Retry 1128

.gitea/workflows/deploy.yml

@@ -18,12 +18,9 @@ jobs:
       - name: Create Kaniko config file
         run: echo '{"auths":{"${{ secrets.REGISTRY_URL }}":{"username":"${{ secrets.REGISTRY_USER }}","password":"${{ secrets.ACTIONS_PAT }}"}}}' > ${{ gitea.workspace }}/config.json
 
-      - name: Build and Push Backend
+      - name: Build and Push Backend & Frontend
         run: |
           docker run --rm -v ${{ gitea.workspace }}:/workspace -v ${{ gitea.workspace }}/config.json:/kaniko/.docker/config.json gcr.io/kaniko-project/executor:v1.9.0 --context=/workspace --dockerfile=/workspace/Backend/GestionIntegral.Api/Dockerfile --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-backend:latest --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-backend:${{ gitea.sha_short }} --insecure
-
-      - name: Build and Push Frontend
-        run: |
           docker run --rm -v ${{ gitea.workspace }}:/workspace -v ${{ gitea.workspace }}/config.json:/kaniko/.docker/config.json gcr.io/kaniko-project/executor:v1.9.0 --context=/workspace --dockerfile=/workspace/Frontend/Dockerfile --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-frontend:latest --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-frontend:${{ gitea.sha_short }} --insecure
 
   # ===================================================================
@@ -34,36 +31,32 @@ jobs:
     needs: build-and-push
     
     steps:
-      - name: Install Docker Tools
+      - name: Deploy to Production via SSH
         run: |
-          # Script completo para instalar docker-ce-cli
-          apt-get update && apt-get install -y --no-install-recommends ca-certificates curl && install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && chmod a+r /etc/apt/keyrings/docker.asc && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && apt-get update && apt-get install -y docker-ce-cli
-          
-      - name: Deploy Application Stack
-        run: |
-          echo "Deploying application stack using an ephemeral deployment container..."
-          
-          # Lanzamos un contenedor temporal conectado a la red de Gitea
-          docker run --rm \
-            --network gitea-stack_gitea_net \
-            -v /var/run/docker.sock:/var/run/docker.sock \
-            -v /opt/gestion-integral:/app \
-            -w /app \
-            --env DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}' \
-            --env JWT_KEY='${{ secrets.JWT_KEY_SECRET }}' \
-            --env REGISTRY_USER='${{ secrets.REGISTRY_USER }}' \
-            --env ACTIONS_PAT='${{ secrets.ACTIONS_PAT }}' \
-            docker/compose:latest \
-            sh -c "\
-              set -e && \
-              echo '--- Logging in to internal registry: gitea:5000 ---' && \
-              docker login gitea:5000 -u \$REGISTRY_USER -p \$ACTIONS_PAT && \
-              echo '--- Pulling new images... ---' && \
-              docker compose pull && \
-              echo '--- Starting application stack... ---' && \
-              docker compose up -d"
+          set -e # Fallar inmediatamente si algo sale mal
 
-      - name: Final Cleanup
-        run: |
-          echo "Cleaning up old images on host..."
-          docker image prune -af
+          echo "Preparing SSH client..."
+          apt-get update && apt-get install -y openssh-client
+          mkdir -p ~/.ssh
+          echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
+          
+          echo "Connecting to host to execute deployment..."
+          ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << 'EOF'
+            set -e # También aquí, para fallar en la sesión remota
+
+            echo "--- CONECTADO AL SERVIDOR DE PRODUCCIÓN ---"
+            cd /opt/gestion-integral
+            
+            export DB_SA_PASSWORD="${{ secrets.DB_SA_PASSWORD_SECRET }}"
+            export JWT_KEY="${{ secrets.JWT_KEY_SECRET }}"
+            
+            # La clave: El host se conecta a sí mismo.
+            echo "${{ secrets.ACTIONS_PAT }}" | docker login 127.0.0.1:5000 -u ${{ secrets.REGISTRY_USER }} --password-stdin
+            
+            docker compose pull
+            docker compose up -d
+            docker image prune -af
+            
+            echo "--- ¡¡DESPLIEGUE REALIZADO CON ÉXITO!! ---"