From e2fdea8f9ecdbc06ae163c0db1f65190ae220c51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Eduardo=20Garc=C3=ADa=20M=C3=A1rquez?= Date: Fri, 9 Jan 2026 07:51:24 -0500 Subject: [PATCH] ci: remove checkout action, use passwordless sudo, simplify workflow - No checkout needed (code pulled via git on K3s server) - Use passwordless sudo on K3s server - Simplified smoke tests to single step - Reduced workflow complexity --- .gitea/workflows/deploy.yaml | 90 +++++++++++++----------------------- 1 file changed, 33 insertions(+), 57 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 56bff97..27ead43 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -12,13 +12,10 @@ env: DOMAIN: "academia.ingeniumcodex.com" jobs: - # Job único: Build, Test y Deploy en K3s (más eficiente en recursos) - build-test-deploy: + # Job: Build, Test y Deploy via SSH (no necesita checkout local) + deploy: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup SSH run: | mkdir -p ~/.ssh @@ -26,86 +23,67 @@ jobs: chmod 600 ~/.ssh/id_rsa ssh-keyscan -H ${{ env.K3S_HOST }} >> ~/.ssh/known_hosts 2>/dev/null - - name: Build, Test & Deploy + - name: Build, Test & Deploy on K3s run: | - ssh ${{ env.K3S_USER }}@${{ env.K3S_HOST }} << 'ENDSSH' + ssh ${{ env.K3S_USER }}@${{ env.K3S_HOST }} 'bash -s' << 'ENDSSH' set -e cd ~/academia - # Pull latest changes echo "=== Pulling latest code ===" git fetch origin main git reset --hard origin/main - # Run tests (en el servidor que tiene más recursos) echo "=== Running tests ===" - dotnet test tests/Domain.Tests --verbosity minimal || exit 1 - dotnet test tests/Application.Tests --verbosity minimal || exit 1 + dotnet test tests/Domain.Tests --verbosity minimal + dotnet test tests/Application.Tests --verbosity minimal - # Build Docker images - echo "=== Building images ===" - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S docker build \ - -f deploy/docker/Dockerfile.api -t student-api:latest . & + echo "=== Building Docker images ===" + sudo docker build -f deploy/docker/Dockerfile.api -t student-api:latest . & PID_API=$! - - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S docker build \ - -f deploy/docker/Dockerfile.frontend -t student-frontend:latest . & + sudo docker build -f deploy/docker/Dockerfile.frontend -t student-frontend:latest . & PID_FE=$! + wait $PID_API + wait $PID_FE - wait $PID_API || exit 1 - wait $PID_FE || exit 1 - - # Import to k3s echo "=== Importing to K3s ===" - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S sh -c \ - 'docker save student-api:latest | k3s ctr images import -' - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S sh -c \ - 'docker save student-frontend:latest | k3s ctr images import -' + sudo sh -c 'docker save student-api:latest | k3s ctr images import -' + sudo sh -c 'docker save student-frontend:latest | k3s ctr images import -' - # Deploy echo "=== Deploying ===" - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S kubectl apply -k deploy/k3s/ - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S kubectl rollout restart \ - deployment/student-api deployment/student-frontend -n academia + sudo kubectl apply -k deploy/k3s/ + sudo kubectl rollout restart deployment/student-api deployment/student-frontend -n academia - # Wait for rollout echo "=== Waiting for rollout ===" - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S kubectl rollout status \ - deployment/student-api -n academia --timeout=180s - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S kubectl rollout status \ - deployment/student-frontend -n academia --timeout=60s + sudo kubectl rollout status deployment/student-api -n academia --timeout=180s + sudo kubectl rollout status deployment/student-frontend -n academia --timeout=60s + + echo "=== Deploy complete ===" ENDSSH - # Smoke Tests en Producción + # Smoke Tests smoke-tests: runs-on: ubuntu-latest - needs: build-test-deploy + needs: deploy steps: - name: Wait for services run: sleep 15 - - name: Health Check API + - name: Verify Production run: | - response=$(curl -sf https://${{ env.DOMAIN }}/health) - echo "Health: $response" - echo "$response" | grep -q '"status":"Healthy"' || exit 1 + echo "Checking health..." + curl -sf https://${{ env.DOMAIN }}/health | grep -q '"status":"Healthy"' - - name: Frontend Check - run: curl -sf https://${{ env.DOMAIN }}/ | grep -q 'Sistema de Estudiantes' || exit 1 + echo "Checking frontend..." + curl -sf https://${{ env.DOMAIN }}/ | grep -q 'Sistema de Estudiantes' - - name: GraphQL Check - run: | - response=$(curl -sf -X POST https://${{ env.DOMAIN }}/graphql \ + echo "Checking GraphQL..." + curl -sf -X POST https://${{ env.DOMAIN }}/graphql \ -H "Content-Type: application/json" \ - -d '{"query":"{ subjects { id name } }"}') - echo "GraphQL: $response" - echo "$response" | grep -q '"subjects"' || exit 1 + -d '{"query":"{ subjects { id } }"}' | grep -q '"subjects"' - - name: Database Check - run: | - curl -sf https://${{ env.DOMAIN }}/health | grep -q '"name":"database","status":"Healthy"' || exit 1 + echo "All checks passed!" - # Rollback si smoke tests fallan + # Rollback on failure rollback: runs-on: ubuntu-latest needs: smoke-tests @@ -120,7 +98,5 @@ jobs: - name: Rollback run: | - ssh ${{ env.K3S_USER }}@${{ env.K3S_HOST }} << 'ENDSSH' - echo '${{ secrets.K3S_SUDO_PASS }}' | sudo -S kubectl rollout undo \ - deployment/student-api deployment/student-frontend -n academia - ENDSSH + ssh ${{ env.K3S_USER }}@${{ env.K3S_HOST }} \ + 'sudo kubectl rollout undo deployment/student-api deployment/student-frontend -n academia'