Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 devops
|
961d096ca6 | ||
|
devops
|
5a72399136 |
@@ -87,36 +87,30 @@ jobs:
|
||||
git push "https://devops:${{ secrets.GIT_TOKEN }}@git.noveria.net/bao/nexus.git" HEAD:main --force --tags
|
||||
echo "✅ Version bumped to v${NEW_VERSION}"
|
||||
|
||||
# ── Step 3: Provision .env on host ────────
|
||||
# The sync step excludes .env for security, so we re-create it
|
||||
# from Gitea secrets at the host deploy path BEFORE syncing code.
|
||||
- name: Create .env on host
|
||||
# ── Step 3: Sync code + .env to host ──────
|
||||
# Creates .env from Gitea secrets in the workspace, then syncs
|
||||
# everything (except .git) to the host deploy path via DIND.
|
||||
- name: Sync code + .env to host
|
||||
run: |
|
||||
cat > /opt/openclaw/data/openclaw/workspace/nexus/.env << 'ENVEOF'
|
||||
# Create .env from Gitea secrets in the workspace
|
||||
cat > "${{ gitea.workspace }}/.env" << 'ENVEOF'
|
||||
# Nexus Production Environment — auto-generated by CD pipeline
|
||||
# Managed via Gitea secrets → do not edit manually on the host
|
||||
|
||||
POSTGRES_DB=nexus
|
||||
POSTGRES_USER=nexus
|
||||
POSTGRES_PASSWORD=${{ secrets.ENV_POSTGRES_PASSWORD }}
|
||||
|
||||
JWT_KEY=${{ secrets.ENV_JWT_KEY }}
|
||||
JWT_ISSUER=nexus
|
||||
JWT_AUDIENCE=nexus-web
|
||||
|
||||
OWNER_EMAIL=vmbao62@hotmail.de
|
||||
OWNER_PASSWORD=${{ secrets.ENV_OWNER_PASSWORD }}
|
||||
OWNER_DISPLAY_NAME=
|
||||
|
||||
OPENCLAW_BASE_URL=http://host.docker.internal:18789
|
||||
OPENCLAW_GATEWAY_TOKEN=${{ secrets.ENV_OPENCLAW_TOKEN }}
|
||||
OPENCLAW_GATEWAY_PASSWORD=
|
||||
ENVEOF
|
||||
echo "✅ .env created at host deploy path"
|
||||
|
||||
# ── Step 4: Sync code to host ─────────────
|
||||
- name: Sync code to host deploy path
|
||||
run: |
|
||||
# Sync everything (except .git) from workspace to host
|
||||
docker run --rm \
|
||||
-v "${{ gitea.workspace }}:/src:ro" \
|
||||
-v /opt/openclaw/data/openclaw/workspace/nexus:/dest \
|
||||
@@ -125,15 +119,15 @@ jobs:
|
||||
cd /src && \
|
||||
find . -mindepth 1 -maxdepth 1 \
|
||||
! -name .git \
|
||||
! -name .env \
|
||||
-exec cp -a {} /dest/ \;
|
||||
"
|
||||
echo "✅ Code + .env synced to host deploy path"
|
||||
|
||||
# ── Step 5: Docker Buildx ─────────────────
|
||||
# ── Step 4: Docker Buildx ─────────────────
|
||||
- name: Set up Docker Buildx
|
||||
run: docker buildx create --use 2>/dev/null || true
|
||||
|
||||
# ── Step 6: Build & Deploy ────────────────
|
||||
# ── Step 5: Build & Deploy ────────────────
|
||||
- name: Build & Deploy
|
||||
run: |
|
||||
BUILD_ARGS=""
|
||||
@@ -159,7 +153,7 @@ jobs:
|
||||
fi
|
||||
"
|
||||
|
||||
# ── Step 7: Health Check ──────────────────
|
||||
# ── Step 6: Health Check ──────────────────
|
||||
- name: Health Check
|
||||
run: |
|
||||
sleep 5
|
||||
@@ -174,7 +168,7 @@ jobs:
|
||||
sleep 5
|
||||
done
|
||||
|
||||
# ── Step 8: Smoke test ────────────────────
|
||||
# ── Step 7: Smoke test ────────────────────
|
||||
- name: Verify (smoke test)
|
||||
run: |
|
||||
echo "🔍 Smoke test..."
|
||||
|
||||
Reference in New Issue
Block a user