From 10d7773a13e516a390fa3b95f01c4ad4eb8bc0db Mon Sep 17 00:00:00 2001 From: vbevdev Date: Sat, 4 Jul 2026 00:13:40 +0300 Subject: [PATCH] deploy-workflow: create docker compose file --- .../actions/configure-ssh-client/action.yaml | 16 ++++++ .../telegram-message-escape/action.yaml | 26 +++++++++ .gitea/workflows/deploy.yaml | 56 ++++++++++++++++++- .../workflows/test_telegram_deploy_bot.yaml | 40 +++++++++++++ IDEAS.md | 6 ++ 5 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 .gitea/actions/configure-ssh-client/action.yaml create mode 100644 .gitea/actions/telegram-message-escape/action.yaml create mode 100644 .gitea/workflows/test_telegram_deploy_bot.yaml create mode 100644 IDEAS.md diff --git a/.gitea/actions/configure-ssh-client/action.yaml b/.gitea/actions/configure-ssh-client/action.yaml new file mode 100644 index 0000000..b9a19f6 --- /dev/null +++ b/.gitea/actions/configure-ssh-client/action.yaml @@ -0,0 +1,16 @@ +name: '⚙️ Configure SSH Client' +description: 'Installs sshpass and configures known_hosts' + +inputs: + ssh_host: + description: 'Remote server IP' + required: true + +runs: + using: 'composite' + steps: + - shell: bash + run: | + sudo apt-get update && sudo apt-get install -y sshpass + mkdir -p ~/.ssh + ssh-keyscan -p 22 "${{ inputs.ssh_host }}" >> ~/.ssh/known_hosts diff --git a/.gitea/actions/telegram-message-escape/action.yaml b/.gitea/actions/telegram-message-escape/action.yaml new file mode 100644 index 0000000..6981d62 --- /dev/null +++ b/.gitea/actions/telegram-message-escape/action.yaml @@ -0,0 +1,26 @@ +name: '🧼 Telegram message escape' +description: 'Automatically escapes dots, dashes, and exclamation marks for Telegram MarkdownV2' + +inputs: + message: + description: 'The raw text string to escape' + required: true + +outputs: + escaped_message: + description: 'The safely escaped string ready for Telegram' + value: ${{ steps.escape.outputs.result }} + +runs: + using: 'composite' + steps: + - id: escape + shell: bash + run: | + RAW_MESSAGE="${{ inputs.message }}" + + ESCAPED_MESSAGE=$(echo "$RAW_MESSAGE" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g" | sed "s/!/\\\\!/g") + + echo "result<> $GITHUB_OUTPUT + echo "$ESCAPED_MESSAGE" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 934a5df..7af81d5 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -33,7 +33,9 @@ jobs: run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \ "mkdir -p \"$DEPLOY_DIRECTORY\" && \ - cat > \"$DEPLOY_DIRECTORY/docker-compose-$REF_NAME.yml\"" \ + cd \"$DEPLOY_DIRECTORY\" && \ + rm -f docker-compose-*.yml && \ + cat > \"docker-compose-$REF_NAME.yml\"" \ < docker-compose.yml - name: 🔐 Create secrets @@ -67,5 +69,57 @@ jobs: cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt $VAULTWARDEN_ADMIN_TOKEN EOF_SECRET + + chmod 700 secrets + chmod 600 secrets/*.txt EOT + - name: 🚀 Run new containers + env: + SSHPASS: ${{ secrets.SSH_PASSWORD }} + SSH_USERNAME: ${{ secrets.SSH_USERNAME }} + SSH_HOST: ${{ secrets.SSH_HOST }} + DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} + REF_NAME: ${{ env.CLEAN_REF_NAME }} + TELEGRAM_TOKEN: ${{ secrets.DEPLOY_TELEGRAM_BOT_TOKEN }} + TELEGRAM_CHAT: ${{ secrets.DEPLOY_TELEGRAM_CHAT_ID }} + PROXY_HOST: ${{ secrets.PROXY_HOST }} + PROXY_PORT: ${{ secrets.PROXY_PORT }} + PROXY_USER: ${{ secrets.PROXY_USER }} + PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD }} + run: | + sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT + set -e + cd "$DEPLOY_DIRECTORY" + + nohup bash -c ' + sleep 5 + + if docker compose -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > /tmp/docker_deploy.log 2>&1; then + ESCAPED_REF=\$(echo "${REF_NAME}" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g") + TEXT="🚀 *Деплой успешен\!