docs: automate generated docs commits and add docs site structure

2026-05-13 08:09:51 +10:00
parent 4a38a9421d
commit 9c38910a67
25 changed files with 345 additions and 17 deletions
@@ -7,12 +7,14 @@ on:
      - "docs/generated/**"
      - "docs/diagrams/**"
      - "docs/public/**"
      - "site/**"
  pull_request:
    branches: [main]
    paths-ignore:
      - "docs/generated/**"
      - "docs/diagrams/**"
      - "docs/public/**"
      - "site/**"
  workflow_dispatch:
    inputs:
      commit_generated_docs:
@@ -30,6 +32,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Install tooling
        run: |
          sudo apt-get update
@@ -55,7 +59,9 @@ jobs:
            docs/diagrams
            docs/public
      - name: Commit generated docs
-        if: github.event_name == 'workflow_dispatch' && inputs.commit_generated_docs == 'true'
+        if: >
          github.event_name == 'push' ||
          (github.event_name == 'workflow_dispatch' && inputs.commit_generated_docs == 'true')
        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: "docs: regenerate environment documentation"
@@ -0,0 +1,14 @@
 # Automation
 This section describes automation systems associated with this environment.
 Current state:
 - CI documentation generation in GitHub Actions.
 - Static parsing and rendering from repository configuration.
 - No live service interaction during documentation generation.
 Future content can document:
 - Docker update automation.
 - Node-RED automation flows and operational patterns.
@@ -0,0 +1,4 @@
 digraph Compose {
  rankdir=LR;
  node [fontname=Helvetica];
 }
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="640" height="80"><text x="10" y="40">Graphviz dot not found in environment.</text></svg>
@@ -0,0 +1,13 @@
 # Docker Environment
 This environment is orchestrated from central Docker Compose definitions committed in this repository.
 Compose source files are rendered into a resolved configuration during docs generation, then summarized into generated markdown and diagrams.
 Generated outputs:
 - [Compose Inventory](generated/compose-inventory.md)
 - [Resolved Compose Config](generated/docker-compose.resolved.yml)
 - [Docker Compose Diagram](diagrams/docker-compose.svg)
 Generated documentation is produced by CI from repository files only. Documentation generation does not start containers.
@@ -0,0 +1,24 @@
 default-network.yml
 apps/gitea/docker-compose.yml
 apps/gramps/docker-compose.yml
 apps/nextcloud/docker-compose.yml
 apps/passbolt/docker-compose.yml
 apps/searxng/docker-compose.yml
 core/authelia/docker-compose.yml
 core/crowdsec/docker-compose.yml
 core/error-pages/docker-compose.yml
 core/test/docker-compose.yml
 core/traefik/docker-compose.yml
 monitoring/docker-exporter/docker-compose.yml
 monitoring/docker-socket-proxy/docker-compose.yml
 monitoring/gotify/docker-compose.yml
 monitoring/grafana/docker-compose.yml
 monitoring/influxdb/docker-compose.yml
 monitoring/mtls-bridge/docker-compose.yml
 monitoring/node-exporter/docker-compose.yml
 monitoring/node-red/docker-compose.yml
 monitoring/pihole-exporter/docker-compose.yml
 monitoring/portainer/docker-compose.yml
 monitoring/prometheus/docker-compose.yml
 monitoring/telegraf/docker-compose.yml
 monitoring/uptime-kuma/docker-compose.yml
@@ -0,0 +1,26 @@
 # Docker Compose Inventory
 Generated: 2026-05-12T22:04:13Z
 ## Summary
 | Item | Count |
 |---|---:|
 | Services | 0 |
 | Networks | 0 |
 | Volumes | 0 |
 ## Services
 | Service | Container | Image | Build | Profiles | Networks | Ports | Restart |
 |---|---|---|---|---|---|---|---|
 ## Networks
 | Network | Driver | External |
 |---|---|---|
 ## Volumes
 | Volume | External |
 |---|---|
@@ -0,0 +1,2 @@
 name: core
 services: {}
@@ -0,0 +1,12 @@
 # Generated Documentation
 This directory contains documentation generated automatically from repository configuration.
