From 612b204c9a69f6d9c1114df062cc58a599a1f694 Mon Sep 17 00:00:00 2001
From: gitea <the.dark.mist23@gmail.com>
Date: Thu, 27 Nov 2025 11:20:02 +0000
Subject: [PATCH] Adjusted artifact version in pipeline

---
 .gitea/workflows/cicd.yaml | 173 +++++++++++--------------------------
 1 file changed, 52 insertions(+), 121 deletions(-)

diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml
index 4735f5e..f668a68 100644
--- a/.gitea/workflows/cicd.yaml
+++ b/.gitea/workflows/cicd.yaml
@@ -1,95 +1,20 @@
-# .gitea/workflows/cicd.yaml
-name: Build and Deploy Demo App (Artifacts)
-
+name: Build and Deploy Demo App
 on:
   push:
     branches:
       - main
-
 jobs:
-  # ---------- TEST ----------
-  test:
+  build-and-deploy:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install deps
-        run: pip install -r requirements.txt
-
-      - name: Run tests (SQLite fallback)
-        env:
-          DB_USER: ""   # force SQLite fallback in app.py
-          DB_PASS: ""
-          DB_NAME: ""
-        run: pytest
-
-  # ---------- BUILD ----------
-  build:
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Build Docker image
         run: docker build -t demo-app:latest .
-
       - name: Save Docker image to tar
         run: docker save demo-app:latest > demo-app.tar
-
-      - name: Upload image artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: demo-image
-          path: demo-app.tar
-          if-no-files-found: error
-          # retention-days: 7  # optional; depends on your Gitea settings
-
-  # ---------- SCAN ----------
-  scan:
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Download image artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: demo-image
-          path: .
-
-      - name: Load Docker image from artifact
-        run: docker load -i demo-app.tar
-
-      # Trivy via Docker (no marketplace action needed)
-      - name: Scan image with Trivy
-        run: |
-          docker run --rm \
-            -v /var/run/docker.sock:/var/run/docker.sock \
-            aquasec/trivy:latest \
-            image --exit-code 1 --severity CRITICAL,HIGH --no-progress demo-app:latest
-
-  # ---------- DEPLOY ----------
-  deploy:
-    needs: [build, scan]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Download image artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: demo-image
-          path: .
-
       - name: Set up SSH
         run: |
           apt update && apt install -y openssh-client
@@ -99,51 +24,57 @@ jobs:
           eval "$(ssh-agent -s)"
           ssh-add ~/.ssh/id_ed25519
           ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
-
-      - name: Copy files to server
+      - name: Copy files to server via SCP
         run: |
-          # Copy image tar
-          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
-            demo-app.tar \
-            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/demo-app.tar"
-
-          # Copy docker-compose file
-          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
-            docker-compose.yml \
-            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/docker-compose.yml"
-
-          # Copy nginx config directory (used as volume in docker-compose.yml)
-          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r \
-            nginx_user_conf.d \
-            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/nginx_user_conf.d"
-
-      - name: Deploy on server
+          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
+          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} docker-compose.yml ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}docker-compose.yml
+          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r nginx_user_conf.d ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}nginx_user_conf.d
+      - name: Deploy on server via SSH
         run: |
-          ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} \
-            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
-            set -e
+          ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
+            cd ${{ secrets.DEPLOY_PATH }}
 
-            cd "${{ secrets.DEPLOY_PATH }}"
-
-            # Create/update .env with DB secrets
-            echo "DB_USER=${{ secrets.DB_USER }}" > .env
-            echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
-            echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
-
-            # Load the new image from the tarball
-            docker load -I demo-app.tar || docker load -i demo-app.tar  # compatibility
-
-            # Make sure we actually have a compose file here
-            if [ ! -f docker-compose.yml ]; then
-              echo "ERROR: docker-compose.yml not found in \$(pwd)" >&2
-              ls -la
-              exit 1
+            # Check and install Docker if not present (Ubuntu/Debian assumed)
+            if ! command -v docker &> /dev/null; then
+              sudo apt update -y
+              sudo apt install -y ca-certificates curl
+              sudo install -m 0755 -d /etc/apt/keyrings
+              sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+              sudo chmod a+r /etc/apt/keyrings/docker.asc
+              echo "deb [arch=\$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \$(. /etc/os-release && echo "\$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+              sudo apt update -y
+              sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+              sudo systemctl start docker
+              sudo systemctl enable docker
             fi
 
-            # Restart the compose stack
-            docker compose -f docker-compose.yml down
-            docker compose -f docker-compose.yml --env-file .env up -d --remove-orphans
+            # Ensure docker-compose-plugin is installed (for 'docker compose' command)
+            if ! docker compose version &> /dev/null; then
+              sudo apt update -y
+              sudo apt install -y docker-compose-plugin
+            fi
 
-            # Clean up
-            rm -f demo-app.tar
-          EOF
+            # Load image
+            docker load -i demo-app.tar
+
+            # Graceful stop
+            docker compose down --remove-orphans -v || true
+
+            # Obtain initial cert if not present (standalone mode; ports are free since down)
+            if [ ! -d "letsencrypt/live/demo.networkwizard.xyz" ]; then
+              docker run --rm \
+                -p 80:80 \
+                -v ${PWD}/letsencrypt:/etc/letsencrypt \
+                certbot/certbot certonly --standalone \
+                -d demo.networkwizard.xyz \
+                --email your@email.com \
+                --agree-tos \
+                --non-interactive
+            fi
+
+            # Deploy
+            docker compose up -d --force-recreate
+
+            # Cleanup
+            rm demo-app.tar
+          EOF
\ No newline at end of file