0e14d2761a
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 4m37s
- Add /health endpoint (returns 200, skips auth middleware) - Healthcheck now hits /health instead of / (which 302s to OAuth) - Advisory lock in db.init_pool() prevents deadlock when 4 uvicorn workers race to run schema DDL - CI: --resolve-image always on docker stack deploy to force re-pull Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
115 lines
3.8 KiB
YAML
115 lines
3.8 KiB
YAML
name: Build and Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
env:
|
|
REGISTRY: registry.rose-ash.com:5000
|
|
ARTDAG_DIR: /root/art-dag-mono
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install tools
|
|
run: |
|
|
apt-get update && apt-get install -y --no-install-recommends openssh-client
|
|
|
|
- name: Set up SSH
|
|
env:
|
|
SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
|
|
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "$SSH_KEY" > ~/.ssh/id_rsa
|
|
chmod 600 ~/.ssh/id_rsa
|
|
ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
- name: Build and deploy
|
|
env:
|
|
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
|
|
run: |
|
|
ssh "root@$DEPLOY_HOST" "
|
|
cd ${{ env.ARTDAG_DIR }}
|
|
|
|
OLD_HEAD=\$(git rev-parse HEAD 2>/dev/null || echo none)
|
|
|
|
git fetch origin main
|
|
git reset --hard origin/main
|
|
|
|
NEW_HEAD=\$(git rev-parse HEAD)
|
|
|
|
# Change detection
|
|
BUILD_L1=false
|
|
BUILD_L2=false
|
|
if [ \"\$OLD_HEAD\" = \"none\" ] || [ \"\$OLD_HEAD\" = \"\$NEW_HEAD\" ]; then
|
|
BUILD_L1=true
|
|
BUILD_L2=true
|
|
else
|
|
CHANGED=\$(git diff --name-only \$OLD_HEAD \$NEW_HEAD)
|
|
# common/ or core/ change -> rebuild both
|
|
if echo \"\$CHANGED\" | grep -qE '^(common|core)/'; then
|
|
BUILD_L1=true
|
|
BUILD_L2=true
|
|
fi
|
|
if echo \"\$CHANGED\" | grep -q '^l1/'; then
|
|
BUILD_L1=true
|
|
fi
|
|
if echo \"\$CHANGED\" | grep -q '^l2/'; then
|
|
BUILD_L2=true
|
|
fi
|
|
if echo \"\$CHANGED\" | grep -q '^client/'; then
|
|
BUILD_L1=true
|
|
fi
|
|
fi
|
|
|
|
# Build L1
|
|
if [ \"\$BUILD_L1\" = true ]; then
|
|
echo 'Building L1...'
|
|
docker build \
|
|
--build-arg CACHEBUST=\$(date +%s) \
|
|
-f l1/Dockerfile \
|
|
-t ${{ env.REGISTRY }}/celery-l1-server:latest \
|
|
-t ${{ env.REGISTRY }}/celery-l1-server:${{ github.sha }} \
|
|
.
|
|
docker push ${{ env.REGISTRY }}/celery-l1-server:latest
|
|
docker push ${{ env.REGISTRY }}/celery-l1-server:${{ github.sha }}
|
|
else
|
|
echo 'Skipping L1 (no changes)'
|
|
fi
|
|
|
|
# Build L2
|
|
if [ \"\$BUILD_L2\" = true ]; then
|
|
echo 'Building L2...'
|
|
docker build \
|
|
--build-arg CACHEBUST=\$(date +%s) \
|
|
-f l2/Dockerfile \
|
|
-t ${{ env.REGISTRY }}/l2-server:latest \
|
|
-t ${{ env.REGISTRY }}/l2-server:${{ github.sha }} \
|
|
.
|
|
docker push ${{ env.REGISTRY }}/l2-server:latest
|
|
docker push ${{ env.REGISTRY }}/l2-server:${{ github.sha }}
|
|
else
|
|
echo 'Skipping L2 (no changes)'
|
|
fi
|
|
|
|
# Deploy stacks (--resolve-image always forces re-pull of :latest)
|
|
if [ \"\$BUILD_L1\" = true ]; then
|
|
cd l1 && source .env && docker stack deploy --resolve-image always -c docker-compose.yml celery && cd ..
|
|
echo 'L1 stack deployed'
|
|
fi
|
|
if [ \"\$BUILD_L2\" = true ]; then
|
|
cd l2 && source .env && docker stack deploy --resolve-image always -c docker-compose.yml activitypub && cd ..
|
|
echo 'L2 stack deployed'
|
|
fi
|
|
|
|
sleep 10
|
|
echo '=== L1 Services ==='
|
|
docker stack services celery
|
|
echo '=== L2 Services ==='
|
|
docker stack services activitypub
|
|
"
|