 ## Files
 - [Compose file list](compose-files.txt)
 - [Resolved Docker Compose config](docker-compose.resolved.yml)
 - [Compose inventory](compose-inventory.md)
 - [Traefik routes](traefik-routes.md)
 - [Prometheus rules](prometheus-rules.md)
 - [Docker Compose diagram](../diagrams/docker-compose.svg)
@@ -0,0 +1,7 @@
 # Prometheus Rules
 | File | Group | Alert | Expr | For | Labels | Annotations |
 |---|---|---|---|---|---|---|
 | monitoring/prometheus/rules/alerts.yml | system | HostHighCPU | 100 * (1 - avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[2m]))) > 90 | 2m | {'severity': 'warning'} | {'summary': 'High CPU usage on host'} |
 | monitoring/prometheus/rules/alerts.yml | system | ContainerRestarting | increase(container_restart_count[10m]) > 3 | 1m | {'severity': 'warning'} | {'summary': 'Container restarting frequently'} |
 | monitoring/prometheus/rules/alerts.yml | system | AlwaysFiring | vector(1) | 10s | {'severity': 'critical'} | {'summary': 'This alert should always fire'} |
@@ -0,0 +1,3 @@
 # Traefik Routes
 No Traefik routes were detected.
@@ -0,0 +1,30 @@
 # Infrastructure Documentation
 This documentation describes the Docker-based infrastructure, reverse proxy configuration, monitoring stack, automation services, and generated inventory for this environment.
 Some sections are manually written. Other sections are generated automatically by GitHub Actions from the repository configuration.
 ## Sections
 - [Docker Environment](docker.md)
 - [Networking and Reverse Proxy](networking.md)
 - [Monitoring and Alerting](monitoring.md)
 - [Automation](automation.md)
 - [Operations](operations.md)
 - [Public Showcase](showcase.md)
 ## Generated Documentation
 - [Compose Inventory](generated/compose-inventory.md)
 - [Traefik Routes](generated/traefik-routes.md)
 - [Prometheus Rules](generated/prometheus-rules.md)
 - [Resolved Compose Config](generated/docker-compose.resolved.yml)
 - [Docker Compose Diagram](diagrams/docker-compose.svg)
 ## Public-safe Output
 Sanitized documentation intended for public sharing is generated under:
 ```text
 docs/public/
 ```
@@ -0,0 +1,11 @@
 # Monitoring and Alerting
 Monitoring documentation is generated from static rule files committed in this repository.
 - Prometheus rule files are parsed statically.
 - Live Prometheus APIs are not queried.
 - Future improvements can include Grafana dashboard and alert contact-point summaries.
 Generated asset:
 - [Prometheus Rules](generated/prometheus-rules.md)
@@ -0,0 +1,12 @@
 # Networking and Reverse Proxy
 Networking and reverse-proxy documentation is generated from Docker Compose metadata.
 - Traefik labels are parsed statically from Compose definitions.
 - Service-to-network relationships are represented in generated diagrams.
 - Sensitive internal values are redacted in public-facing output.
 Related generated assets:
 - [Traefik Routes](generated/traefik-routes.md)
 - [Docker Compose Diagram](diagrams/docker-compose.svg)
@@ -0,0 +1,30 @@
 # Operations
 ## Local docs generation
 ```bash
 chmod +x scripts/docs/*.sh
 scripts/docs/generate-all.sh
 ```
 ## Inspect generated changes
 ```bash
 git status -- docs/generated docs/diagrams docs/public
 ```
 ## GitHub Actions artifacts
 Use the **Generate documentation** workflow run and download the `generated-documentation` artifact from the run summary.
 ## Commit behavior
 - Pull requests generate docs and upload artifacts only.
 - Pushes to `main` generate docs, upload artifacts, and commit generated docs when changes exist.
 - Manual workflow runs can commit generated docs when enabled through workflow input.
 ## Troubleshooting
 - Confirm required tooling (`python3`, `jq`, `graphviz`, `docker compose`) is available.
 - Re-run generation after documentation script changes.
 - Review `docs/public` output for redaction coverage before sharing.
