qzl/eryao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(deploy): automate production rollout

Browse Source
This commit is contained in:
qzl
2026-04-30 11:02:37 +08:00
parent 688c091770
commit 79d5d0638a
3 changed files with 106 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/build-production-docker.yml
+77 -3
View File
@@ -24,6 +24,7 @@ jobs:
test -n "${{ secrets.AWS_REGION }}"
test -n "${{ secrets.AWS_ACCOUNT_ID }}"
test -n "${{ secrets.ECR_REPOSITORY }}"
test -n "${{ secrets.DEPLOY_SSH_KEY }}"
- name: Build backend production image
run: |
@@ -33,7 +34,6 @@ jobs:
--load \
--file backend/Dockerfile \
--tag ${IMAGE_NAME}:prod-${GITHUB_SHA} \
--tag ${IMAGE_NAME}:prod-latest \
.
- name: Check image size budget
@@ -88,7 +88,81 @@ jobs:
aws ecr get-login-password --region "${AWS_REGION}" \
| docker login --username AWS --password-stdin "${ecr_registry}"
docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:${GITHUB_SHA}"
docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
docker push "${ecr_image}:${GITHUB_SHA}"
image_ids="$(aws ecr list-images \
--region "${AWS_REGION}" \
--repository-name "${ECR_REPOSITORY}" \
--query 'imageIds[*]' \
--output json)"
if [ "${image_ids}" != "[]" ]; then
aws ecr batch-delete-image \
--region "${AWS_REGION}" \
--repository-name "${ECR_REPOSITORY}" \
--image-ids "${image_ids}" >/dev/null
fi
docker push "${ecr_image}:latest"
deploy-production:
needs: build-backend-image
runs-on: wsl2-docker-host
steps:
- name: Validate deploy configuration
run: |
set -euo pipefail
test -n "${{ secrets.DEPLOY_SSH_KEY }}"
test -n "${{ secrets.DEPLOY_HOST }}"
test -n "${{ secrets.DEPLOY_USER }}"
test -n "${{ secrets.AWS_ACCESS_KEY_ID }}"
test -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
test -n "${{ secrets.AWS_REGION }}"
- name: Deploy production server
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
AWS_REGION: ${{ secrets.AWS_REGION }}
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
run: |
set -euo pipefail
install -m 700 -d ~/.ssh
printf '%s\n' '${{ secrets.DEPLOY_SSH_KEY }}' > ~/.ssh/eryao_deploy_key
chmod 600 ~/.ssh/eryao_deploy_key
ssh-keyscan -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts
ssh -i ~/.ssh/eryao_deploy_key \
-o IdentitiesOnly=yes \
"${DEPLOY_USER}@${DEPLOY_HOST}" \
"AWS_ACCESS_KEY_ID='${AWS_ACCESS_KEY_ID}' AWS_SECRET_ACCESS_KEY='${AWS_SECRET_ACCESS_KEY}' AWS_DEFAULT_REGION='${AWS_REGION}' AWS_REGION='${AWS_REGION}' bash -se" <<'REMOTE'
set -euo pipefail
cd ~/deploy
set -a
. ./.env
set +a
ecr_registry="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com"
aws ecr get-login-password --region "${AWS_REGION}" \
| sudo docker login --username AWS --password-stdin "${ecr_registry}"
sudo docker compose --env-file ./.env -f docker-compose.prod.yml --profile workers pull
sudo docker compose --env-file ./.env -f docker-compose.prod.yml --profile workers up -d --remove-orphans
for attempt in $(seq 1 12); do
if curl -fsS "http://127.0.0.1:${ERYAO_WEB__PORT:-5775}/health"; then
break
fi
if [ "${attempt}" -eq 12 ]; then
sudo docker compose --env-file ./.env -f docker-compose.prod.yml --profile workers ps
sudo docker logs --tail 200 eryao-prod-backend || true
exit 1
fi
sleep 5
done
sudo docker image prune -af --filter "until=168h"
REMOTE