diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml index 7c224e7..793b8e4 100644 --- a/.gitea/workflows/cicd.yaml +++ b/.gitea/workflows/cicd.yaml @@ -51,7 +51,7 @@ jobs: - name: Build Docker image for scan run: docker build -t demo-app:latest . - # Trivy via Docker (no GitHub Action) + # Trivy via Docker (no GitHub/Gitea action) - name: Scan image with Trivy run: | docker run --rm \ @@ -85,29 +85,32 @@ jobs: ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts - name: Copy tar to server - run: scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar + run: | + scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \ + demo-app.tar \ + ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:'${{ secrets.DEPLOY_PATH }}/demo-app.tar' - name: Deploy on server run: | - ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << 'EOF' + ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} \ + ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF set -e - cd "${DEPLOY_PATH}" - # Create/update .env with DB secrets from CI - echo "DB_USER=${DB_USER}" > .env - echo "DB_PASS=${DB_PASS}" >> .env - echo "DB_NAME=${DB_NAME}" >> .env + cd "${{ secrets.DEPLOY_PATH }}" - # Load new image and restart stack + # Create/update .env with DB secrets + echo "DB_USER=${{ secrets.DB_USER }}" > .env + echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env + echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env + + # Load the new image from the tarball docker load -i demo-app.tar + + # Restart the compose stack docker compose down docker compose --env-file .env up -d --remove-orphans + # Clean up rm demo-app.tar EOF - env: - DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }} - DB_USER: ${{ secrets.DB_USER }} - DB_PASS: ${{ secrets.DB_PASS }} - DB_NAME: ${{ secrets.DB_NAME }}