kernelci · nuclearcat · Sep 29, 2025 · Oct 3, 2025 · Oct 3, 2025
diff --git a/.github/workflows/deploy-production.yaml b/.github/workflows/deploy-production.yaml
@@ -12,6 +12,13 @@ jobs:
   deploy-production:
     runs-on: ubuntu-latest
     steps:
+      - name: Discord notification
+        env:
+          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
+        uses: Ilshidur/[email protected]
+        with:
+          args: "Deploying production Dashboard with tag `${{ github.event.inputs.tag }}`"
+
       - name: Configure host authenticity
         run: |
           mkdir -p ~/.ssh/ && chmod 700 ~/.ssh/

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,3 +1,20 @@
+x-backend-common: &backend-common
+  build:
+    context: ./backend
+    args:
+      BACKEND_VOLUME_DIR: ${BACKEND_VOLUME_DIR:-/volume_data}
+  volumes:
+    - backend-data:${BACKEND_VOLUME_DIR:-/volume_data}
+    - ../data:/app
+    - ../spool:/app/spool
+  env_file:
+    - .env.backend
+  secrets:
+    - postgres_password_secret
+  networks:
+    - private
+    - public
+
 volumes:
     backend-data:
     runtime-data:
@@ -13,6 +30,33 @@ secrets:
         file: ./backend/runtime/secrets/postgres_password_secret
 
 services:
+
+  backend:
+    <<: *backend-common
+    container_name: dashboard_backend_service
+    restart: always
+    depends_on:
+      - redis
+      - dashboard_db
+    ports:
+      - target: 8000
+        published: 8000
+        protocol: tcp
+        mode: host
+
+  ingester:
+    <<: *backend-common
+    container_name: dashboard_ingester_service
+    # same image/build as backend; just different command
+    command: >
+      poetry run python3 manage.py monitor_submissions
+      --spool-dir /app/spool
+    restart: always
+    depends_on:
+      - redis
+      - dashboard_db
+    profiles: ["self-hosted"]
+
     dashboard_db:
         image: postgres:17
         env_file:
@@ -24,18 +68,6 @@ services:
         ports:
             - "5434:5432"
 
-    cloudsql-proxy:
-        image: gcr.io/cloudsql-docker/gce-proxy:latest
-        container_name: cloudsql-proxy
-        command: /cloud_sql_proxy --dir=/cloudsql -instances=kernelci-production:us-central1:postgresql2=tcp:0.0.0.0:5432 -credential_file=/secrets/cloudsql/application_default_credentials.json
-        ports:
-            - 5432:5432
-        volumes:
-            - ./application_default_credentials.json:/secrets/cloudsql/application_default_credentials.json
-        networks:
-            - private
-        restart: always
-
     redis:
         image: redis:8.0-M04-alpine
         restart: always
@@ -44,32 +76,6 @@ services:
         ports:
             - 6379:6379
 
-    backend:
-        build:
-            context: ./backend
-            args:
-                BACKEND_VOLUME_DIR: ${BACKEND_VOLUME_DIR:-/volume_data}
-        volumes:
-            - backend-data:${BACKEND_VOLUME_DIR:-/volume_data}
-        restart: always
-        container_name: dashboard_backend_service
-        networks:
-            - private
-            - public
-        ports:
-            - target: 8000
-              published: 8000
-              protocol: tcp
-              mode: host
-        depends_on:
-            - cloudsql-proxy
-            - redis
-            - dashboard_db
-        secrets:
-            - postgres_password_secret
-        env_file:
-            - .env.backend
-
     dashboard:
         build:
             context: .