fix(deploy): make LXC deploys atomic and fail-fast
Rebuild the deployment flow to prepare releases remotely, validate env/sudo prerequisites, run migrations in-release, and auto-rollback on health failures. Consolidate deployment docs and add a manual CI workflow so laptop and CI use the same push-based deploy path.
This commit is contained in:
parent
d228b44209
commit
2efdb2b785
8 changed files with 1057 additions and 319 deletions
73
.forgejo/workflows/deploy-manual.yml
Normal file
73
.forgejo/workflows/deploy-manual.yml
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
name: Deploy (Manual)
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
scope:
|
||||
description: "Deployment scope"
|
||||
required: true
|
||||
default: "all"
|
||||
type: choice
|
||||
options:
|
||||
- all
|
||||
- backend
|
||||
- frontend
|
||||
- rollback
|
||||
- list
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Manual deployment to LXC
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.12"
|
||||
|
||||
- name: Install uv
|
||||
run: |
|
||||
curl -LsSf https://astral.sh/uv/install.sh | sh
|
||||
echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: "24"
|
||||
|
||||
- name: Install pnpm
|
||||
run: npm install -g pnpm
|
||||
|
||||
- name: Configure SSH key
|
||||
env:
|
||||
DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
|
||||
run: |
|
||||
mkdir -p "$HOME/.ssh"
|
||||
chmod 700 "$HOME/.ssh"
|
||||
printf '%s\n' "$DEPLOY_SSH_KEY" > "$HOME/.ssh/id_ed25519"
|
||||
chmod 600 "$HOME/.ssh/id_ed25519"
|
||||
|
||||
- name: Configure known hosts
|
||||
env:
|
||||
DEPLOY_KNOWN_HOSTS: ${{ secrets.DEPLOY_KNOWN_HOSTS }}
|
||||
run: |
|
||||
if [ -z "$DEPLOY_KNOWN_HOSTS" ]; then
|
||||
echo "DEPLOY_KNOWN_HOSTS secret is required"
|
||||
exit 1
|
||||
fi
|
||||
printf '%s\n' "$DEPLOY_KNOWN_HOSTS" > "$HOME/.ssh/known_hosts"
|
||||
chmod 644 "$HOME/.ssh/known_hosts"
|
||||
|
||||
- name: Run deployment
|
||||
env:
|
||||
DEPLOY_SERVER: ${{ secrets.DEPLOY_SERVER }}
|
||||
run: |
|
||||
if [ -z "$DEPLOY_SERVER" ]; then
|
||||
echo "DEPLOY_SERVER secret is required"
|
||||
exit 1
|
||||
fi
|
||||
chmod +x ./deploy.sh
|
||||
./deploy.sh "${{ inputs.scope }}"
|
||||
Loading…
Add table
Add a link
Reference in a new issue