avm/mostovik-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e1959cd5b5aac63b6e2b4d745afe550ddc05d0f4
mostovik-backend/.gitea/workflows/ci-cd.yml
Aleksandr Meshchriakov e1959cd5b5
Some checks failed
CI/CD Pipeline / Code Quality Checks (push) Successful in 2m25s
Details
CI/CD Pipeline / Run Tests (push) Failing after 2m42s
Details
CI/CD Pipeline / Build & Push Images (push) Successful in 17s
Details
CI/CD Pipeline / Deploy (prod) (push) Has been skipped
Details
CI/CD Pipeline / Deploy (dev) (push) Failing after 1s
Details
fix: handle unbound PYTHONPATH in CI 
Co-Authored-By: Warp <agent@warp.dev>
2026-02-10 11:47:04 +01:00

258 lines
9.5 KiB
YAML
Raw Blame History

name: CI/CD Pipeline
on:
push:
branches:
- main
- dev
- "feature/**"
pull_request:
branches:
- main
- dev
env:
PYTHON_VERSION: "3.11"
REGISTRY_HOST: "10.10.0.10:3000"
WEB_IMAGE: "mostovik-web"
CELERY_IMAGE: "mostovik-celery"
jobs:
lint:
name: Code Quality Checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
run: |
REPO_URL=$(echo "${GITHUB_SERVER_URL}" | sed "s|://|://oauth2:${{ gitea.token }}@|")
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
git clone --depth=1 --branch="${BRANCH}" "${REPO_URL}/${GITHUB_REPOSITORY}.git" .
git checkout "${GITHUB_SHA}"
- name: Install Python and uv
run: |
set -euo pipefail
apt-get update
apt-get install -y software-properties-common
add-apt-repository -y ppa:deadsnakes/ppa
apt-get update
apt-get install -y python3.11 python3.11-venv
curl -LsSf https://astral.sh/uv/install.sh | sh
- name: Create virtual environment and install dependencies
run: |
set -euo pipefail
export PATH="$HOME/.local/bin:$PATH"
uv venv --python python3.11
. .venv/bin/activate
uv sync --dev --frozen
- name: Run Ruff linting
run: |
set -euo pipefail
. .venv/bin/activate
ruff check src
- name: Run Ruff formatting check
run: |
set -euo pipefail
. .venv/bin/activate
ruff format src --check
test:
name: Run Tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
run: |
REPO_URL=$(echo "${GITHUB_SERVER_URL}" | sed "s|://|://oauth2:${{ gitea.token }}@|")
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
git clone --depth=1 --branch="${BRANCH}" "${REPO_URL}/${GITHUB_REPOSITORY}.git" .
git checkout "${GITHUB_SHA}"
- name: Install Python and uv
run: |
set -euo pipefail
apt-get update
apt-get install -y software-properties-common
add-apt-repository -y ppa:deadsnakes/ppa
apt-get update
apt-get install -y python3.11 python3.11-venv
curl -LsSf https://astral.sh/uv/install.sh | sh
- name: Create virtual environment and install dependencies
run: |
set -euo pipefail
export PATH="$HOME/.local/bin:$PATH"
uv venv --python python3.11
. .venv/bin/activate
uv sync --dev --frozen
- name: Run Django tests
env:
DJANGO_SETTINGS_MODULE: config.settings.test
SECRET_KEY: test-secret-key-for-ci
run: |
set -euo pipefail
. .venv/bin/activate
export PYTHONPATH="${PWD}/src:${PYTHONPATH:-}"
python src/manage.py test tests --verbosity=2
build_push:
name: Build & Push Images
runs-on: ubuntu-latest
needs: [lint, test]
if: |
always() &&
github.event_name == 'push' &&
(github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') &&
(github.ref == 'refs/heads/dev' || (needs.lint.result == 'success' && needs.test.result == 'success'))
steps:
- name: Checkout code
run: |
REPO_URL=$(echo "${GITHUB_SERVER_URL}" | sed "s|://|://oauth2:${{ gitea.token }}@|")
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
git clone --depth=1 --branch="${BRANCH}" "${REPO_URL}/${GITHUB_REPOSITORY}.git" .
git checkout "${GITHUB_SHA}"
- name: Build and push images
env:
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
run: |
set -euo pipefail
curl -sL https://github.com/google/go-containerregistry/releases/download/v0.19.0/go-containerregistry_Linux_x86_64.tar.gz | tar xz crane
chmod +x crane
BRANCH_TAG=$(echo "${GITHUB_REF_NAME}" | sed 's/\//-/g')
SHA_SHORT=$(echo "${GITHUB_SHA}" | cut -c1-7)
REPO_OWNER="${GITHUB_REPOSITORY%%/*}"
REGISTRY="${REGISTRY_HOST}/${REPO_OWNER}"
echo "Registry: ${REGISTRY_HOST}"
echo "Actor: ${GITHUB_ACTOR}"
echo "${REGISTRY_PASSWORD}" | ./crane auth login --insecure "${REGISTRY_HOST}" -u "${REGISTRY_USER}" --password-stdin
docker build -f ./docker/Dockerfile.web -t "${WEB_IMAGE}:local" .
