name: Build & Deploy Fiddy (SSH Compose) on: push: branches: [ "main" ] env: REGISTRY_HOST: git.nicosaya.com IMAGE_NAMESPACE: nalalangan/fiddy jobs: build: runs-on: ubuntu-latest steps: - name: Checkout repo uses: actions/checkout@v3 - name: Set up Node.js uses: actions/setup-node@v3 with: node-version: 20 - name: Install dependencies run: npm ci - name: Run tests run: npm test --if-present - name: Docker login run: | echo "${{ secrets.REGISTRY_PASS }}" | docker login $REGISTRY_HOST \ -u "${{ secrets.REGISTRY_USER }}" --password-stdin - name: Build Web Image run: | docker build -t $REGISTRY_HOST/$IMAGE_NAMESPACE/web:${{ github.sha }} -t $REGISTRY_HOST/$IMAGE_NAMESPACE/web:main -f docker/Dockerfile . - name: Build Scheduler Image run: | docker build -t $REGISTRY_HOST/$IMAGE_NAMESPACE/scheduler:${{ github.sha }} -t $REGISTRY_HOST/$IMAGE_NAMESPACE/scheduler:main -f docker/Dockerfile.scheduler . - name: Push Web Image run: | docker push $REGISTRY_HOST/$IMAGE_NAMESPACE/web:${{ github.sha }} docker push $REGISTRY_HOST/$IMAGE_NAMESPACE/web:main - name: Push Scheduler Image run: | docker push $REGISTRY_HOST/$IMAGE_NAMESPACE/scheduler:${{ github.sha }} docker push $REGISTRY_HOST/$IMAGE_NAMESPACE/scheduler:main deploy: needs: build runs-on: ubuntu-latest env: IMAGE_TAG: ${{ github.sha }} DEPLOY_PATH: /opt/fiddy steps: - name: Checkout repo uses: actions/checkout@v3 - name: Install SSH key run: | set -euo pipefail if [ -z "${{ secrets.DEPLOY_KEY }}" ]; then echo "Missing DEPLOY_KEY secret" exit 1 fi mkdir -p ~/.ssh printf "%s" "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts - name: Upload compose file run: | set -euo pipefail if [ -z "${{ secrets.DEPLOY_HOST }}" ] || [ -z "${{ secrets.DEPLOY_USER }}" ]; then echo "Missing DEPLOY_HOST or DEPLOY_USER secret" exit 1 fi ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" "mkdir -p '$DEPLOY_PATH'" scp docker-compose.yml "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:$DEPLOY_PATH/docker-compose.yml" - name: Deploy via SSH Compose run: | set -euo pipefail ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" \ "cd '$DEPLOY_PATH' && IMAGE_TAG='$IMAGE_TAG' docker compose pull && IMAGE_TAG='$IMAGE_TAG' docker compose up -d --remove-orphans && docker image prune -f" - name: Verify Web and Scheduler Are Running run: | set -euo pipefail ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" "DEPLOY_PATH='$DEPLOY_PATH' bash -s" << 'EOF' set -euo pipefail cd "$DEPLOY_PATH" web_id="$(docker compose ps -q web)" scheduler_id="$(docker compose ps -q scheduler)" if [ -z "$web_id" ]; then echo "web service container not found" exit 1 fi if [ -z "$scheduler_id" ]; then echo "scheduler service container not found" exit 1 fi web_running="$(docker inspect -f '{{.State.Running}}' "$web_id")" scheduler_running="$(docker inspect -f '{{.State.Running}}' "$scheduler_id")" if [ "$web_running" != "true" ]; then echo "web service is not running" exit 1 fi if [ "$scheduler_running" != "true" ]; then echo "scheduler service is not running" exit 1 fi EOF - name: Wait for Ready Health Check env: HEALTH_URL: ${{ secrets.DEPLOY_HEALTHCHECK_URL }} MAX_ATTEMPTS: "30" SLEEP_SECONDS: "10" run: | if [ -z "$HEALTH_URL" ]; then echo "Missing DEPLOY_HEALTHCHECK_URL secret" exit 1 fi bash scripts/wait-for-health.sh