From 2b4150587880ead810f1a9957f262c53e5685ab8 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Tue, 10 Feb 2026 22:11:22 +0100 Subject: [PATCH] ci: restore missing Directus and Mail secrets in deployment --- .gitea/workflows/deploy.yml | 411 ++++++++++++++++-------------------- 1 file changed, 186 insertions(+), 225 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 1e2411b..03105ed 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -7,142 +7,99 @@ on: tags: - 'v*' workflow_dispatch: + inputs: + skip_checks: + description: 'Skip tests? (true/false)' + required: false + default: 'false' concurrency: - group: ${{ github.workflow }} - cancel-in-progress: false + group: ${{ github.workflow }}-${{ (github.ref_type == 'tag' && !contains(github.ref_name, '-')) && 'prod' || (github.ref_name == 'main' && 'testing' || github.ref_name) }} + cancel-in-progress: true jobs: + # ────────────────────────────────────────────────────────────────────────────── + # JOB 1: Prepare Environment + # ────────────────────────────────────────────────────────────────────────────── prepare: - name: 🔍 Prepare Environment + name: 🔍 Prepare runs-on: docker - container: - image: catthehacker/ubuntu:act-latest outputs: target: ${{ steps.determine.outputs.target }} image_tag: ${{ steps.determine.outputs.image_tag }} env_file: ${{ steps.determine.outputs.env_file }} traefik_host: ${{ steps.determine.outputs.traefik_host }} - next_public_base_url: ${{ steps.determine.outputs.next_public_base_url }} - directus_url: ${{ steps.determine.outputs.directus_url }} - directus_host: ${{ steps.determine.outputs.directus_host }} - gatekeeper_host: ${{ steps.determine.outputs.gatekeeper_host }} traefik_rule: ${{ steps.determine.outputs.traefik_rule }} - gatekeeper_rule: ${{ steps.determine.outputs.gatekeeper_rule }} + next_public_url: ${{ steps.determine.outputs.next_public_url }} + directus_url: ${{ steps.determine.outputs.directus_url }} project_name: ${{ steps.determine.outputs.project_name }} - auth_middleware: ${{ steps.determine.outputs.auth_middleware }} + short_sha: ${{ steps.determine.outputs.short_sha }} + container: + image: catthehacker/ubuntu:act-latest steps: - - name: 🔍 Debug Info - shell: bash - run: | - echo "ref_name: ${{ github.ref_name }}" - echo "ref_type: ${{ github.ref_type }}" - echo "tag: ${{ github.ref_name }}" - - - name: 🧹 Maintenance (Runner Cleanup) - continue-on-error: true - shell: bash - run: | - docker image prune -f || true - docker builder prune -f --filter "until=168h" || true - - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 2 - - name: 🔍 Determine Environment + - name: 🔍 Environment ermitteln id: determine shell: bash run: | - REF="${{ github.ref }}" - REF_NAME="${{ github.ref_name }}" - REF_TYPE="${{ github.ref_type }}" + REF="${{ github.ref_name }}" SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) - DOMAIN_BASE="mintel.me" - PRJ_ID="mintel-me" + DOMAIN="mintel.me" + PRJ="mintel-me" - echo "Detecting environment for ref: $REF ($REF_NAME, type: $REF_TYPE)" - - # Fallback for REF_TYPE if missing - if [[ -z "$REF_TYPE" ]]; then - if [[ "$REF" == refs/tags/* ]]; then - REF_TYPE="tag" - elif [[ "$REF" == refs/heads/* ]]; then - REF_TYPE="branch" - fi - fi - - if [[ "$REF_TYPE" == "branch" && "$REF_NAME" == "main" ]]; then + if [[ "${{ github.ref_type }}" == "branch" && "$REF" == "main" ]]; then TARGET="testing" - IMAGE_TAG="testing-${SHORT_SHA}" + IMAGE_TAG="main-${SHORT_SHA}" ENV_FILE=".env.testing" - TRAEFIK_HOST="testing.