84 lines
2.7 KiB
YAML
84 lines
2.7 KiB
YAML
# =============================================================================
|
|
# Deploy to Production Server
|
|
# =============================================================================
|
|
# Triggers after successful build on main/master branch
|
|
# SSHs to production server and updates containers
|
|
# =============================================================================
|
|
|
|
name: Deploy to Production
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: ["Build and Push"]
|
|
types: [completed]
|
|
branches: [main, master]
|
|
|
|
env:
|
|
REGISTRY: qbit.realms.pub
|
|
IMAGE_PREFIX: realms
|
|
|
|
jobs:
|
|
deploy:
|
|
# Only deploy if the build succeeded
|
|
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
|
runs-on: docker
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
|
|
chmod 600 ~/.ssh/deploy_key
|
|
# Add host key (skip strict checking for first connection)
|
|
ssh-keyscan -p ${{ secrets.DEPLOY_PORT }} ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
- name: Copy docker-compose to server
|
|
run: |
|
|
scp -i ~/.ssh/deploy_key -P ${{ secrets.DEPLOY_PORT }} \
|
|
-o StrictHostKeyChecking=no \
|
|
docker-compose.prod.yml \
|
|
root@${{ secrets.DEPLOY_HOST }}:/opt/realms/docker-compose.yml
|
|
|
|
- name: Deploy to Production
|
|
run: |
|
|
ssh -i ~/.ssh/deploy_key -p ${{ secrets.DEPLOY_PORT }} \
|
|
-o StrictHostKeyChecking=no \
|
|
root@${{ secrets.DEPLOY_HOST }} '
|
|
set -e
|
|
cd /opt/realms
|
|
|
|
# Login to registry
|
|
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
|
|
|
|
# Pull latest images
|
|
docker compose pull
|
|
|
|
# Bring up services with zero-downtime restart
|
|
docker compose up -d --remove-orphans
|
|
|
|
# Prune old images
|
|
docker image prune -f
|
|
|
|
# Show running containers
|
|
docker compose ps
|
|
'
|
|
|
|
- name: Cleanup SSH key
|
|
if: always()
|
|
run: rm -f ~/.ssh/deploy_key
|
|
|
|
- name: Health Check
|
|
run: |
|
|
sleep 10
|
|
ssh -i ~/.ssh/deploy_key -p ${{ secrets.DEPLOY_PORT }} \
|
|
-o StrictHostKeyChecking=no \
|
|
root@${{ secrets.DEPLOY_HOST }} '
|
|
# Check if services are running
|
|
docker compose ps --format "table {{.Name}}\t{{.Status}}"
|
|
|
|
# Basic health check for frontend
|
|
curl -sf http://localhost:80/health || echo "Frontend health check pending"
|
|
' || true
|