From 788eaa390f8b855c77078879ec8f2c115ee6923e Mon Sep 17 00:00:00 2001 From: rlabadmin Date: Thu, 23 Apr 2026 15:31:14 +0200 Subject: [PATCH] =?UTF-8?q?CI=20owns=20the=20whole=20stack=20=E2=80=94=20d?= =?UTF-8?q?eploy=20via=20docker=20stack=20deploy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - stack.yml: parameterize image tag with ${IMAGE_TAG:-latest} so callers can pin the SHA; falls back to :latest for manual invocations - flow.yml: replace service update with `docker stack deploy -c -` piped over SSH. Handles both first-time deploy and rolling updates. No more manual `docker stack deploy` on the manager before CI works. Portainer can still view the stack but should not auto-update the same one from git — two writers will conflict. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/flow.yml | 19 +++++++++++-------- stack.yml | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/flow.yml b/.gitea/workflows/flow.yml index 11c1587..f297d57 100644 --- a/.gitea/workflows/flow.yml +++ b/.gitea/workflows/flow.yml @@ -60,12 +60,15 @@ jobs: docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest # ============================================================ - # 2. Deploy to Swarm (rolling update) + # 2. Deploy stack to Swarm (creates or updates) # ============================================================ deploy: needs: build runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Prepare SSH run: | mkdir -p ~/.ssh @@ -73,16 +76,16 @@ jobs: chmod 600 ~/.ssh/deploy_key ssh-keyscan -H ${{ vars.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null - - name: Rolling deploy on Swarm + - name: Deploy stack on Swarm run: | ssh -i ~/.ssh/deploy_key \ ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} \ - "docker service update \ - --image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \ - --with-registry-auth \ - --update-order start-first \ - --update-failure-action rollback \ - ${{ env.SERVICE_NAME }}" + "IMAGE_TAG=${{ needs.build.outputs.image_tag }} \ + docker stack deploy \ + --compose-file - \ + --with-registry-auth \ + --prune \ + ${{ env.STACK_NAME }}" < stack.yml - name: Deployed 🎉 run: | diff --git a/stack.yml b/stack.yml index 209bb39..ae362d1 100644 --- a/stack.yml +++ b/stack.yml @@ -10,7 +10,7 @@ networks: services: web: - image: git.dev.serso.org/test/testsite:latest + image: git.dev.serso.org/test/testsite:${IMAGE_TAG:-latest} networks: - traefik-public deploy: