Enhances CDK deployment process and documentation

Improves the deployment script to use the UAE region and adds context for the CDK stack.
2025-08-31 08:49:42 +00:00 · 2025-07-07 09:37:10 +03:00
parent 374fb69804
commit fbf62fcd66
6 changed files with 185 additions and 14 deletions
--- a/GITHUB_SETUP.md
+++ b/GITHUB_SETUP.md
@ -0,0 +1,119 @@
+# GitHub Actions Setup Guide
+
+## Required GitHub Secrets
+
+Add these secrets to your GitHub repository (Settings > Secrets and variables > Actions):
+
+### AWS Credentials
+```
+AWS_ACCESS_KEY_ID=your-aws-access-key
+AWS_SECRET_ACCESS_KEY=your-aws-secret-key
+```
+
+### JWT Configuration (CRITICAL - Generate secure random strings)
+```
+JWT_SECRET=your-super-secure-jwt-secret-key-here
+JWT_SECRET_REFRESH=your-super-secure-refresh-secret-key-here
+SECRET_KEY=your-general-encryption-secret-key-here
+```
+
+### Admin Configuration
+```
+SUPER_ADMIN_EMAIL=admin@syncrow.ae
+SUPER_ADMIN_PASSWORD=YourSecureAdminPassword123!
+```
+
+### Tuya IoT Configuration
+```
+TUYA_ACCESS_ID=your-tuya-access-id
+TUYA_ACCESS_KEY=your-tuya-access-key
+TRUN_ON_TUYA_SOCKET=true-or-false
+```
+
+### Firebase Configuration
+```
+FIREBASE_API_KEY=your-firebase-api-key
+FIREBASE_AUTH_DOMAIN=your-project.firebaseapp.com
+FIREBASE_PROJECT_ID=your-project-id
+FIREBASE_STORAGE_BUCKET=your-project.appspot.com
+FIREBASE_MESSAGING_SENDER_ID=your-sender-id
+FIREBASE_APP_ID=your-app-id
+FIREBASE_MEASUREMENT_ID=your-measurement-id
+FIREBASE_DATABASE_URL=https://your-project.firebaseio.com
+```
+
+### Google OAuth
+```
+GOOGLE_CLIENT_ID=your-google-client-id
+GOOGLE_CLIENT_SECRET=your-google-client-secret
+```
+
+### OneSignal Push Notifications
+```
+ONESIGNAL_APP_ID=your-onesignal-app-id
+ONESIGNAL_API_KEY=your-onesignal-api-key
+```
+
+### Email Configuration (SMTP)
+```
+SMTP_HOST=your-smtp-host
+SMTP_USER=your-smtp-username
+SMTP_PASSWORD=your-smtp-password
+```
+
+### Mailtrap Configuration
+```
+MAILTRAP_API_TOKEN=your-mailtrap-api-token
+MAILTRAP_ENABLE_TEMPLATE_UUID=template-uuid
+MAILTRAP_DISABLE_TEMPLATE_UUID=template-uuid
+MAILTRAP_INVITATION_TEMPLATE_UUID=template-uuid
+MAILTRAP_DELETE_USER_TEMPLATE_UUID=template-uuid
+MAILTRAP_EDIT_USER_TEMPLATE_UUID=template-uuid
+```
+
+### Optional Services (leave empty if not used)
+```
+AZURE_REDIS_CONNECTIONSTRING=your-redis-connection-string
+DOPPLER_PROJECT=your-doppler-project
+DOPPLER_CONFIG=your-doppler-config
+DOPPLER_ENVIRONMENT=your-doppler-environment
+ACCESS_KEY=your-access-key
+DOCKER_REGISTRY_SERVER_URL=your-registry-url
+DOCKER_REGISTRY_SERVER_USERNAME=your-registry-username
+DOCKER_REGISTRY_SERVER_PASSWORD=your-registry-password
+```
+
+## Setup Steps
+
+1. **Add AWS Credentials**
+   - Create IAM user with ECR, ECS, CloudFormation permissions
+   - Add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to GitHub Secrets
+
+2. **Generate JWT Secrets**
+   - Use a secure random string generator
+   - Make JWT_SECRET and JWT_SECRET_REFRESH different values
+   - Keep these values secure and never share them
+
+3. **Configure Services**
+   - Add secrets for each service you're using
+   - Leave unused services empty (they'll default to empty strings)
+
+4. **Test Deployment**
+   - Push to master/main branch
+   - Check GitHub Actions tab for deployment status
+   - Verify API is accessible at https://api.syncrow.me
+
+## Security Notes
+
+- Never commit secrets to the repository
+- Use GitHub Secrets for all sensitive values
+- Rotate secrets regularly
+- Monitor GitHub Actions logs for any exposed values
+- Database password is automatically managed by AWS Secrets Manager
+
+## Troubleshooting
+
+- Check GitHub Actions logs for deployment errors
+- Verify all required secrets are set
+- Ensure AWS credentials have sufficient permissions
+- Check ECS service logs in CloudWatch for runtime errors