diff --git a/.gitea/workflows/morskaRelease.yml b/.gitea/workflows/morskaRelease.yml index 97981b5..a3bc238 100644 --- a/.gitea/workflows/morskaRelease.yml +++ b/.gitea/workflows/morskaRelease.yml @@ -1,7 +1,7 @@ name: Release Morska (latest successful build) on: - workflow_dispatch: { } # ręczny trigger + workflow_dispatch: {} # ręczny trigger env: DEPLOY_HOST: "bim-it.pl" @@ -24,107 +24,108 @@ jobs: apt-get update -y apt-get install -y jq unzip zip openssh-client - - name: Resolve repo/env - id: repo - env: - GITHUB_REPOSITORY: ${{ github.repository }} # owner/repo - API_BASE: ${{ env.API_BASE }} - run: | - set -euo pipefail - OWNER="${GITHUB_REPOSITORY%%/*}" - REPO="${GITHUB_REPOSITORY##*/}" - echo "owner=$OWNER" >> $GITHUB_OUTPUT - echo "repo=$REPO" >> $GITHUB_OUTPUT - echo "api=$API_BASE" >> $GITHUB_OUTPUT + - name: Resolve repo/env + id: repo + env: + GITEA_SERVER_URL: ${{ github.server_url }} # np. https://code.bim-it.pl + GITHUB_REPOSITORY: ${{ github.repository }} # owner/repo + run: | + set -euo pipefail + OWNER="${GITHUB_REPOSITORY%%/*}" + REPO="${GITHUB_REPOSITORY##*/}" + echo "owner=$OWNER" >> $GITHUB_OUTPUT + echo "repo=$REPO" >> $GITHUB_OUTPUT + echo "api=${GITEA_SERVER_URL%/}/api/v1" >> $GITHUB_OUTPUT - - name: Probe API & auth - env: - API: ${{ steps.repo.outputs.api }} - OWNER: ${{ steps.repo.outputs.owner }} - REPO: ${{ steps.repo.outputs.repo }} - TOKEN: ${{ secrets.GITEATOKEN }} - run: | - set -euo pipefail - echo "Probing: $API/repos/$OWNER/$REPO" - curl -sfSL -H "Authorization: token $TOKEN" "$API/repos/$OWNER/$REPO" >/dev/null - echo "OK" + - name: Probe API & auth + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEATOKEN }} + run: | + set -euo pipefail + echo "Probing: $API/repos/$OWNER/$REPO" + curl -sfSL -H "Authorization: token $TOKEN" "$API/repos/$OWNER/$REPO" >/dev/null + echo "OK" - - name: Pick latest successful build (main) - id: pick - env: - API: ${{ steps.repo.outputs.api }} - OWNER: ${{ steps.repo.outputs.owner }} - REPO: ${{ steps.repo.outputs.repo }} - TOKEN: ${{ secrets.GITEATOKEN }} - run: | - set -euo pipefail - URL="$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20" - echo "GET $URL" - RESP="$(curl -sfSL -H "Authorization: token $TOKEN" "$URL")" - echo "$RESP" | jq -e '.workflow_runs' >/dev/null - - RUN_ID="$(echo "$RESP" | jq -r ' - .workflow_runs - | map(select( - (.head_branch=="main") - and (.status=="completed") - and (.conclusion=="success") - and ( - (.path? // .workflow_path? // .workflow?.path? // "") - | test("(\\.gitea|\\.github)/workflows/build\\.yml$") - ) - )) - | sort_by(.run_number) | reverse | .[0].id // empty - ')" - test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; } - - name: Download artifacts (frontend, webapi) - env: - API: ${{ steps.repo.outputs.api }} - OWNER: ${{ steps.repo.outputs.owner }} - REPO: ${{ steps.repo.outputs.repo }} - TOKEN: ${{ secrets.GITEA_TOKEN }} - RUN_ID: ${{ steps.pick.outputs.run_id }} - run: | - set -euo pipefail - mkdir -p release - LIST="$(curl -sfSL -H "Authorization: token $TOKEN" \ - "$API/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")" - echo "Artifacts:"; echo "$LIST" | jq -r '.artifacts[]?.name' - - download_artifact () { - local NAME="$1" - local URL - URL="$(echo "$LIST" | jq -r --arg n "$NAME" ' - (.artifacts // []) | map(select(.name==$n)) | .[0].archive_download_url // .