Add Gitea workflows for CI/CD pipeline
This commit is contained in:
188
.gitea/workflows/deploy.yml
Normal file
188
.gitea/workflows/deploy.yml
Normal file
@@ -0,0 +1,188 @@
|
||||
name: Deploy to Production
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["Build Application Image"]
|
||||
types:
|
||||
- completed
|
||||
branches:
|
||||
- main
|
||||
- production
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
image_tag:
|
||||
description: 'Image tag to deploy'
|
||||
required: true
|
||||
default: 'latest'
|
||||
|
||||
env:
|
||||
IMAGE_NAME: jd-book-uploader
|
||||
IMAGE_TAG: ${{ inputs.image_tag || 'latest' }}
|
||||
REGISTRY: ${{ secrets.REGISTRY_URL || '' }}
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy to Production
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
|
||||
environment: production
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up SSH
|
||||
uses: webfactory/ssh-agent@v0.9.0
|
||||
with:
|
||||
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
|
||||
- name: Configure SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
|
||||
chmod 600 ~/.ssh/known_hosts
|
||||
|
||||
- name: Download image artifact
|
||||
if: env.REGISTRY == ''
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: docker-image
|
||||
workflow: build.yml
|
||||
run-id: ${{ github.event.workflow_run.id }}
|
||||
|
||||
- name: Prepare deployment files
|
||||
run: |
|
||||
mkdir -p deployment/tmp
|
||||
|
||||
# Create .env.production
|
||||
cat > deployment/tmp/.env.production << EOF
|
||||
PORT=${{ secrets.PORT || '8080' }}
|
||||
FRONTEND_URL=${{ secrets.FRONTEND_URL }}
|
||||
DB_HOST=${{ secrets.DB_HOST }}
|
||||
DB_PORT=${{ secrets.DB_PORT }}
|
||||
DB_USER=${{ secrets.DB_USER }}
|
||||
DB_PASSWORD=${{ secrets.DB_PASSWORD }}
|
||||
DB_NAME=${{ secrets.DB_NAME }}
|
||||
FIREBASE_PROJECT_ID=${{ secrets.FIREBASE_PROJECT_ID }}
|
||||
FIREBASE_STORAGE_BUCKET=${{ secrets.FIREBASE_STORAGE_BUCKET }}
|
||||
FIREBASE_CREDENTIALS_FILE=${{ secrets.FIREBASE_CREDENTIALS_FILE_PATH || './firebase-credentials.json' }}
|
||||
EOF
|
||||
|
||||
# Create deployment script
|
||||
cat > deployment/tmp/deploy.sh << 'DEPLOY_SCRIPT'
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
||||
IMAGE_TAG="${{ env.IMAGE_TAG }}"
|
||||
CONTAINER_NAME="jd-book-uploader"
|
||||
|
||||
set -a
|
||||
source .env.production
|
||||
set +a
|
||||
|
||||
# Stop existing container
|
||||
if podman ps -a --format "{{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then
|
||||
podman stop "${CONTAINER_NAME}" 2>/dev/null || true
|
||||
podman rm "${CONTAINER_NAME}" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Load image if artifact provided
|
||||
if [ -f image.tar ]; then
|
||||
podman load -i image.tar
|
||||
rm -f image.tar
|
||||
fi
|
||||
|
||||
# Pull from registry if configured
|
||||
if [ -n "${{ env.REGISTRY }}" ]; then
|
||||
podman pull "${{ env.REGISTRY }}/${IMAGE_NAME}:${IMAGE_TAG}"
|
||||
podman tag "${{ env.REGISTRY }}/${IMAGE_NAME}:${IMAGE_TAG}" "${IMAGE_NAME}:${IMAGE_TAG}"
|
||||
fi
|
||||
|
||||
# Build run command
|
||||
PODMAN_CMD=(
|
||||
podman run -d
|
||||
--name "${CONTAINER_NAME}"
|
||||
--network=host
|
||||
--user root
|
||||
--restart=unless-stopped
|
||||
)
|
||||
|
||||
# Add environment variables
|
||||
while IFS='=' read -r key value; do
|
||||
[[ "$key" =~ ^#.*$ ]] && continue
|
||||
[[ -z "$key" ]] && continue
|
||||
value=$(echo "$value" | sed -e 's/^"//' -e 's/"$//' -e "s/^'//" -e "s/'$//")
|
||||
if [ "$key" != "FIREBASE_CREDENTIALS_FILE" ]; then
|
||||
PODMAN_CMD+=(-e "${key}=${value}")
|
||||
fi
|
||||
done < .env.production
|
||||
|
||||
# Mount Firebase credentials
|
||||
FIREBASE_CREDS="${FIREBASE_CREDENTIALS_FILE}"
|
||||
if [ -f "$FIREBASE_CREDS" ]; then
|
||||
PODMAN_CMD+=(-v "${FIREBASE_CREDS}:/app/firebase-credentials.json:ro,z")
|
||||
PODMAN_CMD+=(-e "FIREBASE_CREDENTIALS_FILE=/app/firebase-credentials.json")
|
||||
fi
|
||||
|
||||
PODMAN_CMD+=("${IMAGE_NAME}:${IMAGE_TAG}")
|
||||
|
||||
"${PODMAN_CMD[@]}"
|
||||
sleep 3
|
||||
|
||||
if podman ps --format "{{.Names}}" | grep -q "^${CONTAINER_NAME}$"; then
|
||||
echo "✓ Container started"
|
||||
podman logs "${CONTAINER_NAME}" --tail 20
|
||||
else
|
||||
echo "✗ Container failed"
|
||||
podman logs "${CONTAINER_NAME}" --tail 50
|
||||
exit 1
|
||||
fi
|
||||
DEPLOY_SCRIPT
|
||||
|
||||
chmod +x deployment/tmp/deploy.sh
|
||||
|
||||
- name: Transfer files
|
||||
run: |
|
||||
scp -r deployment/tmp/* ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/deployment/
|
||||
if [ -f image.tar ]; then
|
||||
scp image.tar ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ secrets.DEPLOY_PATH }}/image.tar
|
||||
fi
|
||||
|
||||
- name: Deploy
|
||||
run: |
|
||||
ssh ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} << ENDSSH
|
||||
set -e
|
||||
cd ${{ secrets.DEPLOY_PATH }}
|
||||
|
||||
if [ -f image.tar ]; then
|
||||
podman load -i image.tar
|
||||
rm -f image.tar
|
||||
fi
|
||||
|
||||
if [ ! -f "${{ secrets.FIREBASE_CREDENTIALS_FILE_PATH || './firebase-credentials.json' }}" ]; then
|
||||
echo "Error: Firebase credentials not found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd deployment
|
||||
./deploy.sh
|
||||
ENDSSH
|
||||
|
||||
- name: Verify deployment
|
||||
run: |
|
||||
sleep 5
|
||||
HEALTH_URL="http://${{ secrets.DEPLOY_HOST }}:${{ secrets.PORT || '8080' }}/api/health"
|
||||
|
||||
for i in {1..10}; do
|
||||
if curl -f -s "$HEALTH_URL" > /dev/null; then
|
||||
echo "✓ Health check passed"
|
||||
curl -s "$HEALTH_URL" | jq .
|
||||
exit 0
|
||||
fi
|
||||
sleep 3
|
||||
done
|
||||
|
||||
echo "✗ Health check failed"
|
||||
exit 1
|
||||
|
||||
Reference in New Issue
Block a user