Marc Mintel
8242687b07
All checks were successful
Build & Deploy KLZ Cables / build-and-deploy (push) Successful in 3m46s
272 lines
17 KiB
YAML
272 lines
17 KiB
YAML
name: Build & Deploy KLZ Cables
|
||
|
||
on:
|
||
push:
|
||
branches: [main]
|
||
|
||
jobs:
|
||
build-and-deploy:
|
||
# ────────────────────────────────────────────────
|
||
# WICHTIG: Kein "docker" mehr – sondern eines der neuen Labels
|
||
runs-on: docker
|
||
|
||
steps:
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# LOGGING: Workflow Start - Full Transparency
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
- name: 📋 Log Workflow Start
|
||
run: |
|
||
echo "╔══════════════════════════════════════════════════════════════════════════════╗"
|
||
echo "║ KLZ Cables Deployment Workflow Started ║"
|
||
echo "╚══════════════════════════════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
echo "📋 Workflow Information:"
|
||
echo " • Repository: ${{ github.repository }}"
|
||
echo " • Branch: ${{ github.ref }}"
|
||
echo " • Commit: ${{ github.sha }}"
|
||
echo " • Actor: ${{ github.actor }}"
|
||
echo " • Run ID: ${{ github.run_id }}"
|
||
echo " • Timestamp: $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
|
||
echo ""
|
||
echo "🔍 Environment Details:"
|
||
echo " • Runner OS: ${{ runner.os }}"
|
||
echo " • Workspace: ${{ github.workspace }}"
|
||
echo ""
|
||
|
||
- name: Checkout repository
|
||
uses: actions/checkout@v4
|
||
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# LOGGING: Registry Login Phase
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
- name: 🔐 Login to private registry
|
||
run: |
|
||
echo "╔══════════════════════════════════════════════════════════════════════════════╗"
|
||
echo "║ Step: Registry Login ║"
|
||
echo "╚══════════════════════════════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
echo "🔐 Authenticating with private registry..."
|
||
echo " Registry: registry.infra.mintel.me"
|
||
echo " User: ${{ secrets.REGISTRY_USER != '' && '***' || 'NOT SET' }}"
|
||
echo ""
|
||
|
||
# Execute login with error handling
|
||
if echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin 2>&1; then
|
||
echo "✅ Registry login successful"
|
||
else
|
||
echo "❌ Registry login failed"
|
||
exit 1
|
||
fi
|
||
echo ""
|
||
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# LOGGING: Build Phase
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
- name: 🏗️ Build Docker image
|
||
run: |
|
||
echo "╔══════════════════════════════════════════════════════════════════════════════╗"
|
||
echo "║ Step: Build Docker Image ║"
|
||
echo "╚══════════════════════════════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
echo "🏗️ Building Docker image with buildx..."
|
||
echo " Platform: linux/arm64"
|
||
echo " Target: registry.infra.mintel.me/mintel/klz-cables.com:latest"
|
||
echo ""
|
||
echo "📦 Build Arguments:"
|
||
echo " • NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID != '' && '***' || 'NOT SET' }}"
|
||
echo " • NEXT_PUBLIC_UMAMI_SCRIPT_URL: ${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL != '' && '***' || 'NOT SET' }}"
|
||
echo " • SENTRY_DSN: ${{ secrets.SENTRY_DSN != '' && '***' || 'NOT SET' }}"
|
||
echo " • NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL != '' && '***' || 'NOT SET' }}"
|
||
echo ""
|
||
echo "⏱️ Build started at: $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
|
||
echo ""
|
||
|
||
# Execute build with detailed logging
|
||
set -e
|
||
docker buildx build \
|
||
--pull \
|
||
--platform linux/arm64 \
|
||
--build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
|
||
--build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL="${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }}" \
|
||
--build-arg SENTRY_DSN="${{ secrets.SENTRY_DSN }}" \
|
||
--build-arg NEXT_PUBLIC_BASE_URL="${{ secrets.NEXT_PUBLIC_BASE_URL }}" \
|
||
-t registry.infra.mintel.me/mintel/klz-cables.com:latest \
|
||
--push .
|
||
|
||
BUILD_EXIT_CODE=$?