[0].url // empty - ')" - [ -n "$URL" ] && [ "$URL" != "null" ] || { echo "Artifact $NAME not found"; exit 1; } - curl -sfSL -H "Authorization: token $TOKEN" -o "$NAME.zip" "$URL" - unzip -o "$NAME.zip" -d "./$NAME" - } - - download_artifact frontend - download_artifact webapi - (cd frontend && zip -r ../DiunaBI-Morska-Frontend.zip .) - (cd webapi && zip -r ../DiunaBI-Morska-WebApi.zip .) - ls -la release - - - name: Prepare known_hosts - run: | - mkdir -p ~/.ssh - ssh-keyscan -H "${{ env.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true - - - name: Send artifacts to PROD - run: | - scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ - ./release/DiunaBI-Morska-Frontend.zip \ - "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" - scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ - ./release/DiunaBI-Morska-WebApi.zip \ - "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" - - - name: Run remote deploy script - run: | - ssh -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ - "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}" << 'EOF' - ./deployment/DiunaBI-Morska.Release.sh - EOF + - name: Pick latest successful build (main) + id: pick + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEATOKEN }} + run: | + set -euo pipefail + URL="$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20" + echo "GET $URL" + RESP="$(curl -sfSL -H "Authorization: token $TOKEN" "$URL")" + echo "$RESP" | jq -e '.workflow_runs' >/dev/null + + RUN_ID="$(echo "$RESP" | jq -r ' + .workflow_runs + | map(select( + (.head_branch=="main") + and (.status=="completed") + and (.conclusion=="success") + and ( + (.path? // .workflow_path? // .workflow?.path? // "") + | test("(\\.gitea|\\.github)/workflows/build\\.yml$") + ) + )) + | sort_by(.run_number) | reverse | .[0].id // empty + ')" + test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; } + + - name: Download artifacts (frontend, webapi) + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEA_TOKEN }} + RUN_ID: ${{ steps.pick.outputs.run_id }} + run: | + set -euo pipefail + mkdir -p release + LIST="$(curl -sfSL -H "Authorization: token $TOKEN" \ + "$API/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")" + echo "Artifacts:"; echo "$LIST" | jq -r '.artifacts[]?.name' + + download_artifact () { + local NAME="$1" + local URL + URL="$(echo "$LIST" | jq -r --arg n "$NAME" ' + (.artifacts // []) | map(select(.name==$n)) | .[0].archive_download_url // .[0].url // empty + ')" + [ -n "$URL" ] && [ "$URL" != "null" ] || { echo "Artifact $NAME not found"; exit 1; } + curl -sfSL -H "Authorization: token $TOKEN" -o "$NAME.zip" "$URL" + unzip -o "$NAME.zip" -d "./$NAME" + } + + download_artifact frontend + download_artifact webapi + (cd frontend && zip -r ../DiunaBI-Morska-Frontend.zip .) + (cd webapi && zip -r ../DiunaBI-Morska-WebApi.zip .) + ls -la release + + - name: Prepare known_hosts + run: | + mkdir -p ~/.ssh + ssh-keyscan -H "${{ env.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true + + - name: Send artifacts to PROD + run: | + scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ + ./release/DiunaBI-Morska-Frontend.zip \ + "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" + scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ + ./release/DiunaBI-Morska-WebApi.zip \ + "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" + + - name: Run remote deploy script + run: | + ssh -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ + "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}" << 'EOF' + ./deployment/DiunaBI-Morska.Release.sh + EOF