From e7ab34462d3d832dff4a4ff321bcdd287657e545 Mon Sep 17 00:00:00 2001 From: janis Date: Thu, 23 Apr 2026 18:55:27 +0000 Subject: [PATCH] .gitea/workflows/delpoy.yml aktualisiert --- .gitea/workflows/delpoy.yml | 110 +++++++++++++++++------------------- 1 file changed, 53 insertions(+), 57 deletions(-) diff --git a/.gitea/workflows/delpoy.yml b/.gitea/workflows/delpoy.yml index afca836..77a50ce 100644 --- a/.gitea/workflows/delpoy.yml +++ b/.gitea/workflows/delpoy.yml @@ -1,63 +1,59 @@ -#!/usr/bin/env bash -set -Eeuo pipefail +name: Deploy -# Required env vars: -# SSH_KEY -> private SSH key content -# SSH_USER -> remote SSH user -# SSH_IP -> remote host/IP -# GIT_USER -> Gitea username -# GIT_TOKEN -> Gitea personal access token -# -# Optional env vars: -# APP_DIR -> remote app directory -# GIT_HOST -> git.jakach.ch -# GIT_REPO -> Jakach/your-repo.git -# GIT_BRANCH -> main +on: + push: + branches: [main] -: "${SSH_KEY:?SSH_KEY is required}" -: "${SSH_USER:?SSH_USER is required}" -: "${SSH_IP:?SSH_IP is required}" -: "${GIT_USER:?GIT_USER is required}" -: "${GIT_TOKEN:?GIT_TOKEN is required}" +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Run deploy + env: + SSH_KEY: ${{ secrets.SSH_KEY }} + SSH_USER: ${{ secrets.SSH_USER }} + SSH_IP: ${{ secrets.SSH_IP }} + GIT_USER: ${{ secrets.GIT_USER }} + GIT_TOKEN: ${{ secrets.GIT_TOKEN }} + APP_DIR: /home/deploy/my-app + GIT_REPO: Jakach/my-app.git + GIT_BRANCH: main + run: | + cat > deploy.sh <<'EOF' + #!/usr/bin/env bash + set -Eeuo pipefail + : "${SSH_KEY:?SSH_KEY is required}" + : "${SSH_USER:?SSH_USER is required}" + : "${SSH_IP:?SSH_IP is required}" + : "${GIT_USER:?GIT_USER is required}" + : "${GIT_TOKEN:?GIT_TOKEN is required}" -APP_DIR="/srv/systems/jakach-login" -GIT_HOST="${GIT_HOST:-git.jakach.ch}" -GIT_REPO="${GIT_REPO:-Jakach/jakach-login.git}" -GIT_BRANCH="${GIT_BRANCH:-main}" + APP_DIR="/srv/systems/jakach-login" + GIT_HOST="${GIT_HOST:-git.jakach.ch}" + GIT_REPO="jakach/jakach-login.git" + GIT_BRANCH="${GIT_BRANCH:-main}" -mkdir -p ~/.ssh -chmod 700 ~/.ssh + mkdir -p ~/.ssh + chmod 700 ~/.ssh + printf '%s\n' "$SSH_KEY" | tr -d '\r' > ~/.ssh/deploy_key + chmod 600 ~/.ssh/deploy_key + ssh-keyscan -H "$SSH_IP" >> ~/.ssh/known_hosts 2>/dev/null || true -# Write SSH key -printf '%s\n' "$SSH_KEY" | tr -d '\r' > ~/.ssh/deploy_key -chmod 600 ~/.ssh/deploy_key + ssh -i ~/.ssh/deploy_key \ + -o StrictHostKeyChecking=yes \ + -o IdentitiesOnly=yes \ + "$SSH_USER@$SSH_IP" \ + "export APP_DIR='$APP_DIR' GIT_HOST='$GIT_HOST' GIT_REPO='$GIT_REPO' GIT_BRANCH='$GIT_BRANCH' GIT_USER='$GIT_USER' GIT_TOKEN='$GIT_TOKEN'; bash -s" <<'REMOTE' + set -Eeuo pipefail + cd "$APP_DIR" + git remote set-url origin "https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}" + git fetch origin "$GIT_BRANCH" + git checkout "$GIT_BRANCH" + git pull origin "$GIT_BRANCH" + docker compose down + docker compose up -d --build + REMOTE + EOF -# Trust remote host -ssh-keyscan -H "$SSH_IP" >> ~/.ssh/known_hosts 2>/dev/null || true - -ssh -i ~/.ssh/deploy_key \ - -o StrictHostKeyChecking=yes \ - -o IdentitiesOnly=yes \ - "$SSH_USER@$SSH_IP" \ - "export APP_DIR='$APP_DIR' GIT_HOST='$GIT_HOST' GIT_REPO='$GIT_REPO' GIT_BRANCH='$GIT_BRANCH' GIT_USER='$GIT_USER' GIT_TOKEN='$GIT_TOKEN'; bash -s" <<'REMOTE' -set -Eeuo pipefail - -: "${APP_DIR:?}" -: "${GIT_HOST:?}" -: "${GIT_REPO:?}" -: "${GIT_BRANCH:?}" -: "${GIT_USER:?}" -: "${GIT_TOKEN:?}" - -cd "$APP_DIR" - -# Ensure origin uses HTTPS with token auth -git remote set-url origin "https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}" - -git fetch origin "$GIT_BRANCH" -git checkout "$GIT_BRANCH" -git pull origin "$GIT_BRANCH" - -docker compose down -docker compose up -d --build -REMOTE \ No newline at end of file + chmod +x deploy.sh + ./deploy.sh \ No newline at end of file