diff --git a/.gitea/workflows/cd-develop.yml b/.gitea/workflows/cd-develop.yml new file mode 100644 index 0000000..37b2600 --- /dev/null +++ b/.gitea/workflows/cd-develop.yml @@ -0,0 +1,80 @@ +name: CD - Develop (guide → bcos.dev) + +# Guide-specific CI (issue #5). The guide bundles markdown INTO the backend jar at build time, +# so a running instance must be rebuilt + redeployed to pick up content changes — a git-pull is +# not enough. This automates that on every push to develop: build → push :dev → deploy to bcos.dev. +# +# Auto-deploy is intentional and scoped to the DEV environment only (docs, low blast radius). +# Audience filtering is runtime (GUIDE_SERVED_AUDIENCES): bcos.dev serves all four tiers; prod +# (a future cd-main, gated) serves only customer,internal — so dev/bcos content never leaves dev. + +on: + push: + branches: + - develop + paths: + - 'backend/**' + - '.gitea/workflows/cd-develop.yml' + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + env: + GIT_SSL_NO_VERIFY: "true" + MAVEN_OPTS: "-Djava.net.preferIPv4Stack=true -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true" + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Configure Maven settings (Gitea package registry) + run: | + mkdir -p ~/.m2 + cat > ~/.m2/settings.xml << 'EOF' + + + giteahiveiq${{ secrets.MAVEN_TOKEN }} + + + + gitea-registry + + + gitea + https://hiveiq-gitea.directlx.dev/api/packages/hiveops/maven + truefalse + + + + + gitea-registry + + EOF + + # mvn package FIRST — the Dockerfile does `COPY target/*.jar`, so skipping this ships stale + # content (the exact trap that makes the manual process error-prone). + - name: Build backend JAR (bakes in content) + run: cd backend && mvn clean package -DskipTests -B + + - name: Build + push image + run: | + echo "${{ secrets.DEV_REGISTRY_PASSWORD }}" | docker login ${{ secrets.DEV_REGISTRY_URL }} -u ${{ secrets.DEV_REGISTRY_USERNAME }} --password-stdin + docker build -t ${{ secrets.DEV_REGISTRY_URL }}/hiveiq-guide-backend:dev backend/ + docker push ${{ secrets.DEV_REGISTRY_URL }}/hiveiq-guide-backend:dev + + # DEPENDENCY (issue #5, coordinate with CI/runner session): needs BCOS_DEV_DEPLOY_KEY secret + # (SSH key for bcosadmin@.251) + runner network reachability to 173.231.195.251. + - name: Deploy to bcos.dev + run: | + mkdir -p ~/.ssh && echo "${{ secrets.BCOS_DEV_DEPLOY_KEY }}" > ~/.ssh/dk && chmod 600 ~/.ssh/dk + ssh -i ~/.ssh/dk -o StrictHostKeyChecking=no bcosadmin@173.231.195.251 \ + 'cd ~/hiveiq/hiveops-openmetal/hiveops/instances/dev && docker compose pull hiveiq-guide-backend && docker compose up -d hiveiq-guide-backend' + + - name: Smoke — guide backend healthy + content served + run: | + for i in $(seq 1 12); do + s=$(curl -sk -o /dev/null -w '%{http_code}' https://api.bcos.dev/guide/actuator/health || echo 000) + [ "$s" = "200" ] && { echo "guide healthy"; exit 0; } + sleep 5 + done + echo "::error::guide did not report healthy after deploy"; exit 1