Initial scaffold: static site served by nginx on :8080
- public/index.html served via nginx.conf (port 8080) - Dockerfile: nginx:1.27-alpine + HEALTHCHECK - .gitea/workflows/flow.yml: build + push to Gitea registry, rolling deploy - stack.yml: Swarm service wired to Traefik (host testwebsite.dev.serso.org) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
rlabadmin
@@ -0,0 +1,90 @@
|
||||
# .gitea/workflows/flow.yml
|
||||
# =============================================================
|
||||
# serso — generic CI/CD flow
|
||||
# Copy into any app repo as .gitea/workflows/flow.yml
|
||||
# Adjust the env block (STACK_NAME, SERVICE_NAME, APP_DOMAIN) per app
|
||||
# =============================================================
|
||||
|
||||
name: Build & Deploy
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
# ─── Registry ─────────────────────────────────────────────
|
||||
REGISTRY: git.dev.serso.org
|
||||
IMAGE: ${{ github.repository }} # → owner/reponame
|
||||
|
||||
# ─── Per-app knobs (edit these) ───────────────────────────
|
||||
STACK_NAME: testwebsite # Swarm stack name
|
||||
SERVICE_NAME: testwebsite_web # {stack}_{service}
|
||||
APP_DOMAIN: testwebsite.dev.serso.org # used only for logging
|
||||
|
||||
jobs:
|
||||
|
||||
# ============================================================
|
||||
# 1. Build image + push to Gitea registry
|
||||
# ============================================================
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
image_tag: ${{ steps.meta.outputs.tag }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Compute tag
|
||||
id: meta
|
||||
run: echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Log in to Gitea registry
|
||||
run: |
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
||||
docker login ${{ env.REGISTRY }} \
|
||||
--username ${{ secrets.REGISTRY_USER }} \
|
||||
--password-stdin
|
||||
|
||||
- name: Build image
|
||||
run: |
|
||||
docker build \
|
||||
-t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.meta.outputs.tag }} \
|
||||
-t ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest \
|
||||
.
|
||||
|
||||
- name: Push image
|
||||
run: |
|
||||
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.meta.outputs.tag }}
|
||||
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
|
||||
|
||||
# ============================================================
|
||||
# 2. Deploy to Swarm (rolling update)
|
||||
# ============================================================
|
||||
deploy:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Prepare SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
|
||||
chmod 600 ~/.ssh/deploy_key
|
||||
ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
- name: Rolling deploy on Swarm
|
||||
run: |
|
||||
ssh -i ~/.ssh/deploy_key \
|
||||
${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
|
||||
"docker service update \
|
||||
--image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \
|
||||
--with-registry-auth \
|
||||
--update-order start-first \
|
||||
--update-failure-action rollback \
|
||||
${{ env.SERVICE_NAME }}"
|
||||
|
||||
- name: Deployed 🎉
|
||||
run: |
|
||||
echo "App deployed at https://${{ env.APP_DOMAIN }}"
|
||||
echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }}"
|
||||
Reference in New Issue
Block a user