@@ -0,0 +1,26 @@
 # Docker Compose Inventory
 Generated: 2026-05-12T22:04:13Z
 ## Summary
 | Item | Count |
 |---|---:|
 | Services | 0 |
 | Networks | 0 |
 | Volumes | 0 |
 ## Services
 | Service | Container | Image | Build | Profiles | Networks | Ports | Restart |
 |---|---|---|---|---|---|---|---|
 ## Networks
 | Network | Driver | External |
 |---|---|---|
 ## Volumes
 | Volume | External |
 |---|---|
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="640" height="80"><text x="10" y="40">Graphviz dot not found in environment.</text></svg>
@@ -0,0 +1,12 @@
 # Public Infrastructure Summary
 This folder contains sanitized documentation generated from the infrastructure repository.
 Sensitive values such as internal domain names, private IP addresses, tokens, passwords, and secrets are redacted.
 ## Documents
 - [Compose Inventory](compose-inventory.md)
 - [Traefik Routes](traefik-routes.md)
 - [Prometheus Rules](prometheus-rules.md)
 - [Docker Compose Diagram](docker-compose.svg)
@@ -0,0 +1,7 @@
 # Prometheus Rules
 | File | Group | Alert | Expr | For | Labels | Annotations |
 |---|---|---|---|---|---|---|
 | monitoring/prometheus/rules/alerts.yml | system | HostHighCPU | 100 * (1 - avg by(instance) (rate(node_cpu_seconds_total{mode="idle"}[2m]))) > 90 | 2m | {'severity': 'warning'} | {'summary': 'High CPU usage on host'} |
 | monitoring/prometheus/rules/alerts.yml | system | ContainerRestarting | increase(container_restart_count[10m]) > 3 | 1m | {'severity': 'warning'} | {'summary': 'Container restarting frequently'} |
 | monitoring/prometheus/rules/alerts.yml | system | AlwaysFiring | vector(1) | 10s | {'severity': 'critical'} | {'summary': 'This alert should always fire'} |
@@ -0,0 +1,3 @@
 # Traefik Routes
 No Traefik routes were detected.
@@ -0,0 +1,14 @@
 # Public Showcase
 This environment showcases practical infrastructure operations with a documentation-first approach.
 Highlights:
 - Container orchestration with Docker Compose.
 - Reverse proxy routing and TLS-focused service exposure patterns.
 - Monitoring and alerting configuration via version-controlled rules.
 - Documentation automation through CI.
 - Generated architecture diagrams to aid operational understanding.
 - Sanitized public documentation for safe sharing.
 This page intentionally avoids private hostnames, internal-only URLs, credentials, and secret values.
@@ -0,0 +1,20 @@
 site_name: Infrastructure Documentation
 site_description: Generated and maintained infrastructure documentation
 repo_url: https://github.com/beatz174-bit/docker
 docs_dir: docs
 nav:
  - Home: index.md
  - Docker Environment: docker.md
  - Networking: networking.md
  - Monitoring: monitoring.md
  - Automation: automation.md
  - Operations: operations.md
  - Public Showcase: showcase.md
  - Generated:
      - Compose Inventory: generated/compose-inventory.md
      - Traefik Routes: generated/traefik-routes.md
      - Prometheus Rules: generated/prometheus-rules.md
 theme:
  name: mkdocs
@@ -7,5 +7,6 @@ scripts/docs/render-compose-config.sh
 python3 scripts/docs/generate-compose-inventory.py docs/generated/docker-compose.resolved.yml docs/generated/compose-inventory.md
 python3 scripts/docs/generate-traefik-routes.py docs/generated/docker-compose.resolved.yml docs/generated/traefik-routes.md
 python3 scripts/docs/generate-prometheus-rules.py docs/generated/prometheus-rules.md
 python3 scripts/docs/generate-docs-index.py docs/generated/index.md
 python3 scripts/docs/generate-diagrams.py docs/generated/docker-compose.resolved.yml docs/diagrams/docker-compose.dot docs/diagrams/docker-compose.svg
 python3 scripts/docs/sanitize-public-docs.py docs/generated docs/diagrams docs/public
@@ -0,0 +1,21 @@
 #!/usr/bin/env python3
 from pathlib import Path
 import sys
 out = Path(sys.argv[1])
 out.parent.mkdir(parents=True, exist_ok=True)
 out.write_text(
    """# Generated Documentation
 This directory contains documentation generated automatically from repository configuration.
