Switch gateway CI to registry-based build and deploy
This commit is contained in:
@@ -7,13 +7,12 @@ on:
|
|||||||
|
|
||||||
env:
|
env:
|
||||||
DEPLOY_PATH: /opt/vpn-proxy
|
DEPLOY_PATH: /opt/vpn-proxy
|
||||||
DEPLOY_HOST: 192.168.50.111
|
|
||||||
BASE_IMAGE: vpn-proxy-runtime-base:bookworm-slim
|
BASE_IMAGE: vpn-proxy-runtime-base:bookworm-slim
|
||||||
RUNTIME_BASE_SOURCE_IMAGE: mirror.gcr.io/library/debian:bookworm-slim
|
RUNTIME_BASE_SOURCE_IMAGE: mirror.gcr.io/library/debian:bookworm-slim
|
||||||
SINGBOX_VERSION: 1.12.13
|
SINGBOX_VERSION: 1.12.13
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-deploy:
|
build-and-push:
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
steps:
|
steps:
|
||||||
- name: Clone repository
|
- name: Clone repository
|
||||||
@@ -27,16 +26,67 @@ jobs:
|
|||||||
cd repo
|
cd repo
|
||||||
git checkout ${{ gitea.sha }}
|
git checkout ${{ gitea.sha }}
|
||||||
|
|
||||||
- name: Build on runner 107 and deploy to 111
|
- name: Build and push gateway image
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
cd repo
|
cd repo
|
||||||
|
|
||||||
BUILD_HOST=local \
|
npm ci --no-audit --no-fund
|
||||||
DEPLOY_HOST="${{ env.DEPLOY_HOST }}" \
|
npm run build
|
||||||
DEPLOY_PATH="${{ env.DEPLOY_PATH }}" \
|
|
||||||
BASE_IMAGE="${{ env.BASE_IMAGE }}" \
|
REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
|
||||||
RUNTIME_BASE_SOURCE_IMAGE="${{ env.RUNTIME_BASE_SOURCE_IMAGE }}" \
|
IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}/gateway"
|
||||||
SINGBOX_VERSION="${{ env.SINGBOX_VERSION }}" \
|
|
||||||
IMAGE_TAG="${{ gitea.sha }}" \
|
echo "Build runner: $(hostname)"
|
||||||
bash scripts/build-on-107-deploy-111.sh
|
echo "Base image: ${{ env.BASE_IMAGE }}"
|
||||||
|
echo "Docker context: $(docker context show 2>/dev/null || true)"
|
||||||
|
docker info 2>/dev/null | sed -n '/HTTP Proxy:/p;/HTTPS Proxy:/p;/Name:/p'
|
||||||
|
|
||||||
|
if ! docker image inspect "${{ env.BASE_IMAGE }}" >/dev/null 2>&1; then
|
||||||
|
echo "Runtime base image ${{ env.BASE_IMAGE }} is missing; building it now."
|
||||||
|
BASE_IMAGE="${{ env.RUNTIME_BASE_SOURCE_IMAGE }}" \
|
||||||
|
RUNTIME_BASE_IMAGE="${{ env.BASE_IMAGE }}" \
|
||||||
|
SINGBOX_VERSION="${{ env.SINGBOX_VERSION }}" \
|
||||||
|
./scripts/build-runtime-base.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "$REGISTRY_HOST" -u "${{ gitea.actor }}" --password-stdin
|
||||||
|
DOCKER_BUILDKIT=1 docker build \
|
||||||
|
--network host \
|
||||||
|
--pull=false \
|
||||||
|
--build-arg BASE_IMAGE="${{ env.BASE_IMAGE }}" \
|
||||||
|
--build-arg SINGBOX_VERSION="${{ env.SINGBOX_VERSION }}" \
|
||||||
|
--build-arg INSTALL_RUNTIME_DEPS=false \
|
||||||
|
--build-arg INSTALL_SINGBOX=false \
|
||||||
|
-t "${IMAGE}:latest" \
|
||||||
|
-t "${IMAGE}:${{ gitea.sha }}" \
|
||||||
|
.
