2026-05-19 22:02:05 +03:00
10 changed files with 285 additions and 9 deletions
@@ -0,0 +1,56 @@
 name: Build and Deploy
 on:
  push:
    branches:
      - main
 jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Gitea Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.REGISTRY_URL }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build and push postgres image
        uses: docker/build-push-action@v5
        if: |
          contains(github.event.commits[0].modified, 'infra/docker/postgres-pg-cron') ||
          contains(github.event.commits[0].added, 'infra/docker/postgres-pg-cron')
        with:
          context: .
          file: infra/docker/postgres-pg-cron/Dockerfile
          push: true
          tags: |
            ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub-postgres:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Build and push app image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: infra/docker/application/Dockerfile
          push: true
          tags: |
            ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:latest
            ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USER }}/familyhub:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Trigger deploy
        run: |
          curl -s -X POST \
            -H "X-Webhook-Secret: ${{ secrets.WEBHOOK_SECRET }}" \
            "http://10.0.0.2:9001/deploy?container=familyhub"
@@ -1,2 +0,0 @@
 Portainer
 admin - 4c#;=H36$s^J
@@ -128,6 +128,8 @@ func NewServer(cfg config.Config) *Server {
 	authRouter := routers.NewAuthRouter(authService)
 	authRouter.RegisterRouter(apiV1)
 	// подключаем статику Vue — должно быть последним
 	registerStaticFiles(router)
 	return &Server{
 		httpServer: &http.Server{
 			Addr:    cfg.APIHost + ":" + cfg.APIPort,
@@ -0,0 +1,27 @@
 package api
 import (
 	"embed"
 	"io/fs"
 	"net/http"
 	"github.com/gin-gonic/gin"
 )
 //go:embed dist
 var staticFiles embed.FS
 func registerStaticFiles(router *gin.Engine) {
 	// вырезаем префикс dist/ чтобы / отдавал index.html
 	distFS, err := fs.Sub(staticFiles, "dist")
 	if err != nil {
 		panic(err)
 	}
 	fileServer := http.FileServer(http.FS(distFS))
 	// все маршруты которые не /api и не /openapi — отдаём Vue
 	router.NoRoute(func(c *gin.Context) {
 		fileServer.ServeHTTP(c.Writer, c.Request)
 	})
 }
@@ -1,12 +1,28 @@
 version: '3.9'
 services:
  app:
    image: git.myhomecloud.tech/admin/familyhub:latest
    container_name: familyhub
    restart: unless-stopped
    ports:
      - "10.0.0.2:8000:8000"    # только через WireGuard
    environment:
      - DB_HOST=db
      - DB_PORT=5432
      - DB_USER=familyUser
      - DB_PASSWORD=familyPass
      - DB_NAME=familyHubDB
    depends_on:
      - db
    networks:
      - family-hub-net
  db:
-    build:
+    image: git.myhomecloud.tech/admin/familyhub-postgres:latest
      context: ..
      dockerfile: infra/docker/postgres-pg-cron/Dockerfile
    container_name: postgres
    restart: always
    pull_policy: always
    command:
      - postgres
      - -c
@@ -17,8 +33,31 @@ services:
      POSTGRES_USER: familyUser
      POSTGRES_PASSWORD: familyPass
      POSTGRES_DB: familyHubDB
    ports:
      - "5432:5432"
    volumes:
-      - ./volumes/postgres:/var/lib/postgresql/data
+      - postgres-data:/var/lib/postgresql/data
-      - ./docker/postgres-pg-cron/init:/docker-entrypoint-initdb.d
+      - ./init:/docker-entrypoint-initdb.d
    networks:
      - family-hub-net
  webhook:
    image: git.myhomecloud.tech/admin/familyhub-webhook:latest
    container_name: webhook
    restart: unless-stopped
    pull_policy: always
    ports:
      - "10.0.0.2:9001:9001"
    environment:
      - WEBHOOK_SECRET=${WEBHOOK_SECRET}
      - COMPOSE_FILE=/compose/docker-compose.yml
      - COMPOSE_PROJECT=familyhub
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./docker-compose.yml:/compose/docker-compose.yml:ro
    networks:
      - family-hub-net
 networks:
  family-hub-net:
 volumes:
  postgres-data:
@@ -0,0 +1,48 @@
 # ================================
 # Stage 1: сборка Vue
 # ================================
 FROM node:20-alpine AS frontend
 WORKDIR /app
 COPY frontend/package*.json ./
 RUN npm ci
 COPY frontend/ ./
 RUN npm run build
 # ================================
 # Stage 2: сборка Go
 # ================================
 FROM golang:1.25-alpine AS backend
 WORKDIR /app
 # зависимости отдельно — используем кэш слоёв
 COPY backend/go.mod backend/go.sum ./
 RUN go mod download
 # исходники
 COPY backend/ ./
 # встраиваем собранную статику Vue
 COPY --from=frontend /app/dist ./src/api/dist
 # сборка бинарника
 RUN CGO_ENABLED=0 GOOS=linux go build -o server ./src/
 # ================================
 # Stage 3: финальный образ
 # ================================
 FROM alpine:3.19
 # нужен для корректной работы TLS и временных зон
 RUN apk add --no-cache ca-certificates tzdata
 WORKDIR /app
 COPY --from=backend /app/server ./server
 EXPOSE 8080
 ENTRYPOINT ["./server"]
@@ -0,0 +1,12 @@
 FROM golang:1.25-alpine AS builder
 WORKDIR /app
 COPY infra/webhook/ .
