giersig.eu/indiekit-server
1
0
Fork 0
Code Issues Actions Packages Projects Releases Activity
Files
59ea628595f2699f47d668efe48e0791818d74f7
indiekit-server/.github/workflows/deploy.yml
Sven 59ea628595
Some checks failed
Deploy Indiekit Server / deploy (push) Failing after 3s
Details
ci: replace GitHub Actions deploy with Gitea FreeBSD runner 
- runs-on: freebsd (act_runner host label) instead of ubuntu-latest
- Drop appleboy/ssh-action; use plain ssh in a run step (same pattern as
  indiekit-blog deploy.yml)
- Drop actions/setup-node; no build step on runner side
- On deploy: set git remote to internal Gitea URL, fetch, reset --hard
- npm ci --legacy-peer-deps (postinstall applies all patches automatically)
- .env and SECRET preflight checks; preflight-production-security and
  preflight-mongo-connection before restart
- Async restart via nohup + poll loop (avoids SSH hanging on open stdout)
- add workflow_dispatch trigger

Required repo secrets: SSH_PRIVATE_KEY, SSH_USER, SSH_HOST
(copy values from giersig.eu/indiekit-blog repo secrets)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-31 13:17:33 +02:00

59 lines
2.5 KiB
YAML
Raw Blame History

name: Deploy Indiekit Server
on:
push:
branches: [main]
workflow_dispatch:
jobs:
deploy:
runs-on: freebsd
steps:
- uses: actions/checkout@v4
- name: Deploy to node jail
run: |
set -eu
mkdir -p ~/.ssh
printf '%s\n' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -p 222 ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
ssh -p 222 ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << SSHEOF
set -eu
restart_log=/tmp/indiekit-restart.log
# Update code as indiekit user; point remote at internal Gitea (no auth needed — public read).
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && git remote set-url origin http://10.100.0.90:3000/giersig.eu/indiekit-server.git && git fetch origin && git reset --hard origin/main"'
# Install dependencies (postinstall runs all patches automatically).
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && npm ci --legacy-peer-deps"'
# Ensure env file and required secrets are present.
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && test -f .env"'
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && grep -Eq \"^SECRET=.+\" .env || { echo \"Missing SECRET in .env\"; exit 1; }"'
# Preflight checks before touching the running service.
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && NODE_ENV=production node scripts/preflight-production-security.mjs"'
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && NODE_ENV=production node scripts/preflight-mongo-connection.mjs"'
# Restart asynchronously to avoid the SSH session hanging on open stdout.
sudo bastille cmd node sh -lc "nohup service indiekit restart >\${restart_log} 2>&1 </dev/null &"
# Wait for service to come up.
attempts=0
while [ \$attempts -lt 30 ]; do
if sudo bastille cmd node sh -lc 'service indiekit onestatus >/dev/null 2>&1'; then
echo "IndieKit is running."
exit 0
fi
attempts=\$((attempts + 1))
sleep 2
done
echo "IndieKit failed to start."
sudo bastille cmd node sh -lc "tail -n 120 \${restart_log} || true"
sudo bastille cmd node sh -lc 'service indiekit onestatus || true'
exit 1
SSHEOF
Reference in New Issue View Git Blame Copy Permalink