Michael Schiemer
194bd71257
- Add build-image.yml: Automatic image builds on push (5-8 min) - Add deploy-production.yml: Manual deployment workflow (2-5 min) - Mark production-deploy.yml as deprecated Benefits: - Faster feedback: Images ready in ~5-8 min (vs 10-15 min before) - Flexible deployment: Deploy when ready, not forced after every build - Parallel execution: Multiple builds can run simultaneously - Better separation: Build failures don't block deployments of existing images
196 lines
6.6 KiB
YAML
196 lines
6.6 KiB
YAML
name: Deploy to Production
|
|
|
|
run-name: Deploy to Production - ${{ github.ref_name }}
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image_tag:
|
|
description: 'Image tag to deploy (leave empty for latest)'
|
|
required: false
|
|
default: 'latest'
|
|
branch:
|
|
description: 'Branch to deploy from'
|
|
required: false
|
|
default: 'main'
|
|
auto_deploy:
|
|
description: 'Auto-deploy after successful build'
|
|
type: boolean
|
|
required: false
|
|
default: false
|
|
workflow_run:
|
|
workflows: ["Build Docker Image"]
|
|
types:
|
|
- completed
|
|
branches: [main, develop]
|
|
|
|
env:
|
|
REGISTRY: registry.michaelschiemer.de
|
|
IMAGE_NAME: framework
|
|
DEPLOYMENT_HOST: 94.16.110.151
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy to Production Server
|
|
runs-on: ubuntu-latest
|
|
environment:
|
|
name: production
|
|
url: https://michaelschiemer.de
|
|
# Only run if triggered manually OR if build workflow succeeded
|
|
if: |
|
|
github.event_name == 'workflow_dispatch' ||
|
|
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
|
|
steps:
|
|
- name: Checkout deployment scripts
|
|
run: |
|
|
REF_NAME="${{ github.ref_name || inputs.branch || 'main' }}"
|
|
REPO="${{ github.repository }}"
|
|
|
|
if [ -n "${{ secrets.CI_TOKEN }}" ]; then
|
|
git clone --depth 1 --branch "$REF_NAME" \
|
|
"https://${{ secrets.CI_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \
|
|
/workspace/repo
|
|
else
|
|
git clone --depth 1 --branch "$REF_NAME" \
|
|
"https://git.michaelschiemer.de/${REPO}.git" \
|
|
/workspace/repo || \
|
|
git clone --depth 1 \
|
|
"https://git.michaelschiemer.de/${REPO}.git" \
|
|
/workspace/repo
|
|
fi
|
|
|
|
cd /workspace/repo
|
|
|
|
- name: Determine image tag
|
|
id: image_tag
|
|
shell: bash
|
|
run: |
|
|
# Priority:
|
|
# 1. Manual input (workflow_dispatch)
|
|
# 2. From workflow_run (build workflow outputs)
|
|
# 3. Latest
|
|
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.image_tag }}" ]; then
|
|
IMAGE_TAG="${{ inputs.image_tag }}"
|
|
echo "Using manually specified tag: $IMAGE_TAG"
|
|
elif [ "${{ github.event_name }}" = "workflow_run" ]; then
|
|
# Try to get from build workflow run
|
|
BUILD_RUN_ID="${{ github.event.workflow_run.id }}"
|
|
echo "Build workflow run ID: $BUILD_RUN_ID"
|
|
# Note: Getting outputs from workflow_run might need API call
|
|
# For now, use latest if triggered by workflow_run
|
|
IMAGE_TAG="latest"
|
|
echo "Using latest tag (from workflow_run trigger)"
|
|
else
|
|
IMAGE_TAG="latest"
|
|
echo "Using latest tag (default)"
|
|
fi
|
|
|
|
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT
|
|
echo "📦 Deploying image tag: $IMAGE_TAG"
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/production
|
|
chmod 600 ~/.ssh/production
|
|
ssh-keyscan -H ${{ env.DEPLOYMENT_HOST }} >> ~/.ssh/known_hosts
|
|
|
|
- name: Deploy via SSH
|
|
run: |
|
|
set -e
|
|
|
|
DEPLOYMENT_HOST="${{ env.DEPLOYMENT_HOST }}"
|
|
REGISTRY="${{ env.REGISTRY }}"
|
|
IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
|
IMAGE_TAG="${{ steps.image_tag.outputs.IMAGE_TAG }}"
|
|
|
|
FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}"
|
|
STACK_PATH="~/deployment/stacks/application"
|
|
|
|
echo "🚀 Starting deployment..."
