feat: add Docker Compose and Docker Stack configurations for mx-core and Redis services

Innei · Innei · commit f83ab463ad7d · 2026-01-22T00:38:06.000+08:00
- Introduced `docker-compose.server.yml` for local development with mx-core and Redis services.
- Added `docker-stack.server.yml` for deploying mx-core and Redis in a Docker Swarm environment.
- Configured health checks, environment variables, and volume bindings for both services.
- Updated GitHub Actions workflow to support deployment of the new configurations.

Signed-off-by: Innei &lt;tukon479@gmail.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -184,42 +184,111 @@ jobs:
         run: |
           docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }}
   deploy:
-    name: Deploy To Remote Server
+    name: Deploy Docker Image To Remote Server
     runs-on: ubuntu-latest
-    needs: [build]
+    needs: [merge]
     steps:
-      - uses: robinraju/release-downloader@v1.12
-        name: Download release
+      - name: Checkout (for docker-compose.server.yml)
+        uses: actions/checkout@v6
+
+      - name: Generate env file for server (mx-core.env)
+        shell: bash
+        run: |
+          set -euo pipefail
+          cat > mx-core.env <<'EOF'
+          TZ=${TZ:-Asia/Shanghai}
+          MX_PORT=${MX_PORT:-2333}
+          ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-localhost:*}
+          DB_CONNECTION_STRING=${DB_CONNECTION_STRING:-mongodb://host.docker.internal:27017/mx-space}
+          ENCRYPT_ENABLE=${ENCRYPT_ENABLE:-true}
+          ENCRYPT_KEY=${ENCRYPT_KEY:-}
+          JWT_SECRET=${JWT_SECRET:-}
+          JWT_EXPIRE=${JWT_EXPIRE:-}
+          DISABLE_CACHE=${DISABLE_CACHE:-false}
+          DEBUG=${DEBUG:-false}
+          DEBUG_MEMORY_DUMP=${DEBUG_MEMORY_DUMP:-false}
+          EOF
+        env:
+          # Values come from CI-provided env/secrets. Server doesn't need a pre-created .env.
+          TZ: ${{ secrets.TZ }}
+          MX_PORT: ${{ secrets.MX_PORT }}
+          ALLOWED_ORIGINS: ${{ secrets.ALLOWED_ORIGINS }}
+          DB_CONNECTION_STRING: ${{ secrets.DB_CONNECTION_STRING }}
+          ENCRYPT_ENABLE: ${{ secrets.ENCRYPT_ENABLE }}
+          ENCRYPT_KEY: ${{ secrets.MX_ENCRYPT_KEY }}
+          JWT_SECRET: ${{ secrets.JWTSECRET }}
+          JWT_EXPIRE: ${{ secrets.JWT_EXPIRE }}
+          DISABLE_CACHE: ${{ secrets.DISABLE_CACHE }}
+          DEBUG: ${{ secrets.DEBUG }}
+          DEBUG_MEMORY_DUMP: ${{ secrets.DEBUG_MEMORY_DUMP }}
+
+      - name: Ensure deploy dir exists
+        uses: appleboy/ssh-action@v1.2.0
         with:
-          tag: ${{ github.ref_name }}
-          fileName: release-linux.zip
-      - name: copy file via ssh password
+          command_timeout: 2m
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USER }}
+          password: ${{ secrets.PASSWORD }}
+          key: ${{ secrets.KEY }}
+          script: |
+            set -euo pipefail
+            mkdir -p "$HOME/mx-core-deploy"
+
+      - name: Upload docker-compose.server.yml to server
         uses: appleboy/scp-action@v0.1.7
         with:
           host: ${{ secrets.HOST }}
           username: ${{ secrets.USER }}
           password: ${{ secrets.PASSWORD }}
-          # port: ${{ secrets.PORT }}
           key: ${{ secrets.KEY }}
-          source: release-linux.zip
-          target: /tmp/mx-core
+          source: docker-compose.server.yml,docker-stack.server.yml,mx-core.env
+          target: mx-core-deploy
 
