🐛 fix(cd): fix staging deployment registry authentication and missing images

Changes to .github/workflows/cd-staging.yml: - Add Docker login step for GitHub Container Registry (ghcr.io) - Add permissions for packages:read - Update service deployment options to only include services with Dockerfiles - Update health checks to match deployed services Changes to docker-compose.staging.yml: - Comment out services without Dockerfiles: - maerchenzauber-backend (no Dockerfile yet) - nutriphi-backend (no Dockerfile yet) - news-api (no Dockerfile yet) - Keep only services with Docker images: - mana-core-auth ✅ - chat-backend ✅ - manadeck-backend ✅ - Update nginx dependencies to remove disabled services This fixes the "error from registry: denied" error that was preventing staging deployments. The deployment was trying to pull Docker images that were never built because those services don't have Dockerfiles. Now only services with actual Docker images will be deployed to staging. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-14 19:41:09 +02:00 · 2025-12-04 03:22:07 +01:00 · 2025-12-04 03:22:07 +01:00 · f7986bc1a7
commit f7986bc1a7
parent a87e1389cf
2 changed files with 99 additions and 88 deletions
--- a/.github/workflows/cd-staging.yml
+++ b/.github/workflows/cd-staging.yml
@ -10,13 +10,14 @@ on:
        options:
          - all
          - mana-core-auth
-          - maerchenzauber-backend
          - chat-backend
          - manadeck-backend
-          - nutriphi-backend
-          - news-api
  workflow_call:

+permissions:
+  contents: read
+  packages: read
+
 env:
  NODE_VERSION: '20'
  PNPM_VERSION: '9.15.0'
@ -96,6 +97,13 @@ jobs:
          scp .env.staging ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }}:~/manacore-staging/.env
          rm .env.staging

+      - name: Login to GitHub Container Registry on staging server
+        run: |
+          ssh ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }} << EOF
+            # Login to ghcr.io with GitHub token
+            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          EOF
+
      - name: Pull latest Docker images
        run: |
          ssh ${{ secrets.STAGING_USER }}@${{ secrets.STAGING_HOST }} << 'EOF'
@ -132,8 +140,8 @@ jobs:
          # Health check for each service
          SERVICES=(
            "mana-core-auth:3001:/api/v1/health"
-            "maerchenzauber-backend:3002:/health"
            "chat-backend:3002:/api/health"
+            "manadeck-backend:3003:/api/health"
          )

          for SERVICE_CONFIG in "${SERVICES[@]}"; do
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@ -82,37 +82,38 @@ services:
        max-size: "10m"
        max-file: "3"

-  maerchenzauber-backend:
-    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/maerchenzauber-backend:${MAERCHENZAUBER_VERSION:-latest}
-    container_name: maerchenzauber-backend-staging
-    restart: unless-stopped
-    depends_on:
-      mana-core-auth:
-        condition: service_healthy
-    environment:
-      NODE_ENV: staging
-      PORT: 3002
-      MANA_SERVICE_URL: http://mana-core-auth:3001
-      SUPABASE_URL: ${SUPABASE_URL}
-      SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
-      SUPABASE_SERVICE_ROLE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
-      AZURE_OPENAI_ENDPOINT: ${AZURE_OPENAI_ENDPOINT}
-      AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY}
-      AZURE_OPENAI_API_VERSION: ${AZURE_OPENAI_API_VERSION:-2024-12-01-preview}
-    ports:
-      - "3002:3002"
-    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-    networks:
-      - manacore-network
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
+  # maerchenzauber-backend:
+  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/maerchenzauber-backend:${MAERCHENZAUBER_VERSION:-latest}
+  #   container_name: maerchenzauber-backend-staging
+  #   restart: unless-stopped
+  #   depends_on:
+  #     mana-core-auth:
+  #       condition: service_healthy
+  #   environment:
+  #     NODE_ENV: staging
+  #     PORT: 3002
+  #     MANA_SERVICE_URL: http://mana-core-auth:3001
+  #     SUPABASE_URL: ${SUPABASE_URL}
+  #     SUPABASE_ANON_KEY: ${SUPABASE_ANON_KEY}
+  #     SUPABASE_SERVICE_ROLE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
+  #     AZURE_OPENAI_ENDPOINT: ${AZURE_OPENAI_ENDPOINT}
+  #     AZURE_OPENAI_API_KEY: ${AZURE_OPENAI_API_KEY}
+  #     AZURE_OPENAI_API_VERSION: ${AZURE_OPENAI_API_VERSION:-2024-12-01-preview}
+  #   ports:
+  #     - "3002:3002"
+  #   healthcheck:
+  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/health"]
+  #     interval: 30s
+  #     timeout: 10s
+  #     retries: 3
+  #   networks:
+  #     - manacore-network
+  #   logging:
+  #     driver: "json-file"
+  #     options:
+  #       max-size: "10m"
+  #       max-file: "3"
+  #   # DISABLED: No Dockerfile exists yet

