Files
vbev.dev/.gitea/workflows/deploy.yaml
T

169 lines
6.3 KiB
YAML

name: 🚀 Deploy
run-name: '🚀 Deploy: ${{ gitea.ref_name }} by @${{ gitea.actor }}'
on:
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: 📂 Checkout repository
uses: actions/checkout@v4
- name: 🧼 Clean ref name
run: |
ORIGINAL_REF_NAME="${{ gitea.ref_name }}"
CLEAN_REF_NAME=${ORIGINAL_REF_NAME//\//-}
echo "Clean ref name: $CLEAN_REF_NAME"
echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV
- name: ⚙️ Configure ssh client
uses: ./.gitea/actions/configure-ssh-client
with:
ssh_host: ${{ secrets.SSH_HOST }}
- name: 📦 Create backup of data/ folder
if: ${{ vars.DEPLOY_BACKUP_ENABLED == 'true' }}
env:
SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
REF_NAME: ${{ env.CLEAN_REF_NAME }}
run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
set -e
cd "$DEPLOY_DIRECTORY"
mkdir -p backups
BACKUP_DATE=\$(date +%Y-%m-%d_%H-%M-%S)
BACKUP_FILE="backups/backup-${REF_NAME}-\${BACKUP_DATE}.tar.gz"
echo "Creating backup of data/ into \${BACKUP_FILE}..."
if [ -d "data" ]; then
echo "$SSHPASS" | sudo -S tar -czf "\${BACKUP_FILE}" data
echo "✅ Backup created successfully!"
else
echo "⚡️ No data/ folder, backup creation skipped."
fi
echo "$SSHPASS" | sudo -S find backups/ -type f -name "backup-*.tar.gz" -mtime +7 -delete
EOT
- name: 🏗️ Create docker-compose file
env:
SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
REF_NAME: ${{ env.CLEAN_REF_NAME }}
run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \
"mkdir -p \"$DEPLOY_DIRECTORY\" && \
cd \"$DEPLOY_DIRECTORY\" && \
rm -f docker-compose-*.yml && \
cat > \"docker-compose-$REF_NAME.yml\"" \
< docker-compose.yml
- name: 🔐 Create secrets and envs
env:
SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }}
BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }}
BESZEL_HUB_URL: ${{ vars.BESZEL_HUB_URL }}
GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets.RUNNER_REGISTRATION_TOKEN }}
GITEA_URL: ${{ vars.GIT_URL }}
VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }}
NEXTCLOUD_DOMAIN: ${{ vars.NEXTCLOUD_DOMAIN }}
run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
set -e
cd "$DEPLOY_DIRECTORY"
cat << 'EOF_ENV' > .env
BESZEL_HUB_URL=$BESZEL_HUB_URL
NEXTCLOUD_DOMAIN=$NEXTCLOUD_DOMAIN
GITEA_URL=$GITEA_URL
EOF_ENV
mkdir -p secrets
cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt
$BESZEL_AGENT_KEY
EOF_SECRET
cat << 'EOF_SECRET' > secrets/beszel_agent_token.txt
$BESZEL_AGENT_TOKEN
EOF_SECRET
cat << 'EOF_SECRET' > secrets/gitea_runner_registration_token.txt
$GITEA_RUNNER_REGISTRATION_TOKEN
EOF_SECRET
cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt
$VAULTWARDEN_ADMIN_TOKEN
EOF_SECRET
chmod 700 secrets
chmod 600 secrets/*.txt
EOT
- name: 🚀 Run new containers
env:
SSHPASS: ${{ secrets.SSH_PASSWORD }}
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DEPLOY_DIRECTORY: ${{ vars.DEPLOY_DIRECTORY }}
DEPLOY_LOG_FILE: /tmp/deploy-${{ env.CLEAN_REF_NAME }}.log
DRY_RUN_ENABLED: ${{ vars.DEPLOY_DRY_RUN_ENABLED }}
REF_NAME: ${{ env.CLEAN_REF_NAME }}
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }}
TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
PROXY_URL: ${{ secrets.PROXY_URL }}
SUCCESS_MESSAGE: |-
✅ <b>Успешный деплой!</b>
Релиз: <code>${{ gitea.ref_name }}</code>
FAILURE_MESSAGE: |-
❌ <b>Ошибка деплоя!</b>
Релиз: <code>${{ gitea.ref_name }}</code>
run: |
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
set -e
cd "$DEPLOY_DIRECTORY"
nohup bash -c '
sleep 5
if [ "${DRY_RUN_ENABLED}" = "true" ]; then
DRY_RUN_FLAG="--dry-run"
else
DRY_RUN_FLAG=""
fi
if docker compose \${DRY_RUN_FLAG} -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > ${DEPLOY_LOG_FILE} 2>&1; then
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
--proxy "${PROXY_URL}" \
-d "chat_id=${TELEGRAM_CHAT}" \
-d "parse_mode=HTML" \
--data-urlencode "text=${SUCCESS_MESSAGE}" > /dev/null
else
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
--proxy "${PROXY_URL}" \
-d "chat_id=${TELEGRAM_CHAT}" \
-d "parse_mode=HTML" \
--data-urlencode "text=${FAILURE_MESSAGE}" > /dev/null
fi
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendDocument" \
--proxy "${PROXY_URL}" \
-F "chat_id=${TELEGRAM_CHAT}" \
-F "document=@${DEPLOY_LOG_FILE}" > /dev/null && rm -f ${DEPLOY_LOG_FILE}
' > /dev/null 2>&1 &
EOT
echo "New containers will be started after 5 seconds"