name: Release Morska (latest successful build) on: workflow_dispatch: {} # ręczny trigger env: DEPLOY_HOST: "bim-it.pl" DEPLOY_USER: "mz" DEPLOY_PATH: "./deployment/" SSH_KEYFILE: "/ci-keys/morska" BUILD_WORKFLOW_PATH: ".gitea/workflows/build.yml" API_BASE: "https://code.bim-it.pl/api/v1" jobs: release: runs-on: ubuntu-latest steps: - name: Checkout (for completeness) uses: https://github.com/actions/checkout@v4 - name: Install tools run: | apt-get update -y apt-get install -y jq unzip zip openssh-client - name: Resolve repo/env id: repo env: GITEA_SERVER_URL: ${{ github.server_url }} # np. https://code.bim-it.pl GITHUB_REPOSITORY: ${{ github.repository }} # owner/repo run: | set -euo pipefail OWNER="${GITHUB_REPOSITORY%%/*}" REPO="${GITHUB_REPOSITORY##*/}" echo "owner=$OWNER" >> $GITHUB_OUTPUT echo "repo=$REPO" >> $GITHUB_OUTPUT echo "api=${GITEA_SERVER_URL%/}/api/v1" >> $GITHUB_OUTPUT - name: Probe API & auth env: API: ${{ steps.repo.outputs.api }} OWNER: ${{ steps.repo.outputs.owner }} REPO: ${{ steps.repo.outputs.repo }} TOKEN: ${{ secrets.GITEATOKEN }} run: | set -euo pipefail echo "Probing: $API/repos/$OWNER/$REPO" curl -sfSL -H "Authorization: token $TOKEN" "$API/repos/$OWNER/$REPO" >/dev/null echo "OK" - name: Pick latest successful build (main) id: pick env: API: ${{ steps.repo.outputs.api }} OWNER: ${{ steps.repo.outputs.owner }} REPO: ${{ steps.repo.outputs.repo }} TOKEN: ${{ secrets.GITEATOKEN }} run: | set -euo pipefail URL="$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20" echo "GET $URL" RESP="$(curl -sfSL -H "Authorization: token $TOKEN" "$URL")" echo "$RESP" | jq -e '.workflow_runs' >/dev/null RUN_ID="$(echo "$RESP" | jq -r ' .workflow_runs | map(select( (.head_branch=="main") and (.status=="completed") and (.conclusion=="success") and ( (.path? // .workflow_path? // .workflow?.path? // "") | test("(\\.gitea|\\.github)/workflows/build\\.yml$") ) )) | sort_by(.run_number) | reverse | .[0].id // empty ')" test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; } - name: Download artifacts (frontend, webapi) env: API: ${{ steps.repo.outputs.api }} OWNER: ${{ steps.repo.outputs.owner }} REPO: ${{ steps.repo.outputs.repo }} TOKEN: ${{ secrets.GITEA_TOKEN }} RUN_ID: ${{ steps.pick.outputs.run_id }} run: | set -euo pipefail mkdir -p release LIST="$(curl -sfSL -H "Authorization: token $TOKEN" \ "$API/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")" echo "Artifacts:"; echo "$LIST" | jq -r '.artifacts[]?.name' download_artifact () { local NAME="$1" local URL URL="$(echo "$LIST" | jq -r --arg n "$NAME" ' (.artifacts // []) | map(select(.name==$n)) | .[0].archive_download_url // .[0].url // empty ')" [ -n "$URL" ] && [ "$URL" != "null" ] || { echo "Artifact $NAME not found"; exit 1; } curl -sfSL -H "Authorization: token $TOKEN" -o "$NAME.zip" "$URL" unzip -o "$NAME.zip" -d "./$NAME" } download_artifact frontend download_artifact webapi (cd frontend && zip -r ../DiunaBI-Morska-Frontend.zip .) (cd webapi && zip -r ../DiunaBI-Morska-WebApi.zip .) ls -la release - name: Prepare known_hosts run: | mkdir -p ~/.ssh ssh-keyscan -H "${{ env.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true - name: Send artifacts to PROD run: | scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ ./release/DiunaBI-Morska-Frontend.zip \ "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ ./release/DiunaBI-Morska-WebApi.zip \ "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}" - name: Run remote deploy script run: | ssh -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \ "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}" << 'EOF' ./deployment/DiunaBI-Morska.Release.sh EOF