feat(ci): add Docker build, push and SSH deploy pipeline
- CI: lint, unit tests, production build on all branches - Docker build & push on all branches (tag :latest on main, :branch-* on others) - Deploy: SSH pull & restart on all branches (preprod validation) - Trigger workflow on self-modification (.github/workflows/ui.yml) Closes #38 Assisted-by: Claude:claude-sonnet-4-6
This commit is contained in:
117
.github/workflows/ui.yml
vendored
Normal file
117
.github/workflows/ui.yml
vendored
Normal file
@@ -0,0 +1,117 @@
|
|||||||
|
name: UI – CI/CD
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
paths:
|
||||||
|
- ui/**
|
||||||
|
- .github/workflows/ui.yml
|
||||||
|
pull_request:
|
||||||
|
branches: [main]
|
||||||
|
paths:
|
||||||
|
- ui/**
|
||||||
|
- .github/workflows/ui.yml
|
||||||
|
|
||||||
|
env:
|
||||||
|
IMAGE: ghcr.io/${{ github.repository_owner }}/dashboard-ui
|
||||||
|
# IMAGE_LC is set in the docker job (owner must be lowercase for Docker)
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
# ── 1. Build & test ──────────────────────────────────────────────────────────
|
||||||
|
ci:
|
||||||
|
name: Build & test
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: ui
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Setup Node 20
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: 20
|
||||||
|
cache: npm
|
||||||
|
cache-dependency-path: ui/package-lock.json
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: npm ci
|
||||||
|
|
||||||
|
- name: Lint
|
||||||
|
run: npm run lint
|
||||||
|
|
||||||
|
- name: Unit tests
|
||||||
|
run: npm test -- --watch=false --browsers=ChromeHeadless
|
||||||
|
|
||||||
|
- name: Production build
|
||||||
|
run: npm run build -- --configuration production
|
||||||
|
|
||||||
|
# ── 2. Docker build & push ───────────────────────────────────────────────────
|
||||||
|
docker:
|
||||||
|
name: Docker build & push
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: ci
|
||||||
|
outputs:
|
||||||
|
sha_tag: ${{ steps.tag.outputs.sha }}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Compute image tags
|
||||||
|
id: tag
|
||||||
|
run: |
|
||||||
|
OWNER="${{ github.repository_owner }}"
|
||||||
|
IMAGE_LC="ghcr.io/${OWNER,,}/dashboard-ui"
|
||||||
|
echo "image=${IMAGE_LC}" >> $GITHUB_OUTPUT
|
||||||
|
echo "sha=${IMAGE_LC}:${{ github.sha }}" >> $GITHUB_OUTPUT
|
||||||
|
BRANCH="${{ github.head_ref || github.ref_name }}"
|
||||||
|
SAFE="${BRANCH//\//-}"
|
||||||
|
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
|
||||||
|
echo "extra=${IMAGE_LC}:latest" >> $GITHUB_OUTPUT
|
||||||
|
else
|
||||||
|
echo "extra=${IMAGE_LC}:branch-${SAFE}" >> $GITHUB_OUTPUT
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Login to GHCR
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: Build & push
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: ui
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
${{ steps.tag.outputs.sha }}
|
||||||
|
${{ steps.tag.outputs.extra }}
|
||||||
|
|
||||||
|
# ── 3. Deploy to physical server (SSH) ───────────────────────────────────────
|
||||||
|
deploy:
|
||||||
|
name: Deploy
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: docker
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: SSH deploy
|
||||||
|
uses: appleboy/ssh-action@v1.0.3
|
||||||
|
with:
|
||||||
|
host: ${{ secrets.SSH_HOST }}
|
||||||
|
username: ${{ secrets.SSH_USER }}
|
||||||
|
key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||||
|
port: ${{ secrets.SSH_PORT }}
|
||||||
|
script: |
|
||||||
|
docker pull ${{ needs.docker.outputs.sha_tag }}
|
||||||
|
docker stop dashboard-ui 2>/dev/null || true
|
||||||
|
docker rm dashboard-ui 2>/dev/null || true
|
||||||
|
docker run -d \
|
||||||
|
--name dashboard-ui \
|
||||||
|
--restart unless-stopped \
|
||||||
|
-p 80:80 \
|
||||||
|
${{ needs.docker.outputs.sha_tag }}
|
||||||
4
.gitignore
vendored
4
.gitignore
vendored
@@ -3,6 +3,10 @@
|
|||||||
.vscode
|
.vscode
|
||||||
.idea
|
.idea
|
||||||
|
|
||||||
|
# Local
|
||||||
|
.claude/
|
||||||
|
.DS_Store
|
||||||
|
|
||||||
# Secrets
|
# Secrets
|
||||||
**/secrets/
|
**/secrets/
|
||||||
**/.env
|
**/.env
|
||||||
|
|||||||
8
ui/.dockerignore
Normal file
8
ui/.dockerignore
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
node_modules
|
||||||
|
dist
|
||||||
|
.git
|
||||||
|
.github
|
||||||
|
*.md
|
||||||
|
.dockerignore
|
||||||
|
.editorconfig
|
||||||
|
.gitignore
|
||||||
18
ui/Dockerfile
Normal file
18
ui/Dockerfile
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
# ── Stage 1 : build ──────────────────────────────────────────────────────────
|
||||||
|
FROM node:20-alpine AS builder
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
COPY package*.json ./
|
||||||
|
RUN npm ci --prefer-offline
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
RUN npm run build -- --configuration production
|
||||||
|
|
||||||
|
# ── Stage 2 : serve ──────────────────────────────────────────────────────────
|
||||||
|
FROM nginx:1.27-alpine
|
||||||
|
COPY --from=builder /app/dist/dashboard/browser /usr/share/nginx/html
|
||||||
|
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
||||||
|
|
||||||
|
EXPOSE 80
|
||||||
|
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
|
||||||
|
CMD wget -qO- http://localhost/ || exit 1
|
||||||
29
ui/nginx.conf
Normal file
29
ui/nginx.conf
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name _;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
# Angular HTML5 routing
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Hashed assets — cache forever
|
||||||
|
location ~* \.(js|css|woff2?|ttf|eot|svg|ico|png|jpg|webp)$ {
|
||||||
|
expires 1y;
|
||||||
|
add_header Cache-Control "public, immutable";
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Never cache index.html
|
||||||
|
location = /index.html {
|
||||||
|
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||||
|
}
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_min_length 1024;
|
||||||
|
gzip_types text/plain text/css application/json application/javascript
|
||||||
|
text/xml application/xml text/javascript;
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user