208 lines
6.3 KiB
YAML
208 lines
6.3 KiB
YAML
name: Deploy Silo
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths-ignore:
|
|
- '**.md'
|
|
- 'docs/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
environment:
|
|
description: 'Deployment environment'
|
|
required: true
|
|
default: 'production'
|
|
type: choice
|
|
options:
|
|
- production
|
|
|
|
env:
|
|
GO_VERSION: '1.23'
|
|
BINARY_NAME: silod
|
|
DEPLOY_HOST: silo.kindred.internal
|
|
DEPLOY_USER: deploy
|
|
|
|
jobs:
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # Full history for git describe
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
cache: true
|
|
|
|
- name: Get version
|
|
id: version
|
|
run: |
|
|
VERSION=$(git describe --tags --always --dirty 2>/dev/null || echo "dev-$(git rev-parse --short HEAD)")
|
|
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
|
echo "Building version: ${VERSION}"
|
|
|
|
- name: Build binary
|
|
run: |
|
|
mkdir -p build/out
|
|
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
|
|
go build -ldflags="-w -s -X main.Version=${{ steps.version.outputs.version }}" \
|
|
-o build/out/${{ env.BINARY_NAME }} \
|
|
./cmd/silod
|
|
|
|
- name: Verify binary
|
|
run: |
|
|
file build/out/${{ env.BINARY_NAME }}
|
|
ls -lh build/out/${{ env.BINARY_NAME }}
|
|
|
|
- name: Upload binary artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: silod-binary
|
|
path: build/out/${{ env.BINARY_NAME }}
|
|
retention-days: 7
|
|
|
|
- name: Upload config artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: silo-config
|
|
path: |
|
|
deployments/config.prod.yaml
|
|
deployments/systemd/silod.service
|
|
schemas/
|
|
retention-days: 7
|
|
|
|
test:
|
|
name: Test
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
cache: true
|
|
|
|
- name: Run tests
|
|
run: go test -v -race ./...
|
|
|
|
- name: Run go vet
|
|
run: go vet ./...
|
|
|
|
deploy:
|
|
name: Deploy to Production
|
|
runs-on: ubuntu-latest
|
|
needs: [build, test]
|
|
environment: production
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Download binary artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: silod-binary
|
|
path: build/out
|
|
|
|
- name: Download config artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: silo-config
|
|
path: deploy-config
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
|
|
chmod 600 ~/.ssh/deploy_key
|
|
ssh-keyscan -H ${{ env.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
- name: Stop service
|
|
run: |
|
|
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new \
|
|
${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} \
|
|
"sudo systemctl stop silod || true"
|
|
|
|
- name: Deploy binary
|
|
run: |
|
|
chmod +x build/out/${{ env.BINARY_NAME }}
|
|
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new \
|
|
build/out/${{ env.BINARY_NAME }} \
|
|
${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:/tmp/${{ env.BINARY_NAME }}.new
|
|
|
|
ssh -i ~/.ssh/deploy_key ${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} << 'EOF'
|
|
sudo mv /tmp/silod.new /opt/silo/bin/silod
|
|
sudo chmod 755 /opt/silo/bin/silod
|
|
sudo chown root:root /opt/silo/bin/silod
|
|
EOF
|
|
|
|
- name: Deploy configuration
|
|
run: |
|
|
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new \
|
|
deploy-config/deployments/config.prod.yaml \
|
|
${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:/tmp/config.yaml
|
|
|
|
ssh -i ~/.ssh/deploy_key ${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} << 'EOF'
|
|
sudo mv /tmp/config.yaml /etc/silo/config.yaml
|
|
sudo chmod 644 /etc/silo/config.yaml
|
|
sudo chown root:silo /etc/silo/config.yaml
|
|
EOF
|
|
|
|
- name: Deploy schemas
|
|
run: |
|
|
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new -r \
|
|
deploy-config/schemas/* \
|
|
${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:/tmp/silo-schemas/
|
|
|
|
ssh -i ~/.ssh/deploy_key ${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} << 'EOF'
|
|
sudo rm -rf /etc/silo/schemas/*
|
|
sudo mv /tmp/silo-schemas/* /etc/silo/schemas/
|
|
sudo chown -R root:silo /etc/silo/schemas
|
|
sudo chmod -R 644 /etc/silo/schemas/*
|
|
rm -rf /tmp/silo-schemas
|
|
EOF
|
|
|
|
- name: Deploy systemd service
|
|
run: |
|
|
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new \
|
|
deploy-config/deployments/systemd/silod.service \
|
|
${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:/tmp/silod.service
|
|
|
|
ssh -i ~/.ssh/deploy_key ${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} << 'EOF'
|
|
sudo mv /tmp/silod.service /etc/systemd/system/silod.service
|
|
sudo chmod 644 /etc/systemd/system/silod.service
|
|
sudo systemctl daemon-reload
|
|
EOF
|
|
|
|
- name: Start and enable service
|
|
run: |
|
|
ssh -i ~/.ssh/deploy_key ${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} << 'EOF'
|
|
sudo systemctl enable silod
|
|
sudo systemctl start silod
|
|
sleep 3
|
|
sudo systemctl is-active --quiet silod && echo "Service started successfully" || exit 1
|
|
EOF
|
|
|
|
- name: Verify deployment
|
|
run: |
|
|
ssh -i ~/.ssh/deploy_key ${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }} << 'EOF'
|
|
echo "Checking health endpoint..."
|
|
curl -sf http://localhost:8080/health || echo "Health check pending..."
|
|
|
|
echo "Checking readiness endpoint..."
|
|
curl -sf http://localhost:8080/ready || echo "Readiness check pending..."
|
|
|
|
echo "Service status:"
|
|
sudo systemctl status silod --no-pager -l
|
|
EOF
|
|
|
|
- name: Cleanup SSH key
|
|
if: always()
|
|
run: rm -f ~/.ssh/deploy_key
|