From b42c36ebddbda3c626c9644cfbf4f664dd07f628 Mon Sep 17 00:00:00 2001 From: Ryan Kegel Date: Sun, 26 Apr 2026 23:08:09 -0400 Subject: [PATCH] feat: add workflow for promoting master to production with testing and deployment steps --- .gitea/workflows/promote-master.yaml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/promote-master.yaml b/.gitea/workflows/promote-master.yaml index 3c7c36f..dd24d1c 100644 --- a/.gitea/workflows/promote-master.yaml +++ b/.gitea/workflows/promote-master.yaml @@ -261,17 +261,20 @@ jobs: PREV_DIGEST_TOKEN_SECRET="" PREV_VAPID_PUBLIC_KEY="" PREV_VAPID_PRIVATE_KEY="" + PREV_REFRESH_TOKEN_EXPIRY_DAYS="" if [ -f .env ]; then PREV_SECRET_KEY=$(grep '^SECRET_KEY=' .env | head -n1 | cut -d '=' -f2- || true) PREV_DIGEST_TOKEN_SECRET=$(grep '^DIGEST_TOKEN_SECRET=' .env | head -n1 | cut -d '=' -f2- || true) PREV_VAPID_PUBLIC_KEY=$(grep '^VAPID_PUBLIC_KEY=' .env | head -n1 | cut -d '=' -f2- || true) PREV_VAPID_PRIVATE_KEY=$(grep '^VAPID_PRIVATE_KEY=' .env | head -n1 | cut -d '=' -f2- || true) + PREV_REFRESH_TOKEN_EXPIRY_DAYS=$(grep '^REFRESH_TOKEN_EXPIRY_DAYS=' .env | head -n1 | cut -d '=' -f2- || true) fi SECRET_KEY_VALUE="${{ secrets.PROD_SECRET_KEY }}" DIGEST_TOKEN_SECRET_VALUE="${{ secrets.PROD_DIGEST_TOKEN_SECRET }}" VAPID_PUBLIC_KEY_VALUE="${{ secrets.PROD_VAPID_PUBLIC_KEY }}" VAPID_PRIVATE_KEY_VALUE="${{ secrets.PROD_VAPID_PRIVATE_KEY }}" + REFRESH_TOKEN_EXPIRY_DAYS_VALUE="${{ secrets.PROD_REFRESH_TOKEN_EXPIRY_DAYS }}" if [ -z "$SECRET_KEY_VALUE" ]; then if [ -n "$PREV_SECRET_KEY" ]; then @@ -301,12 +304,25 @@ jobs: exit 1 fi + if [ -z "$REFRESH_TOKEN_EXPIRY_DAYS_VALUE" ]; then + if [ -n "$PREV_REFRESH_TOKEN_EXPIRY_DAYS" ]; then + REFRESH_TOKEN_EXPIRY_DAYS_VALUE="$PREV_REFRESH_TOKEN_EXPIRY_DAYS" + else + REFRESH_TOKEN_EXPIRY_DAYS_VALUE="90" + fi + fi + + if ! printf '%s' "$REFRESH_TOKEN_EXPIRY_DAYS_VALUE" | grep -Eq '^[0-9]+$'; then + echo "REFRESH_TOKEN_EXPIRY_DAYS must be a positive integer, got: $REFRESH_TOKEN_EXPIRY_DAYS_VALUE" + exit 1 + fi + cat > .env << EOF FRONTEND_URL=${{ secrets.PROD_FRONTEND_URL }} BACKEND_HOST_PORT=${{ secrets.PROD_BACKEND_HOST_PORT }} FRONTEND_HOST_PORT=${{ secrets.PROD_FRONTEND_HOST_PORT }} SECRET_KEY=${SECRET_KEY_VALUE} - REFRESH_TOKEN_EXPIRY_DAYS=${{ secrets.PROD_REFRESH_TOKEN_EXPIRY_DAYS }} + REFRESH_TOKEN_EXPIRY_DAYS=${REFRESH_TOKEN_EXPIRY_DAYS_VALUE} DIGEST_TOKEN_SECRET=${DIGEST_TOKEN_SECRET_VALUE} VAPID_PUBLIC_KEY=${VAPID_PUBLIC_KEY_VALUE} VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY_VALUE} @@ -385,6 +401,10 @@ jobs: if [ "$backend_running" != "true" ] || [ "$frontend_running" != "true" ] || [ "$backend_ok" != "true" ] || [ "$frontend_ok" != "true" ]; then echo "Post-deploy health check failed." docker-compose ps + echo "--- Backend logs (last 200 lines) ---" + docker logs --tail 200 chores-app-backend-prod || true + echo "--- Frontend logs (last 120 lines) ---" + docker logs --tail 120 chores-app-frontend-prod || true if [ "${{ github.event.inputs.rollback_on_failed_healthcheck }}" = "true" ]; then echo "Attempting rollback using predeploy-backup image tags..."