name: CI/CD Pipeline on: push: branches: [main] jobs: docs: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, '[skip ci]')" steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 24 - name: Генерация ARCHITECTURE.md run: | npm ci npm run docs - name: Коммит generated/ run: | git config user.name "CI Bot" git config user.email "ci@gromlab.ru" git add generated/ if git diff --cached --quiet; then echo "ARCHITECTURE.md не изменился, пропуск" echo "CHANGED=false" >> $GITHUB_ENV else git commit -m "docs: обновить ARCHITECTURE.md [skip ci]" git push origin main echo "CHANGED=true" >> $GITHUB_ENV fi - name: Автоматический тег (semver patch) run: | LAST_TAG=$(git tag -l 'v*' --sort=-v:refname | head -1) if [ -z "$LAST_TAG" ]; then NEW_TAG="v0.1.0" else MAJOR=$(echo "$LAST_TAG" | cut -d. -f1) MINOR=$(echo "$LAST_TAG" | cut -d. -f2) PATCH=$(echo "$LAST_TAG" | cut -d. -f3) NEW_TAG="${MAJOR}.${MINOR}.$((PATCH + 1))" fi git tag "$NEW_TAG" git push origin "$NEW_TAG" echo "NEW_TAG=$NEW_TAG" >> $GITHUB_ENV echo "Создан тег: $NEW_TAG" docker: runs-on: ubuntu-latest needs: docs if: "!contains(github.event.head_commit.message, '[skip ci]')" steps: - name: Checkout uses: actions/checkout@v4 with: ref: main - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - name: Setup variables run: | DOCKER_REGISTRY=$(echo "${{ gitea.server_url }}" | sed 's|https://||') echo "DOCKER_REGISTRY=$DOCKER_REGISTRY" >> $GITHUB_ENV REGISTRY_IMAGE="$DOCKER_REGISTRY/$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')" echo "REGISTRY_IMAGE=$REGISTRY_IMAGE" >> $GITHUB_ENV - name: Login to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.DOCKER_REGISTRY }} username: ${{ secrets.CR_USER }} password: ${{ secrets.CR_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY_IMAGE }} tags: | type=ref,event=branch type=sha,prefix= type=raw,value=latest,enable={{is_default_branch}} - name: Build and push uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile platforms: linux/amd64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} provenance: false sbom: false deploy: runs-on: ubuntu-latest needs: docker steps: - name: Setup variables run: | DOCKER_REGISTRY=$(echo "${{ gitea.server_url }}" | sed 's|https://||') echo "DOCKER_REGISTRY=$DOCKER_REGISTRY" >> $GITHUB_ENV REGISTRY_IMAGE="$DOCKER_REGISTRY/$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')" echo "REGISTRY_IMAGE=$REGISTRY_IMAGE" >> $GITHUB_ENV - name: Настройка SSH run: | mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key chmod 600 ~/.ssh/deploy_key ssh-keyscan -H 188.225.47.78 >> ~/.ssh/known_hosts - name: Деплой run: | ssh -i ~/.ssh/deploy_key root@188.225.47.78 bash -s <<'SCRIPT' set -e IMAGE="${{ env.REGISTRY_IMAGE }}:latest" CONTAINER="slm-design" # Логин в реестр echo '${{ secrets.CR_TOKEN }}' | docker login ${{ env.DOCKER_REGISTRY }} -u '${{ secrets.CR_USER }}' --password-stdin # Сохранить ID текущего образа до pull OLD_IMAGE_ID=$(docker images -q "$IMAGE" 2>/dev/null || true) # Скачать новый образ docker pull "$IMAGE" # Перезапустить контейнер docker stop "$CONTAINER" 2>/dev/null || true docker rm "$CONTAINER" 2>/dev/null || true docker run -d --name "$CONTAINER" --network web --restart unless-stopped "$IMAGE" # Удалить старый образ если он отличается от нового NEW_IMAGE_ID=$(docker images -q "$IMAGE") if [ -n "$OLD_IMAGE_ID" ] && [ "$OLD_IMAGE_ID" != "$NEW_IMAGE_ID" ]; then docker rmi "$OLD_IMAGE_ID" 2>/dev/null || true fi # Очистка: dangling-образы, неиспользуемые volumes, build-кеш docker image prune -af --filter "label=org.opencontainers.image.title=$CONTAINER" docker image prune -f docker builder prune -f 2>/dev/null || true # Статус docker ps --filter "name=$CONTAINER" SCRIPT