7 Commits

Author SHA1 Message Date
vbevdev 3a0e3d419c deploy backup step is now skipable 2026-07-05 01:54:23 +03:00
vbevdev 77ba40f657 fixed password trasfer on sudo backup 2026-07-04 21:00:29 +03:00
vbevdev 5f86776b83 create backup on deploy as sudo to prevent "permission denied" errors 2026-07-04 20:53:53 +03:00
vbevdev bd292c4e84 deploy dir moved from secrets to vars 2026-07-04 20:06:00 +03:00
vbevdev db7d350df5 ideas moved to repo wiki 2026-07-04 19:27:54 +03:00
vbevdev 8f860d5fe0 deleted unused action 2026-07-04 19:27:54 +03:00
vbevdev 0e278211ca deploy on gitea workflow
Reviewed-on: #3
2026-07-04 16:20:41 +00:00
6 changed files with 85 additions and 100 deletions
+3
View File
@@ -0,0 +1,3 @@
BESZEL_HUB_URL=http://mon.localhost
NEXTCLOUD_DOMAIN=cld.localhost
GITEA_URL=http://git:3000
@@ -1,26 +0,0 @@
name: '🧼 Telegram message escape'
description: 'Automatically escapes dots, dashes, and exclamation marks for Telegram MarkdownV2'
inputs:
message:
description: 'The raw text string to escape'
required: true
outputs:
escaped_message:
description: 'The safely escaped string ready for Telegram'
value: ${{ steps.escape.outputs.result }}
runs:
using: 'composite'
steps:
- id: escape
shell: bash
run: |
RAW_MESSAGE="${{ inputs.message }}"
ESCAPED_MESSAGE=$(echo "$RAW_MESSAGE" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g" | sed "s/!/\\\\!/g")
echo "result<<EOF" >> $GITHUB_OUTPUT
echo "$ESCAPED_MESSAGE" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
-19
View File
@@ -1,19 +0,0 @@
name: Gitea Actions Demo
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
Explore-Gitea-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
- run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
- name: Check out repository code
uses: actions/checkout@v4
- run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ gitea.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."
+73 -36
View File
@@ -1,5 +1,5 @@
name: Deploy name: 🚀 Deploy
run-name: Deploy run-name: '🚀 Deploy: ${{ gitea.ref_name }} by @${{ gitea.actor }}'
on: on:
workflow_dispatch: workflow_dispatch:
@@ -17,18 +17,47 @@ jobs:
echo "Clean ref name: $CLEAN_REF_NAME" echo "Clean ref name: $CLEAN_REF_NAME"
echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV
- name: ⚙️ Configure SSH Client - name: ⚙️ Configure ssh client
uses: ./.gitea/actions/configure-ssh-client
with:
ssh_host: ${{ secrets.SSH_HOST }}
- name: 📦 Create backup of data/ folder
if: ${{ vars.DEPLOY_BACKUP_ENABLED == 'true' }}
env:
SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
REF_NAME: ${{ env.CLEAN_REF_NAME }}
run: | run: |
sudo apt-get update && sudo apt-get install -y sshpass sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
mkdir -p ~/.ssh set -e
ssh-keyscan -p 22 "${{ secrets.SSH_HOST }}" >> ~/.ssh/known_hosts cd "$DEPLOY_DIRECTORY"
mkdir -p backups
BACKUP_DATE=\$(date +%Y-%m-%d_%H-%M-%S)
BACKUP_FILE="backups/backup-${REF_NAME}-\${BACKUP_DATE}.tar.gz"
echo "Creating backup of data/ into \${BACKUP_FILE}..."
if [ -d "data" ]; then
echo "$SSHPASS" | sudo -S tar -czf "\${BACKUP_FILE}" data
echo "✅ Backup created successfully!"
else
echo "⚡️ No data/ folder, backup creation skipped."
fi
echo "$SSHPASS" | sudo -S find backups/ -type f -name "backup-*.tar.gz" -mtime +7 -delete
EOT
- name: 🏗️ Create docker-compose file - name: 🏗️ Create docker-compose file
env: env:
SSHPASS: ${{ secrets.SSH_PASSWORD }} SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }} SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
REF_NAME: ${{ env.CLEAN_REF_NAME }} REF_NAME: ${{ env.CLEAN_REF_NAME }}
run: | run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \ sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \
@@ -38,20 +67,30 @@ jobs:
cat > \"docker-compose-$REF_NAME.yml\"" \ cat > \"docker-compose-$REF_NAME.yml\"" \
< docker-compose.yml < docker-compose.yml
- name: 🔐 Create secrets - name: 🔐 Create secrets and envs
env: env:
SSHPASS: ${{ secrets.SSH_PASSWORD }} SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }} SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }} BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }}
BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }} BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }}
GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets._GITEA_RUNNER_REGISTRATION_TOKEN }} BESZEL_HUB_URL: ${{ vars.BESZEL_HUB_URL }}
GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets.RUNNER_REGISTRATION_TOKEN }}
GITEA_URL: ${{ vars.GIT_URL }}
VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }} VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }}
NEXTCLOUD_DOMAIN: ${{ vars.NEXTCLOUD_DOMAIN }}
run: | run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
