koopa/.github/workflows/deploy.yml at main · Koopa0/koopa · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Deploy to VPS

on:
  push:
    branches: [main]

concurrency:
  group: deploy
  cancel-in-progress: false

jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.VPS_HOST }}
          username: ${{ secrets.VPS_USER }}
          key: ${{ secrets.VPS_SSH_KEY }}
          script: |
            cd ~/koopa0.dev
            # fetch + hard reset instead of pull — production always mirrors
            # origin exactly, survives force-push / history rewrites, and
            # refuses to get stuck on divergent branches.
            git fetch origin
            git reset --hard origin/main

            # Silence Grafana alerts during deploy (5 min)
            export $(grep GRAFANA_ADMIN_PASSWORD ~/server/observability/.env)
            SILENCE_ID=$(curl -sf -X POST http://localhost:3000/api/alertmanager/grafana/api/v2/silences \
              -H "Authorization: Basic $(echo -n admin:${GRAFANA_ADMIN_PASSWORD} | base64)" \
              -H "Content-Type: application/json" \
              -d "{
                \"matchers\": [{\"name\": \"severity\", \"value\": \".*\", \"isRegex\": true}],
                \"startsAt\": \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",
                \"endsAt\": \"$(date -u -d '+5 min' +%Y-%m-%dT%H:%M:%SZ)\",
                \"createdBy\": \"ci-cd\",
                \"comment\": \"Deploy silence\"
              }" 2>/dev/null | jq -r '.silenceID' 2>/dev/null) || true

            docker compose up -d --build
            docker image prune -f

            # Post-deploy health check
            echo "Waiting for services to be ready..."
            for svc in backend mcp; do
              case $svc in
                backend) endpoint="http://localhost:8080/healthz" ;;
                mcp)     endpoint="http://localhost:8081/healthz" ;;
              esac
              for i in $(seq 1 30); do
                if docker compose exec -T $svc wget -qO- $endpoint > /dev/null 2>&1; then
                  echo "$svc healthy after ${i}s"
                  break
                fi
                if [ "$i" -eq 30 ]; then
                  echo "ERROR: $svc failed health check after 30s"
                  docker compose logs $svc --tail 20
                  exit 1
                fi
                sleep 1
              done
            done

            # Expire silence early after deploy completes
            if [ -n "$SILENCE_ID" ] && [ "$SILENCE_ID" != "null" ]; then
              curl -sf -X DELETE "http://localhost:3000/api/alertmanager/grafana/api/v2/silence/${SILENCE_ID}" \
                -H "Authorization: Basic $(echo -n admin:${GRAFANA_ADMIN_PASSWORD} | base64)" 2>/dev/null || true
            fi