devops/.gitea/workflows/cicd.yaml at 35522c3f8db7bc953ede4a5af709e131a1f2b19b

gitea/devops

Template

Fork 0

Files

gitea 1f2e223b42

Build and Deploy Demo App / test (push) Successful in 11s

Details

Build and Deploy Demo App / build (push) Successful in 7s

Details

Build and Deploy Demo App / scan (push) Successful in 26s

Details

Build and Deploy Demo App / deploy (push) Successful in 37s

Details

refactor cicd pipeline

2025-11-26 13:11:55 +03:30

104 lines

2.9 KiB

YAML

Raw Blame History

 name: Build and Deploy Demo App
 on:
   push:
     branches:
       - main
 jobs:
   # ---------- TEST ----------
   test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: "3.12"
       - name: Install deps
         run: pip install -r requirements.txt
       - name: Run tests
         env:
           DB_USER: ""   # force SQLite fallback
           DB_PASS: ""
           DB_NAME: ""
         run: pytest
   # ---------- BUILD ----------
   build:
     needs: test
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Build Docker image
         run: docker build -t demo-app:latest .
   # ---------- SCAN ----------
   scan:
     needs: build
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       # Rebuild image in this job so it's available locally
       - name: Build Docker image for scan
         run: docker build -t demo-app:latest .
       - name: Scan image with Trivy
         run: |
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
             aquasec/trivy:latest \
             image --exit-code 1 --severity CRITICAL,HIGH --no-progress demo-app:latest
   # ---------- DEPLOY ----------
   deploy:
     needs: [build, scan]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       # Rebuild image for deployment
       - name: Build Docker image for deploy
         run: docker build -t demo-app:latest .
       - name: Save Docker image to tar
         run: docker save demo-app:latest > demo-app.tar
       - name: Set up SSH
         run: |
           apt update && apt install -y openssh-client
           mkdir -p ~/.ssh
           echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
           chmod 600 ~/.ssh/id_ed25519
           eval "$(ssh-agent -s)"
           ssh-add ~/.ssh/id_ed25519
           ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
       - name: Copy tar to server
         run: scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
       - name: Deploy on server
         run: |
           ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
             cd ${{ secrets.DEPLOY_PATH }}
             # Create/update .env with secrets
             echo "DB_USER=${{ secrets.DB_USER }}" > .env
             echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
             echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
             # Load and deploy
             docker load -i demo-app.tar
             docker compose down
             docker compose --env-file .env up -d --remove-orphans
             rm demo-app.tar
           EOF

104 lines 2.9 KiB YAML Raw Blame History

104 lines

2.9 KiB

YAML

Raw Blame History