|
||
if [ $BUILD_EXIT_CODE -eq 0 ]; then
|
||
echo ""
|
||
echo "✅ Build completed successfully at: $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
|
||
echo ""
|
||
echo "📊 Image Details:"
|
||
IMAGE_SIZE=$(docker inspect registry.infra.mintel.me/mintel/klz-cables.com:latest --format='{{.Size}}')
|
||
IMAGE_SIZE_MB=$((IMAGE_SIZE / 1024 / 1024))
|
||
echo " • Size: ${IMAGE_SIZE_MB}MB"
|
||
docker inspect registry.infra.mintel.me/mintel/klz-cables.com:latest --format=' • Created: {{.Created}}'
|
||
docker inspect registry.infra.mintel.me/mintel/klz-cables.com:latest --format=' • Architecture: {{.Architecture}}'
|
||
else
|
||
echo ""
|
||
echo "❌ Build failed with exit code: $BUILD_EXIT_CODE"
|
||
exit $BUILD_EXIT_CODE
|
||
fi
|
||
echo ""
|
||
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# LOGGING: Deployment Phase
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
- name: 🚀 Deploy to production server
|
||
run: |
|
||
echo "╔══════════════════════════════════════════════════════════════════════════════╗"
|
||
echo "║ Step: Deploy to Production Server ║"
|
||
echo "╚══════════════════════════════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
echo "🚀 Starting deployment process..."
|
||
echo " Target Server: alpha.mintel.me"
|
||
echo " Deploy User: deploy (via sudo from root)"
|
||
echo " Target Path: /home/deploy/sites/klz-cables.com"
|
||
echo ""
|
||
|
||
# Setup SSH with logging
|
||
echo "🔐 Setting up SSH connection..."
|
||
mkdir -p ~/.ssh
|
||
echo "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519
|
||
chmod 600 ~/.ssh/id_ed25519
|
||
|
||
echo "🔑 Adding host to known_hosts..."
|
||
ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
|
||
if [ $? -eq 0 ]; then
|
||
echo "✅ Host key added successfully"
|
||
else
|
||
echo "⚠️ Warning: Could not add host key"
|
||
fi
|
||
echo ""
|
||
|
||
# Execute deployment commands with detailed logging
|
||
echo "📡 Connecting to server and executing deployment commands..."
|
||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||
echo ""
|
||
|
||
# SSH as root and use sudo to run deployment script as deploy user
|
||
# This works around the broken SSH output issue with deploy user
|
||
ssh -o StrictHostKeyChecking=accept-new \
|
||
-o ServerAliveInterval=30 \
|
||
-o ServerAliveCountMax=3 \
|
||
-o ConnectTimeout=10 \
|
||
root@alpha.mintel.me \
|
||
"MAIL_FROM='${{ secrets.MAIL_FROM }}' \
|
||
MAIL_HOST='${{ secrets.MAIL_HOST }}' \
|
||
MAIL_PASSWORD='${{ secrets.MAIL_PASSWORD }}' \
|
||
MAIL_PORT='${{ secrets.MAIL_PORT }}' \
|
||
MAIL_RECIPIENTS='${{ secrets.MAIL_RECIPIENTS }}' \
|
||
MAIL_USERNAME='${{ secrets.MAIL_USERNAME }}' \
|
||
NEXT_PUBLIC_BASE_URL='${{ secrets.NEXT_PUBLIC_BASE_URL }}' \
|
||
NEXT_PUBLIC_UMAMI_WEBSITE_ID='${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}' \
|
||
NEXT_PUBLIC_UMAMI_SCRIPT_URL='${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }}' \
|
||
NODE_ENV='${{ secrets.NODE_ENV }}' \
|
||
SENTRY_DSN='${{ secrets.SENTRY_DSN }}' \
|
||
REDIS_URL='${{ secrets.REDIS_URL }}' \
|
||
REDIS_KEY_PREFIX='${{ secrets.REDIS_KEY_PREFIX }}' \
|
||
/home/deploy/deploy.sh"
|
||
|
||
DEPLOY_EXIT_CODE=$?
