build: deploy app on Render

[maakintosh]

What I actually needed to do to deploy this app

• [x] fix TS errors (noUnusedLocals and noUnusedParameters).
• [x] fix shadcn/UI errors

  I could not find these errors until now because next.js renders app on localhost without errors)

• [x] create Dockerfile.prod and docker-compose.prod.yaml for production (for DevContainer ones as well) from scratch.

  I decided throwing away official node-postgres template #33 for the purpose of learning Docker mechanism from zero to production.

• [x] create PAT to access to login ghcr.io/maakintosh/discord-clone
• [x] build and push production image to ghcr.io
• [x] deploy app on Render.com by pulling it from ghcr
• [x] create Postgres instance on Render (free-tier) and connect env vars on deployed app
• [x] create repository secrets

  1. PAT for logging in ghcr.io and 2. DATABASE_URL for migrating db

• [x] set up github actions that builds, push an image on ghcr, and migrate db
• [x] IaC file?
• [x] upload env variables for deployed production app instance on Render Dashboard
• [x] pull image from ghcr.io and start app
• [ ] create Clerk production environment
• [ ] prepare social OAuth by my own for Clerk production

[maakintosh]

• setup Clerk production environment

• [x] update .env keys for production

• [ ] create Clerk production environment

• Clerk refused to use onrender.com domain for production env. OMG

  i maybe have to change deployment service..

• [ ] prepare social OAuth by my own for Clerk production

[maakintosh]

( RESOLVED )

zsh does not recognize docker command within DevContainer

I may have to adopt docker-outside-of-docker approach to use docker commands such as build or push inside devcontainer for production image

• I successfully use docker-outside-of-docker feature to achieve this problem.

[maakintosh]

• created Postgres db instance on Render
• set DATABASE_URL env variable of the deployed app and the repository secrets as INTERNAL_DATABASE_URL of this instance.

[maakintosh]

• by referencing with Render Blueprints (IaC), created IaC file (Render Blueprint) for controlling deployed production app and db services on render platform

# Render Blueprints (IaC) (https://docs.render.com/infrastructure-as-code)
# Blueprints are Render’s infrastructure-as-code (IaC) model for defining, deploying, and managing multiple resources on render platform with a single render.yaml file. and it acts as the single source of truth for configuring an interconnected set of services, databases, and environment groups. Whenever you update a Blueprint, render automatically redeploys any affected services to apply the new configuration (you can disable this).

# https://docs.render.com/blueprint-spec
# List all services *except* PostgreSQL databases here
services:
  # A web service that pulls a prebuild image from registry (runtime: image).
  - name: chatdemo
    type: web
    runtime: image
    image:
      url: ghcr.io/maakintosh/discord-clone:latest
      # Provide creds only if you’re pulling a private image. Add registry credentials in the Render Dashboard from your Account Settings
      # creds:
      #   fromRegistryCreds:
      #     # The name of a credential you've added to your account
      #     name: my-credentials

    # buildCommand: # Required for non-Docker-based services.
    # startCommand: # Required for non-Docker-based services.

    # In all cases, provide the service’s name, along with the property or envVarKey to use.
    envVars:
      - key: DATABASE_URL
        fromDatabase:
          name: chatdemo_db
          # PostgreSQL and Redis only. The URL for connecting to the data store over the private network.
          property: connectionString
      - key: EXTERNAL_DATABASE_URL
        sync: false

      # you can define secret credentials such an API key or access token with sync: false
      - key: LOGIN_GHCR_PAT
        sync: false
      - key: NEXT_PUBLIC_SITE_URL
        sync: false
      - key: PORT
        sync: false
      - key: CLERK_SECRET_KEY
        sync: false
      - key: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
        sync: false
      - key: NEXT_PUBLIC_CLERK_AFTER_SIGN_IN_URL
        sync: false
      - key: NEXT_PUBLIC_CLERK_AFTER_SIGN_UP_URL
        sync: false
      - key: NEXT_PUBLIC_CLERK_SIGN_IN_URL
        sync: false
      - key: NEXT_PUBLIC_CLERK_SIGN_UP_URL
        sync: false
      - key: UPLOADTHING_APP_ID
        sync: false
      - key: UPLOADTHING_SECRET
        sync: false
      - key: NEXT_PUBLIC_LIVEKIT_URL
        sync: false
      - key: LIVEKIT_API_KEY
        sync: false
      - key: LIVEKIT_API_SECRET
        sync: false

# List all PostgreSQL databases here
databases:
  # A database with a read replica
  - name: chatdemo_db
    databaseName: chatdemo_db # Optional
    plan: free
    postgresMajorVersion: 16
    region: singapore
    user: admin123 # Optional
    # controls which IP addresses can access your PostgreSQL databases and Redis instances from outside Render’s network. this field is required for Redis instances. If you omit this field for a PostgreSQL database, any source with valid credentials can access the database. These rules apply to connections using your database’s external URL. Your Render services in the same region as your database can always connect using your database’s internal URL.
    ipAllowList:
      # explicitly allows external connections from everywhere
      - source: 0.0.0.0/0
        description: everywhere
    # If you provide an empty list (e.g., readReplicas: []), Render destroys any existing replica and does not create a new replica.
    readReplicas:
      - name: chatdemo_db_replica

[maakintosh]

DB migration for production by github action failed

to fix this issue:

• [x] deleted EXTERNAL_DATABASE_URL from Actions secrets and variables
• [x] updated DATABASE_URL value to EXTERNAL_DATABASE_URL value to make sure:
• its db can be reached from external internet access and
• Prisma Schema can find out env var name of DATABASE_URL.