ci: push images with docker and fold dev db cleanup

2026-04-28 11:09:21 +02:00
parent 2f488ed003
commit dddcb45965
3 changed files with 107 additions and 97 deletions
--- a/.env.prod.example
+++ b/.env.prod.example
@@ -42,5 +42,5 @@ STATE_CORP_EXCHANGE_TOKEN=
 STATE_CORP_EXCHANGE_KEY_ID=state-corp-shared-token
 STATE_CORP_EXCHANGE_TIMEOUT_SECONDS=60

-WEB_IMAGE=10.10.0.50/avm/mostovik-backend-web:dev
-CELERY_IMAGE=10.10.0.50/avm/mostovik-backend-celery:dev
+WEB_IMAGE=registry.dev.nii-ecos.ru/avm/mostovik-backend-web:dev
+CELERY_IMAGE=registry.dev.nii-ecos.ru/avm/mostovik-backend-celery:dev
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -13,10 +13,18 @@ on:
      - dev
  workflow_dispatch:
    inputs:
+      manual_action:
+        description: "Manual action: dokploy_start or cleanup_dev_database"
+        required: true
+        default: "dokploy_start"
      dokploy_target:
        description: "Dokploy dev target: all, web, or celery"
        required: true
        default: "all"
+      cleanup_confirm:
+        description: "Type CLEAN_DEV_DB to drop and recreate the dev public schema"
+        required: false
+        default: ""

 concurrency:
  group: mostovik-backend-${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
@@ -29,7 +37,6 @@ env:
  REGISTRY_NAMESPACE: "${{ github.repository_owner }}"
  WEB_IMAGE: "mostovik-backend-web"
  CELERY_IMAGE: "mostovik-backend-celery"
-  CRANE_VERSION: "v0.19.0"
  UV_VERSION: "0.7.2"
  PIP_DISABLE_PIP_VERSION_CHECK: "1"

@@ -134,11 +141,6 @@ jobs:
        run: |
          set -euo pipefail

-          curl -fsSL \
-            "https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
-            | tar xz crane
-          chmod +x crane
-
          BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME:-branch}}"
          BRANCH_TAG=$(printf '%s' "${BRANCH}" \
            | tr '[:upper:]' '[:lower:]' \
@@ -163,23 +165,36 @@ jobs:
          fi

          echo "${REGISTRY_PASSWORD}" \
-            | ./crane auth login "${REGISTRY_HOST}" \
+            | docker login "${REGISTRY_HOST}" \
              -u "${REGISTRY_USER}" \
              --password-stdin

+          WEB_TAGS=(
+            -t "${WEB_REF}:${BRANCH_TAG}"
+            -t "${WEB_REF}:${BRANCH_TAG}-${SHA_SHORT}"
+          )
+          CELERY_TAGS=(
+            -t "${CELERY_REF}:${BRANCH_TAG}"
+            -t "${CELERY_REF}:${BRANCH_TAG}-${SHA_SHORT}"
+          )
+          if [ "${GITHUB_REF_NAME}" = "main" ]; then
+            WEB_TAGS+=(-t "${WEB_REF}:latest")
+            CELERY_TAGS+=(-t "${CELERY_REF}:latest")
+          fi
+
          docker build \
            -f ./docker/Dockerfile \
            --target runtime-web \
            --build-arg INSTALL_DEV=false \
            --label "org.opencontainers.image.revision=${GITHUB_SHA}" \
            --label "org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" \
-            -t "${WEB_IMAGE}:local" .
-          docker save "${WEB_IMAGE}:local" -o /tmp/web.tar
+            "${WEB_TAGS[@]}" \
+            .

-          ./crane push /tmp/web.tar "${WEB_REF}:${BRANCH_TAG}"
-          ./crane push /tmp/web.tar "${WEB_REF}:${BRANCH_TAG}-${SHA_SHORT}"
+          docker push "${WEB_REF}:${BRANCH_TAG}"
+          docker push "${WEB_REF}:${BRANCH_TAG}-${SHA_SHORT}"
          if [ "${GITHUB_REF_NAME}" = "main" ]; then
-            ./crane push /tmp/web.tar "${WEB_REF}:latest"
+            docker push "${WEB_REF}:latest"
          fi

          docker build \
@@ -188,13 +203,13 @@ jobs:
            --build-arg INSTALL_DEV=false \
            --label "org.opencontainers.image.revision=${GITHUB_SHA}" \
            --label "org.opencontainers.image.source=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" \
-            -t "${CELERY_IMAGE}:local" .
-          docker save "${CELERY_IMAGE}:local" -o /tmp/celery.tar
+            "${CELERY_TAGS[@]}" \
+            .

-          ./crane push /tmp/celery.tar "${CELERY_REF}:${BRANCH_TAG}"
-          ./crane push /tmp/celery.tar "${CELERY_REF}:${BRANCH_TAG}-${SHA_SHORT}"
+          docker push "${CELERY_REF}:${BRANCH_TAG}"
+          docker push "${CELERY_REF}:${BRANCH_TAG}-${SHA_SHORT}"
          if [ "${GITHUB_REF_NAME}" = "main" ]; then
-            ./crane push /tmp/celery.tar "${CELERY_REF}:latest"
+            docker push "${CELERY_REF}:latest"
          fi

