This commit is contained in:
@@ -11,7 +11,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
uses: https://gitea.com/actions/checkout@v4
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
@@ -25,17 +25,30 @@ jobs:
|
||||
|
||||
- name: Build and push postgres image
|
||||
uses: docker/build-push-action@v5
|
||||
if: |
|
||||
contains(github.event.commits[0].modified, 'infra/docker/postgres-pg-cron') ||
|
||||
contains(github.event.commits[0].added, 'infra/docker/postgres-pg-cron')
|
||||
# if: |
|
||||
# contains(github.event.commits[0].modified, 'infra/docker/postgres-pg-cron') ||
|
||||
# contains(github.event.commits[0].added, 'infra/docker/postgres-pg-cron')
|
||||
with:
|
||||
context: .
|
||||
file: infra/docker/postgres-pg-cron/Dockerfile
|
||||
push: true
|
||||
tags: |
|
||||
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:latest
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:${{ github.sha }}
|
||||
cache-from: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache
|
||||
cache-to: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache,mode=max
|
||||
|
||||
- name: Build and push webhook image
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: infra/webhook/Dockerfile
|
||||
push: true
|
||||
tags: |
|
||||
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-webhook:latest
|
||||
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:${{ github.sha }}
|
||||
cache-from: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache
|
||||
cache-to: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache,mode=max
|
||||
|
||||
- name: Build and push app image
|
||||
uses: docker/build-push-action@v5
|
||||
@@ -46,8 +59,8 @@ jobs:
|
||||
tags: |
|
||||
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:latest
|
||||
${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:${{ github.sha }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
cache-from: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache
|
||||
cache-to: type=registry,ref=${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:cache,mode=max
|
||||
|
||||
- name: Trigger deploy
|
||||
run: |
|
||||
|
||||
@@ -14,7 +14,7 @@ RUN npm run build
|
||||
# ================================
|
||||
# Stage 2: сборка Go
|
||||
# ================================
|
||||
FROM golang:1.25-alpine AS backend
|
||||
FROM golang:1.26-bookworm AS backend
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
@@ -34,15 +34,10 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o server ./src/
|
||||
# ================================
|
||||
# Stage 3: финальный образ
|
||||
# ================================
|
||||
FROM alpine:3.19
|
||||
FROM scratch
|
||||
|
||||
# нужен для корректной работы TLS и временных зон
|
||||
RUN apk add --no-cache ca-certificates tzdata
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=backend /app/server ./server
|
||||
|
||||
EXPOSE 8080
|
||||
COPY --from=backend /app/server /server
|
||||
COPY --from=backend /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||
COPY --from=backend /usr/share/zoneinfo /usr/share/zoneinfo
|
||||
|
||||
ENTRYPOINT ["./server"]
|
||||
@@ -1,12 +1,12 @@
|
||||
FROM golang:1.25-alpine AS builder
|
||||
FROM golang:1.26-bookworm AS backend
|
||||
|
||||
WORKDIR /app
|
||||
COPY infra/webhook/ .
|
||||
RUN go mod download && \
|
||||
CGO_ENABLED=0 GOOS=linux go build -o webhook .
|
||||
|
||||
FROM alpine:3.19
|
||||
RUN apk add --no-cache docker-cli ca-certificates
|
||||
FROM scratch
|
||||
COPY --from=builder /app/webhook /webhook
|
||||
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||
EXPOSE 9001
|
||||
ENTRYPOINT ["/webhook"]
|
||||
@@ -1,5 +1,3 @@
|
||||
module webhook
|
||||
|
||||
go 1.25
|
||||
|
||||
require github.com/docker/docker v26.1.0+incompatible
|
||||
go 1.25.0
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
|
||||
+78
-32
@@ -3,79 +3,125 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"github.com/docker/docker/client"
|
||||
)
|
||||
|
||||
func newDockerClient() *http.Client {
|
||||
return &http.Client{
|
||||
Transport: &http.Transport{
|
||||
DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) {
|
||||
return net.Dial("unix", "/var/run/docker.sock")
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func getImageName(containerName string) (string, error) {
|
||||
client := newDockerClient()
|
||||
resp, err := client.Get("http://localhost/containers/" + containerName + "/json")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
var result struct {
|
||||
Config struct {
|
||||
Image string `json:"Image"`
|
||||
} `json:"Config"`
|
||||
}
|
||||
if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return result.Config.Image, nil
|
||||
}
|
||||
|
||||
func pullImage(imageName string) error {
|
||||
client := newDockerClient()
|
||||
resp, err := client.Post(
|
||||
"http://localhost/images/create?fromImage="+url.QueryEscape(imageName),
|
||||
"application/json",
|
||||
nil,
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
// читаем до конца чтобы pull завершился полностью
|
||||
io.Copy(io.Discard, resp.Body)
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return fmt.Errorf("pull failed with status: %d", resp.StatusCode)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func restartContainer(containerName string) error {
|
||||
client := newDockerClient()
|
||||
resp, err := client.Post(
|
||||
"http://localhost/containers/"+containerName+"/restart",
|
||||
"application/json",
|
||||
nil,
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusNoContent {
|
||||
return fmt.Errorf("restart failed with status: %d", resp.StatusCode)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func main() {
|
||||
secret := os.Getenv("WEBHOOK_SECRET")
|
||||
|
||||
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
|
||||
if err != nil {
|
||||
log.Fatal("failed to create docker client:", err)
|
||||
}
|
||||
defer cli.Close()
|
||||
|
||||
http.HandleFunc("/deploy", func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
|
||||
if r.Header.Get("X-Webhook-Secret") != secret {
|
||||
http.Error(w, "unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// имя контейнера берём из query параметра
|
||||
containerName := r.URL.Query().Get("container")
|
||||
if containerName == "" {
|
||||
http.Error(w, "container parameter is required", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
// получаем инфо о контейнере чтобы узнать имя образа
|
||||
inspect, err := cli.ContainerInspect(ctx, containerName)
|
||||
imageName, err := getImageName(containerName)
|
||||
if err != nil {
|
||||
log.Printf("failed to inspect container %s: %v", containerName, err)
|
||||
http.Error(w, "container not found", http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
imageName := inspect.Config.Image
|
||||
log.Printf("Container: %s, Image: %s", containerName, imageName)
|
||||
|
||||
// тянем новый образ
|
||||
log.Println("Pulling new image...")
|
||||
pull := exec.Command("docker", "pull", imageName)
|
||||
pull.Stdout = os.Stdout
|
||||
pull.Stderr = os.Stderr
|
||||
if err := pull.Run(); err != nil {
|
||||
log.Println("pull failed:", err)
|
||||
log.Printf("Pulling image %s...", imageName)
|
||||
if err := pullImage(imageName); err != nil {
|
||||
log.Printf("pull failed: %v", err)
|
||||
http.Error(w, "pull failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
// перезапускаем контейнер
|
||||
log.Printf("Restarting container %s...", containerName)
|
||||
restart := exec.Command("docker", "restart", containerName)
|
||||
restart.Stdout = os.Stdout
|
||||
restart.Stderr = os.Stderr
|
||||
if err := restart.Run(); err != nil {
|
||||
log.Println("restart failed:", err)
|
||||
if err := restartContainer(containerName); err != nil {
|
||||
log.Printf("restart failed: %v", err)
|
||||
http.Error(w, "restart failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("Deploy of %s completed", containerName)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(map[string]string{
|
||||
"status": "ok",
|
||||
"container": containerName,
|
||||
|
||||
Reference in New Issue
Block a user