ilia/POTE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
POTE/.github/workflows/deploy.yml
ilia ead0820cf9
Some checks failed
CI / lint-and-test (push) Failing after 6m59s
Details
CI / security-scan (push) Failing after 1m5s
Details
CI / dependency-scan (push) Failing after 7m29s
Details
CI / docker-build-test (push) Failing after 20m26s
Details
CI / workflow-summary (push) Successful in 1m4s
Details
Add Gitea Secrets integration for CI/CD and deployment 
NEW FEATURES:
============

📁 GITEA_SECRETS_GUIDE.md:
- Comprehensive guide on using Gitea secrets
- Store passwords in Gitea (not in git!)
- Use in CI/CD and deployment workflows
- Best practices and security recommendations

🔧 .github/workflows/ci.yml (UPDATED):
- Now uses Gitea secrets with fallbacks
- ${{ secrets.SMTP_PASSWORD || 'testpass123' }}
- ${{ secrets.DB_PASSWORD || 'testpass123' }}
- Tests run with real credentials from Gitea

🚀 .github/workflows/deploy.yml (NEW):
- Automated deployment to Proxmox
- Manual trigger via Gitea UI
- Steps:
  1. SSH to Proxmox with secrets.PROXMOX_SSH_KEY
  2. Pull latest code
  3. Update .env with secrets from Gitea
  4. Run migrations
  5. Health check
  6. Test email
  7. Rollback on failure

HOW IT WORKS:
=============
1. Store passwords in Gitea (Settings → Secrets)
2. CI/CD uses secrets automatically
3. Deployment workflow updates .env on Proxmox
4. Best of both worlds: secure CI + simple runtime

SECRETS TO ADD IN GITEA:
========================
- SMTP_PASSWORD: your mail password
- DB_PASSWORD: changeme123
- PROXMOX_HOST: 10.0.10.95
- PROXMOX_USER: poteapp
- PROXMOX_SSH_KEY: (SSH private key)
- SMTP_HOST: mail.levkin.ca
- SMTP_USER: test@levkin.ca
- FROM_EMAIL: test@levkin.ca

USAGE:
======
# In Gitea UI:
Actions → Deploy to Proxmox → Run workflow

# Or push commits:
git push origin main
# CI runs with secrets automatically

See GITEA_SECRETS_GUIDE.md for full instructions!
2025-12-15 15:52:19 -05:00

146 lines
4.6 KiB
YAML
Raw Blame History

---
name: Deploy to Proxmox
on:
workflow_dispatch: # Manual trigger only
inputs:
environment:
description: 'Environment to deploy to'
required: true
default: 'production'
type: choice
options:
- production
- staging
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Setup SSH
env:
SSH_KEY: ${{ secrets.PROXMOX_SSH_KEY }}
SSH_HOST: ${{ secrets.PROXMOX_HOST }}
run: |
mkdir -p ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H $SSH_HOST >> ~/.ssh/known_hosts
- name: Deploy to Proxmox
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
run: |
echo "🚀 Deploying to $PROXMOX_HOST..."
ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH'
set -e
cd ~/pote
echo "📥 Pulling latest code..."
git pull origin main
echo "📦 Installing dependencies..."
source venv/bin/activate
pip install -e . --quiet
echo "🔄 Running migrations..."
alembic upgrade head
echo "✅ Deployment complete!"
ENDSSH
- name: Update secrets on server
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
run: |
echo "🔐 Updating secrets in .env..."
ssh ${PROXMOX_USER}@${PROXMOX_HOST} << ENDSSH
cd ~/pote
# Backup current .env
cp .env .env.backup.\$(date +%Y%m%d_%H%M%S)
# Update passwords in .env (only update the password lines)
sed -i "s|SMTP_PASSWORD=.*|SMTP_PASSWORD=${SMTP_PASSWORD}|" .env
sed -i "s|changeme123|${DB_PASSWORD}|" .env
# Secure permissions
chmod 600 .env
echo "✅ Secrets updated!"
ENDSSH
- name: Health Check
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
run: |
echo "🔍 Running health check..."
ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH'
cd ~/pote
source venv/bin/activate
python scripts/health_check.py
ENDSSH
- name: Test Email
if: inputs.environment == 'production'
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
run: |
echo "📧 Testing email configuration..."
ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH'
cd ~/pote
source venv/bin/activate
python scripts/send_daily_report.py --to test@levkin.ca --test-smtp || true
ENDSSH
- name: Deployment Summary
if: always()
run: |
echo "## 🚀 Deployment Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Environment:** ${{ inputs.environment }}" >> $GITHUB_STEP_SUMMARY
echo "**Target:** ${{ secrets.PROXMOX_HOST }}" >> $GITHUB_STEP_SUMMARY
echo "**Status:** ${{ job.status }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [ "${{ job.status }}" == "success" ]; then
echo "✅ Deployment completed successfully!" >> $GITHUB_STEP_SUMMARY
else
echo "❌ Deployment failed. Check logs above." >> $GITHUB_STEP_SUMMARY
fi
- name: Rollback on Failure
if: failure()
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
run: |
echo "❌ Deployment failed. Restoring previous .env..."
ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH' || true
cd ~/pote
# Restore backup
if ls .env.backup.* 1> /dev/null 2>&1; then
latest_backup=$(ls -t .env.backup.* | head -1)
cp "$latest_backup" .env
echo "✅ Restored from $latest_backup"
fi
ENDSSH
Reference in New Issue View Git Blame Copy Permalink