  chat-backend:
    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/chat-backend:${CHAT_VERSION:-latest}
@ -173,59 +174,61 @@ services:
        max-size: "10m"
        max-file: "3"

-  nutriphi-backend:
-    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/nutriphi-backend:${NUTRIPHI_VERSION:-latest}
-    container_name: nutriphi-backend-staging
-    restart: unless-stopped
-    depends_on:
-      mana-core-auth:
-        condition: service_healthy
-    environment:
-      NODE_ENV: staging
-      PORT: 3004
-      MANA_SERVICE_URL: http://mana-core-auth:3001
-      SUPABASE_URL: ${SUPABASE_URL}
-      SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
-    ports:
-      - "3005:3004"
-    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3004/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-    networks:
-      - manacore-network
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
+  # nutriphi-backend:
+  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/nutriphi-backend:${NUTRIPHI_VERSION:-latest}
+  #   container_name: nutriphi-backend-staging
+  #   restart: unless-stopped
+  #   depends_on:
+  #     mana-core-auth:
+  #       condition: service_healthy
+  #   environment:
+  #     NODE_ENV: staging
+  #     PORT: 3004
+  #     MANA_SERVICE_URL: http://mana-core-auth:3001
+  #     SUPABASE_URL: ${SUPABASE_URL}
+  #     SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
+  #   ports:
+  #     - "3005:3004"
+  #   healthcheck:
+  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3004/health"]
+  #     interval: 30s
+  #     timeout: 10s
+  #     retries: 3
+  #   networks:
+  #     - manacore-network
+  #   logging:
+  #     driver: "json-file"
+  #     options:
+  #       max-size: "10m"
+  #       max-file: "3"
+  #   # DISABLED: No Dockerfile exists yet

-  news-api:
-    image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/news-api:${NEWS_VERSION:-latest}
-    container_name: news-api-staging
-    restart: unless-stopped
-    depends_on:
-      mana-core-auth:
-        condition: service_healthy
-    environment:
-      NODE_ENV: staging
-      PORT: 3005
-      MANA_SERVICE_URL: http://mana-core-auth:3001
-    ports:
-      - "3006:3005"
-    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3005/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-    networks:
-      - manacore-network
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
+  # news-api:
+  #   image: ${DOCKER_REGISTRY:-ghcr.io/memo-2023}/news-api:${NEWS_VERSION:-latest}
+  #   container_name: news-api-staging
+  #   restart: unless-stopped
+  #   depends_on:
+  #     mana-core-auth:
+  #       condition: service_healthy
+  #   environment:
+  #     NODE_ENV: staging
+  #     PORT: 3005
+  #     MANA_SERVICE_URL: http://mana-core-auth:3001
+  #   ports:
+  #     - "3006:3005"
+  #   healthcheck:
+  #     test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3005/health"]
+  #     interval: 30s
+  #     timeout: 10s
+  #     retries: 3
+  #   networks:
+  #     - manacore-network
+  #   logging:
+  #     driver: "json-file"
+  #     options:
+  #       max-size: "10m"
+  #       max-file: "3"
+  #   # DISABLED: No Dockerfile exists yet

  # ============================================
  # Reverse Proxy (Optional)
@ -237,8 +240,8 @@ services:
    restart: unless-stopped
    depends_on:
      - mana-core-auth
-      - maerchenzauber-backend
      - chat-backend
+      - manadeck-backend
    volumes:
      - ./docker/nginx/staging.conf:/etc/nginx/conf.d/default.conf
      - ./docker/nginx/ssl:/etc/nginx/ssl