* %0AСервер применил релиз: \`\$ESCAPED_REF\`" + + # ИСПРАВЛЕНО: Восстановлен верный URL api.telegram.org/bot\$TELEGRAM_TOKEN/ + curl -s -X POST "https://telegram.org\${TELEGRAM_TOKEN}/sendMessage" \ + --proxy "http://${PROXY_USER}:${PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" \ + -d "chat_id=${TELEGRAM_CHAT}" \ + -d "parse_mode=MarkdownV2" \ + -d "text=\$TEXT" > /dev/null + else + ERROR_LOG=\$(tail -n 10 /tmp/docker_deploy.log) + ESCAPED_LOG=\$(echo "\$ERROR_LOG" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g" | sed "s/!/\\\\!/g") + TEXT="❌ *Ошибка деплоя релиза ${REF_NAME}\!* %0A%0A\`\`\`%0A\$ESCAPED_LOG%0A\`\`\`" + + # ИСПРАВЛЕНО: Здесь URL тоже приведен к стандарту Telegram API + curl -s -X POST "https://telegram.org\${TELEGRAM_TOKEN}/sendMessage" \ + --proxy "http://${PROXY_USER}:${PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" \ + -d "chat_id=${TELEGRAM_CHAT}" \ + -d "parse_mode=MarkdownV2" \ + -d "text=\$TEXT" > /dev/null + fi + + rm -f /tmp/docker_deploy.log + ' > /dev/null 2>&1 & + EOT + + echo "New containers will be started after 5 seconds" \ No newline at end of file diff --git a/.gitea/workflows/test_telegram_deploy_bot.yaml b/.gitea/workflows/test_telegram_deploy_bot.yaml new file mode 100644 index 0000000..bb4bfb3 --- /dev/null +++ b/.gitea/workflows/test_telegram_deploy_bot.yaml @@ -0,0 +1,40 @@ +name: 🤖 Test telegram deploy bot +run-name: '🤖 Test telegram deploy bot: ${{ gitea.ref_name }} by @${{ gitea.actor }}' +on: + workflow_dispatch: + +jobs: + send_test_message: + runs-on: ubuntu-latest + steps: + - name: Checout repository + uses: actions/checkout@v4 + + - name: Configure ssh client + uses: ./.gitea/actions/configure-ssh-client + with: + ssh_host: ${{ secrets.SSH_HOST }} + + - name: Prepare message + id: prepare_message + uses: ./.gitea/actions/telegram-message-escape + with: + message: 💬 Test message + + - name: Send message + env: + SSHPASS: ${{ secrets.SSH_PASSWORD }} + SSH_USERNAME: ${{ secrets.SSH_USERNAME }} + SSH_HOST: ${{ secrets.SSH_HOST }} + TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }} + TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }} + PROXY_URL: ${{ secrets.PROXY_URL }} + MESSAGE: ${{ steps.prepare_message.outputs.escaped_message }} + run: | + sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT + curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \ + --proxy "${PROXY_URL}" \ + -d "chat_id=${TELEGRAM_CHAT}" \ + -d "parse_mode=MarkdownV2" \ + -d "text=$MESSAGE" > /dev/null + EOT \ No newline at end of file diff --git a/IDEAS.md b/IDEAS.md new file mode 100644 index 0000000..7c81d8d --- /dev/null +++ b/IDEAS.md @@ -0,0 +1,6 @@ +1. Backup data/ before rerun containers +2. Auto run on new realese +3. Разделение докер сетей +4. Notifications +5. Bot for server operations +6. multi device copy-paste \ No newline at end of file