JoeKung/print-calculator
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
04cbf00a2d32dc88df5f96d64d8a5008556c3f37
print-calculator/.gitea/workflows/cicd.yaml
Joe Küng 04cbf00a2d
All checks were successful
Build, Test, Deploy and Analysis / build-and-push (push) Successful in 18s
Details
Build, Test, Deploy and Analysis / test-backend (push) Successful in 38s
Details
Build, Test, Deploy and Analysis / deploy (push) Successful in 10s
Details
Build, Test, Deploy and Analysis / qodana (push) Has been skipped
Details
Merge branch 'main' into dev 
# Conflicts:
#	.gitea/workflows/cicd.yaml
2026-03-03 12:35:11 +01:00

225 lines
7.7 KiB
YAML
Raw Blame History

name: Build, Test, Deploy and Analysis
on:
push:
branches: [main, int, dev]
pull_request:
branches: [main, int, dev]
workflow_dispatch:
concurrency:
group: print-calculator-${{ gitea.ref }}
cancel-in-progress: true
jobs:
# --- JOB DI ANALISI (In parallelo) ---
qodana:
if: ${{ gitea.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fondamentale per Qodana per analizzare la storia
- name: Prepare Qodana directories
shell: bash
run: |
mkdir -p .qodana/caches .qodana/results
- name: 'Qodana Scan'
uses: JetBrains/qodana-action@v2025.3
env:
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
with:
cache-dir: .qodana/caches
results-dir: .qodana/results
args: -i,backend
# In Gitea, pr-mode funziona se il runner ha accesso ai dati del clone
pr-mode: ${{ gitea.event_name == 'pull_request' }}
use-caches: false
# Nota: Gitea ha un supporto limitato per i commenti automatici
# rispetto a GitHub, ma l'analisi verrà eseguita correttamente.
post-pr-comment: false
use-annotations: true
test-backend:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
- name: Run Tests with Gradle
run: |
cd backend
chmod +x gradlew
./gradlew test
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set TAG + OWNER lowercase
shell: bash
run: |
if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
echo "TAG=prod" >> "$GITHUB_ENV"
elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
echo "TAG=int" >> "$GITHUB_ENV"
else
echo "TAG=dev" >> "$GITHUB_ENV"
fi
echo "OWNER_LOWER=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
- name: Ensure docker CLI exists
shell: bash
run: |
if ! command -v docker >/dev/null 2>&1; then
apt-get update
apt-get install -y --no-install-recommends docker.io
fi
docker version
- name: Login to Gitea Registry
shell: bash
run: |
set -euo pipefail
printf '%s' "${{ secrets.REGISTRY_TOKEN }}" | docker login "${{ secrets.REGISTRY_URL }}" \
-u "${{ secrets.REGISTRY_USER }}" --password-stdin
- name: Build & Push Backend
shell: bash
run: |
BACKEND_IMAGE="${{ secrets.REGISTRY_URL }}/${{ env.OWNER_LOWER }}/print-calculator-backend:${{ env.TAG }}"
docker build -t "$BACKEND_IMAGE" ./backend
docker push "$BACKEND_IMAGE"
- name: Build & Push Frontend
shell: bash
run: |
FRONTEND_IMAGE="${{ secrets.REGISTRY_URL }}/${{ env.OWNER_LOWER }}/print-calculator-frontend:${{ env.TAG }}"
docker build -t "$FRONTEND_IMAGE" ./frontend
docker push "$FRONTEND_IMAGE"
deploy:
needs: build-and-push
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set ENV
shell: bash
run: |
if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
echo "ENV=prod" >> "$GITHUB_ENV"
elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
