Nixius
/
authelia
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixing deploy step
ci/woodpecker/push/woodpecker Pipeline failed Details

This commit is contained in:
Your Name 2025-06-05 09:27:46 -04:00
parent 7b19860ccc
commit 4e1e5f21cf
2 changed files with 35 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.woodpecker.yml
View File

@ -216,7 +216,7 @@ steps:
- echo "=== ENVIRONMENT INFO ===" - echo "=== ENVIRONMENT INFO ==="
- uname -a || echo "uname not available" - uname -a || echo "uname not available"
- echo "=== ATTEMPTING DEPLOYMENT ===" - echo "=== ATTEMPTING DEPLOYMENT ==="
- bash ./scripts/ci-deploy-production.sh - sh ./scripts/ci-deploy-production.sh
when: when:
branch: main branch: main
event: [push, cron] event: [push, cron]

82
scripts/ci-deploy-production.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
################################################################################ ################################################################################
# WOODPECKER CI PRODUCTION DEPLOYMENT SCRIPT # WOODPECKER CI PRODUCTION DEPLOYMENT SCRIPT
@ -26,23 +26,23 @@
set -euo pipefail set -euo pipefail
# Configuration # Configuration
readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
readonly LOCK_FILE="/tmp/authelia-deploy.lock" LOCK_FILE="/tmp/authelia-deploy.lock"
readonly MAX_RETRIES=3 MAX_RETRIES=3
readonly RETRY_DELAY=5 # Reduced from 10s to 5s RETRY_DELAY=5 # Reduced from 10s to 5s
readonly DEPLOYMENT_TIMEOUT=180 # Reduced from 300s to 180s (3 minutes) DEPLOYMENT_TIMEOUT=180 # Reduced from 300s to 180s (3 minutes)
readonly HEALTH_CHECK_TIMEOUT=90 # Reduced from 120s to 90s HEALTH_CHECK_TIMEOUT=90 # Reduced from 120s to 90s
readonly MIN_DISK_SPACE_MB=500 # Reduced from 1000MB to 500MB MIN_DISK_SPACE_MB=500 # Reduced from 1000MB to 500MB
readonly FORCE_PULL=true # Always pull latest images FORCE_PULL=true # Always pull latest images
# Color codes for output # Color codes for output
readonly RED='\033[0;31m' RED='\033[0;31m'
readonly GREEN='\033[0;32m' GREEN='\033[0;32m'
readonly YELLOW='\033[1;33m' YELLOW='\033[1;33m'
readonly BLUE='\033[0;34m' BLUE='\033[0;34m'
readonly PURPLE='\033[0;35m' PURPLE='\033[0;35m'
readonly CYAN='\033[0;36m' CYAN='\033[0;36m'
readonly NC='\033[0m' # No Color NC='\033[0m' # No Color
# Global variables for cleanup # Global variables for cleanup
DEPLOYMENT_STARTED=false DEPLOYMENT_STARTED=false
@ -123,7 +123,7 @@ pre_flight_checks() {
log "Running pre-flight checks..." log "Running pre-flight checks..."
# Check if another deployment is running # Check if another deployment is running
if [[ -f "$LOCK_FILE" ]]; then if [ -f "$LOCK_FILE" ]; then
error "Another deployment is already running (lock file exists: $LOCK_FILE)" error "Another deployment is already running (lock file exists: $LOCK_FILE)"
error "If you're sure no other deployment is running, remove the lock file manually" error "If you're sure no other deployment is running, remove the lock file manually"
exit 1 exit 1
@ -134,7 +134,7 @@ pre_flight_checks() {
debug "Created deployment lock file" debug "Created deployment lock file"
# Verify we're running in CI environment # Verify we're running in CI environment
if [[ -z "${CI_REPO_NAME:-}" ]]; then if [ -z "${CI_REPO_NAME:-}" ]; then
error "This script must only be run in Woodpecker CI environment!" error "This script must only be run in Woodpecker CI environment!"
error "Missing CI_REPO_NAME environment variable" error "Missing CI_REPO_NAME environment variable"
exit 1 exit 1
@ -149,29 +149,24 @@ pre_flight_checks() {
# Check available disk space # Check available disk space
local available_space local available_space
available_space=$(df /var/lib/docker --output=avail --block-size=1M | tail -n1 | tr -d ' ') available_space=$(df /var/lib/docker --output=avail --block-size=1M | tail -n1 | tr -d ' ')
if [[ $available_space -lt $MIN_DISK_SPACE_MB ]]; then if [ $available_space -lt $MIN_DISK_SPACE_MB ]; then
error "Insufficient disk space: ${available_space}MB available, ${MIN_DISK_SPACE_MB}MB required" error "Insufficient disk space: ${available_space}MB available, ${MIN_DISK_SPACE_MB}MB required"
exit 1 exit 1
fi fi
