diff --git a/.gitea/workflows/deploy-live.yml b/.gitea/workflows/deploy-live.yml new file mode 100644 index 0000000..c978cbf --- /dev/null +++ b/.gitea/workflows/deploy-live.yml @@ -0,0 +1,43 @@ +name: Deploy Explorer Live + +on: + workflow_dispatch: + push: + branches: [main, master] + paths: + - '.gitea/workflows/deploy-live.yml' + - 'backend/**' + - 'config/**' + - 'deployment/**' + - 'docs/**' + - 'frontend/**' + - 'scripts/**' + - 'package.json' + - 'package-lock.json' + - 'Makefile' + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Validate live deploy assets + run: | + test -f scripts/deploy-explorer-config-to-vmid5000.sh + test -f scripts/deploy-explorer-ai-to-vmid5000.sh + test -f scripts/deploy-next-frontend-to-vmid5000.sh + test -f deployment/LIVE_DEPLOYMENT_MAP.md + + - name: Trigger explorer-live deployment + run: | + SHA="$(git rev-parse HEAD)" + BRANCH="${GITHUB_REF_NAME:-}" + if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then + BRANCH="$(git rev-parse --abbrev-ref HEAD)" + fi + curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ + -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"explorer-live\"}" diff --git a/deployment/README.md b/deployment/README.md index d6ece73..92b621d 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -20,6 +20,7 @@ That file reflects the live split deployment now in production: - Frontend deploy: [`scripts/deploy-next-frontend-to-vmid5000.sh`](../scripts/deploy-next-frontend-to-vmid5000.sh) - Config deploy: [`scripts/deploy-explorer-config-to-vmid5000.sh`](../scripts/deploy-explorer-config-to-vmid5000.sh) - Explorer config/API deploy: [`scripts/deploy-explorer-ai-to-vmid5000.sh`](../scripts/deploy-explorer-ai-to-vmid5000.sh) +- Gitea live redeploy action: [`.gitea/workflows/deploy-live.yml`](../.gitea/workflows/deploy-live.yml), target `explorer-live` - RPC/API-key edge enforcement: [`ACCESS_EDGE_ENFORCEMENT_RUNBOOK.md`](./ACCESS_EDGE_ENFORCEMENT_RUNBOOK.md) - Public health audit: [`scripts/check-explorer-health.sh`](../scripts/check-explorer-health.sh) - Full public smoke: [`check-explorer-e2e.sh`](../../scripts/verify/check-explorer-e2e.sh) diff --git a/scripts/deploy-next-frontend-to-vmid5000.sh b/scripts/deploy-next-frontend-to-vmid5000.sh index 2730ec6..a4bb35f 100755 --- a/scripts/deploy-next-frontend-to-vmid5000.sh +++ b/scripts/deploy-next-frontend-to-vmid5000.sh @@ -9,6 +9,7 @@ set -euo pipefail VMID="${VMID:-5000}" FRONTEND_PORT="${FRONTEND_PORT:-3000}" +FORCE_REMOTE_PCT="${FORCE_REMOTE_PCT:-0}" SERVICE_NAME="solacescanscout-frontend" APP_ROOT="/opt/solacescanscout/frontend" PROXMOX_R630_02="${PROXMOX_HOST_R630_02:-192.168.11.12}" @@ -53,7 +54,7 @@ push_into_vmid() { local destination_path="$2" local perms="${3:-0644}" - if [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then + if [[ "$FORCE_REMOTE_PCT" != "1" ]] && [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then install -D -m "$perms" "$source_path" "$destination_path" elif command -v pct >/dev/null 2>&1; then pct push "$VMID" "$source_path" "$destination_path" --perms "$perms" @@ -68,7 +69,7 @@ push_into_vmid() { run_in_vmid() { local command="$1" - if [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then + if [[ "$FORCE_REMOTE_PCT" != "1" ]] && [[ -f /proc/1/cgroup ]] && grep -q "lxc" /proc/1/cgroup 2>/dev/null; then bash -lc "$command" elif command -v pct >/dev/null 2>&1; then pct exec "$VMID" -- bash -lc "$command"