Deployment script updates

DEPLOYMENT.md

@@ -1,45 +1,141 @@
 # Deployment
 
-## What the scripts do
+## Server layout confirmed
 
-- `scripts/migrate-wordpress.ps1`
-  - Dumps the existing WordPress MySQL database to `migration-backups/<timestamp>/wordpress.sql`
-  - Copies `wp-content/uploads` out of the legacy WordPress container into `static/wp-content/uploads`
-  - Keeps an archive copy of the uploads in `migration-backups/<timestamp>/uploads`
+The production server currently runs multiple separate Docker Compose projects:
 
-- `scripts/deploy.ps1`
-  - Optionally runs the migration step first
-  - Optionally shuts down the legacy compose stack
-  - Validates the new compose file
-  - Builds and starts the new stack
-  - Waits for `http://localhost/api/health` to return success
+- Main public site WordPress stack:
+  - project: `goodwalkconz`
+  - path: `/docker/wordpress/goodwalk.co.nz`
+- Onboarding WordPress stack:
+  - project: `onboardinggoodwalkconz`
+  - path: `/docker/wordpress/onboarding.goodwalk.co.nz`
+- Shared nginx:
+  - project: `nginx`
+  - path: `/docker/nginx`
+- Shared mysql:
+  - project: `mysql`
+  - path: `/docker/mysql`
 
-## Before cutover
+The deployment scripts in this repo are set up to deploy the new Svelte site as a
+separate stack at:
 
-1. Fill in `.env` from `.env.example`
-2. Make sure the legacy WordPress stack is still running
-3. Identify:
-   - the legacy WordPress container name
-   - the legacy MySQL container name
-   - the legacy compose file path if you want the deploy script to shut it down for you
-   - the WordPress MySQL database name, user, and password
+- remote path: `/docker/goodwalk-svelte`
+- compose file: `docker-compose.prod.yml`
+- docker project: `goodwalk-svelte`
 
-## Example
+This leaves the onboarding site, shared nginx, shared mysql, and other unrelated
+containers untouched.
 
-```powershell
-powershell -ExecutionPolicy Bypass -File .\scripts\deploy.ps1 `
-  -RunMigration `
-  -LegacyComposeFile C:\deploy\wordpress\docker-compose.yml `
-  -LegacyProjectName goodwalk-wordpress `
-  -LegacyWordPressContainer goodwalk-wordpress-1 `
-  -LegacyDatabaseContainer goodwalk-db-1 `
-  -MySqlDatabase wordpress `
-  -MySqlUser wordpress `
-  -MySqlPassword 'replace-me'
+## Files involved
+
+- [deploy.ps1](deploy.ps1)
+  - Windows entrypoint for packaging the repo, uploading it, and running the
+    remote deployment helper over SSH.
+- [scripts/deploy-remote.sh](scripts/deploy-remote.sh)
+  - Server-side helper that updates only the `goodwalk-svelte` compose project.
+- [docker-compose.prod.yml](docker-compose.prod.yml)
+  - Production compose file for the new Svelte app, mail API, and Postgres.
+- [ssh-config](ssh-config)
+  - Repo-local SSH config used by the deployment script.
+- [nginx/goodwalk.co.nz.svelte.conf.example](nginx/goodwalk.co.nz.svelte.conf.example)
+  - Example shared-nginx config for routing the main public site to the new
+    Svelte app and mail API.
+
+## First-time server preparation
+
+1. Fill in [ssh-config](ssh-config) with the real host details.
+
+2. Create the deployment directory on the server:
+
+```bash
+mkdir -p /docker/goodwalk-svelte
 ```
 
-## Notes
+3. The first deployment will auto-create the production env file on the server at:
 
-- The new app now uses root-relative `/wp-content/uploads/...` paths, so the copied uploads are served by the SvelteKit stack after cutover.
-- The deployment script does not destroy the legacy database dump. It writes a fresh backup on every migration run.
-- If you want to keep the legacy stack running while testing, omit `-LegacyComposeFile` or add `-SkipLegacyShutdown`.
+```bash
+/docker/goodwalk-svelte/.env
+```
+
+It is created from [deploy.env.template](deploy.env.template). Current template contents:
+
+```env
+POSTGRES_DB=goodwalk
+POSTGRES_USER=goodwalk
+POSTGRES_PASSWORD=gw_Pg_7Jm9!Qx4#Ld2@Vr8
+
+RESEND_API_KEY=replace-me
+OWNER_EMAIL=replace-me
+FROM_EMAIL=GoodWalk <bookings@goodwalk.co.nz>
+REPLY_TO=aless@goodwalk.co.nz
+
+FORM_MIN_SECONDS=4
+FORM_MAX_SECONDS=7200
+RATE_LIMIT_WINDOW_SECONDS=900
+RATE_LIMIT_MAX_PER_IP=5
+RATE_LIMIT_MAX_PER_EMAIL=3
+RATE_LIMIT_MIN_INTERVAL_SECONDS=20
+```
+
+After the first deploy, edit `/docker/goodwalk-svelte/.env` on the server and replace:
+
+- `RESEND_API_KEY=replace-me`
+- `OWNER_EMAIL=replace-me`
+
+4. Confirm the shared Docker network already exists:
+
+```bash
+docker network ls | grep webnet
+```
+
+Your server already uses `webnet`, so this should already be present.
+
+## First deploy
+
+From Windows PowerShell in the repo root:
+
+```powershell
+powershell -ExecutionPolicy Bypass -File .\deploy.ps1
+```
+
+Or skip the confirmation prompt:
+
+```powershell
+powershell -ExecutionPolicy Bypass -File .\deploy.ps1 -Force
+```
+
+## Cutover nginx
+
+After the new Svelte stack is up and healthy, update the shared nginx config on
+the server for the main site.
+
+Current live file:
+
+```bash
+/docker/nginx/conf.d/goodwalk.co.nz.conf
+```
+
+Use the repo example as the new target config:
+
+```bash
+nginx/goodwalk.co.nz.svelte.conf.example
+```
+
+Then reload nginx:
+
+```bash
+docker compose -p nginx -f /docker/nginx/docker-compose.yml exec nginx nginx -t
+docker compose -p nginx -f /docker/nginx/docker-compose.yml exec nginx nginx -s reload
+```
+
+## Important notes
+
+- Do not deploy the top-level `docker-compose.yml` to this server for production.
+  It includes its own nginx service and does not match the shared nginx setup on
+  the host.
+- The deployment scripts do not stop or remove the onboarding WordPress stack.
+- The deployment scripts do not touch the shared mysql compose project.
+- The deployment scripts preserve the remote `.env` file.
+- The site check in `deploy.ps1` targets `https://www.goodwalk.co.nz/api/health`.
+  Before nginx cutover, use `-SkipSiteCheck` or expect that check to fail.