fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...

2025-11-24 21:28:25 +01:00
parent 4eb7134853
commit 77abc65cd7
1327 changed files with 91915 additions and 9909 deletions
--- a/deployment/legacy/gitea-workflows/system-maintenance.yml
+++ b/deployment/legacy/gitea-workflows/system-maintenance.yml
@@ -0,0 +1,72 @@
+name: System Maintenance
+
+on:
+  schedule:
+    # Täglich um 02:30 UTC (≈ 03:30 CET/04:30 CEST)
+    - cron: '30 2 * * *'
+  workflow_dispatch:
+
+env:
+  DEPLOYMENT_HOST: 94.16.110.151
+
+jobs:
+  run-maintenance:
+    name: Run Ansible System Maintenance
+    runs-on: php-ci
+    environment:
+      name: production
+      url: https://michaelschiemer.de
+
+    steps:
+      - name: Checkout deployment repository
+        run: |
+          REF_NAME="${{ github.ref_name }}"
+          if [ -z "$REF_NAME" ]; then
+            REF_NAME="main"
+          fi
+          REPO="${{ github.repository }}"
+
+          echo "📋 Cloning branch: $REF_NAME"
+
+          if [ -n "${{ secrets.CI_TOKEN }}" ]; then
+            git clone --depth 1 --branch "$REF_NAME" \
+              "https://${{ secrets.CI_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \
+              /workspace/repo
+          else
+            git clone --depth 1 --branch "$REF_NAME" \
+              "https://git.michaelschiemer.de/${REPO}.git" \
+              /workspace/repo || \
+            git clone --depth 1 \
+              "https://git.michaelschiemer.de/${REPO}.git" \
+              /workspace/repo
+          fi
+
+          cd /workspace/repo
+
+      - name: Prepare SSH access
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/production
+          chmod 600 ~/.ssh/production
+          ssh-keyscan -H ${{ env.DEPLOYMENT_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Verify Ansible availability
+        run: ansible --version
+
+      - name: Run system maintenance playbook
+        run: |
+          cd /workspace/repo/deployment/ansible
+          ansible-playbook -i inventory/production.yml \
+            playbooks/system-maintenance.yml
+
+      - name: Cleanup SSH key
+        if: always()
+        run: rm -f ~/.ssh/production
+
+      - name: Report success
+        if: success()
+        run: echo "✅ System maintenance completed"
+
+      - name: Report failure
+        if: failure()
+        run: echo "❌ System maintenance failed – review Ansible logs"