|
||
echo ""
|
||
|
||
if [ $DEPLOY_EXIT_CODE -eq 0 ]; then
|
||
echo "✅ Deployment completed successfully at: $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
|
||
else
|
||
echo "❌ Deployment failed with exit code: $DEPLOY_EXIT_CODE"
|
||
echo ""
|
||
echo "🔍 Troubleshooting Tips:"
|
||
echo " • Check server connectivity: ping alpha.mintel.me"
|
||
echo " • Verify SSH key permissions on server"
|
||
echo " • Check disk space on target server"
|
||
echo " • Review docker compose configuration"
|
||
exit $DEPLOY_EXIT_CODE
|
||
fi
|
||
echo ""
|
||
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# LOGGING: Workflow Summary
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
- name: 📊 Workflow Summary
|
||
if: always()
|
||
run: |
|
||
echo "╔══════════════════════════════════════════════════════════════════════════════╗"
|
||
echo "║ Workflow Summary ║"
|
||
echo "╚══════════════════════════════════════════════════════════════════════════════╝"
|
||
echo ""
|
||
echo "📊 Final Status:"
|
||
echo " • Workflow: ${{ job.status }}"
|
||
echo " • Completed: $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
|
||
echo ""
|
||
echo "🎯 Deployment Target:"
|
||
echo " • Image: registry.infra.mintel.me/mintel/klz-cables.com:latest"
|
||
echo " • Server: alpha.mintel.me"
|
||
echo " • Service: klz-cables.com"
|
||
echo ""
|
||
echo "🔐 Security Notes:"
|
||
echo " • All secrets are masked (*** ) in logs"
|
||
echo " • SSH keys are created with 600 permissions"
|
||
echo " • Passwords are never displayed in plain text"
|
||
echo ""
|
||
echo "╔══════════════════════════════════════════════════════════════════════════════╗"
|
||
if [ "${{ job.status }}" == "success" ]; then
|
||
echo "║ ✅ DEPLOYMENT SUCCESSFUL ║"
|
||
else
|
||
echo "║ ❌ DEPLOYMENT FAILED ║"
|
||
fi
|
||
echo "╚══════════════════════════════════════════════════════════════════════════════╝"
|
||
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
# NOTIFICATION: Gotify
|
||
# ═══════════════════════════════════════════════════════════════════════════════
|
||
- name: 🔔 Gotify Notification (Success)
|
||
if: success()
|
||
run: |
|
||
echo "Sending success notification to Gotify..."
|
||
RESPONSE=$(curl -k -s -w "\n%{http_code}" -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \
|
||
-F "title=✅ Deployment Success: ${{ github.repository }}" \
|
||
-F "message=The deployment of ${{ github.repository }} (branch: ${{ github.ref }}) was successful.
|
||
|
||
Commit: ${{ github.sha }}
|
||
Actor: ${{ github.actor }}
|
||
Run ID: ${{ github.run_id }}" \
|
||
-F "priority=5")
|
||
|
||
HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
|
||
BODY=$(echo "$RESPONSE" | sed '$d')
|
||
|
||
echo "HTTP Status: $HTTP_CODE"
|
||
echo "Response Body: $BODY"
|
||
|
||
if [ "$HTTP_CODE" -lt 200 ] || [ "$HTTP_CODE" -ge 300 ]; then
|
||
echo "Failed to send Gotify notification"
|
||
exit 0 # Don't fail the workflow because of notification failure
|
||
fi
|
||
|
||
- name: 🔔 Gotify Notification (Failure)
|
||
if: failure()
|
||
run: |
|
||
echo "Sending failure notification to Gotify..."
|
||
RESPONSE=$(curl -k -s -w "\n%{http_code}" -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \
|
||
-F "title=❌ Deployment Failed: ${{ github.repository }}" \
|
||
-F "message=The deployment of ${{ github.repository }} (branch: ${{ github.ref }}) failed!
|
||
|
||
Commit: ${{ github.sha }}
|
||
Actor: ${{ github.actor }}
|
||
Run ID: ${{ github.run_id }}
|
||
|
||
Please check the logs for details." \
|
||
-F "priority=8")
|
||
|
||
HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
|
||
BODY=$(echo "$RESPONSE" | sed '$d')
|
||
|
||
echo "HTTP Status: $HTTP_CODE"
|
||
echo "Response Body: $BODY"
|
||
|
||
if [ "$HTTP_CODE" -lt 200 ] || [ "$HTTP_CODE" -ge 300 ]; then
|
||
echo "Failed to send Gotify notification"
|
||
exit 0 # Don't fail the workflow because of notification failure
|
||
fi
|