From e6921d00f51fddae08d344fcc9dd805f82a781c4 Mon Sep 17 00:00:00 2001 From: gitea Date: Wed, 26 Nov 2025 13:32:13 +0330 Subject: [PATCH] refactored deployment phase --- .gitea/workflows/cicd.yaml | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml index 42cb8db..7c224e7 100644 --- a/.gitea/workflows/cicd.yaml +++ b/.gitea/workflows/cicd.yaml @@ -23,7 +23,7 @@ jobs: - name: Run tests env: - DB_USER: "" # force SQLite fallback + DB_USER: "" # force SQLite fallback in app.py DB_PASS: "" DB_NAME: "" run: pytest @@ -51,6 +51,7 @@ jobs: - name: Build Docker image for scan run: docker build -t demo-app:latest . + # Trivy via Docker (no GitHub Action) - name: Scan image with Trivy run: | docker run --rm \ @@ -88,16 +89,25 @@ jobs: - name: Deploy on server run: | - ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF - cd ${{ secrets.DEPLOY_PATH }} - # Create/update .env with secrets - echo "DB_USER=${{ secrets.DB_USER }}" > .env - echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env - echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env - # Load and deploy + ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << 'EOF' + set -e + cd "${DEPLOY_PATH}" + + # Create/update .env with DB secrets from CI + echo "DB_USER=${DB_USER}" > .env + echo "DB_PASS=${DB_PASS}" >> .env + echo "DB_NAME=${DB_NAME}" >> .env + + # Load new image and restart stack docker load -i demo-app.tar docker compose down docker compose --env-file .env up -d --remove-orphans + rm demo-app.tar EOF + env: + DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }} + DB_USER: ${{ secrets.DB_USER }} + DB_PASS: ${{ secrets.DB_PASS }} + DB_NAME: ${{ secrets.DB_NAME }}