tech/sendico
2
0
Fork 0
Code Issues 22 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fixed db lock
All checks were successful
ci/woodpecker/push/db Pipeline was successful
Details

Browse Source
This commit is contained in:
Stephan D
2025-11-07 03:06:45 +01:00
parent 08f71ff583
commit 3f0275d006
4 changed files with 5 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.woodpecker/db.yml
View File

@@ -31,18 +31,9 @@ steps:
- chmod 600 secrets/SSH_KEY - chmod 600 secrets/SSH_KEY
- ssh-keygen -y -f secrets/SSH_KEY >/dev/null - ssh-keygen -y -f secrets/SSH_KEY >/dev/null
- name: lock-db
image: quay.io/skopeo/stable:latest
depends_on: [ secrets ]
environment:
REGISTRY_URL: registry.sendico.io
MONGO_VERSION: latest
commands:
- bash ci/prod/scripts/lock-db.sh
- name: deploy - name: deploy
image: alpine:latest image: alpine:latest
depends_on: [ lock-db ] depends_on: [ secrets ]
commands: commands:
- | - |
set -euo set -euo

8
ci/prod/compose/db.yml
View File

@@ -48,7 +48,7 @@ services:
sendico_db1: sendico_db1:
<<: *common-env <<: *common-env
image: ${MONGO_IMAGE} image: docker.io/library/mongo:latest
container_name: sendico_db1 container_name: sendico_db1
restart: unless-stopped restart: unless-stopped
depends_on: { vault-agent-sendico: { condition: service_healthy } } depends_on: { vault-agent-sendico: { condition: service_healthy } }
@@ -70,7 +70,7 @@ services:
sendico_db2: sendico_db2:
<<: *common-env <<: *common-env
image: ${MONGO_IMAGE} image: docker.io/library/mongo:latest
container_name: sendico_db2 container_name: sendico_db2
restart: unless-stopped restart: unless-stopped
depends_on: { vault-agent-sendico: { condition: service_healthy } } depends_on: { vault-agent-sendico: { condition: service_healthy } }
@@ -91,7 +91,7 @@ services:
sendico_db3: sendico_db3:
<<: *common-env <<: *common-env
image: ${MONGO_IMAGE} image: docker.io/library/mongo:latest
container_name: sendico_db3 container_name: sendico_db3
restart: unless-stopped restart: unless-stopped
depends_on: { vault-agent-sendico: { condition: service_healthy } } depends_on: { vault-agent-sendico: { condition: service_healthy } }
@@ -112,7 +112,7 @@ services:
mongo_setup: mongo_setup:
<<: *common-env <<: *common-env
image: ${MONGO_IMAGE} image: docker.io/library/mongo:latest
depends_on: depends_on:
sendico_db1: { condition: service_healthy } sendico_db1: { condition: service_healthy }
sendico_db2: { condition: service_healthy } sendico_db2: { condition: service_healthy }

3
ci/prod/scripts/deploy-db.sh
View File

@@ -11,16 +11,13 @@ REMOTE_TARGET="${SSH_USER}@${SSH_HOST}"
ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}" ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}"
rsync -avz --delete ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/" rsync -avz --delete ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/"
rsync -avz ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime" rsync -avz ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime"
rsync -avz ci/prod/env/.env.lock.db "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.lock.db"
rsync -avz secrets/REGISTRY_USER "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.user" rsync -avz secrets/REGISTRY_USER "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.user"
rsync -avz secrets/REGISTRY_PASS "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.pass" rsync -avz secrets/REGISTRY_PASS "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.registry.pass"
scp -o StrictHostKeyChecking=no .env.lock "$REMOTE_TARGET:${REMOTE_DIR}/.env.lock"
ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" REMOTE_DIR="$REMOTE_DIR" <<'EOSSH' ssh -o StrictHostKeyChecking=no "$REMOTE_TARGET" REMOTE_DIR="$REMOTE_DIR" <<'EOSSH'
set -euo pipefail set -euo pipefail
cd "${REMOTE_DIR}/compose" cd "${REMOTE_DIR}/compose"
set -a set -a
. ../env/.env.runtime . ../env/.env.runtime
. ../env/.env.lock.db
export REGISTRY_USER="$(cat ../env/.env.registry.user)" export REGISTRY_USER="$(cat ../env/.env.registry.user)"
export REGISTRY_PASS="$(cat ../env/.env.registry.pass)" export REGISTRY_PASS="$(cat ../env/.env.registry.pass)"
mkdir -p ~/.docker mkdir -p ~/.docker

61
ci/prod/scripts/lock-db.sh
View File

@@ -1,61 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
mkdir -p ci/prod/env
# export runtime vars (SSH_HOST etc.) and version info for downstream steps
set -a
. ./ci/prod/.env.runtime
. ./.env.version
set +a
REGISTRY_URL="${REGISTRY_URL:-}"
MONGO_VERSION="${MONGO_VERSION:-latest}"
MONGO_ARCH="${MONGO_ARCH:-linux/amd64}"
APP_V="${APP_V:-}"
if [ -z "$REGISTRY_URL" ]; then
echo "REGISTRY_URL is not set (define in .env.runtime or Woodpecker env)" >&2
exit 1
fi
if [ -z "$APP_V" ]; then
echo "APP_V is not set (version step must run first)" >&2
exit 1
fi
for f in secrets/REGISTRY_USER secrets/REGISTRY_PASS; do
if [ ! -s "$f" ]; then
echo "missing registry credential: $f" >&2
exit 1
fi
done
CREDS="$(cat secrets/REGISTRY_USER):$(cat secrets/REGISTRY_PASS)"
SRC_REF="docker://docker.io/library/mongo:${MONGO_VERSION}"
DEST_REF="docker://${REGISTRY_URL}/mirror/mongo:${APP_V}"
OS="${MONGO_ARCH%%/*}"
ARCH="${MONGO_ARCH##*/}"
skopeo copy \
--override-os "${OS:-linux}" \
--override-arch "${ARCH:-amd64}" \
--retry-times 3 \
"$SRC_REF" \
"$DEST_REF" \
--dest-creds "$CREDS"
INSPECT="$(skopeo inspect "$DEST_REF" --creds "$CREDS")"
DIGEST="$(printf '%s' "$INSPECT" | tr -d '\n' | sed -n 's/.*"Digest"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p')"
if [ -z "$DIGEST" ]; then
echo "failed to parse digest from skopeo inspect output" >&2
exit 1
fi
cat <<EOF | tee .env.lock ci/prod/env/.env.lock.db
MONGO_TAG=${APP_V}
MONGO_DIGEST=${DIGEST}
MONGO_IMAGE=${REGISTRY_URL}/mirror/mongo:${APP_V}
EOF