echo "ENV=int" >> "$GITHUB_ENV"
else
echo "ENV=dev" >> "$GITHUB_ENV"
fi
- name: Setup SSH key
shell: bash
run: |
set -euo pipefail
apt-get update
apt-get install -y --no-install-recommends openssh-client
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# 1) Prende il secret base64 e rimuove spazi/newline/CR
printf '%s' "${{ secrets.SSH_PRIVATE_KEY_B64 }}" | tr -d '\r\n\t ' > /tmp/key.b64
# 2) (debug sicuro) stampa solo la lunghezza della base64
echo "b64_len=$(wc -c < /tmp/key.b64)"
# 3) Decodifica in chiave privata
base64 -d /tmp/key.b64 > ~/.ssh/id_ed25519
# 4) Rimuove eventuali CRLF dentro la chiave (se proviene da Windows)
tr -d '\r' < ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.clean
mv ~/.ssh/id_ed25519.clean ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
# 5) Validazione: se fallisce qui, la chiave NON è valida/corrotta
ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null
ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null
- name: Write env and compose to server
shell: bash
run: |
# 1. Recalculate TAG and OWNER_LOWER (jobs don't share ENV)
if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
DEPLOY_TAG="prod"
elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
DEPLOY_TAG="int"
else
DEPLOY_TAG="dev"
fi
DEPLOY_OWNER=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')
# 2. Start with the static env file content
cat "deploy/envs/${{ env.ENV }}.env" > /tmp/full_env.env
# 3. Determine DB credentials
if [[ "${{ env.ENV }}" == "prod" ]]; then
DB_URL="${{ secrets.DB_URL_PROD }}"
DB_USER="${{ secrets.DB_USERNAME_PROD }}"
DB_PASS="${{ secrets.DB_PASSWORD_PROD }}"
elif [[ "${{ env.ENV }}" == "int" ]]; then
DB_URL="${{ secrets.DB_URL_INT }}"
DB_USER="${{ secrets.DB_USERNAME_INT }}"
DB_PASS="${{ secrets.DB_PASSWORD_INT }}"
else
DB_URL="${{ secrets.DB_URL_DEV }}"
DB_USER="${{ secrets.DB_USERNAME_DEV }}"
DB_PASS="${{ secrets.DB_PASSWORD_DEV }}"
fi
# 4. Append DB and Docker credentials (quoted)
printf '\nDB_URL="%s"\nDB_USERNAME="%s"\nDB_PASSWORD="%s"\n' \
"$DB_URL" "$DB_USER" "$DB_PASS" >> /tmp/full_env.env
printf 'REGISTRY_URL="%s"\nREPO_OWNER="%s"\nTAG="%s"\n' \
"${{ secrets.REGISTRY_URL }}" "$DEPLOY_OWNER" "$DEPLOY_TAG" >> /tmp/full_env.env
ADMIN_TTL="${{ secrets.ADMIN_SESSION_TTL_MINUTES }}"
ADMIN_TTL="${ADMIN_TTL:-480}"
printf 'ADMIN_PASSWORD="%s"\nADMIN_SESSION_SECRET="%s"\nADMIN_SESSION_TTL_MINUTES="%s"\n' \
"${{ secrets.ADMIN_PASSWORD }}" "${{ secrets.ADMIN_SESSION_SECRET }}" "$ADMIN_TTL" >> /tmp/full_env.env
# 5. Debug: print content (for debug purposes)
echo "Preparing to send env file with variables:"
grep -Ev "PASSWORD|SECRET" /tmp/full_env.env || true
# 5. Send env to server
ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" \
"setenv ${{ env.ENV }}" < /tmp/full_env.env
# 6. Send docker-compose.deploy.yml to server
ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" \
"setcompose ${{ env.ENV }}" < docker-compose.deploy.yml
- name: Trigger deploy on Unraid (forced command key)
shell: bash
run: |
set -euo pipefail
# Aggiungiamo le opzioni di verbosità se dovesse fallire ancora,
# e assicuriamoci che l'input sia pulito
ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" "deploy ${{ env.ENV }}"
Reference in New Issue View Git Blame Copy Permalink