gw-svelte/DEPLOYMENT.md

# Deployment

## Server layout confirmed

The production server currently runs multiple separate Docker Compose projects:

- Main public site WordPress stack:
  - project: `goodwalkconz`
  - path: `/docker/wordpress/goodwalk.co.nz`
- Onboarding WordPress stack:
  - project: `onboardinggoodwalkconz`
  - path: `/docker/wordpress/onboarding.goodwalk.co.nz`
- Shared nginx:
  - project: `nginx`
  - path: `/docker/nginx`
- Shared mysql:
  - project: `mysql`
  - path: `/docker/mysql`

The deployment scripts in this repo are set up to deploy the new Svelte site as a
separate stack at:

- remote path: `/docker/goodwalk-svelte`
- compose file: `docker-compose.prod.yml`
- docker project: `goodwalk-svelte`

This leaves the onboarding site, shared nginx, shared mysql, and other unrelated
containers untouched.

## Files involved

- [deploy.ps1](deploy.ps1)
  - Windows entrypoint for packaging the repo, uploading it, and running the
    remote deployment helper over SSH.
- [scripts/deploy-remote.sh](scripts/deploy-remote.sh)
  - Server-side helper that updates only the `goodwalk-svelte` compose project.
- [docker-compose.prod.yml](docker-compose.prod.yml)
  - Production compose file for the new Svelte app, mail API, and Postgres.
- [ssh-config](ssh-config)
  - Repo-local SSH config used by the deployment script.
- [nginx/goodwalk.co.nz.svelte.conf.example](nginx/goodwalk.co.nz.svelte.conf.example)
  - Example shared-nginx config for routing the main public site to the new
    Svelte app and mail API.

## First-time server preparation

1. Fill in [ssh-config](ssh-config) with the real host details.

2. Create the deployment directory on the server:

```bash
mkdir -p /docker/goodwalk-svelte
```

3. The first deployment will auto-create the production env file on the server at:

```bash
/docker/goodwalk-svelte/.env
```

It is created from [deploy.env.template](deploy.env.template). Current template contents:

```env
POSTGRES_DB=goodwalk
POSTGRES_USER=goodwalk
POSTGRES_PASSWORD=gw_Pg_7Jm9!Qx4#Ld2@Vr8

RESEND_API_KEY=replace-me
OWNER_EMAIL=replace-me
FROM_EMAIL=GoodWalk <bookings@goodwalk.co.nz>
REPLY_TO=aless@goodwalk.co.nz

FORM_MIN_SECONDS=4
FORM_MAX_SECONDS=7200
RATE_LIMIT_WINDOW_SECONDS=900
RATE_LIMIT_MAX_PER_IP=5
RATE_LIMIT_MAX_PER_EMAIL=3
RATE_LIMIT_MIN_INTERVAL_SECONDS=20
```

After the first deploy, edit `/docker/goodwalk-svelte/.env` on the server and replace:

- `RESEND_API_KEY=replace-me`
- `OWNER_EMAIL=replace-me`

4. Confirm the shared Docker network already exists:

```bash
docker network ls | grep webnet
```

Your server already uses `webnet`, so this should already be present.

## First deploy

From Windows PowerShell in the repo root:

```powershell
powershell -ExecutionPolicy Bypass -File .\deploy.ps1
```

Or skip the confirmation prompt:

```powershell
powershell -ExecutionPolicy Bypass -File .\deploy.ps1 -Force
```

## Cutover nginx

After the new Svelte stack is up and healthy, update the shared nginx config on
the server for the main site.

Current live file:

```bash
/docker/nginx/conf.d/goodwalk.co.nz.conf
```

Use the repo example as the new target config:

```bash
nginx/goodwalk.co.nz.svelte.conf.example
```

Then reload nginx:

```bash
docker compose -p nginx -f /docker/nginx/docker-compose.yml exec nginx nginx -t
docker compose -p nginx -f /docker/nginx/docker-compose.yml exec nginx nginx -s reload
```

## Important notes

- Do not deploy the top-level `docker-compose.yml` to this server for production.
  It includes its own nginx service and does not match the shared nginx setup on
  the host.
- The deployment scripts do not stop or remove the onboarding WordPress stack.
- The deployment scripts do not touch the shared mysql compose project.
- The deployment scripts preserve the remote `.env` file.
- The site check in `deploy.ps1` targets `https://www.goodwalk.co.nz/api/health`.
  Before nginx cutover, use `-SkipSiteCheck` or expect that check to fail.