eddie/stellaamor.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update .gitea/workflows/deploy.yml
Some checks failed
Deploy (stellaamor) / deploy (push) Failing after 1s
Details

Browse Source
This commit is contained in:
eddie
2025-10-08 04:04:51 -04:00
parent 2eeac785fb
commit 295793ad7f
1 changed files with 40 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
.gitea/workflows/deploy.yml
View File

@@ -2,71 +2,66 @@ name: Deploy (stellaamor)
on: on:
push: push:
branches: [ "main" ] # change if you use main branches: [ "main" ]
jobs: jobs:
deploy: deploy:
runs-on: [ self-hosted, mainhost, docker ] runs-on: [ mainhost, docker ]
concurrency: concurrency:
group: deploy-stellaamor group: deploy-stellaamor
cancel-in-progress: false cancel-in-progress: false
env: env:
# ---- required (set these as repo/org SECRETS) ---- SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_HOST: ${{ secrets.SSH_HOST }} # e.g. 192.168.122.50 (the stellaamor VM) SSH_USER: ${{ secrets.SSH_USER }}
SSH_USER: ${{ secrets.SSH_USER }} # e.g. deploy SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_KEY: ${{ secrets.SSH_KEY }} # private key (ed25519), one line
# optional but recommended: known_hosts entry for your VM
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
# ---- repo-scoped settings (safe to commit) ---- APP_ROOT: /var/www/stellaamor
APP_ROOT: /var/www/stellaamor # base dir on the VM UPLOADS_DIR: uploads
UPLOADS_DIR: uploads # relative to shared/ KEEP_N: "5"
KEEP_N: "5" # how many releases to keep HEALTH_URL: https://stellaamor.com/
HEALTH_URL: https://stellaamor.com/ # simple GET should return 200
SERVICE_RELOAD: "systemctl reload apache2 || true" SERVICE_RELOAD: "systemctl reload apache2 || true"
steps: steps:
- name: Checkout - name: Checkout (pure git)
uses: actions/checkout@v4 run: |
git init
git remote add origin "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout -q "$GITHUB_SHA"
# only build assets if you actually have a package.json with build script # Build only if package.json exists — run Node inside a throwaway container
- name: Maybe build frontend (Vue/etc) - name: Build frontend (if present)
if: hashFiles('package.json') != '' if: hashFiles('package.json') != ''
uses: actions/setup-node@v4 run: |
with: docker run --rm -v "$PWD:/app" -w /app node:20 bash -lc "
node-version: "20" npm ci
- name: npm ci npm run build
if: hashFiles('package.json') != '' "
run: npm ci
- name: npm build
if: hashFiles('package.json') != ''
run: npm run build
- name: Prepare release tarball - name: Prepare release tarball
run: | run: |
set -euo pipefail set -euo pipefail
REL="$(date -u +%Y%m%d-%H%M%SZ)-${{ github.sha }}" REL="$(date -u +%Y%m%d-%H%M%SZ)-${{ github.sha }}"
echo "REL=$REL" >> $GITHUB_ENV echo "REL=$REL" >> $GITHUB_ENV
mkdir -p release mkdir -p release
# include everything except VCS, node dev dirs, and your uploads (they live in shared/) UPLOADS="${{ env.UPLOADS_DIR }}"
tar \ tar --exclude-vcs --exclude='./node_modules' --exclude="./${UPLOADS}" \
--exclude-vcs \ -czf "release/${REL}.tar.gz" .
--exclude='./node_modules' \
--exclude='./${{ env.UPLOADS_DIR }}' \
-czf "release/${REL}.tar.gz" \
.
