044cafecc1
Some checks failed
Build and Deploy MoneyMaker / build-and-deploy (push) Has been cancelled
- Remove sed substitution from pipeline (no more __PLACEHOLDER__ pattern)
- Nomad template{} reads mmd/* keys from Consul KV at allocation time
- Secrets never touch git or pipeline logs
- Remove Gitea secrets dependency for app secrets (only HARBOR_ROBOT_TOKEN needed)
106 lines
2.9 KiB
YAML
106 lines
2.9 KiB
YAML
name: Build and Deploy MoneyMaker
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: debian-host
|
|
|
|
env:
|
|
PATH: /usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/bin:/snap/bin
|
|
DOCKER_HOST: unix:///var/run/docker.sock
|
|
IMAGE: registry.i80.dk/gitea/mmd
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: System info
|
|
run: |
|
|
uname -a
|
|
whoami
|
|
docker --version
|
|
|
|
- name: Log in to Harbor Registry
|
|
run: |
|
|
echo "${{ secrets.HARBOR_ROBOT_TOKEN }}" | docker login registry.i80.dk -u "robot\$gitserver" --password-stdin
|
|
|
|
- name: Build Docker image
|
|
run: |
|
|
docker build \
|
|
--build-arg BUILD_VERSION="${{ github.ref_name }}-${{ github.sha }}" \
|
|
--build-arg GIT_COMMIT="${{ github.sha }}" \
|
|
--build-arg BUILD_TIME="${{ github.event.head_commit.timestamp }}" \
|
|
-t $IMAGE:latest \
|
|
-t $IMAGE:${{ github.sha }} \
|
|
.
|
|
|
|
- name: Push Docker image
|
|
run: |
|
|
docker push $IMAGE:latest
|
|
docker push $IMAGE:${{ github.sha }}
|
|
|
|
- name: Ensure data directory on int node
|
|
run: |
|
|
# Run a one-shot batch job on 'int' to create /opt/nomad/volumes/moneymaker-data
|
|
cat <<'EOF' > mkdir_job.nomad
|
|
job "mmd-mkdir" {
|
|
type = "batch"
|
|
datacenters = ["dc1"]
|
|
group "setup" {
|
|
count = 1
|
|
constraint {
|
|
attribute = "${node.unique.name}"
|
|
value = "int"
|
|
}
|
|
task "mkdir" {
|
|
driver = "docker"
|
|
config {
|
|
image = "busybox:latest"
|
|
command = "/bin/sh"
|
|
args = ["-c", "mkdir -p /host/moneymaker-data && chmod 777 /host/moneymaker-data && echo 'Created OK'"]
|
|
volumes = ["/opt/nomad/volumes:/host"]
|
|
}
|
|
resources { cpu = 50; memory = 32 }
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
nomad job run mkdir_job.nomad
|
|
sleep 10
|
|
nomad job status mmd-mkdir
|
|
nomad job stop -purge mmd-mkdir || true
|
|
env:
|
|
NOMAD_ADDR: "https://nomad.i80.dk:4646"
|
|
|
|
- name: Validate Nomad job
|
|
run: nomad job validate mmd.nomad
|
|
env:
|
|
NOMAD_ADDR: "https://nomad.i80.dk:4646"
|
|
|
|
- name: Deploy to Nomad
|
|
run: nomad job run mmd.nomad
|
|
env:
|
|
NOMAD_ADDR: "https://nomad.i80.dk:4646"
|
|
|
|
- name: Wait for deployment
|
|
run: |
|
|
sleep 15
|
|
nomad job status moneymaker
|
|
nomad job allocs moneymaker
|
|
env:
|
|
NOMAD_ADDR: "https://nomad.i80.dk:4646"
|
|
|
|
- name: Health check
|
|
run: |
|
|
sleep 30
|
|
curl -f https://mmd.i80.dk/health || echo "Not yet via Traefik — check Nomad UI"
|
|
|
|
- name: Deployment summary
|
|
run: |
|
|
echo "Done! Dashboard: https://mmd.i80.dk Health: https://mmd.i80.dk/health"
|