 ## Files
 - [Compose file list](compose-files.txt)
 - [Resolved Docker Compose config](docker-compose.resolved.yml)
 - [Compose inventory](compose-inventory.md)
 - [Traefik routes](traefik-routes.md)
 - [Prometheus rules](prometheus-rules.md)
 - [Docker Compose diagram](../diagrams/docker-compose.svg)
 """
 )
@@ -1,18 +1,46 @@
 #!/usr/bin/env python3
-import sys,re,shutil
+import re
 import sys
 from pathlib import Path
-srcg,srcd,out=sys.argv[1],sys.argv[2],sys.argv[3]
+
-outp=Path(out)
+src_generated = Path(sys.argv[1])
-outp.mkdir(parents=True,exist_ok=True)
+src_diagrams = Path(sys.argv[2])
-for src in [Path(srcg),Path(srcd)]:
+out_dir = Path(sys.argv[3])
-    for f in src.rglob('*'):
+out_dir.mkdir(parents=True, exist_ok=True)
-        if not f.is_file(): continue
+
-        rel=f.relative_to(src)
+
-        dest=outp/src.name/rel
+def sanitize_text(content: str) -> str:
-        dest.parent.mkdir(parents=True,exist_ok=True)
+    content = re.sub(r'\b[a-zA-Z0-9.-]+\.lan\.ddnsgeek\.com\b', '<internal-domain>', content)
-        txt=f.read_text(errors='ignore')
+    content = re.sub(
-        txt=re.sub(r'\b[a-zA-Z0-9.-]+\.lan\.ddnsgeek\.com\b','<internal-domain>',txt)
+        r'\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3})\b',
-        txt=re.sub(r'\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3})\b','<private-ip>',txt)
+        '<private-ip>',
-        txt=re.sub(r'(?i)\b(password|token|api_key|secret)\s*[:=]\s*[^\s\n]+',r'\1=<redacted>',txt)
+        content,
-        txt=re.sub(r'(?m)^([A-Z0-9_]*(?:PASSWORD|TOKEN|API_KEY|SECRET)[A-Z0-9_]*)\s*[:=]\s*.*$',r'\1=<redacted>',txt)
+    )
-        dest.write_text(txt)
+    content = re.sub(r'(?i)\b(password|token|api[_-]?key|secret)\s*[:=]\s*[^\s\n]+', r'\1=<redacted>', content)
    content = re.sub(r'(?m)^([A-Z0-9_]*(?:PASSWORD|TOKEN|API_KEY|SECRET)[A-Z0-9_]*)\s*[:=]\s*.*$', r'\1=<redacted>', content)
    return content
 for name in ['compose-inventory.md', 'traefik-routes.md', 'prometheus-rules.md']:
    src = src_generated / name
    if src.exists():
        (out_dir / name).write_text(sanitize_text(src.read_text(errors='ignore')))
 svg_src = src_diagrams / 'docker-compose.svg'
 if svg_src.exists():
    (out_dir / 'docker-compose.svg').write_text(sanitize_text(svg_src.read_text(errors='ignore')))
 (out_dir / 'index.md').write_text(
    """# Public Infrastructure Summary
 This folder contains sanitized documentation generated from the infrastructure repository.
 Sensitive values such as internal domain names, private IP addresses, tokens, passwords, and secrets are redacted.
 ## Documents
 - [Compose Inventory](compose-inventory.md)
 - [Traefik Routes](traefik-routes.md)
 - [Prometheus Rules](prometheus-rules.md)
 - [Docker Compose Diagram](docker-compose.svg)
 """
 )
		`@@ -0,0 +1 @@`
							`<svg xmlns="http://www.w3.org/2000/svg" width="640" height="80"><text x="10" y="40">Graphviz dot not found in environment.</text></svg>`
		`@@ -0,0 +1,3 @@`
							`# Traefik Routes`

							`No Traefik routes were detected.`