webapp/.github/workflows/deploy-dev.yaml at main · nolus-protocol/webapp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Deploy dev

on:
  push:
    branches:
      - main

concurrency:
  group: deploy-dev
  cancel-in-progress: false

jobs:
  build-and-deploy:
    name: Build and deploy
    runs-on: [self-hosted, frontend-deploy]

    env:
      PATH: /root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      DEPLOY_DIR: /opt/deploy/builds/app-dev
      SERVICE: webapp-dev
      HEALTH_PORT: "5050"

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'

      - name: Build frontend (SPA)
        env:
          VITE_BACKEND_URL: https://app-dev.nolus.io
          VITE_WS_URL: wss://app-dev.nolus.io/ws
          VITE_APP_URL: https://app-dev.nolus.io
        run: |
          npm update web-components
          npm ci
          npm run build

      - name: Build Rust backend
        run: |
          cd backend
          cargo build --release

      - name: Prepare deployment bundle
        run: |
          mkdir -p deploy-bundle
          cp -r dist/ deploy-bundle/
          cp backend/target/release/nolus-backend deploy-bundle/

      - name: Backup live binary + dist on deploy host
        run: |
          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} "bash -s" <<REMOTE
            set -uo pipefail
            cd $DEPLOY_DIR 2>/dev/null || { echo "::warning::deploy dir $DEPLOY_DIR missing — first deploy, nothing to back up"; exit 0; }
            if [ -f nolus-backend ]; then
              cp -p nolus-backend nolus-backend.bak
              echo "backed up nolus-backend (\$(stat -c %y nolus-backend.bak))"
            fi
            if [ -d dist ]; then
              rm -rf dist.bak
              cp -a dist dist.bak
              echo "backed up dist/"
            fi
          REMOTE

      - name: Stop backend service (release binary lock)
        run: |
          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} "\
            sudo systemctl stop $SERVICE"

      - name: Deploy bundle via rclone
        run: |
          rclone sync deploy-bundle/ :sftp,host=${{ vars.DEPLOY_HOST }},user=${{ vars.DEPLOY_USER }},key_file=~/.ssh/id_ed25519:$DEPLOY_DIR/ \
            --filter "- .env" \
            --filter "- config/" \
            --filter "- config/**" \
            --filter "- nolus-backend.bak" \
            --filter "- dist.bak/**" \
            --verbose

      - name: Start backend + mark binary executable
        run: |
          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} "\
            chmod +x $DEPLOY_DIR/nolus-backend && \
            sudo systemctl start $SERVICE"

      - name: Health probe
        run: |
          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} "bash -s" <<REMOTE
            set -u
            url="http://127.0.0.1:$HEALTH_PORT/api/health"
            echo "probing \$url"
            for i in 1 2 3 4 5 6 7 8 9 10; do
              if curl -fsS --max-time 5 -o /dev/null "\$url"; then
                echo "::notice::$SERVICE healthy at \$url (attempt \$i)"
                exit 0
              fi
              echo "attempt \$i: not ready yet"
              sleep 3
            done
            echo "::error::$SERVICE failed health check at \$url after 10 attempts (~30s)"
            systemctl is-active $SERVICE || true
            exit 1
          REMOTE

      - name: Rollback on failure
        if: failure()
        run: |
          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} "bash -s" <<REMOTE
            set -u
            cd $DEPLOY_DIR 2>/dev/null || { echo "::error::deploy dir missing, cannot roll back"; exit 1; }
            if [ ! -f nolus-backend.bak ] && [ ! -d dist.bak ]; then
              echo "::error::no backups at $DEPLOY_DIR — manual intervention required"
              exit 1
            fi
            echo "::warning::rolling $SERVICE back to previous artifacts"
            if [ -f nolus-backend.bak ]; then
              cp -p nolus-backend.bak nolus-backend
              chmod +x nolus-backend
              echo "restored nolus-backend"
            fi
            if [ -d dist.bak ]; then
              rsync -a --delete dist.bak/ dist/
              echo "restored dist/"
            fi
            sudo systemctl restart $SERVICE
            url="http://127.0.0.1:$HEALTH_PORT/api/health"
            for i in 1 2 3 4 5 6; do
              if curl -fsS --max-time 5 -o /dev/null "\$url"; then
                echo "::notice::$SERVICE rollback verified at \$url (attempt \$i)"
                exit 0
              fi
              sleep 3
            done
            echo "::error::$SERVICE rollback restart FAILED — service is down, manual intervention required"
            exit 1
          REMOTE