eddie/stellaamor.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First build

Browse Source
This commit is contained in:
edsea
2025-10-08 11:08:51 +02:00
parent c08f8a4cfe
commit 5589ebc7b7
1 changed files with 22 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
.gitea/workflows/deploy.yml
View File

@@ -1,22 +1,11 @@
name: Deploy (stellaamor)
on:
push:
branches: [ "main" ]
jobs:
deploy:
runs-on: [ mainhost, docker ]
concurrency:
group: deploy-stellaamor
cancel-in-progress: false
runs-on: [ mainhost ] # keep your labels as-is
env:
SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
SSH_KEY_PATH: /home/gitea-runner/.ssh/deploy_stellaamor
SSH_OPTS: "-o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o ConnectTimeout=20 -o StrictHostKeyChecking=no"
APP_ROOT: /var/www/stellaamor
UPLOADS_DIR: uploads
KEEP_N: "5"
@@ -31,92 +20,44 @@ jobs:
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout -q "$GITHUB_SHA"
# Build only if package.json exists — run Node inside a throwaway container
- name: Build frontend (if present)
if: hashFiles('package.json') != ''
run: |
docker run --rm -v "$PWD:/app" -w /app node:20 bash -lc "
npm ci
npm run build
"
- name: Prepare release tarball
run: |
set -euo pipefail
REL="$(date -u +%Y%m%d-%H%M%SZ)-${{ github.sha }}"
echo "REL=$REL" >> $GITHUB_ENV
UPLOADS="${{ env.UPLOADS_DIR }}"
OUT="/tmp/${REL}.tar.gz"
# create tar OUTSIDE the repo dir, then move it into ./release
tar -czf "$OUT" \
--exclude-vcs \
--exclude='./node_modules' \
--exclude="./${UPLOADS}" \
--exclude='./release' \
.
mkdir -p release
mv "$OUT" "release/${REL}.tar.gz"
- name: Write SSH key
run: |
set -eu
install -d -m 700 ~/.ssh
printf '%s\n' "${SSH_KEY}" > ~/.ssh/id_ed25519
sed -i 's/\r$//' ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
if [ -n "${SSH_KNOWN_HOSTS}" ]; then
printf '%s\n' "${SSH_KNOWN_HOSTS}" > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
else
printf 'StrictHostKeyChecking no\n' >> ~/.ssh/config
fi
# (no Write SSH key step — removed)
- name: Upload & activate atomically
run: |
set -euo pipefail
REL="${{ env.REL }}"
TAR="release/${REL}.tar.gz"
REL="$(date -u +%Y%m%d-%H%M%SZ)-${{ github.sha }}"
echo "REL=$REL" >> $GITHUB_ENV
TAR="/tmp/${REL}.tar.gz"
APP="${{ env.APP_ROOT }}"
SHARED="${APP}/shared"
RELEASES="${APP}/releases"
CUR="${APP}/current"
UPLOADS="${{ env.UPLOADS_DIR }}"
# ensure layout exists
ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} "
set -e
sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${RELEASES} ${SHARED} ${SHARED}/${UPLOADS}
"
# build tar outside repo dir then move (avoid tar reading its own output)
tar -czf "$TAR" --exclude-vcs --exclude='./node_modules' --exclude="./${UPLOADS}" --exclude='./release' .
mkdir -p release && mv "$TAR" "release/${REL}.tar.gz"
# upload tar
scp -i ~/.ssh/id_ed25519 ${TAR} ${SSH_USER}@${SSH_HOST}:/tmp/${REL}.tar.gz
# ensure layout
ssh $SSH_OPTS -i "$SSH_KEY_PATH" ${SSH_USER}@${SSH_HOST} \
"set -e; sudo install -d -o ${SSH_USER} -g ${SSH_USER} -m 755 ${RELEASES} ${SHARED} ${SHARED}/${UPLOADS}"
# unpack, link shared, flip symlink, reload, health check, prune
ssh -i ~/.ssh/id_ed25519 ${SSH_USER}@${SSH_HOST} '
# upload (verbose)
scp $SSH_OPTS -vvv -i "$SSH_KEY_PATH" "release/${REL}.tar.gz" ${SSH_USER}@${SSH_HOST}:/tmp/${REL}.tar.gz
# unpack/switch/reload/health/prune
ssh $SSH_OPTS -i "$SSH_KEY_PATH" ${SSH_USER}@${SSH_HOST} '
set -euo pipefail
REL="'${REL}'"; APP="'${APP}'"; SHARED="'${SHARED}'"; RELEASES="'${RELEASES}'"; CUR="'${CUR}'"; UPLOADS="'${UPLOADS}'";
NEW="${RELEASES}/${REL}"
mkdir -p "${NEW}"
tar -xzf "/tmp/${REL}.tar.gz" -C "${NEW}"
rm -f "/tmp/${REL}.tar.gz"
rm -rf "${NEW}/${UPLOADS}"
ln -s "${SHARED}/${UPLOADS}" "${NEW}/${UPLOADS}"
if [ -f "${SHARED}/.env" ]; then ln -sf "${SHARED}/.env" "${NEW}/.env"; fi
tar -xzf "/tmp/${REL}.tar.gz" -C "${NEW}" && rm -f "/tmp/${REL}.tar.gz"
rm -rf "${NEW}/${UPLOADS}" && ln -s "${SHARED}/${UPLOADS}" "${NEW}/${UPLOADS}"
[ -f "${SHARED}/.env" ] && ln -sf "${SHARED}/.env" "${NEW}/.env" || true
printf "sha=%s\nbuilt_at=%s\n" "'${{ github.sha }}'" "$(date -u +%FT%TZ)" > "${NEW}/RELEASE"
PREV="$(readlink -f "${CUR}" || true)"
ln -sfn "${NEW}" "${CUR}"
'"${{ env.SERVICE_RELOAD }}"' >/dev/null 2>&1 || true
if command -v curl >/dev/null 2>&1; then
curl -fsS --max-time 5 "'"${{ env.HEALTH_URL }}"'" >/dev/null || {
echo "Health check failed, rolling back..."
@@ -124,7 +65,5 @@ jobs:
exit 1
}
fi
cd "${RELEASES}"
ls -1tr | head -n -'${{ env.KEEP_N }}' | xargs -r -I{} rm -rf "{}"
cd "${RELEASES}" && ls -1tr | head -n -'${{ env.KEEP_N }}' | xargs -r -I{} rm -rf "{}"
'