From 77e76234422152cdeacb9fff486ced6c86c6a57c Mon Sep 17 00:00:00 2001 From: Denis Lugowski Date: Tue, 18 Nov 2025 15:49:14 +0100 Subject: [PATCH] feat(pipeline): Trigger deploy job only once, pass SSH variable in a different way --- .gitea/workflows/backend.yaml | 118 --------------- .gitea/workflows/deploy.yaml | 37 ----- .gitea/workflows/frontend.yaml | 112 -------------- .gitea/workflows/pipeline.yaml | 240 ++++++++++++++++++++++++++++++ legalconsenthub-backend/README.md | 2 +- legalconsenthub/README.md | 2 +- 6 files changed, 242 insertions(+), 269 deletions(-) delete mode 100644 .gitea/workflows/backend.yaml delete mode 100644 .gitea/workflows/deploy.yaml delete mode 100644 .gitea/workflows/frontend.yaml create mode 100644 .gitea/workflows/pipeline.yaml diff --git a/.gitea/workflows/backend.yaml b/.gitea/workflows/backend.yaml deleted file mode 100644 index 6e2f63a..0000000 --- a/.gitea/workflows/backend.yaml +++ /dev/null @@ -1,118 +0,0 @@ -name: Backend CI/CD -run-name: ${{ gitea.actor }} triggered backend pipeline on ${{ gitea.ref_name }} - -on: - pull_request: - paths: - - 'legalconsenthub-backend/**' - - 'api/**' - - '.gitea/workflows/backend.yaml' - push: - branches: - - main - paths: - - 'legalconsenthub-backend/**' - - 'api/**' - - '.gitea/workflows/backend.yaml' - -jobs: - build-and-test: - runs-on: ubuntu-latest - - services: - postgres: - image: postgres:16-alpine - env: - POSTGRES_DB: legalconsenthub_test - POSTGRES_USER: test - POSTGRES_PASSWORD: test - options: >- - --health-cmd "pg_isready -U test" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - - defaults: - run: - working-directory: ./legalconsenthub-backend - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: '21' - - - name: Setup Gradle cache - uses: actions/cache@v4 - with: - path: | - ~/.gradle/caches - ~/.gradle/wrapper - legalconsenthub-backend/.gradle - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- - - - name: Make gradlew executable - run: chmod +x gradlew - - - name: Build application - run: ./gradlew build -x test - - - name: Run ktlint check - run: ./gradlew ktlintCheck - - - name: Run tests - run: ./gradlew test - env: - SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/legalconsenthub_test - SPRING_DATASOURCE_USERNAME: test - SPRING_DATASOURCE_PASSWORD: test - SPRING_JPA_HIBERNATE_DDL_AUTO: create-drop - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Gitea Container Registry - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' - uses: docker/login-action@v3 - with: - registry: gitea.lugnas.de - username: ${{ gitea.actor }} - password: ${{ secrets.DOCKER_PUSH_TOKEN }} - - - name: Extract metadata for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend - tags: | - type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} - type=sha,prefix=,format=long - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - file: ./legalconsenthub-backend/Dockerfile - push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} - platforms: linux/amd64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Image built successfully - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' - run: | - echo "✅ Docker image built and pushed successfully" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:latest" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:${{ gitea.sha }}" - - - name: Dry-run completed - if: gitea.event_name == 'pull_request' - run: | - echo "✅ Dry-run build completed successfully (image not pushed)" - diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml deleted file mode 100644 index 19f42f7..0000000 --- a/.gitea/workflows/deploy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -name: Deploy to Production -run-name: ${{ gitea.actor }} triggered deployment on ${{ gitea.ref_name }} - -on: - workflow_run: - workflows: ["Frontend CI/CD", "Backend CI/CD"] - types: - - completed - branches: - - main - -jobs: - deploy: - runs-on: ubuntu-latest - if: ${{ gitea.event.workflow_run.conclusion == 'success' }} - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup SSH - run: | - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "${{ secrets.SYNOLOGY_DEPLOY_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - - name: Deploy to server - run: | - ssh -i ~/.ssh/id_rsa -p 32766 -o StrictHostKeyChecking=accept-new deploy@ds218 \ - "SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN='${{ secrets.SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN }}' sudo -E /usr/local/bin/deployLegalconsenthub.sh" - - - name: Deployment successful - run: | - echo "✅ Deployment triggered successfully" - echo "🚀 Application is being deployed to production" - diff --git a/.gitea/workflows/frontend.yaml b/.gitea/workflows/frontend.yaml deleted file mode 100644 index fc3c7dc..0000000 --- a/.gitea/workflows/frontend.yaml +++ /dev/null @@ -1,112 +0,0 @@ -name: Frontend CI/CD -run-name: ${{ gitea.actor }} triggered frontend pipeline on ${{ gitea.ref_name }} - -on: - pull_request: - paths: - - 'legalconsenthub/**' - - 'api/**' - - '.gitea/workflows/frontend.yaml' - push: - branches: - - main - paths: - - 'legalconsenthub/**' - - 'api/**' - - '.gitea/workflows/frontend.yaml' - -jobs: - build-and-test: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./legalconsenthub - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '22.16.0' - - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: '21' - - - name: Setup pnpm - uses: pnpm/action-setup@v4 - with: - version: 10.13.1 - run_install: false - - - name: Get pnpm store directory - id: pnpm-cache - run: | - echo "STORE_PATH=$(pnpm store path)" >> $GITEA_OUTPUT - - - name: Setup pnpm cache - uses: actions/cache@v4 - with: - path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} - key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-store- - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Build application - run: pnpm build - - - name: Run linting - run: pnpm lint - - - name: Run type checking - run: pnpm type-check - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Gitea Container Registry - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' - uses: docker/login-action@v3 - with: - registry: gitea.lugnas.de - username: ${{ gitea.actor }} - password: ${{ secrets.DOCKER_PUSH_TOKEN }} - - - name: Extract metadata for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub - tags: | - type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} - type=sha,prefix=,format=long - - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - file: ./legalconsenthub/Dockerfile - push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} - platforms: linux/amd64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Image built successfully - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' - run: | - echo "✅ Docker image built and pushed successfully" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:latest" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:${{ gitea.sha }}" - - - name: Dry-run completed - if: gitea.event_name == 'pull_request' - run: | - echo "✅ Dry-run build completed successfully (image not pushed)" - diff --git a/.gitea/workflows/pipeline.yaml b/.gitea/workflows/pipeline.yaml new file mode 100644 index 0000000..3e48bef --- /dev/null +++ b/.gitea/workflows/pipeline.yaml @@ -0,0 +1,240 @@ +name: CI/CD Pipeline +run-name: ${{ gitea.actor }} triggered pipeline on ${{ gitea.ref_name }} + +on: + pull_request: + paths: + - 'legalconsenthub/**' + - 'legalconsenthub-backend/**' + - 'api/**' + - '.gitea/workflows/ci-cd.yaml' + push: + branches: + - main + paths: + - 'legalconsenthub/**' + - 'legalconsenthub-backend/**' + - 'api/**' + - '.gitea/workflows/ci-cd.yaml' + +jobs: + frontend: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./legalconsenthub + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.16.0' + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 10.13.1 + run_install: false + + - name: Get pnpm store directory + id: pnpm-cache + run: | + echo "STORE_PATH=$(pnpm store path)" >> $GITEA_OUTPUT + + - name: Setup pnpm cache + uses: actions/cache@v4 + with: + path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build application + run: pnpm build + + - name: Run linting + run: pnpm lint + + - name: Run type checking + run: pnpm type-check + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Gitea Container Registry + if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + uses: docker/login-action@v3 + with: + registry: gitea.lugnas.de + username: ${{ gitea.actor }} + password: ${{ secrets.DOCKER_PUSH_TOKEN }} + + - name: Extract metadata for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub + tags: | + type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} + type=sha,prefix=,format=long + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./legalconsenthub/Dockerfile + push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} + platforms: linux/amd64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Image built successfully + if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + run: | + echo "✅ Docker image built and pushed successfully" + echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:latest" + echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:${{ gitea.sha }}" + + - name: Dry-run completed + if: gitea.event_name == 'pull_request' + run: | + echo "✅ Dry-run build completed successfully (image not pushed)" + + backend: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres:16-alpine + env: + POSTGRES_DB: legalconsenthub_test + POSTGRES_USER: test + POSTGRES_PASSWORD: test + options: >- + --health-cmd "pg_isready -U test" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + + defaults: + run: + working-directory: ./legalconsenthub-backend + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '21' + + - name: Setup Gradle cache + uses: actions/cache@v4 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + legalconsenthub-backend/.gradle + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + restore-keys: | + ${{ runner.os }}-gradle- + + - name: Make gradlew executable + run: chmod +x gradlew + + - name: Build application + run: ./gradlew build -x test + + - name: Run ktlint check + run: ./gradlew ktlintCheck + + - name: Run tests + run: ./gradlew test + env: + SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/legalconsenthub_test + SPRING_DATASOURCE_USERNAME: test + SPRING_DATASOURCE_PASSWORD: test + SPRING_JPA_HIBERNATE_DDL_AUTO: create-drop + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Gitea Container Registry + if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + uses: docker/login-action@v3 + with: + registry: gitea.lugnas.de + username: ${{ gitea.actor }} + password: ${{ secrets.DOCKER_PUSH_TOKEN }} + + - name: Extract metadata for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend + tags: | + type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} + type=sha,prefix=,format=long + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./legalconsenthub-backend/Dockerfile + push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} + platforms: linux/amd64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Image built successfully + if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + run: | + echo "✅ Docker image built and pushed successfully" + echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:latest" + echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:${{ gitea.sha }}" + + - name: Dry-run completed + if: gitea.event_name == 'pull_request' + run: | + echo "✅ Dry-run build completed successfully (image not pushed)" + + deploy: + runs-on: ubuntu-latest + needs: [frontend, backend] + if: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup SSH + run: | + mkdir -p ~/.ssh + chmod 700 ~/.ssh + echo "${{ secrets.SYNOLOGY_DEPLOY_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + - name: Deploy to server + run: | + ssh -i ~/.ssh/id_rsa -p 32766 -o StrictHostKeyChecking=accept-new deploy@ds218 \ + "SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN=${{ secrets.SYNOLOGY_DEPLOY_PULL_IMAGE_TOKEN }} sudo /usr/local/bin/deployLegalconsenthub.sh" + + - name: Deployment successful + run: | + echo "✅ Deployment triggered successfully" + echo "🚀 Application is being deployed to production" + diff --git a/legalconsenthub-backend/README.md b/legalconsenthub-backend/README.md index 02a067a..f948794 100644 --- a/legalconsenthub-backend/README.md +++ b/legalconsenthub-backend/README.md @@ -2,4 +2,4 @@ ## Pipeline Triggering -Trigger count: 4 +Trigger count: 5 diff --git a/legalconsenthub/README.md b/legalconsenthub/README.md index a4110a7..4ed17ce 100644 --- a/legalconsenthub/README.md +++ b/legalconsenthub/README.md @@ -2,4 +2,4 @@ ## Pipeline Triggering -Trigger count: 4 +Trigger count: 5