Retry 1106
This commit is contained in:
@@ -28,36 +28,44 @@ jobs:
|
||||
needs: build-and-push
|
||||
|
||||
steps:
|
||||
- name: Deploy to Production via SSH
|
||||
- name: Install Docker Tools
|
||||
run: |
|
||||
echo "Connecting to production server to deploy..."
|
||||
# Script completo para instalar docker y docker-compose
|
||||
apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && chmod a+r /etc/apt/keyrings/docker.asc && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && apt-get update && apt-get install -y docker-ce-cli docker-compose-plugin
|
||||
|
||||
# 1. Preparar el cliente SSH dentro del contenedor del job
|
||||
apt-get update && apt-get install -y openssh-client
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
|
||||
- name: Deploy Application Stack
|
||||
run: |
|
||||
echo "Deploying application stack using internal network..."
|
||||
|
||||
# 2. Conectarse al HOST y ejecutar los comandos de despliegue
|
||||
ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << 'EOF'
|
||||
echo "--- CONECTADO AL SERVIDOR DE PRODUCCIÓN ---"
|
||||
|
||||
# Navegar a la carpeta correcta EN EL HOST
|
||||
cd /opt/gestion-integral
|
||||
|
||||
# Exportar los secretos para que docker-compose los use
|
||||
export DB_SA_PASSWORD="${{ secrets.DB_SA_PASSWORD_SECRET }}"
|
||||
export JWT_KEY="${{ secrets.JWT_KEY_SECRET }}"
|
||||
|
||||
# Ejecutar los comandos de Docker en el host, apuntando a sí mismo
|
||||
# Usar --password-stdin es más seguro y evita warnings
|
||||
echo "${{ secrets.ACTIONS_PAT }}" | docker login 127.0.0.1:5000 -u ${{ secrets.REGISTRY_USER }} --password-stdin
|
||||
|
||||
# El resto de comandos, ahora sí, funcionarán
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
docker image prune -af
|
||||
|
||||
echo "--- ¡¡DESPLIEGUE REALIZADO CON ÉXITO!! ---"
|
||||
EOF
|
||||
# Obtenemos la IP Virtual del SERVICIO de gitea. Este es el método robusto.
|
||||
GITEA_IP=$(docker service inspect gitea-stack_gitea --format '{{range .Endpoint.VirtualIPs}}{{.Addr}}{{end}}' | cut -d'/' -f1)
|
||||
if [ -z "$GITEA_IP" ]; then
|
||||
echo "Error: Could not find Gitea service IP."
|
||||
exit 1
|
||||
fi
|
||||
echo "Gitea internal IP found: $GITEA_IP"
|
||||
|
||||
# Lanzamos el despliegue desde un contenedor temporal que tiene acceso a todo lo necesario
|
||||
docker run --rm \
|
||||
--network gitea-stack_gitea_net \
|
||||
--add-host=gitea:$GITEA_IP \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v /opt/gestion-integral:/app \
|
||||
-w /app \
|
||||
--env DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}' \
|
||||
--env JWT_KEY='${{ secrets.JWT_KEY_SECRET }}' \
|
||||
--env REGISTRY_USER='${{ secrets.REGISTRY_USER }}' \
|
||||
--env ACTIONS_PAT='${{ secrets.ACTIONS_PAT }}' \
|
||||
docker/compose:latest \
|
||||
sh -c "\
|
||||
echo '--- Logging in to internal registry: gitea:5000 ---' && \
|
||||
docker login gitea:5000 -u \$REGISTRY_USER -p \$ACTIONS_PAT && \
|
||||
echo '--- Pulling new images using internal registry name ---' && \
|
||||
docker compose pull && \
|
||||
echo '--- Starting application stack ---' && \
|
||||
docker compose up -d"
|
||||
|
||||
- name: Cleanup dangling images
|
||||
run: |
|
||||
echo "Cleaning up old images on host..."
|
||||
docker image prune -af
|
||||
Reference in New Issue
Block a user