          {
@@ -276,7 +291,10 @@ jobs:
    name: Start Dev Containers in Dokploy
    runs-on: ubuntu-latest
    timeout-minutes: 5
-    if: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/dev' }}
+    if: |
+      github.event_name == 'workflow_dispatch' &&
+      github.ref == 'refs/heads/dev' &&
+      github.event.inputs.manual_action == 'dokploy_start'

    steps:
      - name: Trigger Dokploy webhooks
@@ -373,3 +391,72 @@ jobs:
            echo "Web image: registry.dev.nii-ecos.ru/avm/mostovik-backend-web:dev"
            echo "Celery image: registry.dev.nii-ecos.ru/avm/mostovik-backend-celery:dev"
          } >> "${GITHUB_STEP_SUMMARY:-/dev/stdout}"
+
+  cleanup_dev_database:
+    name: Cleanup Dev Database
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    if: |
+      github.event_name == 'workflow_dispatch' &&
+      github.ref == 'refs/heads/dev' &&
+      github.event.inputs.manual_action == 'cleanup_dev_database'
+    env:
+      POSTGRES_HOST: "10.10.0.114"
+      POSTGRES_PORT: "5432"
+      POSTGRES_DB: "mostovik"
+      POSTGRES_USER: "postgres"
+      POSTGRES_PASSWORD: "postgres"
+
+    steps:
+      - name: Validate confirmation
+        env:
+          CONFIRM: ${{ github.event.inputs.cleanup_confirm }}
+        run: |
+          set -euo pipefail
+          if [ "${CONFIRM}" != "CLEAN_DEV_DB" ]; then
+            echo "Manual confirmation must be exactly CLEAN_DEV_DB" >&2
+            exit 1
+          fi
+
+      - name: Install PostgreSQL client
+        run: |
+          set -euo pipefail
+          APT_RUNNER=()
+          if [ "$(id -u)" -ne 0 ]; then
+            APT_RUNNER=(sudo)
+          fi
+
+          export DEBIAN_FRONTEND=noninteractive
+          "${APT_RUNNER[@]}" apt-get update
+          "${APT_RUNNER[@]}" apt-get install -y postgresql-client
+
+      - name: Drop and recreate public schema
+        run: |
+          set -euo pipefail
+          export PGPASSWORD="${POSTGRES_PASSWORD}"
+
+          psql \
+            --set ON_ERROR_STOP=1 \
+            --host="${POSTGRES_HOST}" \
+            --port="${POSTGRES_PORT}" \
+            --username="${POSTGRES_USER}" \
+            --dbname="${POSTGRES_DB}" \
+            <<'SQL'
+          SELECT pg_terminate_backend(pid)
+          FROM pg_stat_activity
+          WHERE datname = current_database()
+            AND pid <> pg_backend_pid();
+
+          DROP SCHEMA IF EXISTS public CASCADE;
+          CREATE SCHEMA public;
+          GRANT ALL ON SCHEMA public TO postgres;
+          GRANT ALL ON SCHEMA public TO public;
+          SQL
+
+      - name: Summary
+        run: |
+          set -euo pipefail
+          {
+            echo "Dev database cleanup completed."
+            echo "Database: ${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}"
+          } >> "${GITHUB_STEP_SUMMARY:-/dev/stdout}"
--- a/.gitea/workflows/dev-db-maintenance.yml
+++ b/.gitea/workflows/dev-db-maintenance.yml
@@ -1,77 +0,0 @@
-name: Dev Database Maintenance
-
-on:
-  workflow_dispatch:
-    inputs:
-      confirm:
-        description: "Type CLEAN_DEV_DB to drop and recreate the dev public schema"
-        required: true
-        default: ""
-
-env:
-  POSTGRES_HOST: "10.10.0.114"
-  POSTGRES_PORT: "5432"
-  POSTGRES_DB: "mostovik"
-  POSTGRES_USER: "postgres"
-  POSTGRES_PASSWORD: "postgres"
-
-jobs:
-  cleanup_dev_database:
-    name: Cleanup Dev Database
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    if: ${{ github.ref == 'refs/heads/dev' }}
-
-    steps:
-      - name: Validate confirmation
-        env:
-          CONFIRM: ${{ github.event.inputs.confirm }}
-        run: |
-          set -euo pipefail
-          if [ "${CONFIRM}" != "CLEAN_DEV_DB" ]; then
-            echo "Manual confirmation must be exactly CLEAN_DEV_DB" >&2
-            exit 1
-          fi
-
-      - name: Install PostgreSQL client
-        run: |
-          set -euo pipefail
-          APT_RUNNER=()
-          if [ "$(id -u)" -ne 0 ]; then
-            APT_RUNNER=(sudo)
-          fi
-
-          export DEBIAN_FRONTEND=noninteractive
-          "${APT_RUNNER[@]}" apt-get update
-          "${APT_RUNNER[@]}" apt-get install -y postgresql-client
-
-      - name: Drop and recreate public schema
-        run: |
-          set -euo pipefail
-          export PGPASSWORD="${POSTGRES_PASSWORD}"
-
-          psql \
-            --set ON_ERROR_STOP=1 \
-            --host="${POSTGRES_HOST}" \
-            --port="${POSTGRES_PORT}" \
-            --username="${POSTGRES_USER}" \
-            --dbname="${POSTGRES_DB}" \
-            <<'SQL'
-          SELECT pg_terminate_backend(pid)
-          FROM pg_stat_activity
-          WHERE datname = current_database()
-            AND pid <> pg_backend_pid();
-
-          DROP SCHEMA IF EXISTS public CASCADE;
-          CREATE SCHEMA public;
-          GRANT ALL ON SCHEMA public TO postgres;
-          GRANT ALL ON SCHEMA public TO public;
-          SQL
-
-      - name: Summary
-        run: |
-          set -euo pipefail
-          {
-            echo "Dev database cleanup completed."
-            echo "Database: ${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}"
-          } >> "${GITHUB_STEP_SUMMARY:-/dev/stdout}"