- name: Write SSH key - name: Write SSH key
run: | run: |
umask 077 set -eu
printf "%s" "${SSH_KEY}" > ~/.ssh/id_ed25519 install -d -m 700 ~/.ssh
printf '%s\n' "${SSH_KEY}" > ~/.ssh/id_ed25519
sed -i 's/\r$//' ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
if [ -n "${SSH_KNOWN_HOSTS}" ]; then if [ -n "${SSH_KNOWN_HOSTS}" ]; then
printf "%s\n" "${SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts printf '%s\n' "${SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
else else
# fall back only if you must (less secure) printf 'StrictHostKeyChecking no\n' >> ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config
fi fi
- name: Upload & activate atomically - name: Upload & activate atomically
@@ -78,47 +73,39 @@ jobs:
SHARED="${APP}/shared" SHARED="${APP}/shared"
RELEASES="${APP}/releases" RELEASES="${APP}/releases"
CUR="${APP}/current" CUR="${APP}/current"
UPLOADS="${{ env.UPLOADS_DIR }}"
# ensure layout exists # ensure layout exists
ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} " ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} "
set -e set -e
sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${RELEASES} ${SHARED} sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${RELEASES} ${SHARED} ${SHARED}/${UPLOADS}
sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${SHARED}/${{ env.UPLOADS_DIR }}
" "
# upload tar # upload tar
scp -i ~/.ssh/id_ed25519 ${TAR} ${SSH_USER}@${SSH_HOST}:/tmp/${REL}.tar.gz scp -i ~/.ssh/id_ed25519 ${TAR} ${SSH_USER}@${SSH_HOST}:/tmp/${REL}.tar.gz
# unpack to new release, link shared, write metadata, flip symlink, reload, health check # unpack, link shared, flip symlink, reload, health check, prune
ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} ' ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} '
set -euo pipefail set -euo pipefail
REL="'${REL}'"; APP="'${APP}'"; SHARED="'${SHARED}'"; RELEASES="'${RELEASES}'"; CUR="'${CUR}'"; REL="'${REL}'"; APP="'${APP}'"; SHARED="'${SHARED}'"; RELEASES="'${RELEASES}'"; CUR="'${CUR}'"; UPLOADS="'${UPLOADS}'";
NEW="${RELEASES}/${REL}" NEW="${RELEASES}/${REL}"
mkdir -p "${NEW}" mkdir -p "${NEW}"
tar -xzf "/tmp/${REL}.tar.gz" -C "${NEW}" tar -xzf "/tmp/${REL}.tar.gz" -C "${NEW}"
rm -f "/tmp/${REL}.tar.gz" rm -f "/tmp/${REL}.tar.gz"
# link shared paths (uploads, env/config if you keep one there) rm -rf "${NEW}/${UPLOADS}"
rm -rf "${NEW}/${UPLOADS_DIR:-'${{ env.UPLOADS_DIR }}'}" ln -s "${SHARED}/${UPLOADS}" "${NEW}/${UPLOADS}"
ln -s "${SHARED}/${UPLOADS_DIR:-'${{ env.UPLOADS_DIR }}'}" "${NEW}/${UPLOADS_DIR:-'${{ env.UPLOADS_DIR }}'}"
# optional: link a shared .env if you use one if [ -f "${SHARED}/.env" ]; then ln -sf "${SHARED}/.env" "${NEW}/.env"; fi
if [ -f "${SHARED}/.env" ]; then
ln -sf "${SHARED}/.env" "${NEW}/.env"
fi
# metadata
printf "sha=%s\nbuilt_at=%s\n" "'${{ github.sha }}'" "$(date -u +%FT%TZ)" > "${NEW}/RELEASE" printf "sha=%s\nbuilt_at=%s\n" "'${{ github.sha }}'" "$(date -u +%FT%TZ)" > "${NEW}/RELEASE"
# keep previous target for rollback
PREV="$(readlink -f "${CUR}" || true)" PREV="$(readlink -f "${CUR}" || true)"
ln -sfn "${NEW}" "${CUR}" ln -sfn "${NEW}" "${CUR}"
# reload services
'"${{ env.SERVICE_RELOAD }}"' >/dev/null 2>&1 || true '"${{ env.SERVICE_RELOAD }}"' >/dev/null 2>&1 || true
# health check (simple GET)
if command -v curl >/dev/null 2>&1; then if command -v curl >/dev/null 2>&1; then
curl -fsS --max-time 5 "'"${{ env.HEALTH_URL }}"'" >/dev/null || { curl -fsS --max-time 5 "'"${{ env.HEALTH_URL }}"'" >/dev/null || {
echo "Health check failed, rolling back..." echo "Health check failed, rolling back..."
@@ -127,8 +114,6 @@ jobs:
} }
fi fi
# prune old releases
cd "${RELEASES}" cd "${RELEASES}"
ls -1tr | head -n -'${{ env.KEEP_N }}' | xargs -r -I{} rm -rf "{}" ls -1tr | head -n -'${{ env.KEEP_N }}' | xargs -r -I{} rm -rf "{}"
' '