admin/jd-book-uploader-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: scp dotfile bug, remote mkdir, registry auth, SSH -T flag

Browse Source
This commit is contained in:
admin
2026-03-04 20:31:20 +00:00
parent 9d0240bf3f
commit 8765608603
1 changed files with 31 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
.gitea/workflows/deploy.yml
View File

@@ -26,7 +26,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
environment: production environment: production
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -53,7 +53,7 @@ jobs:
- name: Prepare deployment files - name: Prepare deployment files
run: | run: |
mkdir -p deployment/tmp mkdir -p deployment/tmp
# Create .env.production # Create .env.production
cat > deployment/tmp/.env.production << EOF cat > deployment/tmp/.env.production << EOF
PORT=${{ secrets.PORT || '8080' }} PORT=${{ secrets.PORT || '8080' }}
@@ -67,38 +67,38 @@ jobs:
FIREBASE_STORAGE_BUCKET=${{ secrets.FIREBASE_STORAGE_BUCKET }} FIREBASE_STORAGE_BUCKET=${{ secrets.FIREBASE_STORAGE_BUCKET }}
FIREBASE_CREDENTIALS_FILE=${{ secrets.FIREBASE_CREDENTIALS_FILE_PATH || './firebase-credentials.json' }} FIREBASE_CREDENTIALS_FILE=${{ secrets.FIREBASE_CREDENTIALS_FILE_PATH || './firebase-credentials.json' }}
EOF EOF
# Create deployment script # Create deployment script
cat > deployment/tmp/deploy.sh << 'DEPLOY_SCRIPT' cat > deployment/tmp/deploy.sh << 'DEPLOY_SCRIPT'
#!/bin/bash #!/bin/bash
set -e set -e
IMAGE_NAME="${{ env.IMAGE_NAME }}" IMAGE_NAME="${{ env.IMAGE_NAME }}"
IMAGE_TAG="${{ env.IMAGE_TAG }}" IMAGE_TAG="${{ env.IMAGE_TAG }}"
CONTAINER_NAME="jd-book-uploader" CONTAINER_NAME="jd-book-uploader"
set -a set -a
source .env.production source .env.production
set +a set +a
# Stop existing container # Stop existing container
if podman ps -a --format "{{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then if podman ps -a --format "{{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then
podman stop "${CONTAINER_NAME}" 2>/dev/null || true podman stop "${CONTAINER_NAME}" 2>/dev/null || true
podman rm "${CONTAINER_NAME}" 2>/dev/null || true podman rm "${CONTAINER_NAME}" 2>/dev/null || true
fi fi
# Load image if artifact provided # Load image if artifact provided
if [ -f image.tar ]; then if [ -f image.tar ]; then
podman load -i image.tar podman load -i image.tar
rm -f image.tar rm -f image.tar
fi fi
# Pull from registry if configured # Pull from registry if configured
if [ -n "${{ env.REGISTRY }}" ]; then if [ -n "${{ env.REGISTRY }}" ]; then
podman pull "${{ env.REGISTRY }}/${IMAGE_NAME}:${IMAGE_TAG}" podman pull --tls-verify=false "${{ env.REGISTRY }}/${IMAGE_NAME}:${IMAGE_TAG}"
podman tag "${{ env.REGISTRY }}/${IMAGE_NAME}:${IMAGE_TAG}" "${IMAGE_NAME}:${IMAGE_TAG}" podman tag "${{ env.REGISTRY }}/${IMAGE_NAME}:${IMAGE_TAG}" "${IMAGE_NAME}:${IMAGE_TAG}"
fi fi
# Build run command # Build run command
PODMAN_CMD=( PODMAN_CMD=(
podman run -d podman run -d
@@ -107,7 +107,7 @@ jobs:
--user root --user root
--restart=unless-stopped --restart=unless-stopped
) )
# Add environment variables # Add environment variables
while IFS='=' read -r key value; do while IFS='=' read -r key value; do
[[ "$key" =~ ^#.*$ ]] && continue [[ "$key" =~ ^#.*$ ]] && continue
@@ -117,19 +117,19 @@ jobs:
PODMAN_CMD+=(-e "${key}=${value}") PODMAN_CMD+=(-e "${key}=${value}")
fi fi
done < .env.production done < .env.production
