Add Docker Deployment Workflow

2025-12-17 15:43:41 +13:00
parent 0ec4af3447
commit 03f4cf1494
1 changed files with 51 additions and 29 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,6 +7,9 @@ on:
    types: [opened, synchronize]

 jobs:
+  # ---------------------------------
+  # Lint & Typecheck
+  # ---------------------------------
  lint-and-typecheck:
    name: Lint & Typecheck
    runs-on: ubuntu-latest
@@ -16,22 +19,20 @@ jobs:
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
-
    steps:
      - uses: actions/checkout@v4
-
      - name: Enable pnpm
        run: corepack enable
-
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
-
      - name: Lint
        run: pnpm lint
-
      - name: Typecheck
        run: pnpm typecheck

+  # ---------------------------------
+  # Unit / Service / Route / Security Tests
+  # ---------------------------------
  test:
    name: Test (${{ matrix.group }})
    runs-on: ubuntu-latest
@@ -41,27 +42,24 @@ jobs:
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
-
    strategy:
      fail-fast: false
      matrix:
        group: [unit, services, routes, security]
-
    steps:
      - uses: actions/checkout@v4
-
      - name: Enable pnpm
        run: corepack enable
-
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
-
      - name: Build dependencies (shared, test-utils)
        run: pnpm turbo run build --filter=@tracearr/shared --filter=@tracearr/test-utils
-
      - name: Run ${{ matrix.group }} tests
        run: pnpm --filter @tracearr/server test:${{ matrix.group }}

+  # ---------------------------------
+  # Integration Tests (TimescaleDB + Redis)
+  # ---------------------------------
  test-integration:
    name: Test (integration)
    runs-on: ubuntu-latest
@@ -73,7 +71,6 @@ jobs:
      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
      TEST_DATABASE_URL: postgresql://test:test@timescale:5432/tracearr_test
      TEST_REDIS_URL: redis://redis:6379
-
    services:
      timescale:
        image: timescale/timescaledb:latest-pg15
@@ -86,7 +83,6 @@ jobs:
          --health-interval 5s
          --health-timeout 3s
          --health-retries 10
-
      redis:
        image: redis:7-alpine
        options: >-
@@ -94,22 +90,20 @@ jobs:
          --health-interval 5s
          --health-timeout 3s
          --health-retries 5
-
    steps:
      - uses: actions/checkout@v4
-
      - name: Enable pnpm
        run: corepack enable
-
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
-
      - name: Build dependencies (shared, test-utils)
        run: pnpm turbo run build --filter=@tracearr/shared --filter=@tracearr/test-utils
-
      - name: Run integration tests
        run: pnpm --filter @tracearr/server test:integration

+  # ---------------------------------
+  # Test Coverage
+  # ---------------------------------
  test-coverage:
    name: Test Coverage
    runs-on: ubuntu-latest
@@ -119,24 +113,18 @@ jobs:
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
-
    steps:
      - uses: actions/checkout@v4
-
      - name: Enable pnpm
        run: corepack enable
-
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
-
      - name: Build dependencies (shared, test-utils)
        run: pnpm turbo run build --filter=@tracearr/shared --filter=@tracearr/test-utils
-
      - name: Run tests with coverage
        run: pnpm test:coverage
-
      - name: Upload coverage reports
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: coverage-report
@@ -144,6 +132,9 @@ jobs:
          retention-days: 7
          if-no-files-found: warn

+  # ---------------------------------
+  # Build App
+  # ---------------------------------
  build:
    name: Build
    runs-on: ubuntu-latest
@@ -158,15 +149,46 @@ jobs:
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ vars.TURBO_TEAM }}
-
    steps:
      - uses: actions/checkout@v4
-
      - name: Enable pnpm
        run: corepack enable
-
      - name: Install dependencies
        run: pnpm install --frozen-lockfile
-
      - name: Build
        run: pnpm build
+
+  # ---------------------------------
+  # Deploy to Docker
+  # ---------------------------------
+  deploy:
+    name: Deploy Tracearr
+    runs-on: ubuntu-latest
+    container:
+      image: docker:26-cli
+    needs: build
+    if: github.ref == 'refs/heads/main'
+    env:
+      REGISTRY: gitea.yourdomain.co.nz
+      IMAGE_NAME: tracearr
+      IMAGE_TAG: latest
+      REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+      REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to Gitea registry
+        run: |
+          echo "${REGISTRY_TOKEN}" | docker login $REGISTRY \
+            -u "${REGISTRY_USER}" --password-stdin
+      - name: Build Docker image
+        run: |
+          docker build \
+            -t $REGISTRY/$REGISTRY_USER/$IMAGE_NAME:$IMAGE_TAG \
+            -f docker/Dockerfile .
+      - name: Push Docker image
+        run: |
+          docker push $REGISTRY/$REGISTRY_USER/$IMAGE_NAME:$IMAGE_TAG
+      - name: Deploy via docker compose
+        run: |
+          docker compose -f docker/docker-compose.yml pull
+          docker compose -f docker/docker-compose.yml up -d