decidim · davidbeig · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025
diff --git a/.github/workflows/build_install_folder.yml b/.github/workflows/build_install_folder.yml
@@ -0,0 +1,24 @@
+name: Build Deployment Zip
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Create deployment ZIP
+        run: |
+          zip -r deploy_bundle.zip \
+            install/ \
+
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: deploy_bundle.zip
diff --git a/README.md b/README.md
@@ -101,3 +101,69 @@ sudo chown -R $(whoami): ${APP_NAME}
 ```
 
 From here on you can follow the steps on the [Getting Started](https://docs.decidim.org/en/install/) guide.
+
+## Using a production deploy script
+
+We've been working on a script that you can use to have a fully functional, production-ready decidim instance.
+
+```bash
+curl -fsSL https://decidim.org/install | bash
+```
+
+It will install the necessary tools to make decidim work on your server.
+
+- Docker
+- unzip
+- UFW
+
+The application will be hosted in the `/opt/decidim` directory by default, even though you can change it with `REPOSITORY_PATH` environment variable.
+
+## App - Main Decidim Web Application
+The app itself will be the container with the base image you decide (By default is the latest Decidim version: `decidim/decidim:latest`). You can change it with the `DECIDIM_IMAGE` environment variable.
+
+This is the front-end web process users access in the browser.
+
+## Worker
+The worker will be the one responsible for all the background jobs that the application needs to run.
+
+## Cache
+The app needs a cache server. This will be a `redis:8-alpine` instance. This cache will be used both by the app and the worker.
+
+## Database
+
+The application needs a database to run. Through the installation process you will be asked if you have an already working database, if not, you will have a postgres container with all the schema and migrations run (It will be a `postgres:17-alpine`)
+
+## Configuration
+
+To configure the application you will have to answer some questions that will, at the end, generate a `.env` file. 
+
+### Environment Variables Reference
+
+To see the full list of Decidim Environment Variables, and that you can add to your generated `.env` file, you can take a look at the official [documentation](https://docs.decidim.org/en/develop/configure/environment_variables)
+
+| Variable | Default | Used In | Description |
+|----------|---------|---------|-------------|
+| **BUNDLE_GEMFILE** | `Gemfile.wrapper` | app, worker | Selects which Gemfile the container should use. |
+| **DECIDIM_IMAGE** | `decidim/decidim:latest` | app, worker | Overrides the Decidim Docker image version. |
+| **DECIDIM_DOMAIN** | — | app, traefik | Domain for HTTPS routing and URL generation. |
+| **SECRET_KEY_BASE** | — | app, worker | Rails secret key used for sessions and cookies. |
+| **DATABASE_NAME** | `decidim` | db | PostgreSQL database name. |
+| **DATABASE_USER** | `decidim` | db | PostgreSQL username. |
+| **DATABASE_HOST** | `db` | app, worker | Hostname of your PostgreSQL instance. |
+| **DATABASE_PASSWORD** | `decidim` | db | PostgreSQL user password. |
+| **DATABASE_URL** | — | app, worker | Full PostgreSQL connection URL (overrides other DB vars). |
+| **SMTP_USERNAME** | — | app, worker | Username for SMTP authentication. |
+| **SMTP_PASSWORD** | — | app, worker | Password for SMTP authentication. |
+| **SMTP_ADDRESS** | — | app, worker | SMTP server hostname. |
+| **SMTP_DOMAIN** | — | app, worker | SMTP domain. |
+| **SMTP_PORT** | — | app, worker | SMTP port. |
+| **SMTP_STARTTLS_AUTO** | `true` | app | Enables STARTTLS automatically. |
+| **REDIS_URL** | `redis://decidim_cache:6379/0` | app | Redis URL for cache + sessions. |
+| **VAPID_PUBLIC_KEY** | — | app | Web Push public key for browser notifications. |
+| **VAPID_PRIVATE_KEY** | — | app | Web Push private key (keep secret). |
+| **CERTIFICATE_EMAIL** | — | traefik | Email used by Let's Encrypt for certificate issues/renewals. |
+| **WEB_CONCURRENCY** | `2` | app | Puma concurrency setting. |
+| **LOG_LEVEL** | `info` | app | Log level for Rails. |
+| **DECIDIM_FORCE_SSL** | `false` | app | Enforce HTTPS-only traffic. |
+| **MAPS_API_KEY** | — | app | API key for maps provider. |
+| **MAPS_PROVIDER** | `here` | app | Selects map provider (here, mapbox, google, etc). |