sam/dev_arc_aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dev_arc_aws/.forgejo/workflows/deploy.yml

51 lines
1.8 KiB
YAML
Raw Permalink Normal View History

Add Forgejo Actions build + deploy pipeline (registry -> racknerd2) Build the frontend and backend images in CI, push them to the Forgejo container registry, and deploy to racknerd2 (validation host) over the NetBird mesh. racknerd2 only pulls + runs (1.9 GiB RAM, never builds). - .forgejo/workflows/build.yml: on push to main / manual, build both images and push :latest + :<sha> to forgejo.snsnetlabs.com/sam/... (installs the docker CLI in the job; relies on the runner's docker_host=automount to reach the host engine). - .forgejo/workflows/deploy.yml: manual dispatch; SSH to racknerd2, docker compose pull + up -d, then /api/health check. - deploy/docker-compose.yml: registry-image compose. Ports bound to the mesh IP only (Docker bypasses ufw), so the app is reachable over the mesh, not the public interface. - deploy/.env.example + deploy/README.md: deploy host config + full pipeline/prereq docs. - .gitignore: ignore real .env / deploy/.env. Co-authored-by: Samuel James <ssamjame@amazon.com> Co-authored-by: Kiro <noreply@kiro.dev>
2026-06-25 10:04:59 -04:00
name: Deploy to racknerd2
# Manual-only. Pulls the pre-built images from the registry onto racknerd2
# (validation host) over the NetBird mesh and restarts the stack. Build the
# images first with the "Build & Push Images" workflow.
#
# Requirements (see deploy/README.md):
# - Forgejo Actions secret RACKNERD2_SSH_KEY: private key authorized for
# root@racknerd2 (mesh IP 100.96.217.250).
# - racknerd2 already prepared: Docker installed, logged in to the registry,
# and /opt/archnest/{docker-compose.yml,.env} in place.
on:
workflow_dispatch:
inputs:
tag:
description: "Image tag to deploy (commit SHA or 'latest')"
required: true
default: latest
env:
DEPLOY_HOST: 100.96.217.250
DEPLOY_DIR: /opt/archnest
jobs:
deploy:
runs-on: docker
steps:
- name: Install SSH client
run: |
apt-get update
apt-get install -y --no-install-recommends openssh-client
- name: Write deploy key
run: |
install -m 700 -d ~/.ssh
printf '%s\n' "${{ secrets.RACKNERD2_SSH_KEY }}" > ~/.ssh/id_deploy
chmod 600 ~/.ssh/id_deploy
- name: Pull images and restart stack
run: |
ssh -i ~/.ssh/id_deploy -o StrictHostKeyChecking=accept-new \
root@"$DEPLOY_HOST" \
"cd $DEPLOY_DIR && ARCHNEST_TAG='${{ inputs.tag }}' docker compose pull && ARCHNEST_TAG='${{ inputs.tag }}' docker compose up -d --remove-orphans"
- name: Health check (backend /api/health via mesh)
run: |
ssh -i ~/.ssh/id_deploy -o StrictHostKeyChecking=accept-new \
root@"$DEPLOY_HOST" \
"for i in \$(seq 1 30); do curl -fsS http://$DEPLOY_HOST:8080/api/health && echo OK && exit 0; sleep 2; done; echo 'health check failed'; cd $DEPLOY_DIR && docker compose logs --tail=50; exit 1"
Reference in a new issue Copy permalink