CI owns the whole stack — deploy via docker stack deploy
- stack.yml: parameterize image tag with ${IMAGE_TAG:-latest} so callers
can pin the SHA; falls back to :latest for manual invocations
- flow.yml: replace service update with `docker stack deploy -c -`
piped over SSH. Handles both first-time deploy and rolling updates.
No more manual `docker stack deploy` on the manager before CI works.
Portainer can still view the stack but should not auto-update the same
one from git — two writers will conflict.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
rlabadmin
@@ -60,12 +60,15 @@ jobs:
|
||||
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
|
||||
|
||||
# ============================================================
|
||||
# 2. Deploy to Swarm (rolling update)
|
||||
# 2. Deploy stack to Swarm (creates or updates)
|
||||
# ============================================================
|
||||
deploy:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Prepare SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
@@ -73,16 +76,16 @@ jobs:
|
||||
chmod 600 ~/.ssh/deploy_key
|
||||
ssh-keyscan -H ${{ vars.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
- name: Rolling deploy on Swarm
|
||||
- name: Deploy stack on Swarm
|
||||
run: |
|
||||
ssh -i ~/.ssh/deploy_key \
|
||||
${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} \
|
||||
"docker service update \
|
||||
--image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \
|
||||
"IMAGE_TAG=${{ needs.build.outputs.image_tag }} \
|
||||
docker stack deploy \
|
||||
--compose-file - \
|
||||
--with-registry-auth \
|
||||
--update-order start-first \
|
||||
--update-failure-action rollback \
|
||||
${{ env.SERVICE_NAME }}"
|
||||
--prune \
|
||||
${{ env.STACK_NAME }}" < stack.yml
|
||||
|
||||
- name: Deployed 🎉
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user