updated artifact implementation on pipeline
Some checks failed
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / test (push) Successful in 12s
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / build (push) Failing after 3m41s
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / scan (push) Has been skipped
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / deploy (push) Has been skipped
Some checks failed
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / test (push) Successful in 12s
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / build (push) Failing after 3m41s
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / scan (push) Has been skipped
Build and Deploy Demo App (Artifacts, GHES/Gitea-safe) / deploy (push) Has been skipped
This commit is contained in:
@@ -1,20 +1,96 @@
|
||||
name: Build and Deploy Demo App
|
||||
# .gitea/workflows/cicd.yaml
|
||||
name: Build and Deploy Demo App (Artifacts, GHES/Gitea-safe)
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
branches: [ main ]
|
||||
|
||||
jobs:
|
||||
build-and-deploy:
|
||||
# ---------- TEST ----------
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.12"
|
||||
|
||||
- name: Install deps
|
||||
run: pip install -r requirements.txt
|
||||
|
||||
- name: Run tests (SQLite fallback)
|
||||
env:
|
||||
DB_USER: "" # force SQLite fallback in app.py
|
||||
DB_PASS: ""
|
||||
DB_NAME: ""
|
||||
run: pytest
|
||||
|
||||
# ---------- BUILD ----------
|
||||
build:
|
||||
needs: test
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Build Docker image
|
||||
run: docker build -t demo-app:latest .
|
||||
|
||||
- name: Save Docker image to tar
|
||||
run: docker save demo-app:latest > demo-app.tar
|
||||
|
||||
# IMPORTANT: use v3 on Gitea/GHES
|
||||
- name: Upload image artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: demo-image
|
||||
path: demo-app.tar
|
||||
if-no-files-found: error
|
||||
# retention-days: 7 # optional; depends on your Gitea settings
|
||||
|
||||
# ---------- SCAN ----------
|
||||
scan:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# IMPORTANT: use v3 on Gitea/GHES
|
||||
- name: Download image artifact
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: demo-image
|
||||
path: . # place demo-app.tar in the workspace root
|
||||
|
||||
- name: Load Docker image from artifact
|
||||
run: docker load -i demo-app.tar
|
||||
|
||||
- name: Scan image with Trivy
|
||||
run: |
|
||||
docker run --rm \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
aquasec/trivy:latest \
|
||||
image --exit-code 1 --severity CRITICAL,HIGH --no-progress demo-app:latest
|
||||
|
||||
# ---------- DEPLOY ----------
|
||||
deploy:
|
||||
needs: [build, scan]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# IMPORTANT: use v3 on Gitea/GHES
|
||||
- name: Download image artifact
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: demo-image
|
||||
path: .
|
||||
|
||||
- name: Set up SSH
|
||||
run: |
|
||||
apt update && apt install -y openssh-client
|
||||
@@ -24,57 +100,42 @@ jobs:
|
||||
eval "$(ssh-agent -s)"
|
||||
ssh-add ~/.ssh/id_ed25519
|
||||
ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
|
||||
- name: Copy files to server via SCP
|
||||
|
||||
- name: Copy files to server
|
||||
run: |
|
||||
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
|
||||
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} docker-compose.yml ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}docker-compose.yml
|
||||
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r nginx_user_conf.d ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}nginx_user_conf.d
|
||||
- name: Deploy on server via SSH
|
||||
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
|
||||
demo-app.tar \
|
||||
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/demo-app.tar"
|
||||
|
||||
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
|
||||
docker-compose.yml \
|
||||
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/docker-compose.yml"
|
||||
|
||||
scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} -r \
|
||||
nginx_user_conf.d \
|
||||
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:"${{ secrets.DEPLOY_PATH }}/nginx_user_conf.d"
|
||||
|
||||
- name: Deploy on server
|
||||
run: |
|
||||
ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
|
||||
cd ${{ secrets.DEPLOY_PATH }}
|
||||
ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} \
|
||||
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << 'EOF'
|
||||
set -e
|
||||
cd "${{ secrets.DEPLOY_PATH }}"
|
||||
|
||||
# Check and install Docker if not present (Ubuntu/Debian assumed)
|
||||
if ! command -v docker &> /dev/null; then
|
||||
sudo apt update -y
|
||||
sudo apt install -y ca-certificates curl
|
||||
sudo install -m 0755 -d /etc/apt/keyrings
|
||||
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
|
||||
sudo chmod a+r /etc/apt/keyrings/docker.asc
|
||||
echo "deb [arch=\$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \$(. /etc/os-release && echo "\$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
sudo apt update -y
|
||||
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||||
sudo systemctl start docker
|
||||
sudo systemctl enable docker
|
||||
fi
|
||||
# Write DB secrets for compose
|
||||
echo "DB_USER=${{ secrets.DB_USER }}" > .env
|
||||
echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
|
||||
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
|
||||
|
||||
# Ensure docker-compose-plugin is installed (for 'docker compose' command)
|
||||
if ! docker compose version &> /dev/null; then
|
||||
sudo apt update -y
|
||||
sudo apt install -y docker-compose-plugin
|
||||
fi
|
||||
|
||||
# Load image
|
||||
# Load image and restart stack
|
||||
docker load -i demo-app.tar
|
||||
|
||||
# Graceful stop
|
||||
docker compose down --remove-orphans -v || true
|
||||
|
||||
# Obtain initial cert if not present (standalone mode; ports are free since down)
|
||||
if [ ! -d "letsencrypt/live/demo.networkwizard.xyz" ]; then
|
||||
docker run --rm \
|
||||
-p 80:80 \
|
||||
-v ${PWD}/letsencrypt:/etc/letsencrypt \
|
||||
certbot/certbot certonly --standalone \
|
||||
-d demo.networkwizard.xyz \
|
||||
--email your@email.com \
|
||||
--agree-tos \
|
||||
--non-interactive
|
||||
if [ ! -f docker-compose.yml ]; then
|
||||
echo "ERROR: docker-compose.yml not found in $(pwd)" >&2
|
||||
ls -la
|
||||
exit 1
|
||||
fi
|
||||
docker compose -f docker-compose.yml down
|
||||
docker compose -f docker-compose.yml --env-file .env up -d --remove-orphans
|
||||
|
||||
# Deploy
|
||||
docker compose up -d --force-recreate
|
||||
|
||||
# Cleanup
|
||||
rm demo-app.tar
|
||||
rm -f demo-app.tar
|
||||
EOF
|
||||
Reference in New Issue
Block a user