fix(deploy): déclencher après CI et vérifier le commit déployé
All checks were successful
CI / Lint, Test & Build (push) Successful in 12m13s
All checks were successful
CI / Lint, Test & Build (push) Successful in 12m13s
Le job deploy référençait needs:[ci] dans un autre workflow (inefficace sur Gitea). Déclenchement via workflow_run après CI réussie, empreinte GIT_COMMIT dans l'image, endpoint /api/build-info et health check sur 127.0.0.1:3000 avec comparaison du SHA attendu. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -1,17 +1,29 @@
|
||||
name: Deploy to Production
|
||||
|
||||
# Deploy only after CI succeeds (needs: [ci] does NOT work across workflow files).
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
workflow_run:
|
||||
workflows: ["CI"]
|
||||
types: [completed]
|
||||
branches: [main]
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Build and Deploy
|
||||
runs-on: ubuntu-24.04
|
||||
needs: [ci]
|
||||
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
|
||||
steps:
|
||||
- name: Resolve target commit
|
||||
id: target
|
||||
run: |
|
||||
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
||||
SHA="${{ github.sha }}"
|
||||
else
|
||||
SHA="${{ github.event.workflow_run.head_sha }}"
|
||||
fi
|
||||
echo "sha=$SHA" >> "$GITHUB_OUTPUT"
|
||||
echo "Deploying commit: $SHA"
|
||||
- name: Setup SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
@@ -152,34 +164,45 @@ jobs:
|
||||
echo "Backup saved: $DUMP_FILE ($(( DUMP_SIZE / 1024 ))KB)"
|
||||
|
||||
echo "=== Building app images ==="
|
||||
export GIT_COMMIT="$(git rev-parse HEAD)"
|
||||
echo "GIT_COMMIT=$GIT_COMMIT"
|
||||
export COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1
|
||||
docker compose build memento-note
|
||||
docker compose build mcp-server
|
||||
|
||||
echo "=== Starting app containers with new images ==="
|
||||
docker compose up -d --remove-orphans --force-recreate memento-note mcp-server
|
||||
docker compose ps
|
||||
echo "=== Deployed commit ==="
|
||||
echo "=== Deployed commit (git) ==="
|
||||
git log -1 --oneline
|
||||
docker inspect memento-web --format 'Image: {{.Image}} Created: {{.Created}}'
|
||||
|
||||
echo "=== Reload reverse proxy (if nginx on host) ==="
|
||||
nginx -t 2>/dev/null && systemctl reload nginx 2>/dev/null || true
|
||||
ENDSSH
|
||||
|
||||
- name: Wait for app to be healthy
|
||||
- name: Verify deployed commit on app (port 3000)
|
||||
id: health-check
|
||||
env:
|
||||
EXPECTED_SHA: ${{ steps.target.outputs.sha }}
|
||||
run: |
|
||||
echo "Waiting up to 180s for http://192.168.1.190 ..."
|
||||
echo "Expected commit: $EXPECTED_SHA"
|
||||
for i in $(seq 1 36); do
|
||||
CODE=$(curl -s -o /dev/null -w "%{http_code}" --max-time 5 -L http://192.168.1.190/ || echo "000")
|
||||
if [ "$CODE" != "000" ] && [ "$CODE" -lt 500 ]; then
|
||||
echo "App OK (HTTP $CODE) after $((i * 5))s"
|
||||
BODY=$(ssh root@192.168.1.190 "curl -sf --max-time 5 http://127.0.0.1:3000/api/build-info" 2>/dev/null || true)
|
||||
ACTUAL=$(echo "$BODY" | jq -r '.commit // empty' 2>/dev/null || true)
|
||||
echo " [$((i * 5))s] build-info commit=$ACTUAL"
|
||||
if [ -n "$ACTUAL" ] && [ "$ACTUAL" = "$EXPECTED_SHA" ]; then
|
||||
echo "Deploy verified: container serves commit $ACTUAL"
|
||||
echo "healthy=true" >> $GITHUB_OUTPUT
|
||||
exit 0
|
||||
fi
|
||||
echo " [$((i * 5))s] HTTP $CODE"
|
||||
sleep 5
|
||||
done
|
||||
echo "healthy=false" >> $GITHUB_OUTPUT
|
||||
echo "Timeout! Derniers logs :"
|
||||
ssh root@192.168.1.190 "docker logs memento-web --tail=50"
|
||||
echo "ERROR: App on :3000 does not serve expected commit."
|
||||
echo " expected=$EXPECTED_SHA"
|
||||
echo " got=$ACTUAL"
|
||||
ssh root@192.168.1.190 "cd /opt/memento && git log -1 --oneline && docker logs memento-web --tail=40"
|
||||
exit 0
|
||||
|
||||
- name: Rollback on failure
|
||||
@@ -197,9 +220,9 @@ jobs:
|
||||
run: |
|
||||
HEALTHY="${{ steps.health-check.outputs.healthy }}"
|
||||
if [ "$HEALTHY" = "true" ]; then
|
||||
MSG="✅ Memento deploy SUCCESS%nBranch: main%nCommit: ${{ github.sha }}"
|
||||
MSG="✅ Memento deploy SUCCESS%nCommit: ${{ steps.target.outputs.sha }}"
|
||||
else
|
||||
MSG="❌ Memento deploy FAILED%nBranch: main%nCommit: ${{ github.sha }}%nAction: rollback to previous image"
|
||||
MSG="❌ Memento deploy FAILED%nCommit: ${{ steps.target.outputs.sha }}%nAction: rollback to previous image"
|
||||
fi
|
||||
curl -s -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
|
||||
-d chat_id="${{ secrets.TELEGRAM_CHAT_ID }}" \
|
||||
|
||||
Reference in New Issue
Block a user