-
Notifications
You must be signed in to change notification settings - Fork 0
247 lines (203 loc) Β· 8.83 KB
/
Copy pathdeploy.yml
File metadata and controls
247 lines (203 loc) Β· 8.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
name: Deploy to Production
on:
push:
branches: [master]
workflow_dispatch:
inputs:
tag:
description: 'Image tag to deploy (leave empty for latest)'
required: false
type: string
default: ''
concurrency:
group: deploy-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: vreshch/diffractwd.com
jobs:
build-and-push:
name: π³ Build & Push Docker Image
runs-on: ubuntu-latest
timeout-minutes: 15
outputs:
image-tag: ${{ steps.set-tag.outputs.tag }}
steps:
- name: π₯ Checkout code
uses: actions/checkout@v7
- name: π·οΈ Determine image tag
id: set-tag
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.tag }}" ]; then
echo "tag=${{ inputs.tag }}" >> $GITHUB_OUTPUT
echo "π Using custom tag: ${{ inputs.tag }}"
else
echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT
echo "π Using commit SHA: ${{ github.sha }}"
fi
- name: π Login to GitHub Container Registry
uses: docker/login-action@v4
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: π³ Build and push Docker image
run: |
IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
TAG="${{ steps.set-tag.outputs.tag }}"
echo "ποΈ Building image..."
docker build \
--build-arg COMMIT_SHA="${{ github.sha }}" \
--build-arg BRANCH="${{ github.ref_name }}" \
--build-arg BUILD_TIME="$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
-t ${IMAGE}:${TAG} -t ${IMAGE}:latest .
echo "π€ Pushing image..."
docker push ${IMAGE}:${TAG}
docker push ${IMAGE}:latest
echo "β
Image pushed successfully!"
echo "π¦ Image: ${IMAGE}:${TAG}"
echo "π¦ Image: ${IMAGE}:latest"
deploy:
name: π Deploy to Server
needs: build-and-push
runs-on: ubuntu-latest
timeout-minutes: 10
environment: production
steps:
- name: π₯ Checkout code
uses: actions/checkout@v7
- name: π§ Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
ssh-keyscan -H ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
# Test SSH connection
echo "Testing SSH connection..."
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no root@${{ secrets.SERVER_HOST }} "echo 'SSH connection successful'"
- name: π€ Copy deployment files to server
run: |
echo "π¦ Ensuring remote directory exists..."
ssh -i ~/.ssh/deploy_key root@${{ secrets.SERVER_HOST }} "mkdir -p /opt/diffractwd-com && chown root:root /opt/diffractwd-com && chmod 755 /opt/diffractwd-com"
echo "π¦ Copying docker-compose.yml..."
scp -i ~/.ssh/deploy_key docker-compose.yml root@${{ secrets.SERVER_HOST }}:/opt/diffractwd-com/
echo "π¦ Copying deployment script..."
scp -i ~/.ssh/deploy_key scripts/deploy.sh root@${{ secrets.SERVER_HOST }}:/opt/diffractwd-com/
ssh -i ~/.ssh/deploy_key root@${{ secrets.SERVER_HOST }} "chmod +x /opt/diffractwd-com/deploy.sh"
- name: π Deploy application
id: deploy
run: |
IMAGE_TAG="${{ needs.build-and-push.outputs.image-tag }}"
echo "π Deploying to production..."
echo "π¦ Image tag: ${IMAGE_TAG}"
ssh -i ~/.ssh/deploy_key root@${{ secrets.SERVER_HOST }} << EOF
set -e
cd /opt/diffractwd-com
# Authenticate with GHCR on server
echo "π Authenticating with GHCR..."
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
# Update image tag in docker-compose
sed -i "s|image:.*|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${IMAGE_TAG}|g" docker-compose.yml
# Pull new image before deploying
echo "π₯ Pulling image..."
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${IMAGE_TAG}
# Deploy to Docker Swarm
echo "π³ Deploying stack..."
docker stack deploy -c docker-compose.yml diffractwd --with-registry-auth
# Force service update to ensure containers restart with new image
echo "π Forcing service update..."
docker service update --force diffractwd_web
# Wait for deployment
echo "β³ Waiting for service to be ready..."
sleep 15
# Check service status
echo "β
Service status:"
docker service ps diffractwd_web --no-trunc --format "table {{.Name}}\t{{.CurrentState}}\t{{.Error}}"
# Save deployed version
echo "${IMAGE_TAG}" > .deployed-version
echo "β
Deployment complete!"
EOF
- name: β
Verify deployment
run: |
echo "π Verifying deployment..."
EXPECTED="${{ github.sha }}"
for i in $(seq 1 30); do
LIVE_COMMIT=$(curl -sf "https://diffractwd.com/api/version" 2>/dev/null | jq -r '.commit // empty') || true
if [ "$LIVE_COMMIT" = "$EXPECTED" ]; then
echo "β
Deployment verified! Live commit: $LIVE_COMMIT"
echo "deployment-status=success" >> $GITHUB_OUTPUT
exit 0
fi
echo "β³ Attempt $i/30 β got: ${LIVE_COMMIT:-no response}, want: ${EXPECTED:0:8}"
sleep 10
done
echo "β Deployment verification failed β live version does not match expected commit"
exit 1
- name: π§Ή Cleanup
if: always()
run: |
rm -f ~/.ssh/deploy_key
echo "π§Ή Cleanup complete"
deployment-summary:
name: π Deployment Summary
needs: [build-and-push, deploy]
if: always()
runs-on: ubuntu-latest
steps:
- name: π Generate summary
uses: actions/github-script@v9
with:
script: |
const buildResult = '${{ needs.build-and-push.result }}';
const deployResult = '${{ needs.deploy.result }}';
const imageTag = '${{ needs.build-and-push.outputs.image-tag }}';
const commitSha = '${{ github.sha }}';
const commitMessage = `${{ github.event.head_commit.message }}` || 'Manual deployment';
const eventName = '${{ github.event_name }}';
const triggerType = eventName === 'workflow_dispatch' ? 'Manual' : 'Automatic (push)';
let status = 'β
SUCCESS';
let emoji = 'π';
if (buildResult === 'failure') {
status = 'β FAILED - Build';
emoji = 'π¨';
} else if (deployResult === 'failure') {
status = 'β FAILED - Deployment';
emoji = 'π¨';
}
const summary = `${emoji} **Deployment ${status}**
**Commit:** \`${commitSha.substring(0, 8)}\`
**Message:** ${commitMessage}
**Branch:** master
**Trigger:** ${triggerType}
**Pipeline Results:**
- π³ Build & Push: ${buildResult === 'success' ? 'β
' : 'β'} ${buildResult}
- π Deployment: ${deployResult === 'success' ? 'β
' : 'β'} ${deployResult}
**Details:**
- **Image Tag:** \`${imageTag}\`
- **Registry:** ghcr.io/vreshch/diffractwd.com
- **Server:** diffractwd.com
- **Deployment URL:** https://diffractwd.com
**Quick Actions:**
- π [Workflow Run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
- π [Visit Website](https://diffractwd.com)
- π¦ [Registry](https://github.com/${{ github.repository }}/pkgs/container/diffractwd.com)
---
β° Generated at: \`${new Date().toISOString()}\``;
console.log(summary);
// Create commit status
try {
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: commitSha,
state: deployResult === 'success' ? 'success' : 'failure',
target_url: `https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}`,
description: `Deployment ${status}`,
context: 'deployment/production'
});
} catch (error) {
console.log('Could not create commit status:', error.message);
}