SkyMoney/.gitea/workflows/deploy.yml at d39928a3f7756d63f46b7b9c04cec38cce789f6c

Joders/SkyMoney

Fork 0

Files

Ricearoni1245 5fa82adc20

Security Tests / security-non-db (push) Successful in 18s

Details

Security Tests / security-db (push) Successful in 22s

Details

Deploy / deploy (push) Successful in 57s

Details

attempting to fix frozen deploy step 2

2026-03-02 14:11:03 -06:00

87 lines

2.7 KiB

YAML

Raw Blame History

 name: Deploy
 on:
   push:
     branches: [main]
 jobs:
   deploy:
     runs-on: vps-host
     steps:
       - uses: actions/checkout@v4.2.2
       - name: Supply chain checks (production dependencies)
         run: |
           set -euo pipefail
           cd api
           npm ci
           npm audit --omit=dev --audit-level=high
           cd ../web
           npm ci
           npm audit --omit=dev --audit-level=high
       - name: Build Web
         run: |
           cd web
           npm run build
       - name: Deploy with Docker Compose
         run: |
           set -euo pipefail
           # Fail fast if sudo requires interactive password in runner context
           sudo -n docker ps >/dev/null
           # Deploy directory
           APP_DIR=/opt/skymoney
           mkdir -p $APP_DIR
           # Sync repo to server (excluding node_modules, dist, etc)
           rsync -a --delete \
             --exclude=node_modules \
             --exclude=dist \
             --exclude=.git \
             --exclude=.gitea \
             --exclude=backups \
             --exclude=forensics \
             --exclude=exporting \
             ./ $APP_DIR/
           # Copy built web to shared volume
           mkdir -p /var/www/skymoney/dist
           cp -r web/dist/* /var/www/skymoney/dist/
           cd $APP_DIR
           # Validate migration target before touching containers
           export EXPECTED_PROD_DB_HOST="${EXPECTED_PROD_DB_HOST:-postgres}"
           export EXPECTED_PROD_DB_NAME="${EXPECTED_PROD_DB_NAME:-skymoney}"
           chmod +x ./scripts/validate-prod-db-target.sh ./scripts/guard-prod-volume.sh ./scripts/backup.sh
           bash ./scripts/validate-prod-db-target.sh
           PROD_DB_VOLUME_NAME="${PROD_DB_VOLUME_NAME:-skymoney_pgdata}" \
           ALLOW_EMPTY_PROD_VOLUME="${ALLOW_EMPTY_PROD_VOLUME:-0}" \
           PROD_VOLUME_GUARD_TIMEOUT_SEC="${PROD_VOLUME_GUARD_TIMEOUT_SEC:-20}" \
           DOCKER_CMD="sudo -n docker" \
           bash ./scripts/guard-prod-volume.sh
           # Build and start all services
           sudo -n docker-compose -p skymoney up -d --build
           # Wait for database to be ready
           sleep 10
           # Mandatory pre-migration backup
           export EXPECTED_BACKUP_DB_HOST="${EXPECTED_BACKUP_DB_HOST:-127.0.0.1}"
           export EXPECTED_BACKUP_DB_NAME="${EXPECTED_BACKUP_DB_NAME:-skymoney}"
           BACKUP_ENFORCE_TARGET_CHECK=1 \
           EXPECTED_BACKUP_DB_HOST="$EXPECTED_BACKUP_DB_HOST" \
           EXPECTED_BACKUP_DB_NAME="$EXPECTED_BACKUP_DB_NAME" \
           BACKUP_DIR=/opt/skymoney/backups \
           bash ./scripts/backup.sh
           # Run Prisma migrations inside the API container
           sudo -n docker-compose -p skymoney exec -T api npx prisma migrate deploy
       - name: Reload Nginx
         run: sudo systemctl reload nginx

87 lines 2.7 KiB YAML Raw Blame History

87 lines

2.7 KiB

YAML

Raw Blame History