set -e set -e
cd "$DEPLOY_DIRECTORY" cd "$DEPLOY_DIRECTORY"
cat << 'EOF_ENV' > .env
BESZEL_HUB_URL=$BESZEL_HUB_URL
NEXTCLOUD_DOMAIN=$NEXTCLOUD_DOMAIN
GITEA_URL=$GITEA_URL
EOF_ENV
mkdir -p secrets mkdir -p secrets
cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt
@@ -79,14 +118,18 @@ jobs:
SSHPASS: ${{ secrets.SSH_PASSWORD }} SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }} SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
REF_NAME: ${{ env.CLEAN_REF_NAME }} REF_NAME: ${{ env.CLEAN_REF_NAME }}
TELEGRAM_TOKEN: ${{ secrets.DEPLOY_TELEGRAM_BOT_TOKEN }} TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }}
TELEGRAM_CHAT: ${{ secrets.DEPLOY_TELEGRAM_CHAT_ID }} TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
PROXY_HOST: ${{ secrets.PROXY_HOST }} PROXY_URL: ${{ secrets.PROXY_URL }}
PROXY_PORT: ${{ secrets.PROXY_PORT }} SUCCESS_MESSAGE: |-
PROXY_USER: ${{ secrets.PROXY_USER }} ✅ <b>Успешный деплой!</b>
PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD }} Релиз: <code>${{ gitea.ref_name }}</code>
FAILURE_MESSAGE: |-
❌ <b>Ошибка деплоя!</b>
Релиз: <code>${{ gitea.ref_name }}</code>
DEPLOY_LOG_FILE: /tmp/deploy-${{ env.CLEAN_REF_NAME }}.log
run: | run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
set -e set -e
@@ -95,30 +138,24 @@ jobs:
nohup bash -c ' nohup bash -c '
sleep 5 sleep 5
if docker compose -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > /tmp/docker_deploy.log 2>&1; then if docker compose --dry-run -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > ${DEPLOY_LOG_FILE} 2>&1; then
ESCAPED_REF=\$(echo "${REF_NAME}" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g") curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
TEXT="🚀 *Деплой успешен\!* %0AСервер применил релиз: \`\$ESCAPED_REF\`" --proxy "${PROXY_URL}" \
# ИСПРАВЛЕНО: Восстановлен верный URL api.telegram.org/bot\$TELEGRAM_TOKEN/
curl -s -X POST "https://telegram.org\${TELEGRAM_TOKEN}/sendMessage" \
--proxy "http://${PROXY_USER}:${PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" \
-d "chat_id=${TELEGRAM_CHAT}" \ -d "chat_id=${TELEGRAM_CHAT}" \
-d "parse_mode=MarkdownV2" \ -d "parse_mode=HTML" \
-d "text=\$TEXT" > /dev/null --data-urlencode "text=${SUCCESS_MESSAGE}" > /dev/null
else else
ERROR_LOG=\$(tail -n 10 /tmp/docker_deploy.log) curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
ESCAPED_LOG=\$(echo "\$ERROR_LOG" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g" | sed "s/!/\\\\!/g") --proxy "${PROXY_URL}" \
TEXT="❌ *Ошибка деплоя релиза ${REF_NAME}\!* %0A%0A\`\`\`%0A\$ESCAPED_LOG%0A\`\`\`"
# ИСПРАВЛЕНО: Здесь URL тоже приведен к стандарту Telegram API
curl -s -X POST "https://telegram.org\${TELEGRAM_TOKEN}/sendMessage" \
--proxy "http://${PROXY_USER}:${PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" \
-d "chat_id=${TELEGRAM_CHAT}" \ -d "chat_id=${TELEGRAM_CHAT}" \
-d "parse_mode=MarkdownV2" \ -d "parse_mode=HTML" \
-d "text=\$TEXT" > /dev/null --data-urlencode "text=${FAILURE_MESSAGE}" > /dev/null
fi fi
rm -f /tmp/docker_deploy.log curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendDocument" \
--proxy "${PROXY_URL}" \
-F "chat_id=${TELEGRAM_CHAT}" \
-F "document=@${DEPLOY_LOG_FILE}" > /dev/null && rm -f ${DEPLOY_LOG_FILE}
' > /dev/null 2>&1 & ' > /dev/null 2>&1 &
EOT EOT
+8 -12
View File
@@ -7,21 +7,15 @@ jobs:
send_test_message: send_test_message:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checout repository - name: 📂 Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Configure ssh client - name: ⚙️ Configure ssh client
uses: ./.gitea/actions/configure-ssh-client uses: ./.gitea/actions/configure-ssh-client
with: with:
ssh_host: ${{ secrets.SSH_HOST }} ssh_host: ${{ secrets.SSH_HOST }}
- name: Prepare message - name: 💬 Send message
id: prepare_message
uses: ./.gitea/actions/telegram-message-escape
with:
message: 💬 Test message
- name: Send message
env: env:
SSHPASS: ${{ secrets.SSH_PASSWORD }} SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
@@ -32,9 +26,11 @@ jobs:
MESSAGE: ${{ steps.prepare_message.outputs.escaped_message }} MESSAGE: ${{ steps.prepare_message.outputs.escaped_message }}
run: | run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \ set -e
curl -s --connect-timeout 10 -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
--proxy "${PROXY_URL}" \ --proxy "${PROXY_URL}" \
-d "chat_id=${TELEGRAM_CHAT}" \ -d "chat_id=${TELEGRAM_CHAT}" \
-d "parse_mode=MarkdownV2" \ -d "parse_mode=HTML" \
-d "text=$MESSAGE" > /dev/null --data-urlencode "text=💬 Test message"
EOT EOT
-6
View File
@@ -1,6 +0,0 @@
1. Backup data/ before rerun containers
2. Auto run on new realese
3. Разделение докер сетей
4. Notifications
5. Bot for server operations
6. multi device copy-paste