112 lines
3.7 KiB
YAML
112 lines
3.7 KiB
YAML
name: Deploy QA
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- dev
|
|
|
|
env:
|
|
REGISTRY_URL: ${{ vars.REGISTRY_URL }}
|
|
IMAGE_NAME: ${{ vars.IMAGE_NAME }}
|
|
APP_ENV: qa
|
|
|
|
jobs:
|
|
build-and-push:
|
|
name: Build and Push
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
image_tag: ${{ steps.meta.outputs.image_tag }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to Gitea Registry
|
|
run: |
|
|
set -euo pipefail
|
|
echo "${{ secrets.TOKEN }}" | docker login $REGISTRY_URL -u ${{ gitea.actor }} --password-stdin
|
|
|
|
- name: Build and push
|
|
id: meta
|
|
run: |
|
|
set -euo pipefail
|
|
SHA_TAG="${{ gitea.sha }}"
|
|
QA_TAG="qa-latest"
|
|
BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
|
|
|
|
docker buildx build \
|
|
--push \
|
|
--build-arg APP_VERSION=dev-${SHA_TAG} \
|
|
--build-arg BUILD_DATE=${BUILD_DATE} \
|
|
--build-arg GIT_COMMIT=${SHA_TAG} \
|
|
--build-arg GIT_BRANCH=dev \
|
|
-t ${REGISTRY_URL}/${IMAGE_NAME}:${QA_TAG} \
|
|
-t ${REGISTRY_URL}/${IMAGE_NAME}:sha-${SHA_TAG} \
|
|
.
|
|
|
|
echo "image_tag=${QA_TAG}" >> $GITEA_OUTPUT
|
|
echo "::notice::Image pushed: ${REGISTRY_URL}/${IMAGE_NAME}:${QA_TAG}"
|
|
|
|
deploy:
|
|
name: Deploy to QA
|
|
runs-on: ubuntu-latest
|
|
needs: build-and-push
|
|
steps:
|
|
- name: Deploy via SSH
|
|
run: |
|
|
set -euo pipefail
|
|
IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"
|
|
|
|
echo "${{ secrets.DEPLOY_SSH_KEY_B64 }}" | base64 -d > /tmp/deploy_key
|
|
chmod 600 /tmp/deploy_key
|
|
echo "${{ secrets.DEPLOY_PASSPHRASE }}" > /tmp/passphrase
|
|
|
|
sudo apt-get update -qq && sudo apt-get install -y -qq sshpass
|
|
|
|
ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
|
|
|
sshpass -f /tmp/passphrase ssh -i /tmp/deploy_key \
|
|
-o StrictHostKeyChecking=no \
|
|
${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
|
|
-e REGISTRY_URL=${{ env.REGISTRY_URL }} \
|
|
-e IMAGE_NAME=${{ env.IMAGE_NAME }} \
|
|
-e IMAGE_TAG=${IMAGE_TAG} \
|
|
-e GIT_SHA=${{ gitea.sha }} \
|
|
-e GIT_BRANCH=dev \
|
|
-e GITEA_ACTOR=${{ gitea.actor }} \
|
|
-e BUILD_NUMBER=${{ gitea.run_id }} \
|
|
-e TOKEN=${{ secrets.TOKEN }} << 'EOF'
|
|
set -euo pipefail
|
|
BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
|
|
echo "Pulling image..."
|
|
echo "$TOKEN" | docker login $REGISTRY_URL -u $GITEA_ACTOR --password-stdin
|
|
docker pull $REGISTRY_URL/$IMAGE_NAME:$IMAGE_TAG
|
|
echo "Stopping existing container..."
|
|
docker stop cicd-qa 2>/dev/null || true
|
|
docker rm cicd-qa 2>/dev/null || true
|
|
echo "Starting new container..."
|
|
docker run -d --name cicd-qa --restart unless-stopped -p 8081:80 \
|
|
-e APP_ENV=qa \
|
|
-e APP_VERSION=dev-${GIT_SHA} \
|
|
-e GIT_COMMIT=${GIT_SHA} \
|
|
-e GIT_BRANCH=${GIT_BRANCH} \
|
|
-e BUILD_DATE=${BUILD_DATE} \
|
|
-e DEPLOY_TIME=${BUILD_DATE} \
|
|
-e BUILD_NUMBER=${BUILD_NUMBER} \
|
|
$REGISTRY_URL/$IMAGE_NAME:$IMAGE_TAG
|
|
echo "Waiting for health check..."
|
|
for i in $(seq 1 12); do
|
|
if curl -sf http://localhost:8081/health > /dev/null 2>&1; then
|
|
echo "::notice::QA deployment healthy"
|
|
exit 0
|
|
fi
|
|
sleep 5
|
|
done
|
|
echo "::error::QA health check failed"
|
|
exit 1
|
|
EOF
|
|
|
|
|