From b64dc66d4900cd60deff1f023b2b656acb908364 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Wed, 1 Apr 2026 00:51:50 -0700 Subject: [PATCH 1/7] CI: temp deploy-test job to debug container+registry access --- .gitea/workflows/ci.yml | 58 +++++++++-------------------------------- 1 file changed, 12 insertions(+), 46 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 9887338..d371ca4 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -39,8 +39,7 @@ jobs: env: NODE_OPTIONS: "--max-old-space-size=4096" - deploy: - if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} + deploy-test: needs: [test-and-build] runs-on: ubuntu-latest container: @@ -48,52 +47,19 @@ jobs: volumes: - /var/run/docker.sock:/var/run/docker.sock steps: - - name: Setup tools - run: apk add --no-cache git openssh-client curl - - - name: Checkout - run: git clone --depth 1 --branch ${{ github.ref_name }} http://token:${{ github.token }}@server:3000/${{ github.repository }}.git . - - - name: Set image tag + - name: Debug context run: | - SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-8) - echo "IMAGE_TAG=${SHORT_SHA}" >> $GITHUB_ENV - echo "Building image tag: ${SHORT_SHA}" + echo "github.ref=${{ github.ref }}" + echo "github.ref_name=${{ github.ref_name }}" + echo "github.event_name=${{ github.event_name }}" + echo "github.repository=${{ github.repository }}" + echo "REGISTRY=${{ env.REGISTRY }}" + echo "IMAGE=${{ env.IMAGE }}" - - name: Build image - run: docker build -t ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} -t ${{ env.IMAGE }}:latest . + - name: Test docker access + run: docker info --format '{{.ServerVersion}}' - - name: Push to registry + - name: Test registry login run: | echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - docker push ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} - docker push ${{ env.IMAGE }}:latest - - - name: Deploy to server - run: | - mkdir -p ~/.ssh - echo "${{ secrets.DEPLOY_SSH_KEY }}" | base64 -d > ~/.ssh/deploy_key - chmod 600 ~/.ssh/deploy_key - ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} " - cd /opt/websites/canvas-website-staging - cat .last-deployed-tag 2>/dev/null > .rollback-tag || true - echo '${{ env.IMAGE_TAG }}' > .last-deployed-tag - docker pull ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} - IMAGE_TAG=${{ env.IMAGE_TAG }} docker compose up -d --no-build - " - - - name: Smoke test - run: | - sleep 10 - HTTP_CODE=$(curl -sS -o /dev/null -w "%{http_code}" --max-time 15 https://jeffemmett.com/ 2>/dev/null || echo "000") - if [ "$HTTP_CODE" != "200" ]; then - echo "Smoke test failed (HTTP $HTTP_CODE) — rolling back" - ROLLBACK_TAG=$(ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} "cat /opt/websites/canvas-website-staging/.rollback-tag 2>/dev/null") - if [ -n "$ROLLBACK_TAG" ]; then - ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} \ - "cd /opt/websites/canvas-website-staging && IMAGE_TAG=$ROLLBACK_TAG docker compose up -d --no-build" - echo "Rolled back to $ROLLBACK_TAG" - fi - exit 1 - fi - echo "Smoke test passed (HTTP $HTTP_CODE)" + echo "Registry login successful" From 17fc6b5d774d92ee6fa23ff965ec061c7b7f4094 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Wed, 1 Apr 2026 00:57:46 -0700 Subject: [PATCH 2/7] CI: fix duplicate docker.sock mount in deploy container --- .gitea/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index d371ca4..3b3d7d5 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -44,8 +44,6 @@ jobs: runs-on: ubuntu-latest container: image: docker:24-cli - volumes: - - /var/run/docker.sock:/var/run/docker.sock steps: - name: Debug context run: | From e4908cfc11e46b79067e6ca306ab6a18e711d616 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Wed, 1 Apr 2026 01:02:40 -0700 Subject: [PATCH 3/7] CI: restore full deploy job, fix docker.sock duplicate mount --- .gitea/workflows/ci.yml | 58 ++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 3b3d7d5..1771c82 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -39,25 +39,59 @@ jobs: env: NODE_OPTIONS: "--max-old-space-size=4096" - deploy-test: + deploy: + if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} needs: [test-and-build] runs-on: ubuntu-latest container: image: docker:24-cli steps: - - name: Debug context + - name: Setup tools + run: apk add --no-cache git openssh-client curl + + - name: Checkout + run: git clone --depth 1 --branch ${{ github.ref_name }} http://token:${{ github.token }}@server:3000/${{ github.repository }}.git . + + - name: Set image tag run: | - echo "github.ref=${{ github.ref }}" - echo "github.ref_name=${{ github.ref_name }}" - echo "github.event_name=${{ github.event_name }}" - echo "github.repository=${{ github.repository }}" - echo "REGISTRY=${{ env.REGISTRY }}" - echo "IMAGE=${{ env.IMAGE }}" + SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-8) + echo "IMAGE_TAG=${SHORT_SHA}" >> $GITHUB_ENV + echo "Building image tag: ${SHORT_SHA}" - - name: Test docker access - run: docker info --format '{{.ServerVersion}}' + - name: Build image + run: docker build -t ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} -t ${{ env.IMAGE }}:latest . - - name: Test registry login + - name: Push to registry run: | echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin - echo "Registry login successful" + docker push ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} + docker push ${{ env.IMAGE }}:latest + + - name: Deploy to server + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DEPLOY_SSH_KEY }}" | base64 -d > ~/.ssh/deploy_key + chmod 600 ~/.ssh/deploy_key + ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} " + cd /opt/websites/canvas-website-staging + cat .last-deployed-tag 2>/dev/null > .rollback-tag || true + echo '${{ env.IMAGE_TAG }}' > .last-deployed-tag + docker pull ${{ env.IMAGE }}:${{ env.IMAGE_TAG }} + IMAGE_TAG=${{ env.IMAGE_TAG }} docker compose up -d --no-build + " + + - name: Smoke test + run: | + sleep 10 + HTTP_CODE=$(curl -sS -o /dev/null -w "%{http_code}" --max-time 15 https://jeffemmett.com/ 2>/dev/null || echo "000") + if [ "$HTTP_CODE" != "200" ]; then + echo "Smoke test failed (HTTP $HTTP_CODE) — rolling back" + ROLLBACK_TAG=$(ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} "cat /opt/websites/canvas-website-staging/.rollback-tag 2>/dev/null") + if [ -n "$ROLLBACK_TAG" ]; then + ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} \ + "cd /opt/websites/canvas-website-staging && IMAGE_TAG=$ROLLBACK_TAG docker compose up -d --no-build" + echo "Rolled back to $ROLLBACK_TAG" + fi + exit 1 + fi + echo "Smoke test passed (HTTP $HTTP_CODE)" From ec4de41e31359b4b0f549ea29448251896f44c9c Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Wed, 1 Apr 2026 01:06:03 -0700 Subject: [PATCH 4/7] CI: reduce build memory to 2GB to prevent OOM on shared host --- .gitea/workflows/ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 1771c82..a058315 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -22,8 +22,6 @@ jobs: - name: Install dependencies run: npm ci --legacy-peer-deps --ignore-scripts - env: - NODE_OPTIONS: "--max-old-space-size=4096" - name: Type check run: npx tsc --noEmit @@ -37,7 +35,7 @@ jobs: - name: Build run: npx vite build env: - NODE_OPTIONS: "--max-old-space-size=4096" + NODE_OPTIONS: "--max-old-space-size=2048" deploy: if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} From c9f35d6e2fd782453cde8e651dc5e46211a057e8 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Wed, 1 Apr 2026 01:09:15 -0700 Subject: [PATCH 5/7] CI: restore 4GB heap for build (runner mem_limit bumped to 12g) --- .gitea/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index a058315..ee4cbea 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: - name: Build run: npx vite build env: - NODE_OPTIONS: "--max-old-space-size=2048" + NODE_OPTIONS: "--max-old-space-size=4096" deploy: if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} From 3c1152428457f72b686aa72397581426eac583a2 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Wed, 1 Apr 2026 01:14:22 -0700 Subject: [PATCH 6/7] CI: skip build step in CI (Dockerfile handles it), reduce memory pressure --- .gitea/workflows/ci.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index ee4cbea..61f109a 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -12,7 +12,7 @@ env: IMAGE: gitea.jeffemmett.com/jeffemmett/canvas-website jobs: - test-and-build: + test: runs-on: ubuntu-latest steps: - name: Checkout @@ -32,14 +32,9 @@ jobs: - name: Worker tests run: npx vitest run --config vitest.worker.config.ts || echo "::warning::Worker tests had failures" - - name: Build - run: npx vite build - env: - NODE_OPTIONS: "--max-old-space-size=4096" - deploy: if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} - needs: [test-and-build] + needs: [test] runs-on: ubuntu-latest container: image: docker:24-cli