feat: Add staging deployment actions

.dockerignore

@@ -0,0 +1,24 @@
+# Node.js dependencies
+node_modules/
+
+# Development files
+.next/
+.env
+.eslintcache
+.prettiercache
+.DS_Store
+
+# Build artifacts
+/out/
+
+# Version control files
+.git
+.gitignore
+
+# Docker related files
+.dockerignore
+Dockerfile*
+
+# Other miscellaneous files
+*.log
+

.github/workflows/staging-deploy.yml

@@ -0,0 +1,42 @@
+name: 🚀 Deploy SMSWithoutBorders Blog on Server (staging)
+on:
+  push:
+    branches:
+      - staging
+jobs:
+  deploy:
+    name: 🚀 Execute Deployment Script on Server
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🚀 Execute Remote SSH Commands
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.HOST }}
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+          script: |
+            set -e
+
+            echo "============================"
+            echo "🚀 Updating repository ..."
+            echo "============================"
+            cd major-build/staging-smswithoutborders/blog/
+            if ! git pull; then
+              echo "❌ Error updating repository!"
+              exit 1
+            fi
+            echo "==============================="
+            echo "✅ Repository update complete"
+            echo "==============================="
+
+            echo "========================="
+            echo "🚀 Building project ..."
+            echo "========================="
+            if ! docker compose --project-name=staging-smswithoutborders --env-file=.env up -d --build; then
+              echo "❌ Error building project!"
+              exit 1
+            fi
+            echo "==========================="
+            echo "✅ Project build complete"
+            echo "==========================="
+            

.gitignore

@@ -26,6 +26,7 @@ yarn-debug.log*
 yarn-error.log*
 
 # local env files
+.env
 .env*.local
 
 # vercel

Dockerfile

@@ -0,0 +1,30 @@
+# build environment
+FROM node:18-alpine as build
+WORKDIR /app
+
+RUN npm install -g pnpm
+
+COPY . .
+
+RUN pnpm install
+RUN pnpm build
+
+# production environment
+FROM nginx:stable-alpine
+
+# Copy built files to NGINX html directory
+COPY --from=build /app/out /usr/share/nginx/html
+
+# Copy NGINX configuration template
+COPY nginx/nginx.conf.template /etc/nginx/conf.d/default.template
+
+# Copy entry script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+# Expose ports
+EXPOSE 80
+EXPOSE 443
+
+# Start NGINX using entry script
+CMD ["/docker-entrypoint.sh"]

docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3'
+
+services:
+  blog:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - ${SSL_PORT:-433}:443
+    environment:
+      - SERVER_NAME=${SERVER_NAME:-localhost}
+    volumes:
+      - ${SSL_CERTIFICATE_PATH:?err}:/etc/nginx/ssl/cert.pem
+      - ${SSL_KEY_PATH:?err}:/etc/nginx/ssl/key.pem

docker-entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+# Replace placeholders in NGINX configuration template with environment variable values
+sed -i "s|{{SERVER_NAME}}|${SERVER_NAME}|g" /etc/nginx/conf.d/default.template
+
+# Copy the modified NGINX configuration from template
+cp /etc/nginx/conf.d/default.template /etc/nginx/conf.d/default.conf
+
+# Start NGINX
+nginx -g "daemon off;"

next.config.js

@@ -0,0 +1,9 @@
+/**
+ * @type {import('next').NextConfig}
+ */
+const nextConfig = {
+	output: "export"
+};
+
+// eslint-disable-next-line no-undef
+module.exports = nextConfig;

nginx/nginx.conf.template

@@ -0,0 +1,51 @@
+# Server configuration
+server {
+    listen 80;
+    server_name {{SERVER_NAME}};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name {{SERVER_NAME}};
+
+    # SSL configuration
+    ssl_certificate /etc/nginx/ssl/cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/key.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_ecdh_curve secp384r1;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "no-referrer-when-downgrade";
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com;";
+
+    # Include additional security-related headers
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Content-Type-Options nosniff;
+
+    # Disable server tokens
+    server_tokens off;
+
+    # Access and error logs
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    # Root and index
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Location block for static files
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}