fix: restore shared production env during deploy
This commit is contained in:
cesnimda
+14
-2
@@ -5,6 +5,7 @@ This repo includes `.gitea/workflows/ci-deploy.yml` for:
|
|||||||
- backend build
|
- backend build
|
||||||
- backend tests
|
- backend tests
|
||||||
- frontend tests
|
- frontend tests
|
||||||
|
- frontend production build
|
||||||
- deployment to Ubuntu after successful tests on `main`
|
- deployment to Ubuntu after successful tests on `main`
|
||||||
|
|
||||||
### Required secrets in Gitea
|
### Required secrets in Gitea
|
||||||
@@ -16,13 +17,24 @@ This repo includes `.gitea/workflows/ci-deploy.yml` for:
|
|||||||
Recommended app path:
|
Recommended app path:
|
||||||
- `/opt/job-tracker/app`
|
- `/opt/job-tracker/app`
|
||||||
|
|
||||||
|
Persistent runtime secrets path:
|
||||||
|
- `/opt/job-tracker/shared/.env`
|
||||||
|
|
||||||
Requirements:
|
Requirements:
|
||||||
- Docker Engine
|
- Docker Engine
|
||||||
- Docker Compose plugin
|
- Docker Compose plugin
|
||||||
- reverse proxy in front (Nginx, Caddy, or Traefik)
|
- reverse proxy in front (Nginx, Caddy, or Traefik)
|
||||||
- `.env` file present on server in `/opt/job-tracker/app/.env`
|
- shared env file present on server in `/opt/job-tracker/shared/.env`
|
||||||
- network connectivity from the backend container to your `mariadb` container/service
|
- network connectivity from the backend container to your `mariadb` container/service
|
||||||
|
|
||||||
|
The deploy script will automatically create a symlink from:
|
||||||
|
- `/opt/job-tracker/shared/.env`
|
||||||
|
|
||||||
|
to:
|
||||||
|
- `/opt/job-tracker/app/.env`
|
||||||
|
|
||||||
|
This keeps secrets outside the uploaded repo checkout so they are not wiped by CI deploys.
|
||||||
|
|
||||||
### Example production `.env`
|
### Example production `.env`
|
||||||
```env
|
```env
|
||||||
DATABASE_PROVIDER=mariadb
|
DATABASE_PROVIDER=mariadb
|
||||||
@@ -62,7 +74,7 @@ If this app is going to be a real production service on Ubuntu:
|
|||||||
1. push to `main`
|
1. push to `main`
|
||||||
2. Gitea Actions runs tests
|
2. Gitea Actions runs tests
|
||||||
3. if green, workflow uploads repo to server
|
3. if green, workflow uploads repo to server
|
||||||
4. `deploy/deploy.sh` runs `docker compose build && docker compose up -d`
|
4. `deploy/deploy.sh` links `/opt/job-tracker/shared/.env` into the repo checkout, then runs `docker compose build && docker compose up -d`
|
||||||
5. workflow checks service status after deployment
|
5. workflow checks service status after deployment
|
||||||
|
|
||||||
## Post-deploy verification you should also do manually the first time
|
## Post-deploy verification you should also do manually the first time
|
||||||
|
|||||||
+13
-2
@@ -3,8 +3,19 @@ set -euo pipefail
|
|||||||
|
|
||||||
cd "$(dirname "$0")/.."
|
cd "$(dirname "$0")/.."
|
||||||
|
|
||||||
if [ ! -f .env ]; then
|
ENV_SOURCE="/opt/job-tracker/shared/.env"
|
||||||
echo "Missing .env in deployment directory"
|
ENV_TARGET=".env"
|
||||||
|
|
||||||
|
if [ ! -f "$ENV_SOURCE" ]; then
|
||||||
|
echo "Missing shared env file at $ENV_SOURCE"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Keep runtime secrets outside the repo checkout so workflow uploads cannot wipe them.
|
||||||
|
ln -sf "$ENV_SOURCE" "$ENV_TARGET"
|
||||||
|
|
||||||
|
if [ ! -f "$ENV_TARGET" ]; then
|
||||||
|
echo "Failed to link deployment env file into $(pwd)/$ENV_TARGET"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user