${DOMAIN_BASE}" - GATEKEEPER_HOST="gatekeeper.testing.${DOMAIN_BASE}" - NEXT_PUBLIC_BASE_URL="https://testing.${DOMAIN_BASE}" - DIRECTUS_URL="https://cms.testing.${DOMAIN_BASE}" - DIRECTUS_HOST="cms.testing.${DOMAIN_BASE}" - elif [[ "$REF_TYPE" == "tag" ]]; then - if [[ "$REF_NAME" =~ ^v[0-9]+\.[0-9]+(\.[0-9]+)?$ ]]; then + TRAEFIK_HOST="testing.${DOMAIN}" + elif [[ "${{ github.ref_type }}" == "tag" ]]; then + if [[ "$REF" =~ ^v[0-9]+\.[0-9]+(\.[0-9]+)?$ ]]; then TARGET="production" - IMAGE_TAG="$REF_NAME" + IMAGE_TAG="$REF" ENV_FILE=".env.prod" - TRAEFIK_HOST="${DOMAIN_BASE}" # Primary domain - GATEKEEPER_HOST="gatekeeper.${DOMAIN_BASE}" - NEXT_PUBLIC_BASE_URL="https://${DOMAIN_BASE}" - DIRECTUS_URL="https://cms.${DOMAIN_BASE}" - DIRECTUS_HOST="cms.${DOMAIN_BASE}" - elif [[ "$REF_NAME" =~ -rc || "$REF_NAME" =~ -beta || "$REF_NAME" =~ -alpha ]]; then - TARGET="staging" - IMAGE_TAG="$REF_NAME" - ENV_FILE=".env.staging" - TRAEFIK_HOST="staging.${DOMAIN_BASE}" - GATEKEEPER_HOST="gatekeeper.staging.${DOMAIN_BASE}" - NEXT_PUBLIC_BASE_URL="https://staging.${DOMAIN_BASE}" - DIRECTUS_URL="https://cms.staging.${DOMAIN_BASE}" - DIRECTUS_HOST="cms.staging.${DOMAIN_BASE}" + TRAEFIK_HOST="${DOMAIN}, www.${DOMAIN}" else - TARGET="skip" - echo "Tag $REF_NAME did not match any environment pattern." + TARGET="staging" + IMAGE_TAG="$REF" + ENV_FILE=".env.staging" + TRAEFIK_HOST="staging.${DOMAIN}" fi else TARGET="skip" - echo "Ref type $REF_TYPE is not handled for deployment." fi - # Determine Rules based on target (if not skipped) if [[ "$TARGET" != "skip" ]]; then - if [[ "$TARGET" == "production" ]]; then - TRAEFIK_RULE="Host(\`${DOMAIN_BASE}\`) || Host(\`www.${DOMAIN_BASE}\`)" - GATEKEEPER_RULE="(Host(\`${DOMAIN_BASE}\`) || Host(\`www.${DOMAIN_BASE}\`)) && PathPrefix(\`/gatekeeper\`) || Host(\`gatekeeper.${DOMAIN_BASE}\`)" + # Standardize Traefik Rule + if [[ "$TRAEFIK_HOST" == *","* ]]; then + TRAEFIK_RULE=$(echo "$TRAEFIK_HOST" | sed 's/,/ /g' | awk '{for(i=1;i<=NF;i++) printf "Host(\`%s\`)%s", $i, (i==NF?"":" || ")}') + PRIMARY_HOST=$(echo "$TRAEFIK_HOST" | cut -d',' -f1 | sed 's/ //g') else - TRAEFIK_RULE="Host(\`${TRAEFIK_HOST}\`)" - GATEKEEPER_RULE="(Host(\`${TRAEFIK_HOST}\`) && PathPrefix(\`/gatekeeper\`)) || Host(\`gatekeeper.${TRAEFIK_HOST}\`)" + TRAEFIK_RULE="Host(\`$TRAEFIK_HOST\`)" + PRIMARY_HOST="$TRAEFIK_HOST" fi - fi - echo "Target determined: $TARGET" - echo "Image tag: $IMAGE_TAG" - - echo "target=$TARGET" >> "$GITHUB_OUTPUT" - echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" - echo "env_file=$ENV_FILE" >> "$GITHUB_OUTPUT" - echo "traefik_host=$TRAEFIK_HOST" >> "$GITHUB_OUTPUT" - echo "traefik_rule=$TRAEFIK_RULE" >> "$GITHUB_OUTPUT" - echo "gatekeeper_rule=$GATEKEEPER_RULE" >> "$GITHUB_OUTPUT" - echo "gatekeeper_host=$GATEKEEPER_HOST" >> "$GITHUB_OUTPUT" - echo "next_public_base_url=$NEXT_PUBLIC_BASE_URL" >> "$GITHUB_OUTPUT" - echo "directus_url=$DIRECTUS_URL" >> "$GITHUB_OUTPUT" - echo "directus_host=$DIRECTUS_HOST" >> "$GITHUB_OUTPUT" - echo "project_name=$PRJ_ID-$TARGET" >> "$GITHUB_OUTPUT" - - # Determine middleware - if [[ "$TARGET" == "production" ]]; then - echo "traefik_middlewares=compress" >> "$GITHUB_OUTPUT" + { + echo "target=$TARGET" + echo "image_tag=$IMAGE_TAG" + echo "env_file=$ENV_FILE" + echo "traefik_host=$PRIMARY_HOST" + echo "traefik_rule=$TRAEFIK_RULE" + echo "next_public_url=https://$PRIMARY_HOST" + echo "directus_url=https://cms.