diff --git a/.gitea/workflows/morskaRelease.yml b/.gitea/workflows/morskaRelease.yml index a3bc238..91636e6 100644 --- a/.gitea/workflows/morskaRelease.yml +++ b/.gitea/workflows/morskaRelease.yml @@ -1,7 +1,7 @@ name: Release Morska (latest successful build) on: - workflow_dispatch: {} # ręczny trigger + workflow_dispatch: {} env: DEPLOY_HOST: "bim-it.pl" @@ -14,76 +14,76 @@ env: jobs: release: runs-on: ubuntu-latest - steps: - name: Checkout (for completeness) uses: https://github.com/actions/checkout@v4 - name: Install tools run: | + set -euo pipefail apt-get update -y apt-get install -y jq unzip zip openssh-client - name: Resolve repo/env id: repo env: - GITEA_SERVER_URL: ${{ github.server_url }} # np. https://code.bim-it.pl GITHUB_REPOSITORY: ${{ github.repository }} # owner/repo + API_BASE: ${{ env.API_BASE }} run: | set -euo pipefail OWNER="${GITHUB_REPOSITORY%%/*}" REPO="${GITHUB_REPOSITORY##*/}" echo "owner=$OWNER" >> $GITHUB_OUTPUT echo "repo=$REPO" >> $GITHUB_OUTPUT - echo "api=${GITEA_SERVER_URL%/}/api/v1" >> $GITHUB_OUTPUT + echo "api=$API_BASE" >> $GITHUB_OUTPUT - - name: Probe API & auth - env: - API: ${{ steps.repo.outputs.api }} - OWNER: ${{ steps.repo.outputs.owner }} - REPO: ${{ steps.repo.outputs.repo }} - TOKEN: ${{ secrets.GITEATOKEN }} - run: | - set -euo pipefail - echo "Probing: $API/repos/$OWNER/$REPO" - curl -sfSL -H "Authorization: token $TOKEN" "$API/repos/$OWNER/$REPO" >/dev/null - echo "OK" - - - name: Pick latest successful build (main) - id: pick - env: - API: ${{ steps.repo.outputs.api }} - OWNER: ${{ steps.repo.outputs.owner }} - REPO: ${{ steps.repo.outputs.repo }} - TOKEN: ${{ secrets.GITEATOKEN }} - run: | - set -euo pipefail - URL="$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20" - echo "GET $URL" - RESP="$(curl -sfSL -H "Authorization: token $TOKEN" "$URL")" - echo "$RESP" | jq -e '.workflow_runs' >/dev/null - - RUN_ID="$(echo "$RESP" | jq -r ' - .workflow_runs - | map(select( - (.head_branch=="main") - and (.status=="completed") - and (.conclusion=="success") - and ( - (.path? // .workflow_path? // .workflow?.path? // "") - | test("(\\.gitea|\\.github)/workflows/build\\.yml$") - ) - )) - | sort_by(.run_number) | reverse | .[0].id // empty - ')" - test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; } - - - name: Download artifacts (frontend, webapi) + - name: Probe API & auth env: - API: ${{ steps.repo.outputs.api }} + API: ${{ steps.repo.outputs.api }} OWNER: ${{ steps.repo.outputs.owner }} - REPO: ${{ steps.repo.outputs.repo }} - TOKEN: ${{ secrets.GITEA_TOKEN }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEATOKEN }} + run: | + set -euo pipefail + echo "Probing: $API/repos/$OWNER/$REPO" + curl -sfSL -H "Authorization: token $TOKEN" "$API/repos/$OWNER/$REPO" >/dev/null + echo "OK" + + - name: Pick latest successful build (main) + id: pick + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEATOKEN }} + BUILD_PATH: ${{ env.BUILD_WORKFLOW_PATH }} + run: | + set -euo pipefail + URL="$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20" + echo "GET $URL" + RESP="$(curl -sfSL -H "Authorization: token $TOKEN" "$URL")" + echo "$RESP" | jq -e '.workflow_runs' >/dev/null + RUN_ID="$(echo "$RESP" | jq -r --arg p "$BUILD_PATH" ' + .workflow_runs + | map(select( + (.head_branch=="main") + and (.status=="completed") + and (.conclusion=="success") + and ( + (.path? // .workflow_path? // .workflow?.path? // "") + | test($p + "$") + ) + )) + | sort_by(.run_number) | reverse | .[0].id // empty + ')" + test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; } + + - name: Download artifacts (frontend, webapi) + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEATOKEN }} RUN_ID: ${{ steps.pick.outputs.run_id }} run: | set -euo pipefail @@ -109,13 +109,15 @@ jobs: (cd webapi && zip -r ../DiunaBI-Morska-WebApi.zip .) ls -la release - - name: Prepare known_hosts + - name: Prepare known_hosts run: | + set -euo pipefail mkdir -p ~/.ssh ssh-keyscan -H "${{ env.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true - - name: Send artifacts to PROD + - name: Send artifacts to PROD run: | + set -euo pipefail scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ ./release/DiunaBI-Morska-Frontend.zip \ "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" @@ -123,8 +125,9 @@ jobs: ./release/DiunaBI-Morska-WebApi.zip \ "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" - - name: Run remote deploy script + - name: Run remote deploy script run: | + set -euo pipefail ssh -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}" << 'EOF' ./deployment/DiunaBI-Morska.Release.sh