denis/gremiumhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pipeline): Trigger deploy job only once, pass SSH variable in a different way

Browse Source
This commit is contained in:
Denis Lugowski
2025-11-18 15:49:14 +01:00
parent cf6c008519
commit 77e7623442
6 changed files with 242 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
.gitea/workflows/backend.yaml
View File

@@ -1,118 +0,0 @@
name: Backend CI/CD
run-name: ${{ gitea.actor }} triggered backend pipeline on ${{ gitea.ref_name }}
on:
pull_request:
paths:
- 'legalconsenthub-backend/**'
- 'api/**'
- '.gitea/workflows/backend.yaml'
push:
branches:
- main
paths:
- 'legalconsenthub-backend/**'
- 'api/**'
- '.gitea/workflows/backend.yaml'
jobs:
build-and-test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: legalconsenthub_test
POSTGRES_USER: test
POSTGRES_PASSWORD: test
options: >-
--health-cmd "pg_isready -U test"
--health-interval 10s
--health-timeout 5s
--health-retries 5
defaults:
run:
working-directory: ./legalconsenthub-backend
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
- name: Setup Gradle cache
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
legalconsenthub-backend/.gradle
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Make gradlew executable
run: chmod +x gradlew
- name: Build application
run: ./gradlew build -x test
- name: Run ktlint check
run: ./gradlew ktlintCheck
- name: Run tests
run: ./gradlew test
env:
SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/legalconsenthub_test
SPRING_DATASOURCE_USERNAME: test
SPRING_DATASOURCE_PASSWORD: test
SPRING_JPA_HIBERNATE_DDL_AUTO: create-drop
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Gitea Container Registry
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
registry: gitea.lugnas.de
username: ${{ gitea.actor }}
password: ${{ secrets.DOCKER_PUSH_TOKEN }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend
tags: |
type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }}
type=sha,prefix=,format=long
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./legalconsenthub-backend/Dockerfile
push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }}
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Image built successfully
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
run: |
echo "✅ Docker image built and pushed successfully"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:latest"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:${{ gitea.sha }}"
- name: Dry-run completed
if: gitea.event_name == 'pull_request'
run: |
echo "✅ Dry-run build completed successfully (image not pushed)"

37
.gitea/workflows/deploy.yaml
View File

@@ -1,37 +0,0 @@
name: Deploy to Production
run-name: ${{ gitea.actor }} triggered deployment on ${{ gitea.ref_name }}
on:
workflow_run:
workflows: ["Frontend CI/CD", "Backend CI/CD"]
types:
- completed
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
if: ${{ gitea.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup SSH
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.SYNOLOGY_DEPLOY_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: Deploy to server
run: |
ssh -i ~/.ssh/id_rsa -p 32766 -o StrictHostKeyChecking=accept-new deploy@ds218 \
"SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN='${{ secrets.SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN }}' sudo -E /usr/local/bin/deployLegalconsenthub.sh"
- name: Deployment successful
run: |
echo "✅ Deployment triggered successfully"
echo "🚀 Application is being deployed to production"

112
.gitea/workflows/frontend.yaml
View File

@@ -1,112 +0,0 @@
name: Frontend CI/CD
run-name: ${{ gitea.actor }} triggered frontend pipeline on ${{ gitea.ref_name }}
on:
pull_request:
paths:
- 'legalconsenthub/**'
- 'api/**'
- '.gitea/workflows/frontend.yaml'
push:
branches:
- main
paths:
- 'legalconsenthub/**'
- 'api/**'
- '.gitea/workflows/frontend.yaml'
jobs:
build-and-test:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./legalconsenthub
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22.16.0'
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.13.1
run_install: false
- name: Get pnpm store directory
id: pnpm-cache
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITEA_OUTPUT
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build application
run: pnpm build
- name: Run linting
run: pnpm lint
- name: Run type checking
run: pnpm type-check
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Gitea Container Registry
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
registry: gitea.lugnas.de
username: ${{ gitea.actor }}
password: ${{ secrets.DOCKER_PUSH_TOKEN }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub
tags: |
type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }}
type=sha,prefix=,format=long
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./legalconsenthub/Dockerfile
push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }}
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Image built successfully
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
run: |
echo "✅ Docker image built and pushed successfully"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:latest"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:${{ gitea.sha }}"
- name: Dry-run completed
if: gitea.event_name == 'pull_request'
run: |
echo "✅ Dry-run build completed successfully (image not pushed)"

