Compare commits

...

24 Commits

Author SHA1 Message Date
268b10554a fix(ci): prevent ssh from consuming deploy-stage heredoc stdin 2026-03-07 11:08:28 +00:00
8f178e6b07 Merge pull request 'fix(ci): quote deploy-stage heredoc to preserve bash variable expansion' (#56) from fix/cl9-quoted-heredoc-in-deploy-stage into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/56
2026-03-07 10:56:09 +00:00
4cf768abec fix(ci): quote deploy-stage heredoc to preserve bash variable expansion 2026-03-07 10:55:11 +00:00
56a30fac4b Merge pull request 'fix(ci): use verified Jenkins SSH key path for deploy stage' (#55) from fix/cl9-use-known-good-jenkins-key-path into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/55
2026-03-07 10:38:51 +00:00
164e97618e fix(ci): use verified Jenkins SSH key path for deploy stage 2026-03-07 10:36:49 +00:00
2bb78e9864 Merge pull request 'fix(ci): add SSH credential diagnostics to deploy stage' (#54) from fix/cl9-debug-jenkins-ssh-key into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/54
2026-03-07 09:30:16 +00:00
173071cd5c fix(ci): add SSH credential diagnostics to deploy stage 2026-03-07 09:29:38 +00:00
fc73bf422f Merge pull request 'fix(ci): make deploy SSH commands non-interactive and fail fast' (#53) from fix/cl9-noninteractive-ssh-deploy into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/53
2026-03-07 09:03:58 +00:00
4c8ff2d07d fix(ci): make deploy SSH commands non-interactive and fail fast 2026-03-07 09:03:20 +00:00
5b5682acb1 Merge pull request 'fix(ci): run deploy stage under bash for pipefail support' (#52) from fix/cl9-deploy-stage-bash-wrapper into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/52
2026-03-07 08:52:04 +00:00
3701db4470 fix(ci): run deploy stage under bash for pipefail support 2026-03-07 08:51:42 +00:00
c67926dcb5 Merge pull request 'fix(deploy): add explicit image transfer verification to Jenkins deploy stage' (#51) from fix/cl9-verbose-image-transfer-debug into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/51
2026-03-07 08:46:59 +00:00
151a13f4b3 fix(deploy): add explicit image transfer verification to Jenkins deploy stage 2026-03-07 08:46:33 +00:00
79bf929b2d Merge pull request 'fix(deploy): make image transfer explicit and verifiable in Jenkins deploy stage' (#50) from fix/cl9-observable-image-transfer into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/50
2026-03-07 08:32:30 +00:00
7d5512230f fix(deploy): make image transfer explicit and verifiable in Jenkins deploy stage 2026-03-07 08:31:54 +00:00
2915f10315 Merge pull request 'fix(deploy): reliably transfer exact build image and simplify production deploy scripts' (#49) from fix/cl9-reliable-image-deploy-and-script-sync into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/49
2026-03-07 08:14:51 +00:00
23ad8af20e fix(deploy): reliably transfer exact build image and simplify production deploy scripts 2026-03-07 08:14:10 +00:00
ea57734fa8 Merge pull request 'fix(deploy): deploy exact Jenkins image tag and force container recreation' (#48) from fix/cl9-deploy-exact-image-tag into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/48
2026-03-07 08:00:12 +00:00
0efe1a5129 fix(deploy): deploy exact Jenkins image tag and force container recreation 2026-03-07 07:59:39 +00:00
18912934f8 Merge pull request 'fix(deploy): bust Docker build cache for Next.js client build' (#47) from fix/cl9-force-fresh-docker-client-build into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/47
2026-03-07 07:51:48 +00:00
4a8e5ae853 fix(deploy): bust Docker build cache for Next.js client build 2026-03-07 07:51:20 +00:00
a2d69f8210 update 2026-03-07 07:26:41 +00:00
74b1ab02b6 Merge pull request 'fix(deploy): add smoke check retries and pass public Supabase build env' (#45) from fix/cl9-smoke-check-retries-and-build-env into master
Reviewed-on: http://gitea.lan:3000/robbond/pleskSaas/pulls/45
2026-03-07 07:20:41 +00:00
838cb38862 fix(deploy): add smoke check retries and pass public Supabase build env 2026-03-07 06:37:14 +00:00
5 changed files with 105 additions and 33 deletions

View File

@@ -7,6 +7,13 @@ RUN npm ci
FROM node:20-bookworm-slim AS builder FROM node:20-bookworm-slim AS builder
WORKDIR /app WORKDIR /app
ARG NEXT_PUBLIC_SUPABASE_URL
ARG NEXT_PUBLIC_SUPABASE_ANON_KEY
ARG BUILD_CACHE_BUSTER
ENV NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
ENV NEXT_PUBLIC_SUPABASE_ANON_KEY=${NEXT_PUBLIC_SUPABASE_ANON_KEY}
ENV BUILD_CACHE_BUSTER=${BUILD_CACHE_BUSTER}
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY . . COPY . .
RUN npm run build RUN npm run build

