172 lines
5.9 KiB
YAML
172 lines
5.9 KiB
YAML
name: CI / CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
# ============================================================
|
|
# JOB 1 : CI & Quality Gate
|
|
# ============================================================
|
|
build:
|
|
runs-on: self-hosted
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout (HTTPS)
|
|
uses: actions/checkout@v4
|
|
|
|
# ── [1] pnpm ต้องมาก่อน setup-node เสมอ ────────────────
|
|
- name: ⚙️ Install pnpm
|
|
uses: pnpm/action-setup@v4
|
|
# version อ่านจาก packageManager field ใน package.json อัตโนมัติ
|
|
|
|
- name: ⚙️ Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
# ลบ cache: "pnpm" ออก — ใช้ volume mount บน runner แทน
|
|
|
|
# ── [2] ชี้ store ไปที่ volume ที่ mount ไว้ ─────────────
|
|
- name: 🔧 Set pnpm store path
|
|
run: pnpm config set store-dir /root/.local/share/pnpm
|
|
|
|
- name: 📦 Install deps
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: 🧹 Lint
|
|
run: pnpm lint
|
|
|
|
- name: 🔍 Security & quality checks
|
|
run: |
|
|
# UUID misuse check (ADR-019)
|
|
if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "parseInt(.*uuid" .; then
|
|
echo "❌ UUID misuse detected"
|
|
exit 1
|
|
fi
|
|
# console.log check (Clean Code)
|
|
if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "console.log" .; then
|
|
echo "❌ console.log detected"
|
|
exit 1
|
|
fi
|
|
|
|
# ── [3] แยก step — เห็น failure ได้ชัดขึ้น ──────────────
|
|
- name: 🧪 Test backend
|
|
run: pnpm test
|
|
working-directory: backend
|
|
|
|
- name: 🧪 Test frontend
|
|
run: pnpm test run
|
|
working-directory: frontend
|
|
|
|
# ============================================================
|
|
# JOB 2 : Deploy — Trigger Blue-Green on QNAP
|
|
# ============================================================
|
|
deploy:
|
|
needs: build
|
|
if: github.ref == 'refs/heads/main'
|
|
runs-on: self-hosted
|
|
steps:
|
|
- name: " Checkout"
|
|
uses: actions/checkout@v4
|
|
|
|
- name: " Setup SSH Key and Deploy to QNAP"
|
|
run: |
|
|
# Setup SSH key authentication
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
|
|
chmod 600 ~/.ssh/id_rsa
|
|
ssh-keyscan -p ${{ secrets.PORT }} ${{ secrets.HOST }} >> ~/.ssh/known_hosts
|
|
|
|
# Debug: Check SSH key
|
|
echo "SSH key file exists: $(test -f ~/.ssh/id_rsa && echo 'YES' || echo 'NO')"
|
|
echo "SSH key permissions: $(ls -la ~/.ssh/id_rsa)"
|
|
echo "SSH key first line: $(head -1 ~/.ssh/id_rsa)"
|
|
|
|
# Create remote deployment script
|
|
REMOTE_SCRIPT=$(cat << 'SCRIPT_EOF'
|
|
set -e
|
|
export PATH="/share/CACHEDEV1_DATA/.qpkg/container-station/bin:/opt/bin:/usr/local/bin:/usr/bin:/bin:$PATH"
|
|
|
|
echo "=========================================="
|
|
echo "Starting QNAP Deployment Process"
|
|
echo "=========================================="
|
|
|
|
# Verify Docker is accessible
|
|
if ! docker version > /dev/null 2>&1; then
|
|
echo " Docker not accessible. Check Container Station."
|
|
exit 1
|
|
fi
|
|
echo " Docker accessible"
|
|
|
|
# Sync scripts first
|
|
echo " Syncing deployment scripts..."
|
|
cd /share/np-dms/app/source/lcbp3
|
|
|
|
# Check if directory exists
|
|
if [ ! -d ".git" ]; then
|
|
echo " Git repository not found at expected path"
|
|
exit 1
|
|
fi
|
|
|
|
git fetch origin main
|
|
git reset --hard origin/main
|
|
echo " Code synced"
|
|
|
|
# Ensure scripts are executable
|
|
chmod +x scripts/deploy.sh scripts/rollback.sh 2>/dev/null || true
|
|
|
|
mkdir -p /share/np-dms/app/logs
|
|
|
|
# Note: Docker build cache is preserved for faster builds
|
|
# Only prune cache manually when needed: docker builder prune -f
|
|
|
|
echo " Executing deployment..."
|
|
./scripts/deploy.sh
|
|
|
|
echo " Deployment completed successfully"
|
|
SCRIPT_EOF
|
|
)
|
|
|
|
# Retry logic for SSH connection
|
|
max_attempts=3
|
|
attempt=1
|
|
|
|
while [ $attempt -le $max_attempts ]; do
|
|
echo " Deployment attempt $attempt/$max_attempts..."
|
|
|
|
# Debug: Test SSH connection first
|
|
echo "Testing SSH connection..."
|
|
ssh -o StrictHostKeyChecking=no \
|
|
-o ConnectTimeout=10 \
|
|
-o BatchMode=yes \
|
|
-o PasswordAuthentication=no \
|
|
-o LogLevel=DEBUG3 \
|
|
-i ~/.ssh/id_rsa \
|
|
-p ${{ secrets.PORT }} ${{ secrets.USERNAME }}@${{ secrets.HOST }} 'echo "SSH auth successful"'
|
|
|
|
if echo "$REMOTE_SCRIPT" | ssh -o StrictHostKeyChecking=no \
|
|
-o ConnectTimeout=60 \
|
|
-o ServerAliveInterval=30 \
|
|
-o ServerAliveCountMax=60 \
|
|
-o TCPKeepAlive=yes \
|
|
-i ~/.ssh/id_rsa \
|
|
-p ${{ secrets.PORT }} ${{ secrets.USERNAME }}@${{ secrets.HOST }} 'bash -s'; then
|
|
echo " Deployment successful!"
|
|
exit 0
|
|
else
|
|
echo " Attempt $attempt failed"
|
|
if [ $attempt -lt $max_attempts ]; then
|
|
echo " Retrying in 10 seconds..."
|
|
sleep 10
|
|
fi
|
|
fi
|
|
|
|
attempt=$((attempt + 1))
|
|
done
|
|
|
|
echo " All deployment attempts failed"
|
|
exit 1
|
|
timeout-minutes: 20
|