240
.gitea/workflows/pipeline.yaml Normal file
View File

@@ -0,0 +1,240 @@
name: CI/CD Pipeline
run-name: ${{ gitea.actor }} triggered pipeline on ${{ gitea.ref_name }}
on:
pull_request:
paths:
- 'legalconsenthub/**'
- 'legalconsenthub-backend/**'
- 'api/**'
- '.gitea/workflows/ci-cd.yaml'
push:
branches:
- main
paths:
- 'legalconsenthub/**'
- 'legalconsenthub-backend/**'
- 'api/**'
- '.gitea/workflows/ci-cd.yaml'
jobs:
frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./legalconsenthub
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22.16.0'
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.13.1
run_install: false
- name: Get pnpm store directory
id: pnpm-cache
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITEA_OUTPUT
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build application
run: pnpm build
- name: Run linting
run: pnpm lint
- name: Run type checking
run: pnpm type-check
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Gitea Container Registry
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
registry: gitea.lugnas.de
username: ${{ gitea.actor }}
password: ${{ secrets.DOCKER_PUSH_TOKEN }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub
tags: |
type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }}
type=sha,prefix=,format=long
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./legalconsenthub/Dockerfile
push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }}
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Image built successfully
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
run: |
echo "✅ Docker image built and pushed successfully"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:latest"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:${{ gitea.sha }}"
- name: Dry-run completed
if: gitea.event_name == 'pull_request'
run: |
echo "✅ Dry-run build completed successfully (image not pushed)"
backend:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: legalconsenthub_test
POSTGRES_USER: test
POSTGRES_PASSWORD: test
options: >-
--health-cmd "pg_isready -U test"
--health-interval 10s
--health-timeout 5s
--health-retries 5
defaults:
run:
working-directory: ./legalconsenthub-backend
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
- name: Setup Gradle cache
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
legalconsenthub-backend/.gradle
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Make gradlew executable
run: chmod +x gradlew
- name: Build application
run: ./gradlew build -x test
- name: Run ktlint check
run: ./gradlew ktlintCheck
- name: Run tests
run: ./gradlew test
env:
SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/legalconsenthub_test
SPRING_DATASOURCE_USERNAME: test
SPRING_DATASOURCE_PASSWORD: test
SPRING_JPA_HIBERNATE_DDL_AUTO: create-drop
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Gitea Container Registry
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
registry: gitea.lugnas.de
username: ${{ gitea.actor }}
password: ${{ secrets.DOCKER_PUSH_TOKEN }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend
tags: |
type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }}
type=sha,prefix=,format=long
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./legalconsenthub-backend/Dockerfile
push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }}
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Image built successfully
if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main'
run: |
echo "✅ Docker image built and pushed successfully"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:latest"
echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:${{ gitea.sha }}"
- name: Dry-run completed
if: gitea.event_name == 'pull_request'
run: |
echo "✅ Dry-run build completed successfully (image not pushed)"
deploy:
runs-on: ubuntu-latest
needs: [frontend, backend]
if: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup SSH
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.SYNOLOGY_DEPLOY_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: Deploy to server
run: |
ssh -i ~/.ssh/id_rsa -p 32766 -o StrictHostKeyChecking=accept-new deploy@ds218 \
"SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN=${{ secrets.SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN }} sudo /usr/local/bin/deployLegalconsenthub.sh"
- name: Deployment successful
run: |
echo "✅ Deployment triggered successfully"
echo "🚀 Application is being deployed to production"

2
legalconsenthub-backend/README.md
View File

@@ -2,4 +2,4 @@
## Pipeline Triggering
Trigger count: 4
Trigger count: 5

2
legalconsenthub/README.md
View File

@@ -2,4 +2,4 @@
## Pipeline Triggering
Trigger count: 4
Trigger count: 5