A comprehensive technical overview of the DevOps lifecycle, architectural components, and automation pipelines implemented in Project Delta.
Project Delta is built on a monolithic-backend architecture, fully containerized using Docker. This ensures a consistent runtime environment across all development and production stages.
The entire backend stack is defined and managed via docker-compose.yml. This configuration handles service isolation, networking, and volume persistence.
services:
postgres:
image: postgres:18-alpine
container_name: delta-postgres
restart: on-failure
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: 1234
POSTGRES_DB: postgres
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7-alpine
container_name: delta-redis
restart: on-failure
ports:
- "6379:6379"
volumes:
- redis_data:/data
command: redis-server --appendonly yes
drizzle-gateway:
image: ghcr.io/drizzle-team/gateway:latest
container_name: delta-drizzle-gateway
environment:
DATABASE_URL: postgresql://postgres:1234@postgres:5432/postgres
STORE_PATH: /app
restart: on-failure
depends_on:
- postgres
ports:
- "4983:4983"
volumes:
- drizzle_gateway_data:/app
api:
build: .
container_name: delta-api
restart: always
ports:
- "8000:8000"
depends_on:
- postgres
- redis
env_file:
- .env
volumes:
- repos_data:/repos
worker:
build: .
container_name: delta-worker
restart: always
command: python workers.py
depends_on:
- redis
- postgres
env_file:
- .env
volumes:
- repos_data:/repos
volumes:
postgres_data:
redis_data:
drizzle_gateway_data:
repos_data:- API (FastAPI): The primary application server handling HTTP traffic. It relies on
postgresfor data andredisfor caching. - RQ Worker: A Celery/standalone background processor that executes long-running tasks asynchronously.
- PostgreSQL: A relational database for persistent storage, using the
18-alpineimage for a minimal footprint. - Redis: Handles message brokering and session management with
appendonlypersistence enabled.
CI/CD pipeline ensures that every code change is validated before reaching production. This automated feedback loop is critical in a collaborative environment to prevent regressions and maintain high code quality standards.
The CI pipeline runs on every push and pull_request to the main branch. Its goal is to catch bugs, security vulnerabilities, and formatting issues early in the development cycle. By automating these checks, we ensure that the main branch always remains in a deployable state.
name: Backend CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
ruff-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install ruff
run: pip install ruff
- name: Run ruff check
run: ruff check
pyrefly-typecheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Install pyrefly
run: pip install pyrefly
- name: Run pyrefly
run: pyrefly check
backend-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Set up environment
run: cp .env.example .env
- name: Run tests
run: python -m pytestFor security and privacy, sensitive data such as server IP addresses, login credentials, and private SSH keys are neve stored in the codebase. Instead, they are managed via GitHub Repository Secrets.
These secrets are encrypted environment variables that GitHub Actions can access during runtime but are hidden from all users, including repository contributors.
Key Secrets Configured:
VPS_IP: The public IP address of the production server.VPS_USERNAME: The administrative user authorized to perform deployments.VPS_SSH_KEY: The private RSA/ED25519 key used for secure, passwordless SSH authentication.
Once the CI pipeline passes, the CD pipeline automates the rollout to our production VPS.
name: Deploy to VPS
on:
push:
branches: [ "main" ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy via SSH
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.VPS_IP }}
username: ${{ secrets.VPS_USERNAME }}
key: ${{ secrets.VPS_SSH_KEY }}
script: |
# 1. Enter the project folder
cd delta.backend
# 2. Pull the latest code
git pull origin main
# 3. Build and run updated containers
sudo docker-compose up --build -d
# 4. Migrate the DB
sudo docker-compose exec -T api alembic upgrade head- Git Hook: Pulls the latest delta from the repository.
- Docker-Compose Logic: The
--build -dflags ensure that any changes to theDockerfileor source code are rebuilt into new images and restarted without downtime.
The React/TypeScript application is hosted on Vercel.
- Edge Deployment: Static assets are distributed globally.
- Vercel Rewrites: Configured in
vercel.jsonto route all traffic toindex.html, enabling client-side navigation.
Hosted on a dedicated Ubuntu/Linux VPS.
- Orchestration: Docker Compose manages container life-cycles.
- Security: SSH Key authentication is required for all deployment triggers.
All sensitive credentials must be stored in a .env file. Do NOT commit the .env file to version control.
# Apply migrations after a schema change
docker-compose exec api alembic upgrade head# View live logs for specific service
docker-compose logs -f api