$PRIMARY_HOST" + echo "project_name=$PRJ-$TARGET" + echo "short_sha=$SHORT_SHA" + } >> "$GITHUB_OUTPUT" else - echo "traefik_middlewares=$PRJ_ID-$TARGET-auth" >> "$GITHUB_OUTPUT" + echo "target=skip" >> "$GITHUB_OUTPUT" fi + # ────────────────────────────────────────────────────────────────────────────── + # JOB 2: QA (Lint, Build Test) + # ────────────────────────────────────────────────────────────────────────────── qa: name: 🧪 QA needs: prepare @@ -157,25 +114,26 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - - name: Install dependencies - shell: bash + - name: Setup pnpm + uses: pnpm/action-setup@v3 + with: + version: 10 + - name: 🔐 Registry Auth run: | - corepack enable - pnpm install --frozen-lockfile - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - - name: 🧪 Lint - shell: bash - run: pnpm lint - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - - name: 🏗️ Build Test - shell: bash - run: pnpm build - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - NEXT_PUBLIC_BASE_URL: https://dummy.test + echo "@mintel:registry=https://${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}" > .npmrc + echo "//${{ vars.REGISTRY_HOST || 'npm.infra.mintel.me' }}/:_authToken=${{ secrets.REGISTRY_PASS }}" >> .npmrc + - name: Install dependencies + run: pnpm install --frozen-lockfile + - name: 🧪 Parallel Checks + if: github.event.inputs.skip_checks != 'true' + run: | + pnpm lint & + pnpm build & + wait + # ────────────────────────────────────────────────────────────────────────────── + # JOB 3: Build & Push + # ────────────────────────────────────────────────────────────────────────────── build: name: 🏗️ Build needs: prepare @@ -186,165 +144,168 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 - - name: 🐳 Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: 🔐 Registry Login run: echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin - - name: 🏗️ Build and Push - shell: bash - run: | - export NPM_TOKEN=${{ secrets.NPM_TOKEN }} - docker buildx build \ - --pull \ - --platform linux/arm64 \ - --secret id=NPM_TOKEN \ - --build-arg NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }} \ - --build-arg NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} \ - --build-arg DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} \ - --build-arg UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }} \ - -t registry.infra.mintel.me/mintel/mintel.me:${{ needs.prepare.outputs.image_tag }} \ - --cache-from type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache \ - --cache-to type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache,mode=max \ - --push . + uses: docker/build-push-action@v5 + with: + context: . + push: true + platforms: linux/arm64 + build-args: | + NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }} + NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }} + DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} + NPM_TOKEN=${{ secrets.REGISTRY_PASS }} + tags: registry.infra.mintel.me/mintel/mintel.me:${{ needs.prepare.outputs.image_tag }} + cache-from: type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache + cache-to: type=registry,ref=registry.infra.mintel.me/mintel/mintel.me:buildcache,mode=max + secrets: | + "NPM_TOKEN=${{ secrets.REGISTRY_PASS }}" + # ────────────────────────────────────────────────────────────────────────────── + # JOB 4: Deploy + # ────────────────────────────────────────────────────────────────────────────── deploy: name: 🚀 Deploy needs: [prepare, build, qa] - if: needs.prepare.outputs.target != 'skip' runs-on: docker container: image: catthehacker/ubuntu:act-latest + env: + TARGET: ${{ needs.prepare.outputs.target }} + IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }} + PROJECT_NAME: ${{ needs.prepare.outputs.project_name }} + NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_url }} + DIRECTUS_URL: ${{ needs.prepare.outputs.directus_url }} + DIRECTUS_HOST: cms.