From dd64aa4e9b311b95d2849273290b27c835933ad0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Zieli=C5=84ski?= Date: Fri, 12 Sep 2025 10:58:36 +0200 Subject: [PATCH] morska release --- .gitea/workflows/morskaRelease.yml | 144 ++++++++++++++++++++++------- 1 file changed, 111 insertions(+), 33 deletions(-) diff --git a/.gitea/workflows/morskaRelease.yml b/.gitea/workflows/morskaRelease.yml index bd10269..4f51af5 100644 --- a/.gitea/workflows/morskaRelease.yml +++ b/.gitea/workflows/morskaRelease.yml @@ -1,39 +1,117 @@ -release: - if: github.event_name != 'pull_request' - needs: [build-frontend, build-backend] - runs-on: ubuntu-latest - environment: Morska - steps: - - uses: https://github.com/actions/checkout@v4 +name: Release Morska (latest successful build) - - name: Download frontend artifacts - uses: https://github.com/actions/download-artifact@v3 - with: - name: frontend - path: ./release/frontend +on: + workflow_dispatch: {} # ręczny trigger - - name: Download backend artifacts - uses: https://github.com/actions/download-artifact@v3 - with: - name: webapi - path: ./release/webapi +env: + # STAŁE DLA TEGO ŚRODOWISKA + DEPLOY_HOST: "bim-it.pl" + DEPLOY_USER: "mz" + DEPLOY_PATH: "./deployment/" + SSH_KEYFILE: "/ci-keys/morska" + BUILD_WORKFLOW_PATH: ".gitea/workflows/build.yml" - - name: Archive frontend - run: (cd release/frontend && zip -r ../DiunaBI-Morska-Frontend.zip .) +jobs: + release: + runs-on: ubuntu-latest - - name: Archive backend - run: (cd release/webapi && zip -r ../DiunaBI-Morska-WebApi.zip .) + steps: + - name: Checkout (for completeness) + uses: https://github.com/actions/checkout@v4 - - name: Prepare known_hosts - run: | - mkdir -p ~/.ssh - ssh-keyscan -H "${{ vars.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true + - name: Install tools + run: | + apt-get update -y + apt-get install -y jq unzip zip openssh-client - - name: Upload artifacts via SCP - run: | - scp -i /ci-keys/prod_deploy -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ - ./release/DiunaBI-Morska-Frontend.zip \ - "${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }}:${{ vars.DEPLOY_PATH }}" - scp -i /ci-keys/prod_deploy -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ - ./release/DiunaBI-Morska-WebApi.zip \ - "${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }}:${{ vars.DEPLOY_PATH }}" \ No newline at end of file + - name: Resolve repo/env + id: repo + env: + GITEA_SERVER_URL: ${{ github.server_url }} # np. https://code.bim-it.pl + GITHUB_REPOSITORY: ${{ github.repository }} # owner/repo + run: | + set -euo pipefail + OWNER="${GITHUB_REPOSITORY%%/*}" + REPO="${GITHUB_REPOSITORY##*/}" + echo "owner=$OWNER" >> $GITHUB_OUTPUT + echo "repo=$REPO" >> $GITHUB_OUTPUT + echo "api=${GITEA_SERVER_URL%/}/api/v1" >> $GITHUB_OUTPUT + + - name: Pick latest successful build (main) + id: pick + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEA_TOKEN }} # PAT z odczytem Actions/artefaktów w tym repo + BUILD_PATH: ${{ env.BUILD_WORKFLOW_PATH }} + run: | + set -euo pipefail + RESP="$(curl -sfSL -H "Authorization: token $TOKEN" \ + "$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20")" + RUN_ID="$(echo "$RESP" | jq -r --arg p "$BUILD_PATH" ' + .workflow_runs + | map(select( + (.head_branch=="main") + and (.status=="completed") + and (.conclusion=="success") + and ( + (.path? // .workflow_path? // .workflow?.path? // "") + | test($p + "$") + ) + )) + | sort_by(.run_number) | reverse | .[0].id // empty + ')" + test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; } + + - name: Download artifacts (frontend, webapi) + env: + API: ${{ steps.repo.outputs.api }} + OWNER: ${{ steps.repo.outputs.owner }} + REPO: ${{ steps.repo.outputs.repo }} + TOKEN: ${{ secrets.GITEA_TOKEN }} + RUN_ID: ${{ steps.pick.outputs.run_id }} + run: | + set -euo pipefail + mkdir -p release + LIST="$(curl -sfSL -H "Authorization: token $TOKEN" \ + "$API/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")" + echo "Artifacts:"; echo "$LIST" | jq -r '.artifacts[]?.name' + + download_artifact () { + local NAME="$1" + local URL + URL="$(echo "$LIST" | jq -r --arg n "$NAME" ' + (.artifacts // []) | map(select(.name==$n)) | .[0].archive_download_url // .[0].url // empty + ')" + [ -n "$URL" ] && [ "$URL" != "null" ] || { echo "Artifact $NAME not found"; exit 1; } + curl -sfSL -H "Authorization: token $TOKEN" -o "$NAME.zip" "$URL" + unzip -o "$NAME.zip" -d "./$NAME" + } + + download_artifact frontend + download_artifact webapi + (cd frontend && zip -r ../DiunaBI-Morska-Frontend.zip .) + (cd webapi && zip -r ../DiunaBI-Morska-WebApi.zip .) + ls -la release + + - name: Prepare known_hosts + run: | + mkdir -p ~/.ssh + ssh-keyscan -H "${{ env.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true + + - name: Send artifacts to PROD + run: | + scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ + ./release/DiunaBI-Morska-Frontend.zip \ + "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" + scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ + ./release/DiunaBI-Morska-WebApi.zip \ + "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" + + - name: Run remote deploy script + run: | + ssh -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ + "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}" << 'EOF' + ./deployment/DiunaBI-Morska.Release.sh + EOF