175 lines
5.8 KiB
YAML
175 lines
5.8 KiB
YAML
name: Build and Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [main, int, dev]
|
|
|
|
concurrency:
|
|
group: print-calculator-deploy-${{ gitea.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
test-backend:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up JDK 21
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
java-version: "21"
|
|
distribution: "temurin"
|
|
|
|
- name: Run Tests with Gradle
|
|
run: |
|
|
cd backend
|
|
chmod +x gradlew
|
|
./gradlew test
|
|
|
|
build-and-push:
|
|
needs: test-backend
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set TAG + OWNER lowercase
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
|
|
echo "TAG=prod" >> "$GITHUB_ENV"
|
|
elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
|
|
echo "TAG=int" >> "$GITHUB_ENV"
|
|
else
|
|
echo "TAG=dev" >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
echo "OWNER_LOWER=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
|
|
|
|
- name: Ensure docker CLI exists
|
|
shell: bash
|
|
run: |
|
|
if ! command -v docker >/dev/null 2>&1; then
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends docker.io
|
|
fi
|
|
docker version
|
|
|
|
- name: Login to Gitea Registry
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
printf '%s' "${{ secrets.REGISTRY_TOKEN }}" | docker login "${{ secrets.REGISTRY_URL }}" \
|
|
-u "${{ secrets.REGISTRY_USER }}" --password-stdin
|
|
|
|
- name: Build & Push Backend
|
|
shell: bash
|
|
run: |
|
|
BACKEND_IMAGE="${{ secrets.REGISTRY_URL }}/${{ env.OWNER_LOWER }}/print-calculator-backend:${{ env.TAG }}"
|
|
docker build -t "$BACKEND_IMAGE" ./backend
|
|
docker push "$BACKEND_IMAGE"
|
|
|
|
- name: Build & Push Frontend
|
|
shell: bash
|
|
run: |
|
|
FRONTEND_IMAGE="${{ secrets.REGISTRY_URL }}/${{ env.OWNER_LOWER }}/print-calculator-frontend:${{ env.TAG }}"
|
|
docker build -t "$FRONTEND_IMAGE" ./frontend
|
|
docker push "$FRONTEND_IMAGE"
|
|
|
|
deploy:
|
|
needs: build-and-push
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set ENV
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
|
|
echo "ENV=prod" >> "$GITHUB_ENV"
|
|
elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
|
|
echo "ENV=int" >> "$GITHUB_ENV"
|
|
else
|
|
echo "ENV=dev" >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
- name: Setup SSH key
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends openssh-client
|
|
|
|
mkdir -p ~/.ssh
|
|
chmod 700 ~/.ssh
|
|
|
|
printf '%s' "${{ secrets.SSH_PRIVATE_KEY_B64 }}" | tr -d '\r\n\t ' > /tmp/key.b64
|
|
echo "b64_len=$(wc -c < /tmp/key.b64)"
|
|
|
|
base64 -d /tmp/key.b64 > ~/.ssh/id_ed25519
|
|
|
|
tr -d '\r' < ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.clean
|
|
mv ~/.ssh/id_ed25519.clean ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
|
|
ssh-keygen -y -f ~/.ssh/id_ed25519 >/dev/null
|
|
|
|
ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null
|
|
|
|
- name: Write env and compose to server
|
|
shell: bash
|
|
run: |
|
|
if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
|
|
DEPLOY_TAG="prod"
|
|
elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
|
|
DEPLOY_TAG="int"
|
|
else
|
|
DEPLOY_TAG="dev"
|
|
fi
|
|
DEPLOY_OWNER=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')
|
|
|
|
cat "deploy/envs/${{ env.ENV }}.env" > /tmp/full_env.env
|
|
|
|
if [[ "${{ env.ENV }}" == "prod" ]]; then
|
|
DB_URL="${{ secrets.DB_URL_PROD }}"
|
|
DB_USER="${{ secrets.DB_USERNAME_PROD }}"
|
|
DB_PASS="${{ secrets.DB_PASSWORD_PROD }}"
|
|
elif [[ "${{ env.ENV }}" == "int" ]]; then
|
|
DB_URL="${{ secrets.DB_URL_INT }}"
|
|
DB_USER="${{ secrets.DB_USERNAME_INT }}"
|
|
DB_PASS="${{ secrets.DB_PASSWORD_INT }}"
|
|
else
|
|
DB_URL="${{ secrets.DB_URL_DEV }}"
|
|
DB_USER="${{ secrets.DB_USERNAME_DEV }}"
|
|
DB_PASS="${{ secrets.DB_PASSWORD_DEV }}"
|
|
fi
|
|
|
|
printf '\nDB_URL="%s"\nDB_USERNAME="%s"\nDB_PASSWORD="%s"\n' \
|
|
"$DB_URL" "$DB_USER" "$DB_PASS" >> /tmp/full_env.env
|
|
|
|
printf 'REGISTRY_URL="%s"\nREPO_OWNER="%s"\nTAG="%s"\n' \
|
|
"${{ secrets.REGISTRY_URL }}" "$DEPLOY_OWNER" "$DEPLOY_TAG" >> /tmp/full_env.env
|
|
|
|
ADMIN_TTL="${{ secrets.ADMIN_SESSION_TTL_MINUTES }}"
|
|
ADMIN_TTL="${ADMIN_TTL:-480}"
|
|
printf 'ADMIN_PASSWORD="%s"\nADMIN_SESSION_SECRET="%s"\nADMIN_SESSION_TTL_MINUTES="%s"\n' \
|
|
"${{ secrets.ADMIN_PASSWORD }}" "${{ secrets.ADMIN_SESSION_SECRET }}" "$ADMIN_TTL" >> /tmp/full_env.env
|
|
|
|
echo "Preparing to send env file with variables:"
|
|
grep -Ev "PASSWORD|SECRET" /tmp/full_env.env || true
|
|
|
|
ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" \
|
|
"setenv ${{ env.ENV }}" < /tmp/full_env.env
|
|
|
|
ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" \
|
|
"setcompose ${{ env.ENV }}" < docker-compose.deploy.yml
|
|
|
|
- name: Trigger deploy on Unraid (forced command key)
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" "deploy ${{ env.ENV }}"
|