diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 229afbc4..d8a89e4e 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -175,15 +175,43 @@ jobs: runs-on: docker container: image: catthehacker/ubuntu:act-latest + env: + TARGET: ${{ needs.prepare.outputs.target }} + IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }} + PROJECT_NAME: ${{ needs.prepare.outputs.project_name }} + NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} + DIRECTUS_URL: ${{ needs.prepare.outputs.directus_url }} + DIRECTUS_HOST: cms.${{ needs.prepare.outputs.traefik_host }} + + # Secrets mapping (Directus) + DIRECTUS_KEY: ${{ secrets.DIRECTUS_KEY || (env.TARGET == 'production' && secrets.DIRECTUS_KEY || (env.TARGET == 'staging' && secrets.STAGING_DIRECTUS_KEY || secrets.TESTING_DIRECTUS_KEY || secrets.DIRECTUS_KEY)) }} + DIRECTUS_SECRET: ${{ secrets.DIRECTUS_SECRET || (env.TARGET == 'production' && secrets.DIRECTUS_SECRET || (env.TARGET == 'staging' && secrets.STAGING_DIRECTUS_SECRET || secrets.TESTING_DIRECTUS_SECRET || secrets.DIRECTUS_SECRET)) }} + DIRECTUS_ADMIN_EMAIL: ${{ secrets.DIRECTUS_ADMIN_EMAIL || (env.TARGET == 'production' && secrets.DIRECTUS_ADMIN_EMAIL || (env.TARGET == 'staging' && secrets.STAGING_DIRECTUS_ADMIN_EMAIL || secrets.TESTING_DIRECTUS_ADMIN_EMAIL || secrets.DIRECTUS_ADMIN_EMAIL)) }} + DIRECTUS_ADMIN_PASSWORD: ${{ secrets.DIRECTUS_ADMIN_PASSWORD || (env.TARGET == 'production' && secrets.DIRECTUS_ADMIN_PASSWORD || (env.TARGET == 'staging' && secrets.STAGING_DIRECTUS_ADMIN_PASSWORD || secrets.TESTING_DIRECTUS_ADMIN_PASSWORD || secrets.DIRECTUS_ADMIN_PASSWORD)) }} + DIRECTUS_DB_NAME: ${{ secrets.DIRECTUS_DB_NAME || 'directus' }} + DIRECTUS_DB_USER: ${{ secrets.DIRECTUS_DB_USER || 'directus' }} + DIRECTUS_DB_PASSWORD: ${{ secrets.DIRECTUS_DB_PASSWORD || (env.TARGET == 'production' && secrets.DIRECTUS_DB_PASSWORD || (env.TARGET == 'staging' && secrets.STAGING_DIRECTUS_DB_PASSWORD || secrets.TESTING_DIRECTUS_DB_PASSWORD || secrets.DIRECTUS_DB_PASSWORD)) }} + DIRECTUS_API_TOKEN: ${{ secrets.DIRECTUS_API_TOKEN || (env.TARGET == 'production' && secrets.DIRECTUS_API_TOKEN || (env.TARGET == 'staging' && secrets.STAGING_DIRECTUS_API_TOKEN || secrets.TESTING_DIRECTUS_API_TOKEN || secrets.DIRECTUS_API_TOKEN)) }} + + # Secrets mapping (Mail) + MAIL_HOST: ${{ secrets.SMTP_HOST || vars.SMTP_HOST }} + MAIL_PORT: ${{ secrets.SMTP_PORT || vars.SMTP_PORT || '587' }} + MAIL_USERNAME: ${{ secrets.SMTP_USER || vars.SMTP_USER }} + MAIL_PASSWORD: ${{ secrets.SMTP_PASS || vars.SMTP_PASS }} + MAIL_FROM: ${{ secrets.SMTP_FROM || vars.SMTP_FROM }} + MAIL_RECIPIENTS: ${{ secrets.CONTACT_RECIPIENT || vars.CONTACT_RECIPIENT }} + + # Monitoring + SENTRY_DSN: ${{ secrets.SENTRY_DSN || vars.SENTRY_DSN }} + + # Gatekeeper + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} steps: - name: Checkout repository uses: actions/checkout@v4 - name: 🚀 SSH Deploy shell: bash env: - TARGET: ${{ needs.prepare.outputs.target }} - IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }} - PROJECT_NAME: ${{ needs.prepare.outputs.project_name }} ENV_FILE: ${{ needs.prepare.outputs.env_file }} TRAEFIK_RULE: ${{ needs.prepare.outputs.traefik_rule }} run: | @@ -193,31 +221,72 @@ jobs: ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null # Generate Environment File + LOG_LEVEL=$( [[ "$TARGET" == "testing" || "$TARGET" == "development" ]] && echo "debug" || echo "info" ) + COOKIE_DOMAIN=.