Deployment
Two deployment tracks for SpaceMusic services: devpush and Docker Compose.
Overview¶
SpaceMusic uses two deployment methods depending on the service type:
| Track | Used For | Trigger | Runtime |
|---|---|---|---|
| devpush | SvelteKit apps, MkDocs | Push to main via GitHub webhook |
Python or Node.js 20 runner |
| Docker Compose + GitHub Actions | Infrastructure services | Push to main via GitHub Actions SSH |
Docker containers |
devpush¶
devpu.sh is a self-hosted deployment platform (similar to Coolify or Railway). The admin UI is at deploy.spacemusic.tv.
How It Works¶
- Push a commit to the
mainbranch on GitHub - GitHub webhook notifies devpush
- devpush pulls the code, builds it using the configured runner
- Starts the application and routes traffic via Traefik
- Generates a Traefik config file for HTTPS routing
Available Runners¶
| Runner | Image | Use Case |
|---|---|---|
| Python | Python runtime | MkDocs documentation |
| Node.js 20 | ghcr.io/devpushhq/runner-node-20:1.0.1 |
SvelteKit apps |
Projects¶
| Project | Repository | Runner | Public URL |
|---|---|---|---|
| SpaceMusic-docs | SpaceMusicZH/SpaceMusic-docs | Python | docs.spacemusic.tv |
| SpaceMusic-stream | SpaceMusicZH/SpaceMusic-stream | Node.js 20 | stream.spacemusic.tv |
| SpaceMusic-stress | SpaceMusicZH/SpaceMusic-stress | Node.js 20 | stress.deploy.spacemusic.tv |
| UWD-origininfinite | SpaceMusicZH/UniversalWebsiteDefinition | Node.js 20 | edit.origin-infinite.com |
| UWD-spacemusic | SpaceMusicZH/UniversalWebsiteDefinition | Node.js 20 | edit.spacemusic.com |
| SpaceMusic-UI-Pro | SpaceMusicZH/SpaceMusic-UI-Pro | Node.js 20 | spacemusic-ui-pro...deploy.spacemusic.tv |
| dashboard-preset | SpaceMusicZH/DashboardPreset | Node.js 20 | preset-dashboard.spacemusic.tv |
| SpaceMusic-data | SpaceMusicZH/SpaceMusic-data | Node.js 20 | data.spacemusic.tv |
Note: UWD-origininfinite and UWD-spacemusic both deploy from the same repository but as separate devpush projects with different root directories and subdomains.
devpush Configuration¶
Each project is configured in the devpush UI with:
- Framework preset -- typically "None"
- Runner -- Python or Node.js 20
- Root directory -- the subdirectory containing the app
- Build command -- e.g.,
npm run buildorpip install -r requirements.txt && mkdocs build --strict - Start command -- e.g.,
PORT=8000 node buildorpython -m http.server 8000 --directory site - Port -- must be
8000(devpush convention)
Authentik Integration¶
devpush generates its own Traefik config files, overwriting them on every deploy. To persist SSO protection, a systemd watcher automatically patches these files:
- Script:
/usr/local/bin/devpush-auth-patch.sh - Systemd units:
devpush-auth-patch.path(file watcher) +devpush-auth-patch.service(runs the script) - Action: Injects the
authentik@filemiddleware into devpush-generated Traefik configs
The script also generates API bypass routers for services that need unauthenticated API access (e.g., /api/ paths).
Docker Compose + GitHub Actions SSH¶
Infrastructure services that need multiple containers (databases, sidecars) or stable internal hostnames use Docker Compose, deployed via GitHub Actions.
Services Using This Track¶
| Service | Server Path | Containers |
|---|---|---|
| Auth (Authentik) | /opt/spacemusic/auth/ |
server, worker, postgresql, redis |
| Dashboard (Grafana) | /opt/spacemusic/dashboard/ |
grafana, prometheus, loki, promtail, cadvisor, node-exporter |
| Storage (MinIO) | /opt/spacemusic/storage/ |
minio |
| Relay (Centrifugo) | /opt/spacemusic/relay/ |
centrifugo |
| Uptime (Kuvasz) | /opt/spacemusic/uptime/ |
kuvasz, postgresql |
| API Gateway | /opt/spacemusic/api/ |
spacemusic-api |
How It Works¶
- Push a commit to the
mainbranch on GitHub - GitHub Actions workflow (
.github/workflows/deploy.yml) triggers - Action SSHs into the server using the deploy key
- Runs
git pull && docker compose up -d --build - Traefik picks up the service via its file-based config
SSH Deploy Keys¶
Each service has a dedicated ed25519 deploy key, aliased in /root/.ssh/config:
Host github-relay
HostName github.com
User git
IdentityFile ~/.ssh/github_deploy_relayGitHub Actions secrets (per-repo, not org-level due to free plan):
| Secret | Value |
|---|---|
DEPLOY_HOST |
136.243.124.138 |
DEPLOY_USER |
root |
DEPLOY_SSH_KEY |
Service-specific ed25519 private key |
Manual Deploy¶
For manual deploys, SSH into the server and run:
cd /opt/spacemusic/<service>/spacemusic-<service>/
git pull
docker compose up -d --buildMigration Notes¶
The API gateway was recently migrated from devpush (Node.js 20 runner) to standalone Docker Compose. This provides a stable container hostname (spacemusic-api) for internal service communication and Kuvasz monitoring. See plan 009 for migration details.