|
||||||
|
docker push "${IMAGE}:latest"
|
||||||
|
docker push "${IMAGE}:${{ gitea.sha }}"
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
runs-on: lxc-113
|
||||||
|
needs: build-and-push
|
||||||
|
steps:
|
||||||
|
- name: Clone repository
|
||||||
|
env:
|
||||||
|
GIT_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
SERVER_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
|
||||||
|
rm -rf repo
|
||||||
|
git clone --depth 2 "http://${{ gitea.actor }}:${GIT_TOKEN}@${SERVER_HOST}/${{ gitea.repository }}.git" repo
|
||||||
|
cd repo
|
||||||
|
git checkout ${{ gitea.sha }}
|
||||||
|
|
||||||
|
- name: Pull and deploy gateway image
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
cd repo
|
||||||
|
|
||||||
|
REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
|
||||||
|
IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}/gateway"
|
||||||
|
|
||||||
|
echo "Deploy runner: $(hostname)"
|
||||||
|
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "$REGISTRY_HOST" -u "${{ gitea.actor }}" --password-stdin
|
||||||
|
DEPLOY_PATH="${{ env.DEPLOY_PATH }}" GATEWAY_IMAGE="${IMAGE}:${{ gitea.sha }}" bash scripts/deploy-gateway.sh
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ DOCKER_BUILD_PULL="${DOCKER_BUILD_PULL:-false}"
|
|||||||
INSTALL_RUNTIME_DEPS="${INSTALL_RUNTIME_DEPS:-false}"
|
INSTALL_RUNTIME_DEPS="${INSTALL_RUNTIME_DEPS:-false}"
|
||||||
INSTALL_SINGBOX="${INSTALL_SINGBOX:-false}"
|
INSTALL_SINGBOX="${INSTALL_SINGBOX:-false}"
|
||||||
AUTO_BUILD_RUNTIME_BASE="${AUTO_BUILD_RUNTIME_BASE:-true}"
|
AUTO_BUILD_RUNTIME_BASE="${AUTO_BUILD_RUNTIME_BASE:-true}"
|
||||||
|
SSH_CONNECT_TIMEOUT="${SSH_CONNECT_TIMEOUT:-10}"
|
||||||
|
|
||||||
echo "Build host: ${BUILD_HOST}"
|
echo "Build host: ${BUILD_HOST}"
|
||||||
echo "Deploy host: ${DEPLOY_HOST}"
|
echo "Deploy host: ${DEPLOY_HOST}"
|
||||||
@@ -35,13 +36,24 @@ ensure_known_host() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssh_cmd() {
|
||||||
|
ssh \
|
||||||
|
-o BatchMode=yes \
|
||||||
|
-o ConnectTimeout="${SSH_CONNECT_TIMEOUT}" \
|
||||||
|
-o ServerAliveInterval=15 \
|
||||||
|
-o ServerAliveCountMax=4 \
|
||||||
|
"$@"
|
||||||
|
}
|
||||||
|
|
||||||
echo "Syncing source to ${BUILD_HOST}:${BUILD_PATH}"
|
echo "Syncing source to ${BUILD_HOST}:${BUILD_PATH}"
|
||||||
if [ "${BUILD_HOST}" = "local" ]; then
|
if [ "${BUILD_HOST}" = "local" ]; then
|
||||||
BUILD_PATH="$(pwd)"
|
BUILD_PATH="$(pwd)"
|
||||||
echo "Using local source at ${BUILD_PATH}"
|
echo "Using local source at ${BUILD_PATH}"
|
||||||
else
|
else
|
||||||
ssh "${BUILD_HOST}" "mkdir -p '${BUILD_PATH}'"
|
ensure_known_host "${BUILD_HOST}"
|
||||||
|
ssh_cmd "${BUILD_HOST}" "mkdir -p '${BUILD_PATH}'"
|
||||||
rsync -az --delete \
|
rsync -az --delete \
|
||||||
|
-e "ssh -o BatchMode=yes -o ConnectTimeout=${SSH_CONNECT_TIMEOUT} -o ServerAliveInterval=15 -o ServerAliveCountMax=4" \
|
||||||
--exclude '.git' \
|
--exclude '.git' \
|
||||||
--exclude '.vpn-proxy' \
|
--exclude '.vpn-proxy' \
|
||||||
--exclude 'node_modules' \
|
--exclude 'node_modules' \
|
||||||
@@ -54,7 +66,8 @@ BUILD_COMMAND="set -e; echo 'Docker context:' \$(docker context show 2>/dev/null
|
|||||||
if [ "${BUILD_HOST}" = "local" ]; then
|
if [ "${BUILD_HOST}" = "local" ]; then
|
||||||
bash -lc "${BUILD_COMMAND}"
|
bash -lc "${BUILD_COMMAND}"
|
||||||
else
|
else
|
||||||
ssh "${BUILD_HOST}" "${BUILD_COMMAND}"
|
