diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml index 1719ca59..c9d7fada 100644 --- a/.gitea/workflows/staging_release.yml +++ b/.gitea/workflows/staging_release.yml @@ -14,10 +14,12 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - name: Setup SSH uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.STAGE_SSH_PRIVATE_KEY }} + - name: Deploy to Staging env: IMAGE_TAG: ${{ github.event.inputs.rc_version_tag }} @@ -25,27 +27,33 @@ jobs: USERFRONT_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/userfront ADMINFRONT_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/adminfront DEVFRONT_IMAGE_NAME: ${{ vars.HARBOR_HOSTNAME }}/baron_sso/devfront + + # Staging-specific variables DEPLOY_PATH: ${{ vars.STAGE_DEPLOY_PATH }} STAGE_HOST: ${{ vars.STAGE_HOST }} STAGE_USER: ${{ vars.STAGE_USER }} + HARBOR_ENDPOINT: ${{ vars.HARBOR_ENDPOINT }} HARBOR_ROBOT_ACCOUNT: ${{ vars.HARBOR_ROBOT_ACCOUNT }} HARBOR_ROBOT_KEY: ${{ secrets.HARBOR_ROBOT_KEY }} run: | set -euo pipefail + echo "DEBUG: STAGE_USER='${STAGE_USER}'" echo "DEBUG: STAGE_HOST='${STAGE_HOST}'" echo "DEBUG: DEPLOY_PATH='${DEPLOY_PATH}'" + # Sanity check if [ -z "${STAGE_USER}" ] || [ -z "${STAGE_HOST}" ] || [ -z "${DEPLOY_PATH}" ]; then echo "::error::Missing required vars (STAGE_USER/STAGE_HOST/DEPLOY_PATH). Check Gitea repo variables." exit 1 fi ssh-keyscan -H "${STAGE_HOST}" >> ~/.ssh/known_hosts + ssh "${STAGE_USER}@${STAGE_HOST}" "mkdir -p '${DEPLOY_PATH}'" - # Create .env file using HEREDOC + # Create .env for Staging using a HEREDOC to prevent shell expansion issues cat <<'EOF' > .env APP_ENV=stage TZ=Asia/Seoul @@ -116,27 +124,36 @@ jobs: EOF # Copy artifacts to remote + # Using compose.infra.yaml as base for staging (assuming simplified structure compared to prod) + # OR use docker-compose.template.yaml if staging follows prod structure strictly scp docker/docker-compose.staging.template.yaml .env "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/" scp docker/compose.infra.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.infra.yml" + # Ory compose files might be needed too scp docker/compose.ory.yaml "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/compose.ory.yml" scp -r docker/ory "${STAGE_USER}@${STAGE_HOST}:${DEPLOY_PATH}/docker/" - # Execute remote deployment script - ssh "${STAGE_USER}@${STAGE_HOST}" 'bash -s' </dev/null 2>&1 || docker network create "\$net" - done - - set -a - . ./.env - set +a - - envsubst '\$BACKEND_IMAGE_NAME \$ADMINFRONT_IMAGE_NAME \$DEVFRONT_IMAGE_NAME \$USERFRONT_IMAGE_NAME \$IMAGE_TAG' < docker-compose.staging.template.yaml > docker-compose.yml - - docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull - docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans + # Deploy + echo "${HARBOR_ROBOT_KEY}" | ssh "${STAGE_USER}@${STAGE_HOST}" \ + "export DEPLOY_PATH='${DEPLOY_PATH}'; \ + export BACKEND_IMAGE_NAME='${BACKEND_IMAGE_NAME}'; \ + export USERFRONT_IMAGE_NAME='${USERFRONT_IMAGE_NAME}'; \ + export ADMINFRONT_IMAGE_NAME='${ADMINFRONT_IMAGE_NAME}'; \ + export DEVFRONT_IMAGE_NAME='${DEVFRONT_IMAGE_NAME}'; \ + export IMAGE_TAG='${IMAGE_TAG}'; \ + export HARBOR_ENDPOINT='${HARBOR_ENDPOINT}'; \ + export HARBOR_ROBOT_ACCOUNT='${HARBOR_ROBOT_ACCOUNT}'; \ + set -e; \ + cd \"\${DEPLOY_PATH}\"; \ + docker login \"\${HARBOR_ENDPOINT}\" -u \"\${HARBOR_ROBOT_ACCOUNT}\" --password-stdin; \ + set -a; \ + . ./.env; \ + set +a; \ + for net in baron_net public_net ory-net hydranet kratosnet; do + docker network inspect "\$net" >/dev/null 2>&1 || docker network create "\$net" + done + # Assuming template usage similar to prod + envsubst < docker-compose.staging.template.yaml > docker-compose.yml; \ + # Pull & Up + # Assuming staging runs both infra, ory, and app stack + docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml pull; \ + docker compose -f compose.infra.yml -f compose.ory.yml -f docker-compose.yml up -d --remove-orphans"