openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: inject secrets from Forgejo CI into .env during deploy
Some checks failed
Deploy to Production / Deploy to Server (push) Failing after 21s
Details

Browse source
This commit is contained in:
DocFast Bot 2026-02-17 12:08:47 +00:00
parent 73fba68320
commit 60efc5e206
1 changed files with 21 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

53
.forgejo/workflows/deploy.yml
View file

@ -10,49 +10,51 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Deploy via SSH
- name: Write secrets and deploy
uses: appleboy/ssh-action@v1.1.0
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
envs: STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET,DATABASE_PASSWORD
script: |
set -e
echo "🚀 Starting deployment..."
# Navigate to project directory
cd /root/docfast
# Check current git status
echo "📋 Current status:"
# Write .env from CI secrets
echo "📝 Writing .env from CI secrets..."
printf "STRIPE_SECRET_KEY=%s\nSTRIPE_WEBHOOK_SECRET=%s\nDATABASE_PASSWORD=%s\n" "$STRIPE_SECRET_KEY" "$STRIPE_WEBHOOK_SECRET" "$DATABASE_PASSWORD" > .env
# Verify .env has non-empty values
if grep -q '=$' .env; then
echo "❌ ERROR: .env has empty values - secrets not configured in Forgejo!"
echo "Add STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, DATABASE_PASSWORD in Forgejo repo settings."
exit 1
fi
echo "✅ .env written with $(wc -l < .env) vars"
git status --short || true
# Pull latest changes
echo "📥 Pulling latest changes..."
git fetch origin
git pull origin main
# Tag current running image for rollback
echo "🏷️ Tagging current image for rollback..."
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
docker tag docfast-docfast:latest docfast-docfast:rollback-$TIMESTAMP || echo "No existing image to tag"
# Build new image
echo "🔨 Building new Docker image..."
docker compose build --no-cache
# Stop services gracefully
echo "⏹️ Stopping services..."
docker compose down --timeout 30
# Start services
echo "▶️ Starting services..."
docker compose up -d
# Wait for service to be ready
echo "⏱️ Waiting for service to be ready..."
for i in {1..30}; do
for i in $(seq 1 30); do
if curl -f -s http://127.0.0.1:3100/health > /dev/null; then
echo "✅ Service is healthy!"
break
@ -60,45 +62,32 @@ jobs:
if [ $i -eq 30 ]; then
echo "❌ Service failed to start - initiating rollback..."
docker compose down
# Try to rollback to previous image
ROLLBACK_IMAGE=$(docker images --format "table {{.Repository}}:{{.Tag}}" | grep "docfast-docfast:rollback-" | head -n1 | tr -s ' ' | cut -d' ' -f1)
if [ ! -z "$ROLLBACK_IMAGE" ]; then
echo "🔄 Rolling back to $ROLLBACK_IMAGE"
docker tag $ROLLBACK_IMAGE docfast-docfast:latest
docker compose up -d
# Wait for rollback to be healthy
sleep 10
if curl -f -s http://127.0.0.1:3100/health > /dev/null; then
echo "✅ Rollback successful"
else
echo "❌ Rollback failed - manual intervention required"
fi
else
echo "❌ No rollback image available"
fi
exit 1
fi
echo "⏳ Attempt $i/30 - waiting 5 seconds..."
sleep 5
done
# Run post-deploy verification
echo "🔍 Running post-deploy verification..."
bash scripts/verify-deploy.sh
# Cleanup old rollback images (keep last 5)
echo "🧹 Cleaning up old rollback images..."
docker images --format "table {{.Repository}}:{{.Tag}}" | grep "docfast-docfast:rollback-" | tail -n +6 | awk '{print $1":"$2}' | xargs -r docker rmi || true
docker images --format "table {{.Repository}}:{{.Tag}}" | grep "docfast-docfast:rollback-" | tail -n +6 | awk '{print $1}' | xargs -r docker rmi || true
# Final health check and status
echo "🔍 Final health check..."
HEALTH_STATUS=$(curl -f -s http://127.0.0.1:3100/health || echo "UNHEALTHY")
echo "Health status: $HEALTH_STATUS"
echo "📊 Service status:"
docker compose ps
echo "🎉 Deployment completed successfully!"
echo "🎉 Deployment completed successfully!"
env:
STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}