# Mount Firebase credentials # Mount Firebase credentials
FIREBASE_CREDS="${FIREBASE_CREDENTIALS_FILE}" FIREBASE_CREDS="${FIREBASE_CREDENTIALS_FILE}"
if [ -f "$FIREBASE_CREDS" ]; then if [ -f "$FIREBASE_CREDS" ]; then
PODMAN_CMD+=(-v "${FIREBASE_CREDS}:/app/firebase-credentials.json:ro,z") PODMAN_CMD+=(-v "${FIREBASE_CREDS}:/app/firebase-credentials.json:ro,z")
PODMAN_CMD+=(-e "FIREBASE_CREDENTIALS_FILE=/app/firebase-credentials.json") PODMAN_CMD+=(-e "FIREBASE_CREDENTIALS_FILE=/app/firebase-credentials.json")
fi fi
PODMAN_CMD+=("${IMAGE_NAME}:${IMAGE_TAG}") PODMAN_CMD+=("${IMAGE_NAME}:${IMAGE_TAG}")
"${PODMAN_CMD[@]}" "${PODMAN_CMD[@]}"
sleep 3 sleep 3
if podman ps --format "{{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then if podman ps --format "{{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then
echo "✓ Container started" echo "✓ Container started"
podman logs "${CONTAINER_NAME}" --tail 20 podman logs "${CONTAINER_NAME}" --tail 20
@@ -139,32 +139,40 @@ jobs:
exit 1 exit 1
fi fi
DEPLOY_SCRIPT DEPLOY_SCRIPT
chmod +x deployment/tmp/deploy.sh chmod +x deployment/tmp/deploy.sh
- name: Transfer files - name: Transfer files
run: | run: |
scp -r deployment/tmp/* ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/deployment/ # Ensure remote deployment directory exists
ssh ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} "mkdir -p ${{ secrets.DEPLOY_PATH }}/deployment"
# Copy files explicitly — glob (*) skips dotfiles like .env.production
scp deployment/tmp/deploy.sh ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/deployment/
scp deployment/tmp/.env.production ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/deployment/
if [ -f image.tar ]; then if [ -f image.tar ]; then
scp image.tar ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/image.tar scp image.tar ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/image.tar
fi fi
- name: Deploy - name: Deploy
run: | run: |
ssh ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} << ENDSSH ssh -T ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} << ENDSSH
set -e set -e
cd ${{ secrets.DEPLOY_PATH }} cd ${{ secrets.DEPLOY_PATH }}
if [ -f image.tar ]; then if [ -f image.tar ]; then
podman load -i image.tar podman load -i image.tar
rm -f image.tar rm -f image.tar
fi fi
if [ ! -f "${{ secrets.FIREBASE_CREDENTIALS_FILE_PATH || './firebase-credentials.json' }}" ]; then if [ ! -f "${{ secrets.FIREBASE_CREDENTIALS_FILE_PATH || './firebase-credentials.json' }}" ]; then
echo "Error: Firebase credentials not found" echo "Error: Firebase credentials not found"
exit 1 exit 1
fi fi
if [ -n "${{ env.REGISTRY }}" ]; then
echo "${{ secrets.REGISTRY_PASSWORD }}" | podman login "${{ env.REGISTRY }}" -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin --tls-verify=false
fi
cd deployment cd deployment
./deploy.sh ./deploy.sh
ENDSSH ENDSSH
@@ -173,7 +181,7 @@ jobs:
run: | run: |
sleep 5 sleep 5
HEALTH_URL="http://${{ secrets.DEPLOY_HOST }}:${{ secrets.PORT || '8080' }}/api/health" HEALTH_URL="http://${{ secrets.DEPLOY_HOST }}:${{ secrets.PORT || '8080' }}/api/health"
for i in {1..10}; do for i in {1..10}; do
if curl -f -s "$HEALTH_URL" > /dev/null; then if curl -f -s "$HEALTH_URL" > /dev/null; then
echo "✓ Health check passed" echo "✓ Health check passed"
@@ -182,7 +190,6 @@ jobs:
fi fi
sleep 3 sleep 3
done done
echo "✗ Health check failed" echo "✗ Health check failed"
exit 1 exit 1