From 817d9c16b72581238630369bbca10a683628040d Mon Sep 17 00:00:00 2001 From: Deeman Date: Sun, 22 Feb 2026 23:09:32 +0100 Subject: [PATCH] ci: enable deploy stage with SSH-based blue/green deployment Writes .env to web/, runs deploy.sh from web/. Pushes env vars from GitLab CI/CD variables to the server on every master push. Co-Authored-By: Claude Opus 4.6 --- .gitlab/.gitlab-ci.yml | 81 ++++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 39 deletions(-) diff --git a/.gitlab/.gitlab-ci.yml b/.gitlab/.gitlab-ci.yml index 9857cd4..8b5369f 100644 --- a/.gitlab/.gitlab-ci.yml +++ b/.gitlab/.gitlab-ci.yml @@ -3,7 +3,7 @@ image: python:3.13 stages: # - lint - test -# - deploy + - deploy variables: UV_CACHE_DIR: "$CI_PROJECT_DIR/.uv-cache" @@ -71,41 +71,44 @@ test:web: - changes: - web/**/* -#deploy:web: -# stage: deploy -# image: alpine:latest -# needs: [test:web] -# rules: -# - if: $CI_COMMIT_BRANCH == "master" -# changes: -# - web/**/* -# before_script: -# - apk add --no-cache openssh-client -# - eval $(ssh-agent -s) -# - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - -# - mkdir -p ~/.ssh -# - chmod 700 ~/.ssh -# - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts -# script: -# - | -# ssh "$DEPLOY_USER@$DEPLOY_HOST" "cat > /opt/beanflows/beanflows/.env" << ENVEOF -# APP_NAME=$APP_NAME -# SECRET_KEY=$SECRET_KEY -# BASE_URL=$BASE_URL -# DEBUG=false -# ADMIN_PASSWORD=$ADMIN_PASSWORD -# DATABASE_PATH=data/app.db -# MAGIC_LINK_EXPIRY_MINUTES=${MAGIC_LINK_EXPIRY_MINUTES:-15} -# SESSION_LIFETIME_DAYS=${SESSION_LIFETIME_DAYS:-30} -# RESEND_API_KEY=$RESEND_API_KEY -# EMAIL_FROM=${EMAIL_FROM:-hello@example.com} -# ADMIN_EMAILS=${ADMIN_EMAILS:-} -# RATE_LIMIT_REQUESTS=${RATE_LIMIT_REQUESTS:-100} -# RATE_LIMIT_WINDOW=${RATE_LIMIT_WINDOW:-60} -# PADDLE_API_KEY=$PADDLE_API_KEY -# PADDLE_WEBHOOK_SECRET=$PADDLE_WEBHOOK_SECRET -# PADDLE_PRICE_STARTER=$PADDLE_PRICE_STARTER -# PADDLE_PRICE_PRO=$PADDLE_PRICE_PRO -# ENVEOF -# - ssh "$DEPLOY_USER@$DEPLOY_HOST" "chmod 600 /opt/beanflows/beanflows/.env" -# - ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/beanflows && git pull origin master && ./deploy.sh" +deploy:web: + stage: deploy + image: alpine:latest + needs: [test:web] + rules: + - if: $CI_COMMIT_BRANCH == "master" + before_script: + - apk add --no-cache openssh-client + - eval $(ssh-agent -s) + - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - + - mkdir -p ~/.ssh + - chmod 700 ~/.ssh + - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts + script: + - | + ssh "$DEPLOY_USER@$DEPLOY_HOST" "cat > /opt/beanflows/web/.env" << ENVEOF + APP_NAME=$APP_NAME + SECRET_KEY=$SECRET_KEY + BASE_URL=$BASE_URL + DEBUG=false + DATABASE_PATH=data/app.db + MAGIC_LINK_EXPIRY_MINUTES=$MAGIC_LINK_EXPIRY_MINUTES + SESSION_LIFETIME_DAYS=$SESSION_LIFETIME_DAYS + RESEND_API_KEY=$RESEND_API_KEY + EMAIL_FROM=$EMAIL_FROM + RESEND_AUDIENCE_WAITLIST=$RESEND_AUDIENCE_WAITLIST + ADMIN_EMAILS=$ADMIN_EMAILS + WAITLIST_MODE=$WAITLIST_MODE + RATE_LIMIT_REQUESTS=$RATE_LIMIT_REQUESTS + RATE_LIMIT_WINDOW=$RATE_LIMIT_WINDOW + PADDLE_API_KEY=$PADDLE_API_KEY + PADDLE_WEBHOOK_SECRET=$PADDLE_WEBHOOK_SECRET + PADDLE_ENVIRONMENT=$PADDLE_ENVIRONMENT + PADDLE_PRICE_STARTER=$PADDLE_PRICE_STARTER + PADDLE_PRICE_PRO=$PADDLE_PRICE_PRO + UMAMI_SCRIPT_URL=$UMAMI_SCRIPT_URL + UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID + SERVING_DUCKDB_PATH=$SERVING_DUCKDB_PATH + ENVEOF + - ssh "$DEPLOY_USER@$DEPLOY_HOST" "chmod 600 /opt/beanflows/web/.env" + - ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/beanflows && git pull origin master && cd web && bash deploy.sh"