|
|
echo " Image: ${FULL_IMAGE}"
|
|
echo " Tag: ${IMAGE_TAG}"
|
|
echo " Host: ${DEPLOYMENT_HOST}"
|
|
echo " Stack: ${STACK_PATH}"
|
|
|
|
ssh -i ~/.ssh/production \
|
|
-o StrictHostKeyChecking=no \
|
|
-o UserKnownHostsFile=/dev/null \
|
|
deploy@${DEPLOYMENT_HOST} <<EOF
|
|
set -e
|
|
|
|
cd ${STACK_PATH}
|
|
|
|
echo "🔐 Logging in to Docker registry..."
|
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${REGISTRY} \
|
|
-u "${{ secrets.REGISTRY_USER }}" \
|
|
--password-stdin || echo "⚠️ Registry login failed, continuing..."
|
|
|
|
echo "📥 Pulling image ${FULL_IMAGE}..."
|
|
docker pull ${FULL_IMAGE} || {
|
|
echo "❌ Failed to pull image ${FULL_IMAGE}"
|
|
exit 1
|
|
}
|
|
|
|
echo "📝 Updating docker-compose.yml..."
|
|
sed -i "s|image:.*/${IMAGE_NAME}:.*|image: ${FULL_IMAGE}|g" docker-compose.yml
|
|
sed -i "s|image:.*/${IMAGE_NAME}@.*|image: ${FULL_IMAGE}|g" docker-compose.yml
|
|
|
|
echo "✅ Updated docker-compose.yml:"
|
|
grep "image:" docker-compose.yml | head -5
|
|
|
|
echo "🔄 Restarting services..."
|
|
docker compose up -d --pull always --force-recreate || {
|
|
echo "❌ Failed to restart services"
|
|
exit 1
|
|
}
|
|
|
|
echo "⏳ Waiting for services to start..."
|
|
sleep 10
|
|
|
|
echo "📊 Container status:"
|
|
docker compose ps
|
|
|
|
echo "✅ Deployment completed!"
|
|
EOF
|
|
|
|
- name: Wait for deployment to stabilize
|
|
run: sleep 30
|
|
|
|
- name: Health check
|
|
id: health
|
|
run: |
|
|
for i in {1..10}; do
|
|
if curl -f -k https://michaelschiemer.de/health; then
|
|
echo "✅ Health check passed"
|
|
exit 0
|
|
fi
|
|
echo "⏳ Waiting for service... (attempt $i/10)"
|
|
sleep 10
|
|
done
|
|
echo "❌ Health check failed"
|
|
exit 1
|
|
|
|
- name: Rollback on failure
|
|
if: failure() && steps.health.outcome == 'failure'
|
|
run: |
|
|
echo "⚠️ Deployment failed - manual rollback may be required"
|
|
echo "💡 To rollback manually, SSH to the server and run:"
|
|
echo " cd ~/deployment/stacks/application"
|
|
echo " docker compose down"
|
|
echo " git checkout docker-compose.yml"
|
|
echo " docker compose up -d"
|
|
|
|
- name: Notify deployment success
|
|
if: success()
|
|
run: |
|
|
echo "🚀 Deployment successful!"
|
|
echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.IMAGE_TAG }}"
|
|
|
|
- name: Notify deployment failure
|
|
if: failure()
|
|
run: |
|
|
echo "❌ Deployment failed"
|
|
# TODO: Add Slack/Email notification
|