From dddcb45965210e03d564e97917cccbd22fc4c194 Mon Sep 17 00:00:00 2001 From: Aleksandr Meshchriakov Date: Tue, 28 Apr 2026 11:09:21 +0200 Subject: [PATCH] ci: push images with docker and fold dev db cleanup --- .env.prod.example | 4 +- .gitea/workflows/ci-cd.yml | 123 ++++++++++++++++++++---- .gitea/workflows/dev-db-maintenance.yml | 77 --------------- 3 files changed, 107 insertions(+), 97 deletions(-) delete mode 100644 .gitea/workflows/dev-db-maintenance.yml diff --git a/.env.prod.example b/.env.prod.example index 4650201..f266c09 100644 --- a/.env.prod.example +++ b/.env.prod.example @@ -42,5 +42,5 @@ STATE_CORP_EXCHANGE_TOKEN= STATE_CORP_EXCHANGE_KEY_ID=state-corp-shared-token STATE_CORP_EXCHANGE_TIMEOUT_SECONDS=60 -WEB_IMAGE=10.10.0.50/avm/mostovik-backend-web:dev -CELERY_IMAGE=10.10.0.50/avm/mostovik-backend-celery:dev +WEB_IMAGE=registry.dev.nii-ecos.ru/avm/mostovik-backend-web:dev +CELERY_IMAGE=registry.dev.nii-ecos.ru/avm/mostovik-backend-celery:dev diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml index 0c5ce3f..0f89eea 100644 --- a/.gitea/workflows/ci-cd.yml +++ b/.gitea/workflows/ci-cd.yml @@ -13,10 +13,18 @@ on: - dev workflow_dispatch: inputs: + manual_action: + description: "Manual action: dokploy_start or cleanup_dev_database" + required: true + default: "dokploy_start" dokploy_target: description: "Dokploy dev target: all, web, or celery" required: true default: "all" + cleanup_confirm: + description: "Type CLEAN_DEV_DB to drop and recreate the dev public schema" + required: false + default: "" concurrency: group: mostovik-backend-${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} @@ -29,7 +37,6 @@ env: REGISTRY_NAMESPACE: "${{ github.repository_owner }}" WEB_IMAGE: "mostovik-backend-web" CELERY_IMAGE: "mostovik-backend-celery" - CRANE_VERSION: "v0.19.0" UV_VERSION: "0.7.2" PIP_DISABLE_PIP_VERSION_CHECK: "1" @@ -134,11 +141,6 @@ jobs: run: | set -euo pipefail - curl -fsSL \ - "https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \ - | tar xz crane - chmod +x crane - BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME:-branch}}" BRANCH_TAG=$(printf '%s' "${BRANCH}" \ | tr '[:upper:]' '[:lower:]' \ @@ -163,23 +165,36 @@ jobs: fi echo "${REGISTRY_PASSWORD}" \ - | ./crane auth login "${REGISTRY_HOST}" \ + | docker login "${REGISTRY_HOST}" \ -u "${REGISTRY_USER}" \ --password-stdin + WEB_TAGS=( + -t "${WEB_REF}:${BRANCH_TAG}" + -t "${WEB_REF}:${BRANCH_TAG}-${SHA_SHORT}" + ) + CELERY_TAGS=( + -t "${CELERY_REF}:${BRANCH_TAG}" + -t "${CELERY_REF}:${BRANCH_TAG}-${SHA_SHORT}" + ) + if [ "${GITHUB_REF_NAME}" = "main" ]; then + WEB_TAGS+=(-t "${WEB_REF}:latest") + CELERY_TAGS+=(-t "${CELERY_REF}:latest") + fi + docker build \ -f ./docker/Dockerfile \ --target runtime-web \ --build-arg INSTALL_DEV=false \ --label "org.opencontainers.image.revision=${GITHUB_SHA}" \ --label "org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" \ - -t "${WEB_IMAGE}:local" . - docker save "${WEB_IMAGE}:local" -o /tmp/web.tar + "${WEB_TAGS[@]}" \ + . - ./crane push /tmp/web.tar "${WEB_REF}:${BRANCH_TAG}" - ./crane push /tmp/web.tar "${WEB_REF}:${BRANCH_TAG}-${SHA_SHORT}" + docker push "${WEB_REF}:${BRANCH_TAG}" + docker push "${WEB_REF}:${BRANCH_TAG}-${SHA_SHORT}" if [ "${GITHUB_REF_NAME}" = "main" ]; then - ./crane push /tmp/web.tar "${WEB_REF}:latest" + docker push "${WEB_REF}:latest" fi docker build \ @@ -188,13 +203,13 @@ jobs: --build-arg INSTALL_DEV=false \ --label "org.opencontainers.image.revision=${GITHUB_SHA}" \ --label "org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" \ - -t "${CELERY_IMAGE}:local" . - docker save "${CELERY_IMAGE}:local" -o /tmp/celery.tar + "${CELERY_TAGS[@]}" \ + . - ./crane push /tmp/celery.tar "${CELERY_REF}:${BRANCH_TAG}" - ./crane push /tmp/celery.tar "${CELERY_REF}:${BRANCH_TAG}-${SHA_SHORT}" + docker push "${CELERY_REF}:${BRANCH_TAG}" + docker push "${CELERY_REF}:${BRANCH_TAG}-${SHA_SHORT}" if [ "${GITHUB_REF_NAME}" = "main" ]; then - ./crane push /tmp/celery.tar "${CELERY_REF}:latest" + docker push "${CELERY_REF}:latest" fi { @@ -276,7 +291,10 @@ jobs: name: Start Dev Containers in Dokploy runs-on: ubuntu-latest timeout-minutes: 5 - if: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/dev' }} + if: | + github.event_name == 'workflow_dispatch' && + github.ref == 'refs/heads/dev' && + github.event.inputs.manual_action == 'dokploy_start' steps: - name: Trigger Dokploy webhooks @@ -373,3 +391,72 @@ jobs: echo "Web image: registry.dev.nii-ecos.ru/avm/mostovik-backend-web:dev" echo "Celery image: registry.dev.nii-ecos.ru/avm/mostovik-backend-celery:dev" } >> "${GITHUB_STEP_SUMMARY:-/dev/stdout}" + + cleanup_dev_database: + name: Cleanup Dev Database + runs-on: ubuntu-latest + timeout-minutes: 10 + if: | + github.event_name == 'workflow_dispatch' && + github.ref == 'refs/heads/dev' && + github.event.inputs.manual_action == 'cleanup_dev_database' + env: + POSTGRES_HOST: "10.10.0.114" + POSTGRES_PORT: "5432" + POSTGRES_DB: "mostovik" + POSTGRES_USER: "postgres" + POSTGRES_PASSWORD: "postgres" + + steps: + - name: Validate confirmation + env: + CONFIRM: ${{ github.event.inputs.cleanup_confirm }} + run: | + set -euo pipefail + if [ "${CONFIRM}" != "CLEAN_DEV_DB" ]; then + echo "Manual confirmation must be exactly CLEAN_DEV_DB" >&2 + exit 1 + fi + + - name: Install PostgreSQL client + run: | + set -euo pipefail + APT_RUNNER=() + if [ "$(id -u)" -ne 0 ]; then + APT_RUNNER=(sudo) + fi + + export DEBIAN_FRONTEND=noninteractive + "${APT_RUNNER[@]}" apt-get update + "${APT_RUNNER[@]}" apt-get install -y postgresql-client + + - name: Drop and recreate public schema + run: | + set -euo pipefail + export PGPASSWORD="${POSTGRES_PASSWORD}" + + psql \ + --set ON_ERROR_STOP=1 \ + --host="${POSTGRES_HOST}" \ + --port="${POSTGRES_PORT}" \ + --username="${POSTGRES_USER}" \ + --dbname="${POSTGRES_DB}" \ + <<'SQL' + SELECT pg_terminate_backend(pid) + FROM pg_stat_activity + WHERE datname = current_database() + AND pid <> pg_backend_pid(); + + DROP SCHEMA IF EXISTS public CASCADE; + CREATE SCHEMA public; + GRANT ALL ON SCHEMA public TO postgres; + GRANT ALL ON SCHEMA public TO public; + SQL + + - name: Summary + run: | + set -euo pipefail + { + echo "Dev database cleanup completed." + echo "Database: ${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}" + } >> "${GITHUB_STEP_SUMMARY:-/dev/stdout}" diff --git a/.gitea/workflows/dev-db-maintenance.yml b/.gitea/workflows/dev-db-maintenance.yml deleted file mode 100644 index 4426962..0000000 --- a/.gitea/workflows/dev-db-maintenance.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: Dev Database Maintenance - -on: - workflow_dispatch: - inputs: - confirm: - description: "Type CLEAN_DEV_DB to drop and recreate the dev public schema" - required: true - default: "" - -env: - POSTGRES_HOST: "10.10.0.114" - POSTGRES_PORT: "5432" - POSTGRES_DB: "mostovik" - POSTGRES_USER: "postgres" - POSTGRES_PASSWORD: "postgres" - -jobs: - cleanup_dev_database: - name: Cleanup Dev Database - runs-on: ubuntu-latest - timeout-minutes: 10 - if: ${{ github.ref == 'refs/heads/dev' }} - - steps: - - name: Validate confirmation - env: - CONFIRM: ${{ github.event.inputs.confirm }} - run: | - set -euo pipefail - if [ "${CONFIRM}" != "CLEAN_DEV_DB" ]; then - echo "Manual confirmation must be exactly CLEAN_DEV_DB" >&2 - exit 1 - fi - - - name: Install PostgreSQL client - run: | - set -euo pipefail - APT_RUNNER=() - if [ "$(id -u)" -ne 0 ]; then - APT_RUNNER=(sudo) - fi - - export DEBIAN_FRONTEND=noninteractive - "${APT_RUNNER[@]}" apt-get update - "${APT_RUNNER[@]}" apt-get install -y postgresql-client - - - name: Drop and recreate public schema - run: | - set -euo pipefail - export PGPASSWORD="${POSTGRES_PASSWORD}" - - psql \ - --set ON_ERROR_STOP=1 \ - --host="${POSTGRES_HOST}" \ - --port="${POSTGRES_PORT}" \ - --username="${POSTGRES_USER}" \ - --dbname="${POSTGRES_DB}" \ - <<'SQL' - SELECT pg_terminate_backend(pid) - FROM pg_stat_activity - WHERE datname = current_database() - AND pid <> pg_backend_pid(); - - DROP SCHEMA IF EXISTS public CASCADE; - CREATE SCHEMA public; - GRANT ALL ON SCHEMA public TO postgres; - GRANT ALL ON SCHEMA public TO public; - SQL - - - name: Summary - run: | - set -euo pipefail - { - echo "Dev database cleanup completed." - echo "Database: ${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}" - } >> "${GITHUB_STEP_SUMMARY:-/dev/stdout}"