dmolinari/GestionIntegralWeb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Retry .env 4
Some checks failed
Build and Deploy / build-and-push (push) Successful in 1m28s
Details
Build and Deploy / deploy (push) Failing after 1m18s
Details

Browse Source
This commit is contained in:
dmolinari
2025-06-17 21:39:45 -03:00
parent 88c9f22108
commit 673fde163d
1 changed files with 54 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
.gitea/workflows/deploy.yml
View File

@@ -6,70 +6,74 @@ on:
- main - main
jobs: jobs:
remote-build-and-deploy: # ===================================================================
# JOB 1: CONSTRUIR Y SUBIR LAS IMÁGENES (FUNCIONA PERFECTAMENTE)
# ===================================================================
build-and-push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Build Backend Image and Save as Tar
run: |
# ... (sin cambios aquí)
- name: Build Frontend Image and Save as Tar
run: |
# ... (sin cambios aquí)
# ===================================================================
# JOB 2: DESPLEGAR LA APLICACIÓN (LA SOLUCIÓN DEFINITIVA)
# ===================================================================
deploy:
runs-on: ubuntu-latest
needs: build-and-push
steps: steps:
- name: Run Entire CI/CD Process on Host via SSH - name: Deploy to Production via SSH
run: | run: |
set -e set -e
# 1. Preparar el cliente SSH # 1. Preparar el cliente SSH
apt-get update > /dev/null && apt-get install -y openssh-client git > /dev/null apt-get update > /dev/null && apt-get install -y openssh-client git > /dev/null
mkdir -p ~/.ssh mkdir -p ~/.ssh
# Inyectamos el secreto de la clave SSH directamente aquí
echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
# 2. Conectarse al HOST y ejecutar todo el proceso allí # 2. Conectarse al HOST y ejecutar todo el proceso allí
# ¡¡CAMBIO CLAVE!! Usamos << EOF sin comillas para permitir la expansión de variables. ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} 'bash -s' \
ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << EOF '${{ secrets.DB_SA_PASSWORD_SECRET }}' \
'${{ secrets.JWT_KEY_SECRET }}' \
<< 'EOF'
set -e set -e
# --- PARTE 1: PREPARACIÓN (EN EL HOST) --- # --- PARTE 1: PREPARACIÓN ---
echo "--- (HOST) Preparing temporary workspace ---" echo "--- (HOST) Preparing for deployment ---"
DB_PASSWORD="$1"
# Gitea expandirá estas variables ANTES de enviar el script JWT_KEY="$2"
TEMP_DIR="/tmp/gitea-build/${{ gitea.run_id }}"
REPO_NAME_RAW="${{ gitea.repository }}"
REPO_NAME=\$(echo "\$REPO_NAME_RAW" | tr '[:upper:]' '[:lower:]')
GITEA_REPO_PATH="/var/lib/docker/volumes/gitea-stack_gitea-data/_data/git/repositories/\${REPO_NAME}.git"
git config --global --add safe.directory "\$GITEA_REPO_PATH"
echo "Cloning repository from local path: \$GITEA_REPO_PATH"
rm -rf \$TEMP_DIR
git clone \$GITEA_REPO_PATH \$TEMP_DIR
cd \$TEMP_DIR
git checkout "${{ gitea.sha }}"
# --- PARTE 2: CONSTRUIR IMÁGENES CON KANIKO (EN EL HOST) ---
echo "--- (HOST) Building images... ---"
docker run --rm -v "\$(pwd)":/workspace gcr.io/kaniko-project/executor:v1.9.0 \
--context=/workspace --dockerfile=/workspace/Backend/GestionIntegral.Api/Dockerfile --no-push \
--destination=\${REPO_NAME}-backend:latest --tarPath=/workspace/backend.tar
docker run --rm -v "\$(pwd)":/workspace gcr.io/kaniko-project/executor:v1.9.0 \
--context=/workspace --dockerfile=/workspace/Frontend/Dockerfile --no-push \
--destination=\${REPO_NAME}-frontend:latest --tarPath=/workspace/frontend.tar
# --- PARTE 3: DESPLEGAR (EN EL HOST) ---
echo "--- (HOST) Loading images and deploying... ---"
docker load < backend.tar
docker load < frontend.tar
# Nos movemos al directorio de la aplicación
cd /opt/gestion-integral cd /opt/gestion-integral
# ¡¡LA CORRECCIÓN ESTÁ AQUÍ!! Inyectamos los secretos directamente en los comandos 'export'.
export DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}' # --- PARTE 2: CREAR FICHERO .env TEMPORAL ---
export JWT_KEY='${{ secrets.JWT_KEY_SECRET }}' echo "--- (HOST) Creating temporary .env file ---"
# Creamos un fichero .env que docker-compose leerá automáticamente.
# Esto es más robusto que usar 'export'.
echo "DB_SA_PASSWORD=${DB_PASSWORD}" > .env
echo "JWT_KEY=${JWT_KEY}" >> .env
# --- PARTE 3: DESPLEGAR ---
echo "--- (HOST) Pulling and starting application... ---"
# Ya no necesitamos 'export', docker-compose usará el .env
docker compose pull
docker compose up -d docker compose up -d
# --- PARTE 4: LIMPIEZA (EN EL HOST) --- # --- PARTE 4: LIMPIEZA ---
echo "--- (HOST) Cleaning up... ---" echo "--- (HOST) Cleaning up... ---"
rm -rf \$TEMP_DIR # Eliminamos el fichero .env para no dejar secretos en el disco.
rm .env
docker image prune -af docker image prune -af
echo "--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---" echo "--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---"