From 49639252bfe10cf61dbb6637b0ca6d98292d1b6e Mon Sep 17 00:00:00 2001 From: chpark Date: Thu, 23 Apr 2026 01:20:50 +0900 Subject: [PATCH] =?UTF-8?q?ci:=20self-hosted=20runner=20=EC=A7=81=EC=A0=91?= =?UTF-8?q?=20=EC=8B=A4=ED=96=89=20(SSH=20=EB=B6=88=ED=95=84=EC=9A=94)=20+?= =?UTF-8?q?=20root=20=EB=AA=A8=EB=93=9C=20sudo=20=EC=9E=90=EB=8F=99=20?= =?UTF-8?q?=EC=8A=A4=ED=82=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/deploy.yml | 49 ++++++++++++++++++++----------------- scripts/deploy-remote.sh | 22 ++++++++++++----- 2 files changed, 43 insertions(+), 28 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index b32917c..91b1615 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -1,4 +1,4 @@ -name: Deploy via SSH +name: Deploy on: push: @@ -6,25 +6,30 @@ on: workflow_dispatch: jobs: - remote-deploy: - runs-on: ubuntu-latest + deploy: + runs-on: self-hosted steps: - - name: Trigger remote deploy on server - uses: appleboy/ssh-action@v1.0.3 - with: - host: ${{ secrets.SSH_HOST }} - port: ${{ secrets.SSH_PORT || 22 }} - username: ${{ secrets.SSH_USER }} - password: ${{ secrets.SSH_PASSWORD }} - command_timeout: 20m - script: | - set -e - cd /home/chpark - if [ ! -d insurance/.git ]; then - git clone https://git.junggomoa.com/chpark/insurance.git - fi - cd insurance - git fetch origin - git reset --hard origin/master - chmod +x scripts/deploy-remote.sh - bash scripts/deploy-remote.sh + - name: Sync repo + run: | + cd /home/chpark + if [ ! -d insurance/.git ]; then + git clone https://git.junggomoa.com/chpark/insurance.git + fi + cd insurance + git fetch origin + git reset --hard "origin/${GITHUB_REF##*/}" + + - name: Deploy to k3s + run: | + cd /home/chpark/insurance + chmod +x scripts/deploy-remote.sh + bash scripts/deploy-remote.sh + + - name: Show status + if: always() + run: | + export KUBECONFIG=/home/chpark/.kube/config + kubectl -n insurance get pods,svc 2>&1 || true + echo "" + echo "πŸš€ Web: https://insurance.junggomoa.com" + echo "πŸ”Œ API: https://api.insurance.junggomoa.com" diff --git a/scripts/deploy-remote.sh b/scripts/deploy-remote.sh index 92ccc91..18e3a0d 100644 --- a/scripts/deploy-remote.sh +++ b/scripts/deploy-remote.sh @@ -1,11 +1,21 @@ #!/usr/bin/env bash set -e -export KUBECONFIG=/home/chpark/.kube/config -SUDO_PASS="${SUDO_PASS:-qlalfqjsgh11}" +export KUBECONFIG="${KUBECONFIG:-/home/chpark/.kube/config}" -sudo_run() { - echo "$SUDO_PASS" | sudo -S bash -c "$1" -} +# root μ‹€ν–‰ μ‹œμ—” sudo μƒλž΅, 일반 μœ μ €λ©΄ λΉ„λ²ˆμœΌλ‘œ sudo +if [ "$(id -u)" -eq 0 ]; then + sudo_run() { bash -c "$1"; } +else + SUDO_PASS="${SUDO_PASS:-qlalfqjsgh11}" + sudo_run() { echo "$SUDO_PASS" | sudo -S bash -c "$1"; } +fi + +# CI(root) ν™˜κ²½μ—μ„œ kubeconfig μ—†μœΌλ©΄ k3s κ²ƒμœΌλ‘œ λŒ€μ²΄ +if [ ! -r "$KUBECONFIG" ]; then + if [ -r /etc/rancher/k3s/k3s.yaml ]; then + export KUBECONFIG=/etc/rancher/k3s/k3s.yaml + fi +fi cd /home/chpark if [ -d insurance/.git ]; then @@ -37,7 +47,7 @@ echo "[*] Applying Kubernetes manifests" kubectl apply -f deploy/k8s/namespace.yaml SECRETS_FILE=/home/chpark/.insurance-secrets -if [ -f "$SECRETS_FILE" ]; then +if [ -r "$SECRETS_FILE" ]; then set -a; source "$SECRETS_FILE"; set +a fi POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-$(openssl rand -hex 24)}"