feat: Add staging environment setup
- Create staging stack with separate containers and volumes - Configure staging.michaelschiemer.de subdomain routing - Add deploy-staging.yml workflow for auto-deployment - Extend build-image.yml to support staging branch - Separate Redis instance and network for staging - Staging uses staging branch by default Features: - Auto-deploy: Push to staging branch → build → deploy to staging - Separate from production: Different containers, volumes, networks - Shared Traefik: Uses same SSL certificates (*.michaelschiemer.de) - Testing environment before production deployment
This commit is contained in:
@@ -4,7 +4,7 @@ run-name: Build Image - ${{ github.ref_name }} - ${{ github.sha }}
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main, develop ]
|
||||
branches: [ main, develop, staging ]
|
||||
paths-ignore:
|
||||
- '**.md'
|
||||
- 'docs/**'
|
||||
|
||||
210
.gitea/workflows/deploy-staging.yml
Normal file
210
.gitea/workflows/deploy-staging.yml
Normal file
@@ -0,0 +1,210 @@
|
||||
name: Deploy to Staging
|
||||
|
||||
run-name: Deploy to Staging - ${{ github.ref_name }}
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
image_tag:
|
||||
description: 'Image tag to deploy (leave empty for latest)'
|
||||
required: false
|
||||
default: 'latest'
|
||||
branch:
|
||||
description: 'Branch to deploy from'
|
||||
required: false
|
||||
default: 'staging'
|
||||
auto_deploy:
|
||||
description: 'Auto-deploy after successful build'
|
||||
type: boolean
|
||||
required: false
|
||||
default: false
|
||||
workflow_run:
|
||||
workflows: ["Build Docker Image"]
|
||||
types:
|
||||
- completed
|
||||
branches: [staging]
|
||||
|
||||
env:
|
||||
REGISTRY: registry.michaelschiemer.de
|
||||
IMAGE_NAME: framework
|
||||
DEPLOYMENT_HOST: 94.16.110.151
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy to Staging Server
|
||||
runs-on: ubuntu-latest
|
||||
environment:
|
||||
name: staging
|
||||
url: https://staging.michaelschiemer.de
|
||||
# Only run if triggered manually OR if build workflow succeeded on staging branch
|
||||
if: |
|
||||
github.event_name == 'workflow_dispatch' ||
|
||||
(github.event_name == 'workflow_run' &&
|
||||
github.event.workflow_run.conclusion == 'success' &&
|
||||
github.event.workflow_run.head_branch == 'staging')
|
||||
steps:
|
||||
- name: Checkout deployment scripts
|
||||
run: |
|
||||
REF_NAME="${{ github.ref_name || inputs.branch || 'staging' }}"
|
||||
REPO="${{ github.repository }}"
|
||||
|
||||
if [ -n "${{ secrets.CI_TOKEN }}" ]; then
|
||||
git clone --depth 1 --branch "$REF_NAME" \
|
||||
"https://${{ secrets.CI_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo
|
||||
else
|
||||
git clone --depth 1 --branch "$REF_NAME" \
|
||||
"https://git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo || \
|
||||
git clone --depth 1 \
|
||||
"https://git.michaelschiemer.de/${REPO}.git" \
|
||||
/workspace/repo
|
||||
fi
|
||||
|
||||
cd /workspace/repo
|
||||
|
||||
- name: Determine image tag
|
||||
id: image_tag
|
||||
shell: bash
|
||||
run: |
|
||||
# Priority:
|
||||
# 1. Manual input (workflow_dispatch)
|
||||
# 2. From workflow_run (build workflow outputs)
|
||||
# 3. Latest
|
||||
|
||||
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.image_tag }}" ]; then
|
||||
IMAGE_TAG="${{ inputs.image_tag }}"
|
||||
echo "Using manually specified tag: $IMAGE_TAG"
|
||||
elif [ "${{ github.event_name }}" = "workflow_run" ]; then
|
||||
# Use latest for staging auto-deploy
|
||||
IMAGE_TAG="latest"
|
||||
echo "Using latest tag (from workflow_run trigger)"
|
||||
else
|
||||
IMAGE_TAG="latest"
|
||||
echo "Using latest tag (default)"
|
||||
fi
|
||||
|
||||
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT
|
||||
echo "📦 Deploying image tag: $IMAGE_TAG"
|
||||
|
||||
- name: Setup SSH key
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/production
|
||||
chmod 600 ~/.ssh/production
|
||||
ssh-keyscan -H ${{ env.DEPLOYMENT_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
- name: Deploy via SSH
|
||||
run: |
|
||||
set -e
|
||||
|
||||
DEPLOYMENT_HOST="${{ env.DEPLOYMENT_HOST }}"
|
||||
REGISTRY="${{ env.REGISTRY }}"
|
||||
IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
||||
IMAGE_TAG="${{ steps.image_tag.outputs.IMAGE_TAG }}"
|
||||
|
||||
FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}"
|
||||
STACK_PATH="~/deployment/stacks/staging"
|
||||
|
||||
echo "🚀 Starting staging deployment..."