 RUN go mod download && \
    CGO_ENABLED=0 GOOS=linux go build -o webhook .
 FROM alpine:3.19
 RUN apk add --no-cache docker-cli ca-certificates
 COPY --from=builder /app/webhook /webhook
 EXPOSE 9001
 ENTRYPOINT ["/webhook"]
@@ -0,0 +1,5 @@
 module webhook
 go 1.25
 require github.com/docker/docker v26.1.0+incompatible
@@ -0,0 +1 @@
 github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
@@ -0,0 +1,88 @@
 package main
 import (
 	"context"
 	"encoding/json"
 	"log"
 	"net/http"
 	"os"
 	"os/exec"
 	"github.com/docker/docker/client"
 )
 func main() {
 	secret := os.Getenv("WEBHOOK_SECRET")
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 	if err != nil {
 		log.Fatal("failed to create docker client:", err)
 	}
 	defer cli.Close()
 	http.HandleFunc("/deploy", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != http.MethodPost {
 			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
 			return
 		}
 		if r.Header.Get("X-Webhook-Secret") != secret {
 			http.Error(w, "unauthorized", http.StatusUnauthorized)
 			return
 		}
 		// имя контейнера берём из query параметра
 		containerName := r.URL.Query().Get("container")
 		if containerName == "" {
 			http.Error(w, "container parameter is required", http.StatusBadRequest)
 			return
 		}
 		ctx := context.Background()
 		// получаем инфо о контейнере чтобы узнать имя образа
 		inspect, err := cli.ContainerInspect(ctx, containerName)
 		if err != nil {
 			log.Printf("failed to inspect container %s: %v", containerName, err)
 			http.Error(w, "container not found", http.StatusNotFound)
 			return
 		}
 		imageName := inspect.Config.Image
 		log.Printf("Container: %s, Image: %s", containerName, imageName)
 		// тянем новый образ
 		log.Println("Pulling new image...")
 		pull := exec.Command("docker", "pull", imageName)
 		pull.Stdout = os.Stdout
 		pull.Stderr = os.Stderr
 		if err := pull.Run(); err != nil {
 			log.Println("pull failed:", err)
 			http.Error(w, "pull failed", http.StatusInternalServerError)
 			return
 		}
 		// перезапускаем контейнер
 		log.Printf("Restarting container %s...", containerName)
 		restart := exec.Command("docker", "restart", containerName)
 		restart.Stdout = os.Stdout
 		restart.Stderr = os.Stderr
 		if err := restart.Run(); err != nil {
 			log.Println("restart failed:", err)
 			http.Error(w, "restart failed", http.StatusInternalServerError)
 			return
 		}
 		log.Printf("Deploy of %s completed", containerName)
 		w.WriteHeader(http.StatusOK)
 		json.NewEncoder(w).Encode(map[string]string{
 			"status":    "ok",
 			"container": containerName,
 			"image":     imageName,
 		})
 	})
 	log.Println("Webhook server listening on :9001")
 	log.Fatal(http.ListenAndServe(":9001", nil))
 }
		`@@ -0,0 +1 @@`
							`github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=`