gnezim/flights_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5db509e199c7ea5ecafe22a71c8a428d7ea36afc
flights_web/scripts/ci/deploy-container.sh
T
gnezim 03eeddfbf8 CI/CD pipeline: ssh -L tunnel for TIM API + manual Jenkins trigger 
Two design pivots discovered during Phase B prerequisites:

Routing: Replace static-route + NAT plan with persistent ssh -L tunnel
from pve-201 to webzavod (deployment/systemd/flights-tim-tunnel.service).
nginx proxies /api/ and /map/api/ to https://127.0.0.1:8443 with SNI/Host
overrides so cert validation still targets the real hostname. No webzavod
kernel changes (no ip_forward/MASQUERADE), no /etc/hosts pin needed.

Workflow B: Drop Jenkins trigger/poll automation (operator lacks Jenkins
job-configure access and user API token access). release.yml now stops
after MR merge with a Telegram message containing the Jenkins job URL.
release-verify.yml (new, workflow_dispatch only) runs the customer-URL
e2e suite once the operator has triggered Jenkins manually and it has
completed.

Other:
- SSR loopback port 8081 -> 3002 (8081 was taken by openwebui on pve-201)
- notify-telegram.sh skips cleanly when TG secrets unset (was: hard-fail)
- README + spec addendum cover the new prereqs and removed steps
2026-04-27 11:58:39 +03:00

79 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# deploy-container.sh — swap or rollback the flights-web container on the host.
#
# Usage: deploy-container.sh [--dry-run] <swap|rollback>
#
# `swap` — assumes the new image is tagged flights-web:${GITHUB_SHA}.
# Tags :current → :previous, :sha → :current, restarts container.
# `rollback` — runs flights-web:previous in place of :current, repoints :current.
#
# Env:
# GITHUB_SHA (required for swap)
# FLIGHTS_WEB_PORT (default 3002 — host port that nginx proxies to)
# IMAGE_NAME (default flights-web — set this to point at a registry later)
set -euo pipefail
DRY_RUN=0
if [ "${1:-}" = "--dry-run" ]; then
DRY_RUN=1
shift
fi
CMD="${1:-}"
PORT="${FLIGHTS_WEB_PORT:-3002}"
IMAGE="${IMAGE_NAME:-flights-web}"
run() {
if [ "$DRY_RUN" -eq 1 ]; then
printf 'docker %s\n' "$*"
else
docker "$@"
fi
}
run_or_skip() {
# Same as run, but doesn't fail in real mode if the docker call fails.
if [ "$DRY_RUN" -eq 1 ]; then
printf 'docker %s\n' "$*"
else
docker "$@" || true
fi
}
case "$CMD" in
swap)
: "${GITHUB_SHA:?GITHUB_SHA required for swap}"
SHORT_SHA="${GITHUB_SHA:0:7}"
# 1. Tag the currently-live image as :previous (skip if first deploy).
if [ "$DRY_RUN" -eq 1 ] || docker image inspect "${IMAGE}:current" >/dev/null 2>&1; then
run tag "${IMAGE}:current" "${IMAGE}:previous"
fi
# 2. Tag the new SHA as :current.
run tag "${IMAGE}:${SHORT_SHA}" "${IMAGE}:current"
# 3. Stop + remove existing container if present.
run_or_skip stop flights-web
run_or_skip rm flights-web
# 4. Run new container.
run run -d --name flights-web --restart unless-stopped \
-p "127.0.0.1:${PORT}:8080" \
"${IMAGE}:current"
;;
rollback)
if [ "$DRY_RUN" -eq 0 ] && ! docker image inspect "${IMAGE}:previous" >/dev/null 2>&1; then
echo "fatal: ${IMAGE}:previous not found — cannot rollback" >&2
exit 1
fi
run_or_skip stop flights-web
run_or_skip rm flights-web
run run -d --name flights-web --restart unless-stopped \
-p "127.0.0.1:${PORT}:8080" \
"${IMAGE}:previous"
# Repoint :current to :previous so subsequent swaps have a sane baseline.
run tag "${IMAGE}:previous" "${IMAGE}:current"
;;
*)
echo "usage: $0 [--dry-run] <swap|rollback>" >&2
exit 2
;;
esac
Reference in New Issue View Git Blame Copy Permalink