-      - name: Exec deploy script with SSH
-        uses: appleboy/ssh-action@master
+      - name: Deploy with SSH (docker swarm)
+        uses: appleboy/ssh-action@v1.2.0
         env:
-          JWTSECRET: ${{ secrets.JWTSECRET }}
-          MX_ENCRYPT_KEY: ${{ secrets.MX_ENCRYPT_KEY }}
+          IMAGE_REPO: ${{ env.IMAGE }}
+          REF_NAME: ${{ github.ref_name }}
         with:
-          command_timeout: 5m
+          command_timeout: 10m
           host: ${{ secrets.HOST }}
           username: ${{ secrets.USER }}
           password: ${{ secrets.PASSWORD }}
           key: ${{ secrets.KEY }}
-          envs: JWTSECRET,MX_ENCRYPT_KEY
+          envs: IMAGE_REPO,REF_NAME
           script: |
-            whoami
-            cd
-            source ~/.zshrc
-            cd mx
-            ls -a
-            node server-deploy.js --jwtSecret=$JWTSECRET --encrypt_key=$MX_ENCRYPT_KEY --encrypt_enable --scp_path=/tmp/mx-core/release-linux.zip || { echo "Deploy failed"; exit 1; }
+            set -euo pipefail
+            cd "$HOME/mx-core-deploy"
+
+            IMAGE_TAG="${REF_NAME#v}"
+            FULL_IMAGE="${IMAGE_REPO}:${IMAGE_TAG}"
+
+            echo "[deploy] pulling ${FULL_IMAGE}"
+            docker pull "${FULL_IMAGE}"
+
+            # Ensure swarm mode (single-node swarm is OK)
+            if [ "$(docker info --format '{{.Swarm.LocalNodeState}}' 2>/dev/null || echo inactive)" != "active" ]; then
+              echo "[deploy] swarm not active, init swarm"
+              docker swarm init
+            fi
+
+            # Load env for ${...} substitutions in stack file
+            if [ -f "./mx-core.env" ]; then
+              chmod 600 ./mx-core.env || true
+              set -a
+              . ./mx-core.env
+              set +a
+            else
+              echo "[deploy] missing mx-core.env (upload failed?)"
+              exit 1
+            fi
+
+            echo "[deploy] starting via swarm stack"
+            export MX_CORE_IMAGE="${FULL_IMAGE}"
+            docker stack deploy -c docker-stack.server.yml mx-core --with-registry-auth
+
+            echo "[deploy] status"
+            docker stack services mx-core
+
+            echo "[deploy] cleanup"
+            docker image prune -f || true
diff --git a/docker-compose.server.yml b/docker-compose.server.yml
@@ -0,0 +1,70 @@
+services:
+  mx-core:
+    # CI build this image, then ship it to your SERVER.
+    # e.g. ghcr.io/<org>/<repo>:<tag>
+    image: ${MX_CORE_IMAGE:-mx-core:latest}
+    container_name: mx-core
+    restart: unless-stopped
+
+    ports:
+      - "${MX_PORT:-2333}:2333"
+
+    # For Linux hosts: allow reaching host Mongo via host.docker.internal
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      PORT: "2333"
+      ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-localhost:*}
+
+      # MongoDB (host machine)
+      DB_CONNECTION_STRING: ${DB_CONNECTION_STRING:-mongodb://host.docker.internal:27017/mx-space}
+
+      # Redis (container in this compose)
+      REDIS_HOST: redis
+      REDIS_PORT: "6379"
+      # REDIS_PASSWORD: ${REDIS_PASSWORD:-}
+
+      # Security (optional)
+      # ENCRYPT_KEY must be length 64 if ENCRYPT_ENABLE=true
+      ENCRYPT_ENABLE: ${ENCRYPT_ENABLE:-true}
+      ENCRYPT_KEY: ${ENCRYPT_KEY:-}
+      JWT_SECRET: ${JWT_SECRET:-}
+      JWT_EXPIRE: ${JWT_EXPIRE:-}
+
+      # Cache
+      DISABLE_CACHE: ${DISABLE_CACHE:-false}
+
+      # Debug (optional)
+      DEBUG: ${DEBUG:-false}
+      DEBUG_MEMORY_DUMP: ${DEBUG_MEMORY_DUMP:-false}
+
+    volumes:
+      # production data dir: ~/.mx-space
+      - ./data/mx-space:/root/.mx-space
+
+    depends_on:
+      - redis
+
+    healthcheck:
+      test: [CMD, curl, -f, "http://127.0.0.1:2333/api/v2/ping"]
+      interval: 1m30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
+
+  redis:
+    image: redis:7-alpine
+    container_name: mx-redis
+    restart: unless-stopped
+    command: ["redis-server", "--appendonly", "yes"]
+    volumes:
+      - ./data/redis:/data
+    healthcheck:
+      test: [CMD-SHELL, "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+
diff --git a/docker-stack.server.yml b/docker-stack.server.yml
@@ -0,0 +1,86 @@
+services:
+  mx-core:
+    image: ${MX_CORE_IMAGE:-mx-core:latest}
+    ports:
+      - target: 2333
+        published: ${MX_PORT:-2333}
+        protocol: tcp
+        mode: ingress
+
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      PORT: "2333"
+      ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-localhost:*}
+
+      # MongoDB (host machine)
+      DB_CONNECTION_STRING: ${DB_CONNECTION_STRING:-mongodb://host.docker.internal:27017/mx-space}
+
+      # Redis (service in this stack)
+      REDIS_HOST: redis
+      REDIS_PORT: "6379"
+
+      # Security (optional)
+      ENCRYPT_ENABLE: ${ENCRYPT_ENABLE:-true}
+      ENCRYPT_KEY: ${ENCRYPT_KEY:-}
+      JWT_SECRET: ${JWT_SECRET:-}
+      JWT_EXPIRE: ${JWT_EXPIRE:-}
+
+      DISABLE_CACHE: ${DISABLE_CACHE:-false}
+      DEBUG: ${DEBUG:-false}
+      DEBUG_MEMORY_DUMP: ${DEBUG_MEMORY_DUMP:-false}
+
+    volumes:
+      - type: bind
+        source: ./data/mx-space
+        target: /root/.mx-space
+
+    depends_on:
+      - redis
+
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:2333/api/v2/ping"]
+      interval: 30s
+      timeout: 5s
+      retries: 10
+      start_period: 30s
+
+    deploy:
+      replicas: 2
+      restart_policy:
+        condition: any
+      update_config:
+        parallelism: 1
+        order: start-first
+        delay: 10s
+        failure_action: rollback
+        monitor: 30s
+      rollback_config:
+        parallelism: 1
+        order: stop-first
+        monitor: 30s
+
+  redis:
+    image: redis:7-alpine
+    command: ["redis-server", "--appendonly", "yes"]
+    volumes:
+      - type: bind
+        source: ./data/redis
+        target: /data
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      interval: 30s
+      timeout: 3s
+      retries: 5
+      start_period: 20s
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: any
+
+networks:
+  default:
+    name: mx-core
+    driver: overlay
