From 5fe13358c15a81e1f4d1d3212d2ec47b264f609c Mon Sep 17 00:00:00 2001 From: thomas Date: Sat, 23 May 2026 16:44:42 +0800 Subject: [PATCH] Revert CI deploy target to backend-1 (100.93.205.19). Admin host local API is owned by Arkie-Library-Admin; Backend repo stays on ark-library-backend-1. Co-authored-by: Cursor --- .gitea/workflows/deploy.yml | 49 +++++++++++------------- deploy/docker-compose.admin-host-api.yml | 34 ---------------- 2 files changed, 23 insertions(+), 60 deletions(-) delete mode 100644 deploy/docker-compose.admin-host-api.yml diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index abffa3c..bd1ebdd 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -1,18 +1,16 @@ -# Push to main → scp backend to ark-library-backend-admin-1, rebuild local admin API (:8081). +# Push to main → scp backend sources to API host, rebuild api container. # -# Admin host is a local SSH alias only. Default: Tailscale 100.91.140.90. -# The Gitea act runner must be on the same Tailscale tailnet, OR set DEPLOY_HOST. +# ark-library-backend-1 is a *local* SSH alias only. The act runner cannot resolve it. +# Default host is the Tailscale IP from ~/.ssh/config (Host ark-library-backend-1 → 100.93.205.19). +# The Gitea act runner must be on the same Tailscale tailnet, OR set secret DEPLOY_HOST to a reachable IP/DNS. # -# Server must have ~/arkieproject/.env (DATABASE_URL, S3_*, JWT_SECRET, etc.) — bootstrap once manually. -# Admin UI/nginx is deployed from Arkie-Library-Admin (separate workflow). -# -# Secrets: -# DEPLOY_SSH_KEY — required (ark-library.pem) -# DEPLOY_HOST — optional (default 100.91.140.90) -# DEPLOY_USER — optional (default ec2-user) -# REMOTE_REPO — optional (default /home/ec2-user/arkieproject) +# Secrets (Settings → Actions → Secrets): +# DEPLOY_SSH_KEY — required: ark-library.pem contents (ec2-user, no passphrase) +# DEPLOY_HOST — optional: override default 100.93.205.19 +# DEPLOY_USER — optional: default ec2-user +# REMOTE_REPO — optional: default /home/ec2-user/arkieproject -name: Deploy Admin API +name: Deploy API on: push: @@ -33,8 +31,10 @@ jobs: - name: Resolve deploy target run: | + # Tailscale IP for ark-library-backend-1 (see ~/.ssh/config on dev machine) + host="${DEPLOY_HOST:-100.93.205.19}" repo="${REMOTE_REPO:-/home/ec2-user/arkieproject}" - echo "DEPLOY_HOST=${DEPLOY_HOST:-100.91.140.90}" >> "$GITHUB_ENV" + echo "DEPLOY_HOST=${host}" >> "$GITHUB_ENV" echo "DEPLOY_USER=${DEPLOY_USER:-ec2-user}" >> "$GITHUB_ENV" echo "REMOTE_REPO=${repo}" >> "$GITHUB_ENV" echo "REMOTE_BACKEND=${repo}/backend" >> "$GITHUB_ENV" @@ -63,7 +63,11 @@ jobs: - name: Verify SSH reachability run: | - ssh -o BatchMode=yes -o ConnectTimeout=15 deploy-target "echo ok" + echo "Testing SSH to ${DEPLOY_USER}@${DEPLOY_HOST} ..." + if ! ssh -o BatchMode=yes -o ConnectTimeout=15 deploy-target "echo ok" 2>&1; then + echo "::error::Cannot SSH to ${DEPLOY_HOST}. The act runner must reach this host (same Tailscale tailnet, or set DEPLOY_HOST secret to a public IP/DNS). Local alias ark-library-backend-1 does not work on CI." + exit 1 + fi - name: Package backend sources run: | @@ -79,33 +83,26 @@ jobs: - name: Deploy backend sources (scp) run: | scp -o ConnectTimeout=30 /tmp/backend-deploy.tar.gz deploy-target:/tmp/backend-deploy.tar.gz - scp -o ConnectTimeout=30 deploy/docker-compose.admin-host-api.yml \ - deploy-target:/tmp/docker-compose.admin-host-api.yml ssh deploy-target bash -s <&2 + echo "Missing ${REMOTE_REPO}/.env on server — bootstrap with deploy/sync-admin.sh first." >&2 exit 1 fi - export DOCKER_BUILDKIT=1 - export COMPOSE_DOCKER_CLI_BUILD=1 - DC='sudo -E docker compose -f deploy/docker-compose.admin-host-api.yml --env-file .env' + DC='sudo docker compose -f deploy/docker-compose.admin.yml --env-file .env' \${DC} build api - \${DC} up -d api + \${DC} up -d --no-deps api \${DC} ps api - curl -sS -o /dev/null -w "api categories %{http_code}\n" http://127.0.0.1:8081/api/categories REMOTE diff --git a/deploy/docker-compose.admin-host-api.yml b/deploy/docker-compose.admin-host-api.yml deleted file mode 100644 index c5e5004..0000000 --- a/deploy/docker-compose.admin-host-api.yml +++ /dev/null @@ -1,34 +0,0 @@ -# Local Go API on ark-library-backend-admin-1. System nginx (:8080) proxies /api/ → 127.0.0.1:8081. -# From repo root: sudo docker compose -f deploy/docker-compose.admin-host-api.yml --env-file .env up -d --build api - -volumes: - ark_uploads: - -services: - api: - restart: unless-stopped - build: - context: ../backend - ports: - - "127.0.0.1:8081:8080" - environment: - DATABASE_URL: ${DATABASE_URL:-postgres://${POSTGRES_USER:-ark}:${POSTGRES_PASSWORD:-ark}@db:5432/${POSTGRES_DB:-arkdb}?sslmode=disable} - RUN_WALLET_AUTH_SCHEMA: ${RUN_WALLET_AUTH_SCHEMA:-true} - JWT_SECRET: ${JWT_SECRET:-change-me-in-production} - UPLOAD_DIR: /app/uploads - UPLOAD_MULTIPART_MEM_MB: ${UPLOAD_MULTIPART_MEM_MB:-64} - HTTP_ADDR: ":8080" - SEED_ADMIN: "true" - ADMIN_EMAIL: ${ADMIN_EMAIL:-admin@ark.local} - ADMIN_PASSWORD: ${ADMIN_PASSWORD:-admin123} - AWS_REGION: ${AWS_REGION:-} - S3_BUCKET: ${S3_BUCKET:-} - S3_UPLOAD_PREFIX: ${S3_UPLOAD_PREFIX:-uploads} - S3_PUBLIC_BASE_URL: ${S3_PUBLIC_BASE_URL:-} - S3_OBJECT_ACL: ${S3_OBJECT_ACL:-} - CORS_ORIGINS: ${CORS_ORIGINS:-https://grapelicannotw.com} - volumes: - - ark_uploads:/app/uploads - mem_limit: 5g - mem_reservation: 256m - cpus: 2.5