$(echo $NEXT_PUBLIC_BASE_URL | sed 's|https://||') + cat > .env.deploy << EOF + # Generated by CI - $TARGET IMAGE_TAG=$IMAGE_TAG - NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }} - DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} - DIRECTUS_HOST=cms.${{ needs.prepare.outputs.traefik_host }} + NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL + SENTRY_DSN=$SENTRY_DSN + LOG_LEVEL=$LOG_LEVEL + MAIL_HOST=$MAIL_HOST + MAIL_PORT=$MAIL_PORT + MAIL_USERNAME=$MAIL_USERNAME + MAIL_PASSWORD=$MAIL_PASSWORD + MAIL_FROM=$MAIL_FROM + MAIL_RECIPIENTS=$MAIL_RECIPIENTS + + # Directus + DIRECTUS_URL=$DIRECTUS_URL + DIRECTUS_HOST=$DIRECTUS_HOST + DIRECTUS_KEY=$DIRECTUS_KEY + DIRECTUS_SECRET=$DIRECTUS_SECRET + DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL + DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD + DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME + DIRECTUS_DB_USER=$DIRECTUS_DB_USER + DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD + DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN INTERNAL_DIRECTUS_URL=http://directus:8055 - TRAEFIK_HOST_RULE='$TRAEFIK_RULE' - PROJECT_NAME=$PROJECT_NAME + + # Gatekeeper + GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD + AUTH_COOKIE_NAME=klz_gatekeeper_session + COOKIE_DOMAIN=$COOKIE_DOMAIN + TARGET=$TARGET SENTRY_ENVIRONMENT=$TARGET - SENTRY_DSN=${{ secrets.SENTRY_DSN || vars.SENTRY_DSN }} - GATEKEEPER_PASSWORD=${{ secrets.GATEKEEPER_PASSWORD || 'klz2026' }} - AUTH_MIDDLEWARE=$( [[ "$TARGET" == "production" ]] && echo "${PROJECT_NAME}-compress" || echo "${PROJECT_NAME}-auth,${PROJECT_NAME}-compress" ) + PROJECT_NAME=$PROJECT_NAME + TRAEFIK_HOST_RULE='$TRAEFIK_RULE' EOF + # AUTH_MIDDLEWARE logic + printf "AUTH_MIDDLEWARE=%s\n" "$( [[ "$TARGET" == "production" ]] && echo "${PROJECT_NAME}-compress" || echo "${PROJECT_NAME}-auth,${PROJECT_NAME}-compress" )" >> .env.deploy + # Transfer and Restart SITE_DIR="/home/deploy/sites/klz-cables.com" - ssh root@alpha.mintel.me "mkdir -p $SITE_DIR" + ssh root@alpha.mintel.me "mkdir -p $SITE_DIR/directus/schema $SITE_DIR/directus/uploads $SITE_DIR/directus/extensions" + scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml + scp -r directus/schema root@alpha.mintel.me:$SITE_DIR/directus/ - ssh root@alpha.mintel.me "cd $SITE_DIR && \ - echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin && \ - docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' pull && \ - docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' up -d --wait --remove-orphans" + ssh root@alpha.mintel.me bash << 'EOF' + set -e + cd /home/deploy/sites/klz-cables.com + echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin + docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' pull + docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' up -d --wait --remove-orphans + + # Apply Directus Schema Snapshot if available + if docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' exec -T directus ls /directus/schema/snapshot.yaml >/dev/null 2>&1; then + echo "→ Applying Directus Schema Snapshot..." + docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' exec -T directus npx directus schema apply /directus/schema/snapshot.yaml --yes + fi + + docker system prune -f --filter "until=24h" + EOF # ────────────────────────────────────────────────────────────────────────────── # JOB 5: Notifications