split pipeline into build (local) and deploy (server) workflows
This commit is contained in:
@@ -1,23 +1,21 @@
|
|||||||
# UNT (NOVA) Pipeline
|
# UNT (NOVA) — Build Workflow
|
||||||
#
|
#
|
||||||
# Two stages:
|
# Runs on the dev-side agent (label: location=local) to avoid server OOM.
|
||||||
# build-* → runs on dev-side agent (label: location=local) to avoid server OOM
|
# Pushes images to the registry over WireGuard (10.8.0.1:5000, plain HTTP,
|
||||||
# pushes to the registry over WireGuard (10.8.0.1:5000 — plain HTTP,
|
# trusted because of the WG perimeter).
|
||||||
# trusted because of the WG perimeter)
|
|
||||||
# deploy → runs on server-side agent (label: location=server)
|
|
||||||
# pulls via the public HTTPS path (same registry, different edge)
|
|
||||||
# and runs docker compose on the host daemon
|
|
||||||
#
|
#
|
||||||
# Trigger: manual only. See ppl/def/ci-cd/local-agent-rollout.md.
|
# Triggered together with deploy.yml; deploy depends on this one.
|
||||||
|
# See ppl/def/ci-cd/local-agent-rollout.md for the full flow.
|
||||||
|
|
||||||
when:
|
when:
|
||||||
- event: manual
|
- event: manual
|
||||||
|
|
||||||
|
labels:
|
||||||
|
location: local
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: build-api
|
- name: build-api
|
||||||
image: plugins/docker
|
image: plugins/docker
|
||||||
labels:
|
|
||||||
location: local
|
|
||||||
settings:
|
settings:
|
||||||
repo: 10.8.0.1:5000/unt/api
|
repo: 10.8.0.1:5000/unt/api
|
||||||
registry: 10.8.0.1:5000
|
registry: 10.8.0.1:5000
|
||||||
@@ -30,8 +28,6 @@ steps:
|
|||||||
|
|
||||||
- name: build-ui
|
- name: build-ui
|
||||||
image: plugins/docker
|
image: plugins/docker
|
||||||
labels:
|
|
||||||
location: local
|
|
||||||
settings:
|
settings:
|
||||||
repo: 10.8.0.1:5000/unt/ui
|
repo: 10.8.0.1:5000/unt/ui
|
||||||
registry: 10.8.0.1:5000
|
registry: 10.8.0.1:5000
|
||||||
@@ -41,21 +37,3 @@ steps:
|
|||||||
- ${CI_COMMIT_SHA:0:7}
|
- ${CI_COMMIT_SHA:0:7}
|
||||||
dockerfile: ctrl/Dockerfile.ui
|
dockerfile: ctrl/Dockerfile.ui
|
||||||
context: .
|
context: .
|
||||||
|
|
||||||
- name: deploy
|
|
||||||
image: docker:24-cli
|
|
||||||
labels:
|
|
||||||
location: server
|
|
||||||
depends_on:
|
|
||||||
- build-api
|
|
||||||
- build-ui
|
|
||||||
commands:
|
|
||||||
- cd /edge
|
|
||||||
- docker compose pull
|
|
||||||
- docker compose up -d --remove-orphans
|
|
||||||
- docker image prune -f
|
|
||||||
- docker compose ps
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
# read-only so the deploy step structurally cannot stomp on .env
|
|
||||||
- /home/mariano/unt/ctrl/edge:/edge:ro
|
|
||||||
|
|||||||
30
.woodpecker/deploy.yml
Normal file
30
.woodpecker/deploy.yml
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
# UNT (NOVA) — Deploy Workflow
|
||||||
|
#
|
||||||
|
# Runs on the server-side agent (label: location=server).
|
||||||
|
# Depends on build.yml completing — pulls the just-pushed images via the
|
||||||
|
# public HTTPS path and runs docker compose on the host daemon.
|
||||||
|
#
|
||||||
|
# The edge compose dir is mounted read-only so we structurally cannot stomp
|
||||||
|
# the server's .env (see ppl/def/ci-cd/auth-tiers.md context).
|
||||||
|
|
||||||
|
when:
|
||||||
|
- event: manual
|
||||||
|
|
||||||
|
labels:
|
||||||
|
location: server
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- build
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: deploy
|
||||||
|
image: docker:24-cli
|
||||||
|
commands:
|
||||||
|
- cd /edge
|
||||||
|
- docker compose pull
|
||||||
|
- docker compose up -d --remove-orphans
|
||||||
|
- docker image prune -f
|
||||||
|
- docker compose ps
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /home/mariano/unt/ctrl/edge:/edge:ro
|
||||||
Reference in New Issue
Block a user