eddie/stellaamor.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update .gitea/workflows/deploy.yml
Some checks failed
Deploy (stellaamor) / deploy (push) Failing after 1s
Details

Browse Source
This commit is contained in:
eddie
2025-10-08 04:04:51 -04:00
parent 2eeac785fb
commit 295793ad7f
1 changed files with 40 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
.gitea/workflows/deploy.yml
View File

@@ -2,71 +2,66 @@ name: Deploy (stellaamor)
on:
push:
branches: [ "main" ] # change if you use main
branches: [ "main" ]
jobs:
deploy:
runs-on: [ self-hosted, mainhost, docker ]
runs-on: [ mainhost, docker ]
concurrency:
group: deploy-stellaamor
cancel-in-progress: false
env:
# ---- required (set these as repo/org SECRETS) ----
SSH_HOST: ${{ secrets.SSH_HOST }} # e.g. 192.168.122.50 (the stellaamor VM)
SSH_USER: ${{ secrets.SSH_USER }} # e.g. deploy
SSH_KEY: ${{ secrets.SSH_KEY }} # private key (ed25519), one line
# optional but recommended: known_hosts entry for your VM
SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
# ---- repo-scoped settings (safe to commit) ----
APP_ROOT: /var/www/stellaamor # base dir on the VM
UPLOADS_DIR: uploads # relative to shared/
KEEP_N: "5" # how many releases to keep
HEALTH_URL: https://stellaamor.com/ # simple GET should return 200
APP_ROOT: /var/www/stellaamor
UPLOADS_DIR: uploads
KEEP_N: "5"
HEALTH_URL: https://stellaamor.com/
SERVICE_RELOAD: "systemctl reload apache2 || true"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout (pure git)
run: |
git init
git remote add origin "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout -q "$GITHUB_SHA"
# only build assets if you actually have a package.json with build script
- name: Maybe build frontend (Vue/etc)
# Build only if package.json exists — run Node inside a throwaway container
- name: Build frontend (if present)
if: hashFiles('package.json') != ''
uses: actions/setup-node@v4
with:
node-version: "20"
- name: npm ci
if: hashFiles('package.json') != ''
run: npm ci
- name: npm build
if: hashFiles('package.json') != ''
run: npm run build
run: |
docker run --rm -v "$PWD:/app" -w /app node:20 bash -lc "
npm ci
npm run build
"
- name: Prepare release tarball
run: |
set -euo pipefail
REL="$(date -u +%Y%m%d-%H%M%SZ)-${{ github.sha }}"
echo "REL=$REL" >> $GITHUB_ENV
mkdir -p release
# include everything except VCS, node dev dirs, and your uploads (they live in shared/)
tar \
--exclude-vcs \
--exclude='./node_modules' \
--exclude='./${{ env.UPLOADS_DIR }}' \
-czf "release/${REL}.tar.gz" \
.
UPLOADS="${{ env.UPLOADS_DIR }}"
tar --exclude-vcs --exclude='./node_modules' --exclude="./${UPLOADS}" \
-czf "release/${REL}.tar.gz" .
- name: Write SSH key
run: |
umask 077
printf "%s" "${SSH_KEY}" > ~/.ssh/id_ed25519
set -eu
install -d -m 700 ~/.ssh
printf '%s\n' "${SSH_KEY}" > ~/.ssh/id_ed25519
sed -i 's/\r$//' ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
if [ -n "${SSH_KNOWN_HOSTS}" ]; then
printf "%s\n" "${SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
printf '%s\n' "${SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
else
# fall back only if you must (less secure)
echo "StrictHostKeyChecking no" >> ~/.ssh/config
printf 'StrictHostKeyChecking no\n' >> ~/.ssh/config
fi
- name: Upload & activate atomically
@@ -78,47 +73,39 @@ jobs:
SHARED="${APP}/shared"
RELEASES="${APP}/releases"
CUR="${APP}/current"
UPLOADS="${{ env.UPLOADS_DIR }}"
# ensure layout exists
ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} "
set -e
sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${RELEASES} ${SHARED}
sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${SHARED}/${{ env.UPLOADS_DIR }}
sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${RELEASES} ${SHARED} ${SHARED}/${UPLOADS}
"
# upload tar
scp -i ~/.ssh/id_ed25519 ${TAR} ${SSH_USER}@${SSH_HOST}:/tmp/${REL}.tar.gz
# unpack to new release, link shared, write metadata, flip symlink, reload, health check
# unpack, link shared, flip symlink, reload, health check, prune
ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} '
set -euo pipefail
REL="'${REL}'"; APP="'${APP}'"; SHARED="'${SHARED}'"; RELEASES="'${RELEASES}'"; CUR="'${CUR}'";
REL="'${REL}'"; APP="'${APP}'"; SHARED="'${SHARED}'"; RELEASES="'${RELEASES}'"; CUR="'${CUR}'"; UPLOADS="'${UPLOADS}'";
NEW="${RELEASES}/${REL}"
mkdir -p "${NEW}"
tar -xzf "/tmp/${REL}.tar.gz" -C "${NEW}"
rm -f "/tmp/${REL}.tar.gz"
# link shared paths (uploads, env/config if you keep one there)
rm -rf "${NEW}/${UPLOADS_DIR:-'${{ env.UPLOADS_DIR }}'}"
ln -s "${SHARED}/${UPLOADS_DIR:-'${{ env.UPLOADS_DIR }}'}" "${NEW}/${UPLOADS_DIR:-'${{ env.UPLOADS_DIR }}'}"
rm -rf "${NEW}/${UPLOADS}"
ln -s "${SHARED}/${UPLOADS}" "${NEW}/${UPLOADS}"
# optional: link a shared .env if you use one
if [ -f "${SHARED}/.env" ]; then
ln -sf "${SHARED}/.env" "${NEW}/.env"
fi
if [ -f "${SHARED}/.env" ]; then ln -sf "${SHARED}/.env" "${NEW}/.env"; fi
# metadata
printf "sha=%s\nbuilt_at=%s\n" "'${{ github.sha }}'" "$(date -u +%FT%TZ)" > "${NEW}/RELEASE"
# keep previous target for rollback
PREV="$(readlink -f "${CUR}" || true)"
ln -sfn "${NEW}" "${CUR}"
# reload services
'"${{ env.SERVICE_RELOAD }}"' >/dev/null 2>&1 || true
# health check (simple GET)
if command -v curl >/dev/null 2>&1; then
curl -fsS --max-time 5 "'"${{ env.HEALTH_URL }}"'" >/dev/null || {
echo "Health check failed, rolling back..."
@@ -127,8 +114,6 @@ jobs:
}
fi
# prune old releases
cd "${RELEASES}"
ls -1tr | head -n -'${{ env.KEEP_N }}' | xargs -r -I{} rm -rf "{}"
'