# Verify required environment variables # Verify required environment variables
local required_vars=( REQUIRED_VARS="REGISTRY_USER REGISTRY_PASSWORD CI_REPO_NAME AUTHENTICATION_BACKEND_LDAP_PASSWORD IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET STORAGE_ENCRYPTION_KEY SESSION_SECRET NOTIFIER_SMTP_PASSWORD IDENTITY_PROVIDERS_OIDC_HMAC_SECRET IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY IDENTITY_PROVIDERS_OIDC_JWKS_KEY CLIENT_SECRET_HEADSCALE CLIENT_SECRET_HEADADMIN"
"REGISTRY_USER" "REGISTRY_PASSWORD" "CI_REPO_NAME"
"AUTHENTICATION_BACKEND_LDAP_PASSWORD" "IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET"
"STORAGE_ENCRYPTION_KEY" "SESSION_SECRET" "NOTIFIER_SMTP_PASSWORD"
"IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" "IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY"
"IDENTITY_PROVIDERS_OIDC_JWKS_KEY" "CLIENT_SECRET_HEADSCALE" "CLIENT_SECRET_HEADADMIN"
)
for var in "${required_vars[@]}"; do for var in $REQUIRED_VARS; do
if [[ -z "${!var:-}" ]]; then eval "var_value=\$$var"
if [ -z "$var_value" ]; then
error "Required environment variable $var is not set" error "Required environment variable $var is not set"
exit 1 exit 1
fi fi
done done
# Check if stack file exists # Check if stack file exists
if [[ ! -f "./stack.production.yml" ]]; then if [ ! -f "./stack.production.yml" ]; then
error "Production stack file not found: ./stack.production.yml" error "Production stack file not found: ./stack.production.yml"
exit 1 exit 1
fi fi
@ -335,22 +330,12 @@ wait_for_stack_removal() {
manage_secrets() { manage_secrets() {
log "Managing Docker secrets" log "Managing Docker secrets"
declare -a SECRETS=( # List of secrets (space-separated instead of array)
"AUTHENTICATION_BACKEND_LDAP_PASSWORD" SECRETS="AUTHENTICATION_BACKEND_LDAP_PASSWORD IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET STORAGE_ENCRYPTION_KEY SESSION_SECRET NOTIFIER_SMTP_PASSWORD IDENTITY_PROVIDERS_OIDC_HMAC_SECRET IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY IDENTITY_PROVIDERS_OIDC_JWKS_KEY CLIENT_SECRET_HEADSCALE CLIENT_SECRET_HEADADMIN"
"IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET"
"STORAGE_ENCRYPTION_KEY"
"SESSION_SECRET"
"NOTIFIER_SMTP_PASSWORD"
"IDENTITY_PROVIDERS_OIDC_HMAC_SECRET"
"IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY"
"IDENTITY_PROVIDERS_OIDC_JWKS_KEY"
"CLIENT_SECRET_HEADSCALE"
"CLIENT_SECRET_HEADADMIN"
)
# Remove old secrets # Remove old secrets
log "Removing old Docker secrets" log "Removing old Docker secrets"
for secret in "${SECRETS[@]}"; do for secret in $SECRETS; do
if docker secret ls --format "{{.Name}}" | grep -q "^${secret}$"; then if docker secret ls --format "{{.Name}}" | grep -q "^${secret}$"; then
docker secret rm "$secret" || true docker secret rm "$secret" || true
debug "Removed secret: $secret" debug "Removed secret: $secret"
@ -361,24 +346,25 @@ manage_secrets() {
# Create new secrets with validation # Create new secrets with validation
log "Creating new Docker secrets with updated values" log "Creating new Docker secrets with updated values"
for secret in "${SECRETS[@]}"; do for secret in $SECRETS; do
env_var="${secret}" # Use eval for indirect variable access in POSIX shell
if [[ -n "${!env_var:-}" ]]; then eval "secret_value=\$$secret"
if echo "${!env_var}" | docker secret create "$secret" -; then if [ -n "$secret_value" ]; then
if echo "$secret_value" | docker secret create "$secret" -; then
success "Created secret: $secret" success "Created secret: $secret"
else else
error "Failed to create secret: $secret" error "Failed to create secret: $secret"
return 1 return 1
fi fi
else else
error "Environment variable $env_var is not set!" error "Environment variable $secret is not set!"
return 1 return 1
fi fi
done done
# Verify all secrets were created # Verify all secrets were created
log "Verifying secret creation" log "Verifying secret creation"
for secret in "${SECRETS[@]}"; do for secret in $SECRETS; do
if ! docker secret ls --format "{{.Name}}" | grep -q "^${secret}$"; then if ! docker secret ls --format "{{.Name}}" | grep -q "^${secret}$"; then
error "Secret verification failed: $secret was not created" error "Secret verification failed: $secret was not created"
return 1 return 1