
+
+# Update these:
+MINIO_ROOT_USER=your_secure_username
+MINIO_ROOT_PASSWORD=your_secure_password_32chars
+
+# For secured console, add BasicAuth
+htpasswd -nb admin YourPassword
+# Copy output to .env:
+TRAEFIK_CONSOLE_AUTH='admin:$$apr1$$...'
+
+# Restart
+docker compose down && docker compose up -d
+```
+
+---
+
+## Monitoring
+
+### Check Deployment Status
+
+```bash
+# On server
+cd /var/www/apps/minio-storage
+
+# Check container status
+docker ps | grep minio
+
+# Check logs
+docker logs crew-minio-prod
+
+# View recent deployments
+ls -lt /var/www/apps/minio-storage
+```
+
+### View Backups
+
+```bash
+# On server
+ls -lh /var/backups/minio/
+
+# Extract a backup
+cd /tmp
+tar -xzf /var/backups/minio/minio_backup_YYYYMMDD_HHMMSS.tar.gz
+
+# Restore if needed (see README.md for restore procedure)
+```
+
+---
+
+## Troubleshooting
+
+### Deployment Failed
+
+```bash
+# Check Gitea Actions logs
+# Repository → Actions → Failed workflow → View logs
+
+# Common issues:
+# 1. SSH key not added to server authorized_keys
+# 2. Server disk space full
+# 3. Docker not running on server
+```
+
+### Container Not Starting
+
+```bash
+ssh user@server
+cd /var/www/apps/minio-storage
+
+# Check .env file exists
+cat .env
+
+# Check Docker logs
+docker logs crew-minio-prod
+
+# Check networks
+docker network ls | grep crew-app-net
+
+# Recreate manually
+docker compose down
+docker compose up -d
+```
+
+### Backup Failed
+
+```bash
+# Check backup directory permissions
+ls -ld /var/backups/minio/
+
+# Check disk space
+df -h
+
+# Manual backup
+cd /var/www/apps/minio-storage
+docker exec crew-minio-prod mc mirror backup/crewsportswear /tmp/manual_backup
+```
+
+---
+
+## Workflow Customization
+
+### Change Backup Schedule
+
+Edit `.gitea/workflows/backup.yml`:
+
+```yaml
+on:
+  schedule:
+    - cron: '0 2 * * *'  # Daily 2 AM
+    # Change to:
+    - cron: '0 */6 * * *'  # Every 6 hours
+    - cron: '0 0 * * 0'  # Weekly on Sunday
+```
+
+### Add Post-Deployment Hooks
+
+Edit `.gitea/workflows/deploy.yml`, add step:
+
+```yaml
+- name: Notify team
+  shell: sh
+  run: |
+    curl -X POST https://your-webhook-url \
+      -d "MinIO deployed successfully"
+```
+
+### Custom Health Checks
+
+Add to deploy.yml:
+
+```yaml
+- name: Test bucket access
+  shell: sh
+  run: |
+    # Test upload
+    echo "test" > test.txt
+    curl -X PUT https://minio.crewsportswear.com/crewsportswear/test.txt \
+      --upload-file test.txt
+```
+
+---
+
+## Security Best Practices
+
+1. **Rotate SSH keys** regularly
+2. **Use strong MinIO credentials** (32+ characters)
+3. **Enable BasicAuth** for console (production)
+4. **Monitor backup logs** for failures
+5. **Test restore procedure** quarterly
+6. **Limit Gitea Actions secrets** access to admins only
+
+---
+
+## Related Documentation
+
+- [Main README](../README.md) - MinIO setup and usage
+- [Security Guide](../SECURITY.md) - Security best practices
+- [Gitea Actions Docs](https://docs.gitea.com/usage/actions/overview)
+
+---
+
+## Quick Reference
+
+```bash
+# View workflows
+ls .gitea/workflows/
+
+# Trigger production deploy
+git push origin main
+
+# Trigger dev deploy
+git push origin dev
+
+# Manual backup (via Gitea UI)
+Repository → Actions → Backup MinIO Buckets → Run Workflow
+
+# Check deployment
+ssh user@server
+docker ps | grep minio
+docker logs crew-minio-prod
+```