${{ needs.prepare.outputs.traefik_host }} + + # Directus + DIRECTUS_API_TOKEN: ${{ secrets.DIRECTUS_API_TOKEN || vars.DIRECTUS_API_TOKEN }} + DIRECTUS_ADMIN_EMAIL: ${{ secrets.DIRECTUS_ADMIN_EMAIL || vars.DIRECTUS_ADMIN_EMAIL || 'admin@mintel.me' }} + DIRECTUS_ADMIN_PASSWORD: ${{ secrets.DIRECTUS_ADMIN_PASSWORD || vars.DIRECTUS_ADMIN_PASSWORD }} + DIRECTUS_DB_NAME: ${{ secrets.DIRECTUS_DB_NAME || vars.DIRECTUS_DB_NAME || 'directus' }} + DIRECTUS_DB_USER: ${{ secrets.DIRECTUS_DB_USER || vars.DIRECTUS_DB_USER || 'directus' }} + DIRECTUS_DB_PASSWORD: ${{ secrets.DIRECTUS_DB_PASSWORD || vars.DIRECTUS_DB_PASSWORD }} + DIRECTUS_KEY: ${{ secrets.DIRECTUS_KEY || vars.DIRECTUS_KEY }} + DIRECTUS_SECRET: ${{ secrets.DIRECTUS_SECRET || vars.DIRECTUS_SECRET }} + + # Mail + MAIL_HOST: ${{ secrets.SMTP_HOST || vars.SMTP_HOST }} + MAIL_PORT: ${{ secrets.SMTP_PORT || vars.SMTP_PORT || '587' }} + MAIL_USERNAME: ${{ secrets.SMTP_USER || vars.SMTP_USER }} + MAIL_PASSWORD: ${{ secrets.SMTP_PASS || vars.SMTP_PASS }} + MAIL_FROM: ${{ secrets.SMTP_FROM || vars.SMTP_FROM }} + MAIL_RECIPIENTS: ${{ secrets.CONTACT_RECIPIENT || vars.CONTACT_RECIPIENT }} + + # Authentication + GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD || vars.GATEKEEPER_PASSWORD }} + AUTH_COOKIE_NAME: ${{ secrets.AUTH_COOKIE_NAME || vars.AUTH_COOKIE_NAME || 'mintel_gatekeeper_session' }} + COOKIE_DOMAIN: ${{ secrets.COOKIE_DOMAIN || vars.COOKIE_DOMAIN || '.mintel.me' }} + + # Monitoring & Services + SENTRY_DSN: ${{ secrets.SENTRY_DSN || vars.SENTRY_DSN }} + UMAMI_WEBSITE_ID: ${{ secrets.UMAMI_WEBSITE_ID || secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID || vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} + UMAMI_API_ENDPOINT: ${{ secrets.UMAMI_API_ENDPOINT || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }} + PROJECT_COLOR: ${{ secrets.PROJECT_COLOR || vars.PROJECT_COLOR || '#ff00ff' }} steps: - name: Checkout repository uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: 🚀 Deploy via SSH + - name: 🚀 SSH Deploy shell: bash + env: + ENV_FILE: ${{ needs.prepare.outputs.env_file }} + TRAEFIK_RULE: ${{ needs.prepare.outputs.traefik_rule }} run: | - echo "Deploying to alpha.mintel.me" - mkdir -p ~/.ssh echo "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null # Generate Environment File - cat > .env.deploy << 'EOF' - ENV_FILE=${{ needs.prepare.outputs.env_file }} - IMAGE_TAG=${{ needs.prepare.outputs.image_tag }} - TRAEFIK_HOST=${{ needs.prepare.outputs.traefik_host }} - TRAEFIK_RULE=${{ needs.prepare.outputs.traefik_rule }} - GATEKEEPER_RULE=${{ needs.prepare.outputs.gatekeeper_rule }} - GATEKEEPER_HOST=${{ needs.prepare.outputs.gatekeeper_host }} - PROJECT_NAME=${{ needs.prepare.outputs.project_name }} - NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }} + cat > .env.deploy << EOF + # Generated by CI - $TARGET + IMAGE_TAG=$IMAGE_TAG + NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL + SENTRY_DSN=$SENTRY_DSN + PROJECT_COLOR=$PROJECT_COLOR # Directus - DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} - DIRECTUS_HOST=${{ needs.prepare.outputs.directus_host }} + DIRECTUS_URL=$DIRECTUS_URL + DIRECTUS_HOST=$DIRECTUS_HOST + DIRECTUS_KEY=$DIRECTUS_KEY + DIRECTUS_SECRET=$DIRECTUS_SECRET + DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL + DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD + DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME + DIRECTUS_DB_USER=$DIRECTUS_DB_USER + DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD + DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN INTERNAL_DIRECTUS_URL=http://directus:8055 - DIRECTUS_API_TOKEN=${{ secrets.DIRECTUS_API_TOKEN || vars.DIRECTUS_API_TOKEN }} - DIRECTUS_ADMIN_EMAIL=${{ secrets.DIRECTUS_ADMIN_EMAIL || vars.DIRECTUS_ADMIN_EMAIL || 'admin@mintel.me' }} - DIRECTUS_ADMIN_PASSWORD=${{ secrets.DIRECTUS_ADMIN_PASSWORD || vars.DIRECTUS_ADMIN_PASSWORD }} - DIRECTUS_DB_NAME=${{ secrets.DIRECTUS_DB_NAME || vars.DIRECTUS_DB_NAME || 'directus' }} - DIRECTUS_DB_USER=${{ secrets.DIRECTUS_DB_USER || vars.DIRECTUS_DB_USER || 'directus' }} - DIRECTUS_DB_PASSWORD=${{ secrets.DIRECTUS_DB_PASSWORD || vars.DIRECTUS_DB_PASSWORD }} - DIRECTUS_KEY=${{ secrets.DIRECTUS_KEY || vars.DIRECTUS_KEY || 'mintel-default-key-32chars-minimum' }} - DIRECTUS_SECRET=${{ secrets.DIRECTUS_SECRET || vars.DIRECTUS_SECRET || 'mintel-default-secret-32chars-minimum' }} - # SMTP Config - SMTP_HOST=${{ secrets.SMTP_HOST || vars.SMTP_HOST }} - SMTP_PORT=${{ secrets.SMTP_PORT || vars.SMTP_PORT || '587' }} - SMTP_SECURE=${{ secrets.SMTP_SECURE || vars.SMTP_SECURE || 'false' }} - SMTP_USER=${{ secrets.SMTP_USER || vars.SMTP_USER }} - SMTP_PASS=${{ secrets.SMTP_PASS || vars.SMTP_PASS }} - SMTP_FROM=${{ secrets.SMTP_FROM || vars.SMTP_FROM }} - CONTACT_RECIPIENT=${{ secrets.CONTACT_RECIPIENT || vars.CONTACT_RECIPIENT }} + # Mail + MAIL_HOST=$MAIL_HOST + MAIL_PORT=$MAIL_PORT + MAIL_USERNAME=$MAIL_USERNAME + MAIL_PASSWORD=$MAIL_PASSWORD + MAIL_FROM=$MAIL_FROM + MAIL_RECIPIENTS=$MAIL_RECIPIENTS # Authentication - GATEKEEPER_PASSWORD=${{ secrets.GATEKEEPER_PASSWORD || vars.GATEKEEPER_PASSWORD || 'mintel' }} - AUTH_COOKIE_NAME=${{ secrets.AUTH_COOKIE_NAME || vars.AUTH_COOKIE_NAME || 'mintel_gatekeeper_session' }} - COOKIE_DOMAIN=${{ secrets.COOKIE_DOMAIN || vars.COOKIE_DOMAIN || '.mintel.me' }} - TRAEFIK_MIDDLEWARES=${{ needs.prepare.outputs.traefik_middlewares }} - AUTH_MIDDLEWARE=${{ needs.prepare.outputs.traefik_middlewares }} + GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD + AUTH_COOKIE_NAME=$AUTH_COOKIE_NAME + COOKIE_DOMAIN=$COOKIE_DOMAIN - # External Services - SENTRY_DSN=${{ secrets.SENTRY_DSN || vars.SENTRY_DSN }} - GOTIFY_URL=${{ secrets.GOTIFY_URL || vars.GOTIFY_URL }} - GOTIFY_TOKEN=${{ secrets.GOTIFY_TOKEN || vars.GOTIFY_TOKEN }} - UMAMI_WEBSITE_ID=${{ secrets.UMAMI_WEBSITE_ID || secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID || vars.UMAMI_WEBSITE_ID || vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} - UMAMI_API_ENDPOINT=${{ secrets.UMAMI_API_ENDPOINT || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL || vars.UMAMI_API_ENDPOINT || 'https://analytics.infra.mintel.me' }} - - # Project - PROJECT_COLOR=${{ secrets.PROJECT_COLOR || vars.PROJECT_COLOR || '#ff00ff' }} + # Analytics + UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID + NEXT_PUBLIC_UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID + UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT + + TARGET=$TARGET + SENTRY_ENVIRONMENT=$TARGET + PROJECT_NAME=$PROJECT_NAME + TRAEFIK_HOST_RULE='$TRAEFIK_RULE' EOF - APP_DIR="/home/deploy/sites/mintel.me" - ssh -o StrictHostKeyChecking=accept-new root@alpha.mintel.me "mkdir -p $APP_DIR" + # AUTH_MIDDLEWARE logic + printf "AUTH_MIDDLEWARE=%s\n" "$( [[ "$TARGET" == "production" ]] && echo "compress" || echo "${PROJECT_NAME}-auth,compress" )" >> .env.deploy + + # Transfer and Restart + SITE_DIR="/home/deploy/sites/mintel.me" + ssh root@alpha.mintel.me "mkdir -p $SITE_DIR" - scp -o StrictHostKeyChecking=accept-new .env.deploy root@alpha.mintel.me:$APP_DIR/${{ needs.prepare.outputs.env_file }} - scp -o StrictHostKeyChecking=accept-new docker-compose.yml root@alpha.mintel.me:$APP_DIR/docker-compose.yml + scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE + scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml - ssh -o StrictHostKeyChecking=accept-new root@alpha.mintel.me bash << 'EOF' + ssh root@alpha.mintel.me bash << 'EOF' set -e - APP_DIR="/home/deploy/sites/mintel.me" - cd $APP_DIR - - echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin - docker compose -p "${{ needs.prepare.outputs.project_name }}" --env-file ${{ needs.prepare.outputs.env_file }} pull - docker compose -p "${{ needs.prepare.outputs.project_name }}" --env-file ${{ needs.prepare.outputs.env_file }} up -d --force-recreate --remove-orphans + cd /home/deploy/sites/mintel.me + echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin + docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' pull + docker compose -p '$PROJECT_NAME' --env-file '$ENV_FILE' up -d --wait --remove-orphans docker system prune -f --filter "until=24h" EOF - pagespeed: - name: ⚡ PageSpeed - needs: [prepare, deploy] - if: | - always() && - needs.prepare.outputs.target != 'skip' && - needs.deploy.result == 'success' - runs-on: docker - container: - image: catthehacker/ubuntu:act-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - name: Install dependencies - run: | - corepack enable - pnpm install --frozen-lockfile - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - - name: 🧪 Run PageSpeed (Lighthouse CI) - env: - NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_base_url }} - GATEKEEPER_PASSWORD: ${{ secrets.GATEKEEPER_PASSWORD }} - run: pnpm --filter @mintel/web pagespeed:test - + # ────────────────────────────────────────────────────────────────────────────── + # JOB 5: Notifications + # ────────────────────────────────────────────────────────────────────────────── notifications: - name: 🔔 Notifications + name: 🔔 Notify needs: [prepare, deploy] if: always() runs-on: docker container: image: catthehacker/ubuntu:act-latest steps: - - name: Notify Gotify - shell: bash + - name: 🔔 Gotify run: | STATUS="${{ needs.deploy.result }}" + TITLE="mintel.me: $STATUS" [[ "$STATUS" == "success" ]] && PRIORITY=5 || PRIORITY=8 - curl -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \ - -F "title=mintel.me Deployment" \ - -F "message=Status: $STATUS for ${{ needs.prepare.outputs.target }} (${{ needs.prepare.outputs.image_tag }})" \ - -F "priority=$PRIORITY" + curl -s -k -X POST "${{ secrets.GOTIFY_URL }}/message?token=${{ secrets.GOTIFY_TOKEN }}" \ + -F "title=$TITLE" \ + -F "message=Deploy to ${{ needs.prepare.outputs.target }} finished with status $STATUS.\nVersion: ${{ needs.prepare.outputs.image_tag }}" \ + -F "priority=$PRIORITY" || true