docker save "${WEB_IMAGE}:local" -o /tmp/web.tar
./crane push --insecure /tmp/web.tar "${REGISTRY}/${WEB_IMAGE}:${BRANCH_TAG}"
./crane push --insecure /tmp/web.tar "${REGISTRY}/${WEB_IMAGE}:${BRANCH_TAG}-${SHA_SHORT}"
if [ "${GITHUB_REF_NAME}" = "main" ]; then
./crane push --insecure /tmp/web.tar "${REGISTRY}/${WEB_IMAGE}:latest"
fi
docker build -f ./docker/Dockerfile.celery -t "${CELERY_IMAGE}:local" .
docker save "${CELERY_IMAGE}:local" -o /tmp/celery.tar
./crane push --insecure /tmp/celery.tar "${REGISTRY}/${CELERY_IMAGE}:${BRANCH_TAG}"
./crane push --insecure /tmp/celery.tar "${REGISTRY}/${CELERY_IMAGE}:${BRANCH_TAG}-${SHA_SHORT}"
if [ "${GITHUB_REF_NAME}" = "main" ]; then
./crane push --insecure /tmp/celery.tar "${REGISTRY}/${CELERY_IMAGE}:latest"
fi
- name: Image summary
run: |
REPO_OWNER="${GITHUB_REPOSITORY%%/*}"
echo "Images pushed to ${REGISTRY_HOST}/${REPO_OWNER}/"
deploy_dev:
name: Deploy (dev)
runs-on: ubuntu-latest
needs: [build_push]
if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
concurrency: deploy-dev
environment: dev
steps:
- name: Checkout code
run: |
REPO_URL=$(echo "${GITHUB_SERVER_URL}" | sed "s|://|://oauth2:${{ gitea.token }}@|")
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
git clone --depth=1 --branch="${BRANCH}" "${REPO_URL}/${GITHUB_REPOSITORY}.git" .
git checkout "${GITHUB_SHA}"
- name: Deploy via SSH
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
run: |
set -euo pipefail
BRANCH_TAG=$(echo "${GITHUB_REF_NAME}" | sed 's/\//-/g')
mkdir -p ~/.ssh
echo "${DEPLOY_SSH_KEY}" | base64 -d > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
ssh-keyscan -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts 2>/dev/null
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no docker-compose.prod.yml "${DEPLOY_USER}@${DEPLOY_HOST}:/opt/mostovik-backend/"
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "${DEPLOY_USER}@${DEPLOY_HOST}" "
set -e
cd /opt/mostovik-backend
echo '${REGISTRY_PASSWORD}' | docker login --username '${REGISTRY_USER}' --password-stdin ${REGISTRY_HOST}
export IMAGE_TAG=${BRANCH_TAG}
docker compose -f docker-compose.prod.yml pull web celery_worker celery_beat
docker compose -f docker-compose.prod.yml down --remove-orphans || true
docker rm -f mostovik_db mostovik_redis mostovik_web mostovik_celery_worker mostovik_celery_beat 2>/dev/null || true
docker compose -f docker-compose.prod.yml up -d
docker image prune -f
"
echo "Deployed ${BRANCH_TAG} to ${DEPLOY_HOST}"
deploy_prod:
name: Deploy (prod)
runs-on: ubuntu-latest
needs: [build_push]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
concurrency: deploy-prod
environment: prod
steps:
- name: Checkout code
run: |
REPO_URL=$(echo "${GITHUB_SERVER_URL}" | sed "s|://|://oauth2:${{ gitea.token }}@|")
BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
git clone --depth=1 --branch="${BRANCH}" "${REPO_URL}/${GITHUB_REPOSITORY}.git" .
git checkout "${GITHUB_SHA}"
- name: Deploy via SSH
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
run: |
set -euo pipefail
BRANCH_TAG=$(echo "${GITHUB_REF_NAME}" | sed 's/\//-/g')
mkdir -p ~/.ssh
echo "${DEPLOY_SSH_KEY}" | base64 -d > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
ssh-keyscan -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts 2>/dev/null
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no docker-compose.prod.yml "${DEPLOY_USER}@${DEPLOY_HOST}:/opt/mostovik-backend/"
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "${DEPLOY_USER}@${DEPLOY_HOST}" "
set -e
cd /opt/mostovik-backend
echo '${REGISTRY_PASSWORD}' | docker login --username '${REGISTRY_USER}' --password-stdin ${REGISTRY_HOST}
export IMAGE_TAG=${BRANCH_TAG}
docker compose -f docker-compose.prod.yml pull web celery_worker celery_beat
docker compose -f docker-compose.prod.yml down --remove-orphans || true
docker rm -f mostovik_db mostovik_redis mostovik_web mostovik_celery_worker mostovik_celery_beat 2>/dev/null || true
docker compose -f docker-compose.prod.yml up -d
docker image prune -f
"
echo "Deployed ${BRANCH_TAG} to ${DEPLOY_HOST}"
Reference in New Issue View Git Blame Copy Permalink