ensure_known_host "${BUILD_HOST}"
|
||||||
|
ssh_cmd "${BUILD_HOST}" "${BUILD_COMMAND}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Loading image into ${DEPLOY_HOST}"
|
echo "Loading image into ${DEPLOY_HOST}"
|
||||||
@@ -62,12 +75,17 @@ if [ "${BUILD_HOST}" = "local" ] && [ "${DEPLOY_HOST}" = "local" ]; then
|
|||||||
docker image inspect "${GATEWAY_IMAGE}" >/dev/null
|
docker image inspect "${GATEWAY_IMAGE}" >/dev/null
|
||||||
elif [ "${BUILD_HOST}" = "local" ]; then
|
elif [ "${BUILD_HOST}" = "local" ]; then
|
||||||
ensure_known_host "${DEPLOY_HOST}"
|
ensure_known_host "${DEPLOY_HOST}"
|
||||||
docker save "${GATEWAY_IMAGE}" | ssh "${DEPLOY_HOST}" "docker load"
|
echo "Checking SSH access to ${DEPLOY_HOST}"
|
||||||
|
ssh_cmd "${DEPLOY_HOST}" "true"
|
||||||
|
echo "Transferring image to ${DEPLOY_HOST}"
|
||||||
|
docker save "${GATEWAY_IMAGE}" | ssh_cmd "${DEPLOY_HOST}" "docker load"
|
||||||
elif [ "${DEPLOY_HOST}" = "local" ]; then
|
elif [ "${DEPLOY_HOST}" = "local" ]; then
|
||||||
ssh "${BUILD_HOST}" "docker save '${GATEWAY_IMAGE}'" | docker load
|
ensure_known_host "${BUILD_HOST}"
|
||||||
|
ssh_cmd "${BUILD_HOST}" "docker save '${GATEWAY_IMAGE}'" | docker load
|
||||||
else
|
else
|
||||||
|
ensure_known_host "${BUILD_HOST}"
|
||||||
ensure_known_host "${DEPLOY_HOST}"
|
ensure_known_host "${DEPLOY_HOST}"
|
||||||
ssh "${BUILD_HOST}" "docker save '${GATEWAY_IMAGE}'" | ssh "${DEPLOY_HOST}" "docker load"
|
ssh_cmd "${BUILD_HOST}" "docker save '${GATEWAY_IMAGE}'" | ssh_cmd "${DEPLOY_HOST}" "docker load"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Copying deploy script to ${DEPLOY_HOST}:${DEPLOY_PATH}"
|
echo "Copying deploy script to ${DEPLOY_HOST}:${DEPLOY_PATH}"
|
||||||
@@ -76,8 +94,10 @@ if [ "${DEPLOY_HOST}" = "local" ]; then
|
|||||||
cp scripts/deploy-gateway.sh "${DEPLOY_PATH}/deploy-gateway.sh"
|
cp scripts/deploy-gateway.sh "${DEPLOY_PATH}/deploy-gateway.sh"
|
||||||
else
|
else
|
||||||
ensure_known_host "${DEPLOY_HOST}"
|
ensure_known_host "${DEPLOY_HOST}"
|
||||||
ssh "${DEPLOY_HOST}" "mkdir -p '${DEPLOY_PATH}'"
|
ssh_cmd "${DEPLOY_HOST}" "mkdir -p '${DEPLOY_PATH}'"
|
||||||
rsync -az scripts/deploy-gateway.sh "${DEPLOY_HOST}:${DEPLOY_PATH}/deploy-gateway.sh"
|
rsync -az \
|
||||||
|
-e "ssh -o BatchMode=yes -o ConnectTimeout=${SSH_CONNECT_TIMEOUT} -o ServerAliveInterval=15 -o ServerAliveCountMax=4" \
|
||||||
|
scripts/deploy-gateway.sh "${DEPLOY_HOST}:${DEPLOY_PATH}/deploy-gateway.sh"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Starting gateway on ${DEPLOY_HOST}"
|
echo "Starting gateway on ${DEPLOY_HOST}"
|
||||||
@@ -87,6 +107,6 @@ if [ "${DEPLOY_HOST}" = "local" ]; then
|
|||||||
DEPLOY_PATH="${DEPLOY_PATH}" GATEWAY_IMAGE="${GATEWAY_IMAGE}" PULL_IMAGE=false ./deploy-gateway.sh
|
DEPLOY_PATH="${DEPLOY_PATH}" GATEWAY_IMAGE="${GATEWAY_IMAGE}" PULL_IMAGE=false ./deploy-gateway.sh
|
||||||
else
|
else
|
||||||
ensure_known_host "${DEPLOY_HOST}"
|
ensure_known_host "${DEPLOY_HOST}"
|
||||||
ssh "${DEPLOY_HOST}" \
|
ssh_cmd "${DEPLOY_HOST}" \
|
||||||
"cd '${DEPLOY_PATH}' && chmod +x ./deploy-gateway.sh && DEPLOY_PATH='${DEPLOY_PATH}' GATEWAY_IMAGE='${GATEWAY_IMAGE}' PULL_IMAGE=false ./deploy-gateway.sh"
|
"cd '${DEPLOY_PATH}' && chmod +x ./deploy-gateway.sh && DEPLOY_PATH='${DEPLOY_PATH}' GATEWAY_IMAGE='${GATEWAY_IMAGE}' PULL_IMAGE=false ./deploy-gateway.sh"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user