|
||||
echo " Image: ${FULL_IMAGE}"
|
||||
echo " Tag: ${IMAGE_TAG}"
|
||||
echo " Host: ${DEPLOYMENT_HOST}"
|
||||
echo " Stack: ${STACK_PATH}"
|
||||
|
||||
ssh -i ~/.ssh/production \
|
||||
-o StrictHostKeyChecking=no \
|
||||
-o UserKnownHostsFile=/dev/null \
|
||||
deploy@${DEPLOYMENT_HOST} <<EOF
|
||||
set -e
|
||||
|
||||
# Ensure staging stack directory exists
|
||||
mkdir -p ${STACK_PATH}
|
||||
cd ${STACK_PATH}
|
||||
|
||||
echo "🔐 Logging in to Docker registry..."
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${REGISTRY} \
|
||||
-u "${{ secrets.REGISTRY_USER }}" \
|
||||
--password-stdin || echo "⚠️ Registry login failed, continuing..."
|
||||
|
||||
echo "📥 Pulling image ${FULL_IMAGE}..."
|
||||
docker pull ${FULL_IMAGE} || {
|
||||
echo "❌ Failed to pull image ${FULL_IMAGE}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# If docker-compose.yml doesn't exist, it will be created from repo
|
||||
if [ ! -f docker-compose.yml ]; then
|
||||
echo "⚠️ docker-compose.yml not found, copying from repo..."
|
||||
cp /workspace/repo/deployment/stacks/staging/docker-compose.yml . || {
|
||||
echo "❌ Failed to copy docker-compose.yml"
|
||||
exit 1
|
||||
}
|
||||
fi
|
||||
|
||||
# Update docker-compose.yml with new image tag
|
||||
echo "📝 Updating docker-compose.yml..."
|
||||
sed -i "s|image:.*/${IMAGE_NAME}:.*|image: ${FULL_IMAGE}|g" docker-compose.yml
|
||||
|
||||
echo "✅ Updated docker-compose.yml:"
|
||||
grep "image:" docker-compose.yml | head -5
|
||||
|
||||
# Ensure networks exist
|
||||
echo "🔗 Ensuring Docker networks exist..."
|
||||
docker network create traefik-public 2>/dev/null || true
|
||||
docker network create staging-internal 2>/dev/null || true
|
||||
|
||||
echo "🔄 Starting/updating services..."
|
||||
docker compose up -d --pull always --force-recreate || {
|
||||
echo "❌ Failed to start services"
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo "⏳ Waiting for services to start..."
|
||||
sleep 10
|
||||
|
||||
echo "📊 Container status:"
|
||||
docker compose ps
|
||||
|
||||
echo "✅ Staging deployment completed!"
|
||||
EOF
|
||||
|
||||
- name: Wait for deployment to stabilize
|
||||
run: sleep 30
|
||||
|
||||
- name: Health check
|
||||
id: health
|
||||
run: |
|
||||
for i in {1..10}; do
|
||||
if curl -f -k https://staging.michaelschiemer.de/health; then
|
||||
echo "✅ Health check passed"
|
||||
exit 0
|
||||
fi
|
||||
echo "⏳ Waiting for staging service... (attempt $i/10)"
|
||||
sleep 10
|
||||
done
|
||||
echo "❌ Health check failed"
|
||||
exit 1
|
||||
|
||||
- name: Rollback on failure
|
||||
if: failure() && steps.health.outcome == 'failure'
|
||||
run: |
|
||||
echo "⚠️ Staging deployment failed - manual rollback may be required"
|
||||
echo "💡 To rollback manually, SSH to the server and run:"
|
||||
echo " cd ~/deployment/stacks/staging"
|
||||
echo " docker compose down"
|
||||
echo " git checkout docker-compose.yml"
|
||||
echo " docker compose up -d"
|
||||
|
||||
- name: Notify deployment success
|
||||
if: success()
|
||||
run: |
|
||||
echo "🚀 Staging deployment successful!"
|
||||
echo "URL: https://staging.michaelschiemer.de"
|
||||
echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.IMAGE_TAG }}"
|
||||
|
||||
- name: Notify deployment failure
|
||||
if: failure()
|
||||
run: |
|
||||
echo "❌ Staging deployment failed"
|
||||
# TODO: Add Slack/Email notification
|
||||
Reference in New Issue
Block a user