name: CI/CD Pipeline (Using Gitea Variables & Secrets) on: push: branches: [ production ] env: NODE_VERSION: '20' DOCKER_IMAGE: portfolio-app CONTAINER_NAME: portfolio-app jobs: production: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} cache: 'npm' - name: Install dependencies run: npm ci - name: Run linting run: npm run lint - name: Run tests run: npm run test:production - name: Build application run: npm run build - name: Run security scan run: | echo "๐Ÿ” Running npm audit..." npm audit --audit-level=high || echo "โš ๏ธ Some vulnerabilities found, but continuing..." - name: Verify Gitea Variables and Secrets run: | echo "๐Ÿ” Verifying Gitea Variables and Secrets..." # Check Variables if [ -z "${{ vars.NEXT_PUBLIC_BASE_URL }}" ]; then echo "โŒ NEXT_PUBLIC_BASE_URL variable is missing!" echo "Please set this variable in Gitea repository settings" exit 1 fi if [ -z "${{ vars.MY_EMAIL }}" ]; then echo "โŒ MY_EMAIL variable is missing!" echo "Please set this variable in Gitea repository settings" exit 1 fi if [ -z "${{ vars.MY_INFO_EMAIL }}" ]; then echo "โŒ MY_INFO_EMAIL variable is missing!" echo "Please set this variable in Gitea repository settings" exit 1 fi # Check Secrets if [ -z "${{ secrets.MY_PASSWORD }}" ]; then echo "โŒ MY_PASSWORD secret is missing!" echo "Please set this secret in Gitea repository settings" exit 1 fi if [ -z "${{ secrets.MY_INFO_PASSWORD }}" ]; then echo "โŒ MY_INFO_PASSWORD secret is missing!" echo "Please set this secret in Gitea repository settings" exit 1 fi if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then echo "โŒ ADMIN_BASIC_AUTH secret is missing!" echo "Please set this secret in Gitea repository settings" exit 1 fi echo "โœ… All required Gitea variables and secrets are present" echo "๐Ÿ“ Variables found:" echo " - NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }}" echo " - MY_EMAIL: ${{ vars.MY_EMAIL }}" echo " - MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }}" echo " - NODE_ENV: ${{ vars.NODE_ENV }}" echo " - LOG_LEVEL: ${{ vars.LOG_LEVEL }}" - name: Build Docker image run: | echo "๐Ÿ—๏ธ Building Docker image..." docker build -t ${{ env.DOCKER_IMAGE }}:latest . docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S) echo "โœ… Docker image built successfully" - name: Deploy using Gitea Variables and Secrets run: | echo "๐Ÿš€ Deploying using Gitea Variables and Secrets..." # Export environment variables from Gitea export NODE_ENV="${{ vars.NODE_ENV }}" export LOG_LEVEL="${{ vars.LOG_LEVEL }}" export NEXT_PUBLIC_BASE_URL="${{ vars.NEXT_PUBLIC_BASE_URL }}" export NEXT_PUBLIC_UMAMI_URL="${{ vars.NEXT_PUBLIC_UMAMI_URL }}" export NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" export MY_EMAIL="${{ vars.MY_EMAIL }}" export MY_INFO_EMAIL="${{ vars.MY_INFO_EMAIL }}" export MY_PASSWORD="${{ secrets.MY_PASSWORD }}" export MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" export ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" echo "๐Ÿ“ Using Gitea Variables and Secrets:" echo " - NODE_ENV: ${NODE_ENV}" echo " - LOG_LEVEL: ${LOG_LEVEL}" echo " - NEXT_PUBLIC_BASE_URL: ${NEXT_PUBLIC_BASE_URL}" echo " - MY_EMAIL: ${MY_EMAIL}" echo " - MY_INFO_EMAIL: ${MY_INFO_EMAIL}" echo " - MY_PASSWORD: [SET FROM GITEA SECRET]" echo " - MY_INFO_PASSWORD: [SET FROM GITEA SECRET]" echo " - ADMIN_BASIC_AUTH: [SET FROM GITEA SECRET]" # Stop old containers echo "๐Ÿ›‘ Stopping old containers..." docker compose down || true # Clean up orphaned containers echo "๐Ÿงน Cleaning up orphaned containers..." docker compose down --remove-orphans || true # Start new containers echo "๐Ÿš€ Starting new containers..." docker compose up -d echo "โœ… Deployment completed!" env: NODE_ENV: ${{ vars.NODE_ENV }} LOG_LEVEL: ${{ vars.LOG_LEVEL }} NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }} NEXT_PUBLIC_UMAMI_URL: ${{ vars.NEXT_PUBLIC_UMAMI_URL }} NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ vars.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} MY_EMAIL: ${{ vars.MY_EMAIL }} MY_INFO_EMAIL: ${{ vars.MY_INFO_EMAIL }} MY_PASSWORD: ${{ secrets.MY_PASSWORD }} MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }} ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }} - name: Wait for containers to be ready run: | echo "โณ Waiting for containers to be ready..." sleep 30 # Check if all containers are running echo "๐Ÿ“Š Checking container status..." docker compose ps # Wait for application container to be healthy echo "๐Ÿฅ Waiting for application container to be healthy..." for i in {1..30}; do if docker exec portfolio-app curl -f http://localhost:3000/api/health > /dev/null 2>&1; then echo "โœ… Application container is healthy!" break fi echo "โณ Waiting for application container... ($i/30)" sleep 3 done - name: Health check run: | echo "๐Ÿ” Running comprehensive health checks..." # Check container status echo "๐Ÿ“Š Container status:" docker compose ps # Check application container echo "๐Ÿฅ Checking application container..." if docker exec portfolio-app curl -f http://localhost:3000/api/health; then echo "โœ… Application health check passed!" else echo "โŒ Application health check failed!" docker logs portfolio-app --tail=50 exit 1 fi # Check main page if curl -f http://localhost:3000/ > /dev/null; then echo "โœ… Main page is accessible!" else echo "โŒ Main page is not accessible!" exit 1 fi echo "โœ… All health checks passed! Deployment successful!" - name: Cleanup old images run: | echo "๐Ÿงน Cleaning up old images..." docker image prune -f docker system prune -f echo "โœ… Cleanup completed"