admin/jd-book-uploader-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feature/clean-public-urls
jd-book-uploader-backend/.gitea/workflows/README.md
ianshaloom 528ae0072e fix: correct heading in Gitea workflow documentation 
- Updated the heading from "Related Documentation" to "Related Documentations" for consistency in the .gitea/workflows/README.md file.
2025-11-21 14:56:04 +03:00

169 lines
4.8 KiB
Markdown
Raw Permalink Blame History

# Gitea Workflows
This directory contains Gitea Actions workflows for CI/CD.
## Workflows
### `build.yml` - Build Application Image
Builds the application image using Cloud Native Buildpacks.
**Triggers:**
- Push to `main`, `production`, or `develop` branches
- Pull requests to `main` or `production`
- Manual workflow dispatch
**Outputs:**
- Docker image (tagged and optionally pushed to registry)
- Image artifact (if no registry configured)
### `deploy.yml` - Deploy to Production
Deploys the built image to production server.
**Triggers:**
- After successful `build.yml` workflow completion
- Manual workflow dispatch (with image tag input)
**Process:**
- Downloads image artifact or pulls from registry
- Transfers deployment files to production server
- Mounts Firebase credentials securely
- Starts container and verifies health
### `test.yml` - Run Tests
Runs Go tests and linting.
**Triggers:**
- Push to `main` or `develop` branches
- Pull requests to `main` or `develop`
**Jobs:**
- `test` - Runs Go tests with coverage
- `lint` - Runs golangci-lint
#### Triggers
- Push to `main` or `production` branches (when `backend/**` files change)
- Manual workflow dispatch with environment selection
## Workflow Flow
```
Push to main/production
[build.yml] → Builds image → Pushes to registry (optional)
[deploy.yml] → Deploys to production → Verifies health
```
**Manual Deployment:**
1. Run `build.yml` manually (or wait for push)
2. Run `deploy.yml` manually with image tag
#### Required Secrets
Configure these secrets in Gitea repository settings:
**Build Secrets:**
- `FRONTEND_URL` - Frontend application URL
- `DB_HOST` - Database host
- `DB_PORT` - Database port
- `DB_USER` - Database username
- `DB_PASSWORD` - Database password
- `DB_NAME` - Database name
- `FIREBASE_PROJECT_ID` - Firebase project ID
- `FIREBASE_STORAGE_BUCKET` - Firebase storage bucket name
**Deployment Secrets:**
- `DEPLOY_HOST` - Production server hostname/IP
- `DEPLOY_USER` - SSH user for deployment
- `DEPLOY_PATH` - Deployment directory on server
- `SSH_PRIVATE_KEY` - SSH private key for server access
- `SSH_KNOWN_HOSTS` - SSH known hosts entry
- `FIREBASE_CREDENTIALS_FILE_PATH` - Path to Firebase credentials file on server
- `PORT` - Application port (default: 8080)
**Optional Secrets:**
- `REGISTRY_URL` - Container registry URL (if using registry)
- `REGISTRY_USERNAME` - Registry username
- `REGISTRY_PASSWORD` - Registry password
- `NOTIFICATION_WEBHOOK` - Webhook URL for deployment notifications
#### Security Considerations
1. **Firebase Credentials:**
- Credentials are **NOT** included in the build
- Credentials are mounted at runtime on the production server
- File must exist on production server at path specified in `FIREBASE_CREDENTIALS_FILE_PATH`
- Mounted with read-only and SELinux shared context (`:ro,z`)
2. **Database Credentials:**
- Stored as Gitea secrets
- Passed as environment variables at runtime
- Never committed to repository
3. **SSH Access:**
- Uses SSH key authentication
- Private key stored as Gitea secret
- Known hosts verified
#### Deployment Process
1. **Build Phase:**
- Checks out code
- Sets up Docker and Pack CLI
- Configures Docker socket (handles rootless Docker)
- Builds image using Pack with `--docker-host` flag
- Tags and optionally pushes to registry
2. **Deploy Phase:**
- Transfers deployment files to production server
- Transfers image (if not using registry)
- Creates `.env.production` on server
- Runs deployment script that:
- Stops existing container
- Mounts Firebase credentials (read-only)
- Starts new container
- Verifies deployment with health check
- Rolls back on failure
#### Manual Deployment
To trigger manual deployment:
1. Go to Gitea repository → Actions → Workflows
2. Select "Production Deployment"
3. Click "Run workflow"
4. Select environment (production/staging)
5. Click "Run workflow"
#### Troubleshooting
**Build fails with Docker permission error:**
- Ensure Docker socket is accessible
- Check `PACK_DOCKER_HOST` is set correctly
- Verify `--docker-host` flag is being passed to pack
**Deployment fails with Firebase credentials error:**
- Verify credentials file exists on server at specified path
- Check file permissions: `chmod 644 firebase-credentials.json`
- Ensure SELinux allows access (use `:z` flag in mount)
**SSH connection fails:**
- Verify SSH key is correct
- Check known hosts entry
- Ensure user has access to deployment directory
**Health check fails:**
- Check container logs: `podman logs jd-book-uploader`
- Verify port is accessible
- Check firewall rules
## Related Documentations
- `../../deployment/docs/pack-docker-permissions-fix.md` - Pack Docker permissions fix
- `../../deployment/docs/secrets-management.md` - Secrets management guide
Reference in New Issue View Git Blame Copy Permalink