ci: switch to K3s deploy via Forgejo registry + kubectl
Some checks failed
Build & Deploy to K3s / Build & Deploy (push) Failing after 9m30s
Some checks failed
Build & Deploy to K3s / Build & Deploy (push) Failing after 9m30s
- Build ARM64 image via QEMU/buildx on x86 runner - Push to Forgejo container registry (uses built-in GITHUB_TOKEN) - Deploy via kubectl with scoped deployer SA (docfast namespace only) - No SSH, no secrets on infra, no Docker on k3s-mgr
This commit is contained in:
OpenClaw Deployer
parent
87946a1762
commit
7a49541128
1 changed files with 44 additions and 84 deletions
|
|
@ -1,93 +1,53 @@
|
|||
name: Deploy to Production
|
||||
name: Build & Deploy to K3s
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy to Server
|
||||
build-and-deploy:
|
||||
name: Build & Deploy
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Write secrets and deploy
|
||||
uses: appleboy/ssh-action@v1.1.0
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Login to Forgejo Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
host: ${{ secrets.SERVER_HOST }}
|
||||
username: ${{ secrets.SERVER_USER }}
|
||||
key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
envs: STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET,DATABASE_PASSWORD
|
||||
script: |
|
||||
set -e
|
||||
registry: git.cloonar.com
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
echo "🚀 Starting deployment..."
|
||||
cd /root/docfast
|
||||
- name: Build and Push
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: |
|
||||
git.cloonar.com/openclawd/docfast:latest
|
||||
git.cloonar.com/openclawd/docfast:${{ github.sha }}
|
||||
platforms: linux/arm64
|
||||
|
||||
# Write .env from CI secrets
|
||||
echo "📝 Writing .env from CI secrets..."
|
||||
printf "STRIPE_SECRET_KEY=%s\nSTRIPE_WEBHOOK_SECRET=%s\nDATABASE_PASSWORD=%s\n" "$STRIPE_SECRET_KEY" "$STRIPE_WEBHOOK_SECRET" "$DATABASE_PASSWORD" > .env
|
||||
- name: Deploy to K3s
|
||||
run: |
|
||||
curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||
chmod +x kubectl
|
||||
|
||||
# Verify .env has non-empty values
|
||||
if grep -q '=$' .env; then
|
||||
echo "❌ ERROR: .env has empty values - secrets not configured in Forgejo!"
|
||||
echo "Add STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, DATABASE_PASSWORD in Forgejo repo settings."
|
||||
exit 1
|
||||
fi
|
||||
echo "✅ .env written with $(wc -l < .env) vars"
|
||||
echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml
|
||||
|
||||
git status --short || true
|
||||
./kubectl set image deployment/docfast \
|
||||
docfast=git.cloonar.com/openclawd/docfast:${{ github.sha }} \
|
||||
-n docfast --kubeconfig=/tmp/kubeconfig.yaml
|
||||
|
||||
echo "📥 Pulling latest changes..."
|
||||
git fetch origin
|
||||
git pull origin main
|
||||
./kubectl rollout status deployment/docfast \
|
||||
-n docfast --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s
|
||||
|
||||
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
|
||||
docker tag docfast-docfast:latest docfast-docfast:rollback-$TIMESTAMP || echo "No existing image to tag"
|
||||
|
||||
echo "🔨 Building new Docker image..."
|
||||
docker compose build --no-cache
|
||||
|
||||
echo "⏹️ Stopping services..."
|
||||
docker compose down --timeout 30
|
||||
|
||||
echo "▶️ Starting services..."
|
||||
docker compose up -d
|
||||
|
||||
echo "⏱️ Waiting for service to be ready..."
|
||||
for i in $(seq 1 30); do
|
||||
if curl -f -s http://127.0.0.1:3100/health > /dev/null; then
|
||||
echo "✅ Service is healthy!"
|
||||
break
|
||||
fi
|
||||
if [ $i -eq 30 ]; then
|
||||
echo "❌ Service failed to start - initiating rollback..."
|
||||
docker compose down
|
||||
ROLLBACK_IMAGE=$(docker images --format "table {{.Repository}}:{{.Tag}}" | grep "docfast-docfast:rollback-" | head -n1 | tr -s ' ' | cut -d' ' -f1)
|
||||
if [ ! -z "$ROLLBACK_IMAGE" ]; then
|
||||
echo "🔄 Rolling back to $ROLLBACK_IMAGE"
|
||||
docker tag $ROLLBACK_IMAGE docfast-docfast:latest
|
||||
docker compose up -d
|
||||
sleep 10
|
||||
if curl -f -s http://127.0.0.1:3100/health > /dev/null; then
|
||||
echo "✅ Rollback successful"
|
||||
else
|
||||
echo "❌ Rollback failed - manual intervention required"
|
||||
fi
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
echo "⏳ Attempt $i/30 - waiting 5 seconds..."
|
||||
sleep 5
|
||||
done
|
||||
|
||||
echo "🔍 Running post-deploy verification..."
|
||||
bash scripts/verify-deploy.sh
|
||||
|
||||
echo "🧹 Cleaning up old rollback images..."
|
||||
docker images --format "table {{.Repository}}:{{.Tag}}" | grep "docfast-docfast:rollback-" | tail -n +6 | awk '{print $1}' | xargs -r docker rmi || true
|
||||
|
||||
echo "🎉 Deployment completed successfully!"
|
||||
env:
|
||||
STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
|
||||
STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
|
||||
DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}
|
||||
echo "✅ Deploy complete!"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue