gitea/devops
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Adjusted artifact version in pipeline
All checks were successful
Build and Deploy Demo App / build-and-deploy (push) Successful in 1m35s
Details

Browse Source
This commit is contained in:
gitea
2025-11-27 11:20:02 +00:00
parent 9f58cec1e4
commit 612b204c9a
1 changed files with 52 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
.gitea/workflows/cicd.yaml
View File

@@ -1,95 +1,20 @@
# .gitea/workflows/cicd.yaml
name: Build and Deploy Demo App (Artifacts)
name: Build and Deploy Demo App
on:
push:
branches:
- main
jobs:
# ---------- TEST ----------
test:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install deps
run: pip install -r requirements.txt
- name: Run tests (SQLite fallback)
env:
DB_USER: "" # force SQLite fallback in app.py
DB_PASS: ""
DB_NAME: ""
run: pytest
# ---------- BUILD ----------
build:
needs: test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
run: docker build -t demo-app:latest .
- name: Save Docker image to tar
run: docker save demo-app:latest > demo-app.tar
- name: Upload image artifact
uses: actions/upload-artifact@v4
with:
name: demo-image
path: demo-app.tar
if-no-files-found: error
# retention-days: 7 # optional; depends on your Gitea settings
# ---------- SCAN ----------
scan:
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: demo-image
path: .
- name: Load Docker image from artifact
run: docker load -i demo-app.tar
# Trivy via Docker (no marketplace action needed)
- name: Scan image with Trivy
run: |
docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
aquasec/trivy:latest \
image --exit-code 1 --severity CRITICAL,HIGH --no-progress demo-app:latest
# ---------- DEPLOY ----------
deploy:
needs: [build, scan]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: demo-image
path: .
- name: Set up SSH
run: |
apt update && apt install -y openssh-client
@@ -99,51 +24,57 @@ jobs:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
- name: Copy files to server
- name: Copy files to server via SCP
run: |
# Copy image tar
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
demo-app.tar \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/demo-app.tar"
# Copy docker-compose file
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
docker-compose.yml \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/docker-compose.yml"
# Copy nginx config directory (used as volume in docker-compose.yml)
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r \
nginx_user_conf.d \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/nginx_user_conf.d"
- name: Deploy on server
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} docker-compose.yml ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}docker-compose.yml
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r nginx_user_conf.d ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}nginx_user_conf.d
- name: Deploy on server via SSH
run: |
ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
set -e
ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
cd ${{ secrets.DEPLOY_PATH }}
cd "${{ secrets.DEPLOY_PATH }}"
# Create/update .env with DB secrets
echo "DB_USER=${{ secrets.DB_USER }}" > .env
echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
# Load the new image from the tarball
docker load -I demo-app.tar || docker load -i demo-app.tar # compatibility
# Make sure we actually have a compose file here
if [ ! -f docker-compose.yml ]; then
echo "ERROR: docker-compose.yml not found in \$(pwd)" >&2
ls -la
exit 1
# Check and install Docker if not present (Ubuntu/Debian assumed)
if ! command -v docker &> /dev/null; then
sudo apt update -y
sudo apt install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=\$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \$(. /etc/os-release && echo "\$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker
fi
# Restart the compose stack
docker compose -f docker-compose.yml down
docker compose -f docker-compose.yml --env-file .env up -d --remove-orphans
# Ensure docker-compose-plugin is installed (for 'docker compose' command)
if ! docker compose version &> /dev/null; then
sudo apt update -y
sudo apt install -y docker-compose-plugin
fi
# Load image
docker load -i demo-app.tar
# Graceful stop
docker compose down --remove-orphans -v || true
# Obtain initial cert if not present (standalone mode; ports are free since down)
if [ ! -d "letsencrypt/live/demo.networkwizard.xyz" ]; then
docker run --rm \
-p 80:80 \
-v ${PWD}/letsencrypt:/etc/letsencrypt \
certbot/certbot certonly --standalone \
-d demo.networkwizard.xyz \
--email your@email.com \
--agree-tos \
--non-interactive
fi
# Deploy
docker compose up -d --force-recreate
# Cleanup
rm -f demo-app.tar
rm demo-app.tar
EOF