gitea/devops
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

refactored deployment phase
Some checks failed
Build and Deploy Demo App / test (push) Successful in 11s
Details
Build and Deploy Demo App / build (push) Successful in 7s
Details
Build and Deploy Demo App / scan (push) Successful in 18s
Details
Build and Deploy Demo App / deploy (push) Failing after 26s
Details

Browse Source
This commit is contained in:
gitea
2025-11-26 13:35:31 +03:30
parent e6921d00f5
commit a8699e2eb4
1 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.gitea/workflows/cicd.yaml
View File

@@ -51,7 +51,7 @@ jobs:
- name: Build Docker image for scan - name: Build Docker image for scan
run: docker build -t demo-app:latest . run: docker build -t demo-app:latest .
# Trivy via Docker (no GitHub Action) # Trivy via Docker (no GitHub/Gitea action)
- name: Scan image with Trivy - name: Scan image with Trivy
run: | run: |
docker run --rm \ docker run --rm \
@@ -85,29 +85,32 @@ jobs:
ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
- name: Copy tar to server - name: Copy tar to server
run: scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar run: |
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
demo-app.tar \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:'${{ secrets.DEPLOY_PATH }}/demo-app.tar'
- name: Deploy on server - name: Deploy on server
run: | run: |
ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << 'EOF' ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
set -e set -e
cd "${DEPLOY_PATH}"
# Create/update .env with DB secrets from CI cd "${{ secrets.DEPLOY_PATH }}"
echo "DB_USER=${DB_USER}" > .env
echo "DB_PASS=${DB_PASS}" >> .env
echo "DB_NAME=${DB_NAME}" >> .env
# Load new image and restart stack # Create/update .env with DB secrets
echo "DB_USER=${{ secrets.DB_USER }}" > .env
echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
# Load the new image from the tarball
docker load -i demo-app.tar docker load -i demo-app.tar
# Restart the compose stack
docker compose down docker compose down
docker compose --env-file .env up -d --remove-orphans docker compose --env-file .env up -d --remove-orphans
# Clean up
rm demo-app.tar rm demo-app.tar
EOF EOF
env:
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
DB_USER: ${{ secrets.DB_USER }}
DB_PASS: ${{ secrets.DB_PASS }}
DB_NAME: ${{ secrets.DB_NAME }}