Merge pull request 'supabase' (#6) from supabase into main

Reviewed-on: erman/esn-code-scanner-app#6

.gitea/workflows/release.yml

@@ -5,7 +5,7 @@ on:
     branches:
       - main
   schedule:
-    - cron: "0 22 * * 0" # sunday 22:00
+    - cron: "0 22 1 * *" # First of every month
 
 jobs:
   build:
@@ -48,6 +48,26 @@ jobs:
             org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
             org.opencontainers.image.title=ESN Code Scanner App
 
+  deploy:
+    needs: build
+    steps:
+      - name: Trigger Komodo Deploy
+        env:
+          URL:  ${{ secrets.KOMODO_URL }}
+          SECRET: ${{ secrets.KOMODO_SECRET }}
+          BODY_FILE: ${{ github.event_path }}
+        run: |
+          SIG="sha256=$(openssl dgst -sha256 -hmac "$SECRET" "$BODY_FILE" | cut -d' ' -f2)"
+          curl -fsSL -X POST "$URL" \
+              -H 'Content-Type: application/json' \
+              -H "X-Hub-Signature-256: $SIG" \
+              -H 'X-GitHub-Event: push' \
+              -H "X-GitHub-Delivery: $GITHUB_RUN_ID.$GITHUB_RUN_NUMBER" \
+              --data @"$BODY_FILE"
+
+  verify:
+    needs: build
+    steps:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.24.0
         with:

docker-compose-prod.yml

@@ -0,0 +1,12 @@
+services:
+  app:
+    image: ${DOCKER_REGISTRY}/${DOCKER_USER}/esn-code-scanner-app:latest
+    restart: unless-stopped
+    env_file: .env
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.esn-scanner.rule=Host(`scanner.esn.orebolt.cz`)"
+      - "traefik.http.routers.esn-scanner.tls.certresolver=leresolver"
+      - "traefik.http.routers.esn-scanner.entrypoints=websecure"
+      - "traefik.http.services.esn-scanner.loadbalancer.server.port=3000"
+      - "traefik.http.routers.esn-scanner.middlewares=hsts"