Ya me estoy volviendo loco, copio y pego sugerencias sin mirarlas.
All checks were successful
Build and Deploy / remote-build-and-deploy (push) Successful in 19m16s
All checks were successful
Build and Deploy / remote-build-and-deploy (push) Successful in 19m16s
This commit is contained in:
@@ -6,36 +6,15 @@ on:
|
|||||||
- main
|
- main
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# ===================================================================
|
remote-build-and-deploy:
|
||||||
# JOB 1: CONSTRUIR Y SUBIR LAS IMÁGENES (FUNCIONA PERFECTAMENTE)
|
|
||||||
# ===================================================================
|
|
||||||
build-and-push:
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
|
||||||
- name: Checkout code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Build Backend Image and Save as Tar
|
|
||||||
run: |
|
|
||||||
# ... (sin cambios aquí)
|
|
||||||
|
|
||||||
- name: Build Frontend Image and Save as Tar
|
|
||||||
run: |
|
|
||||||
# ... (sin cambios aquí)
|
|
||||||
|
|
||||||
# ===================================================================
|
|
||||||
# JOB 2: DESPLEGAR LA APLICACIÓN (LA SOLUCIÓN DEFINITIVA)
|
|
||||||
# ===================================================================
|
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: build-and-push
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Deploy to Production via SSH
|
- name: Run Entire CI/CD Process on Host via SSH
|
||||||
run: |
|
run: |
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# 1. Preparar el cliente SSH
|
# 1. Preparar el cliente SSH (sin cambios)
|
||||||
apt-get update > /dev/null && apt-get install -y openssh-client git > /dev/null
|
apt-get update > /dev/null && apt-get install -y openssh-client git > /dev/null
|
||||||
mkdir -p ~/.ssh
|
mkdir -p ~/.ssh
|
||||||
echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
|
echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
|
||||||
@@ -43,38 +22,54 @@ jobs:
|
|||||||
ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
|
ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
|
||||||
|
|
||||||
# 2. Conectarse al HOST y ejecutar todo el proceso allí
|
# 2. Conectarse al HOST y ejecutar todo el proceso allí
|
||||||
ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} 'bash -s' \
|
ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << EOF
|
||||||
'${{ secrets.DB_SA_PASSWORD_SECRET }}' \
|
set -e
|
||||||
'${{ secrets.JWT_KEY_SECRET }}' \
|
|
||||||
<< 'EOF'
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# --- PARTE 1: PREPARACIÓN ---
|
# --- PARTE 1 Y 2: PREPARACIÓN Y BUILD (SIN CAMBIOS) ---
|
||||||
echo "--- (HOST) Preparing for deployment ---"
|
echo "--- (HOST) Preparing temporary workspace & Building... ---"
|
||||||
DB_PASSWORD="$1"
|
TEMP_DIR="/tmp/gitea-build/${{ gitea.run_id }}"
|
||||||
JWT_KEY="$2"
|
REPO_NAME_RAW="${{ gitea.repository }}"
|
||||||
|
REPO_NAME=\$(echo "\$REPO_NAME_RAW" | tr '[:upper:]' '[:lower:]')
|
||||||
|
GITEA_REPO_PATH="/var/lib/docker/volumes/gitea-stack_gitea-data/_data/git/repositories/\${REPO_NAME}.git"
|
||||||
|
|
||||||
# Nos movemos al directorio de la aplicación
|
git config --global --add safe.directory "\$GITEA_REPO_PATH"
|
||||||
cd /opt/gestion-integral
|
rm -rf \$TEMP_DIR
|
||||||
|
git clone \$GITEA_REPO_PATH \$TEMP_DIR
|
||||||
|
cd \$TEMP_DIR
|
||||||
|
git checkout "${{ gitea.sha }}"
|
||||||
|
|
||||||
# --- PARTE 2: CREAR FICHERO .env TEMPORAL ---
|
docker run --rm -v "\$(pwd)":/workspace gcr.io/kaniko-project/executor:v1.9.0 \
|
||||||
echo "--- (HOST) Creating temporary .env file ---"
|
--context=/workspace --dockerfile=/workspace/Backend/GestionIntegral.Api/Dockerfile --no-push \
|
||||||
# Creamos un fichero .env que docker-compose leerá automáticamente.
|
--destination=\${REPO_NAME}-backend:latest --tarPath=/workspace/backend.tar
|
||||||
# Esto es más robusto que usar 'export'.
|
docker run --rm -v "\$(pwd)":/workspace gcr.io/kaniko-project/executor:v1.9.0 \
|
||||||
echo "DB_SA_PASSWORD=${DB_PASSWORD}" > .env
|
--context=/workspace --dockerfile=/workspace/Frontend/Dockerfile --no-push \
|
||||||
echo "JWT_KEY=${JWT_KEY}" >> .env
|
--destination=\${REPO_NAME}-frontend:latest --tarPath=/workspace/frontend.tar
|
||||||
|
|
||||||
# --- PARTE 3: DESPLEGAR ---
|
# --- PARTE 3: DESPLEGAR (LÓGICA CORREGIDA) ---
|
||||||
echo "--- (HOST) Pulling and starting application... ---"
|
echo "--- (HOST) Loading images and deploying... ---"
|
||||||
# Ya no necesitamos 'export', docker-compose usará el .env
|
|
||||||
docker compose pull
|
|
||||||
docker compose up -d
|
|
||||||
|
|
||||||
# --- PARTE 4: LIMPIEZA ---
|
docker load < backend.tar
|
||||||
echo "--- (HOST) Cleaning up... ---"
|
docker load < frontend.tar
|
||||||
# Eliminamos el fichero .env para no dejar secretos en el disco.
|
|
||||||
rm .env
|
|
||||||
docker image prune -af
|
|
||||||
|
|
||||||
echo "--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---"
|
cd /opt/gestion-integral
|
||||||
|
|
||||||
|
# --- ¡¡LA CORRECCIÓN ESTÁ AQUÍ!! ---
|
||||||
|
# 1. Creamos un archivo .env temporal EN EL HOST.
|
||||||
|
echo "Creating temporary .env file..."
|
||||||
|
cat > .env << ENV_EOF
|
||||||
|
DB_SA_PASSWORD=${{ secrets.DB_SA_PASSWORD_SECRET }}
|
||||||
|
JWT_KEY=${{ secrets.JWT_KEY_SECRET }}
|
||||||
|
ENV_EOF
|
||||||
|
|
||||||
|
# 2. docker compose leerá automáticamente el archivo .env del directorio actual.
|
||||||
|
echo "Starting application stack..."
|
||||||
|
docker compose up -d
|
||||||
|
|
||||||
|
# --- PARTE 4: LIMPIEZA (INCLUYE EL .env) ---
|
||||||
|
echo "--- (HOST) Cleaning up... ---"
|
||||||
|
rm -rf \$TEMP_DIR
|
||||||
|
rm .env # Borramos el archivo de secretos.
|
||||||
|
docker image prune -af
|
||||||
|
|
||||||
|
echo "--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---"
|
||||||
EOF
|
EOF
|
||||||
Reference in New Issue
Block a user