77
Jenkinsfile vendored
View File

@@ -1,6 +1,7 @@
pipeline { pipeline {
// Build + deploy stages require Docker CLI/daemon access on the Jenkins node. // Build + deploy stages require Docker CLI/daemon access on the Jenkins node.
// Ensure this label maps to an agent with Docker installed and usable. // Ensure this label maps to an agent with Docker installed and usable.
//update
agent any agent any
environment { environment {
@@ -62,50 +63,90 @@ pipeline {
stage('Build application') { stage('Build application') {
steps { steps {
withCredentials([
string(credentialsId: 'supabase-public-url', variable: 'NEXT_PUBLIC_SUPABASE_URL'),
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
]) {
sh 'npm run build' sh 'npm run build'
} }
} }
}
stage('Build Docker image') { stage('Build Docker image') {
steps { steps {
sh 'docker build -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .' withCredentials([
string(credentialsId: 'supabase-public-url', variable: 'NEXT_PUBLIC_SUPABASE_URL'),
string(credentialsId: 'supabase-public-anon-key', variable: 'NEXT_PUBLIC_SUPABASE_ANON_KEY')
]) {
sh 'docker build --build-arg NEXT_PUBLIC_SUPABASE_URL="$NEXT_PUBLIC_SUPABASE_URL" --build-arg NEXT_PUBLIC_SUPABASE_ANON_KEY="$NEXT_PUBLIC_SUPABASE_ANON_KEY" --build-arg BUILD_CACHE_BUSTER="${BUILD_NUMBER}" -t ${IMAGE_LATEST} -t ${IMAGE_BUILD} .'
}
} }
} }
stage('Deploy') { stage('Deploy') {
steps { steps {
withCredentials([sshUserPrivateKey(
credentialsId: "${env.DEPLOY_SSH_CREDENTIAL_ID}",
keyFileVariable: 'SSH_KEY'
)]) {
sh ''' sh '''
bash -eo pipefail << 'EOF' bash <<'EOF'
set -euo pipefail set -euxo pipefail
ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" "mkdir -p $DEPLOY_PATH/scripts" SSH_KEY="/var/lib/jenkins/.ssh/plesk_agency_deploy"
SSH_USER="deploy"
SSH_OPTS="-i ${SSH_KEY} -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
echo "SSH user from configured deploy key: ${SSH_USER}"
echo "SSH key file path: ${SSH_KEY}"
ls -l "${SSH_KEY}"
ssh-keygen -y -f "${SSH_KEY}"
echo "Testing remote SSH connectivity"
ssh -n ${SSH_OPTS} "${SSH_USER}@${APP_HOST}" "whoami && hostname && pwd"
echo "Deploying image tag: ${IMAGE_BUILD}"
docker image inspect "${IMAGE_BUILD}" --format='{{.Id}} {{.RepoTags}}'
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "mkdir -p $DEPLOY_PATH/scripts"
rsync -az \ rsync -az \
-e "ssh -i $SSH_KEY" \ -e "ssh -n ${SSH_OPTS}" \
docker-compose.prod.yml \ docker-compose.prod.yml \
"$APP_USER@$APP_HOST:$DEPLOY_PATH/" "$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
rsync -az \ rsync -az \
-e "ssh -i $SSH_KEY" \ -e "ssh -n ${SSH_OPTS}" \
scripts/ \ scripts/ \
"$APP_USER@$APP_HOST:$DEPLOY_PATH/scripts/" "$SSH_USER@$APP_HOST:$DEPLOY_PATH/scripts/"
docker save ${IMAGE_LATEST} ${IMAGE_BUILD} \ IMAGE_TAR="plesk-agency-portal-build.tar"
| ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" 'docker load' echo "Creating image archive: ${IMAGE_TAR}"
docker save -o "${IMAGE_TAR}" "${IMAGE_BUILD}"
ls -lh "${IMAGE_TAR}"
sha256sum "${IMAGE_TAR}"
ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" \ echo "Copying image archive to remote host via scp"
scp ${SSH_OPTS} "${IMAGE_TAR}" "$SSH_USER@$APP_HOST:$DEPLOY_PATH/"
echo "Verifying image archive exists on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "ls -lh $DEPLOY_PATH/plesk-agency-portal-build.tar"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "sha256sum $DEPLOY_PATH/plesk-agency-portal-build.tar"
echo "Loading image archive on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker load -i $DEPLOY_PATH/plesk-agency-portal-build.tar"
echo "Verifying exact image tag is available on remote host"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker image inspect ${IMAGE_BUILD} --format='{{.Id}} {{.RepoTags}}'"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
"cd $DEPLOY_PATH && chmod +x ./scripts/deploy-prod.sh ./scripts/smoke-check.sh ./scripts/rollback-prod.sh" "cd $DEPLOY_PATH && chmod +x ./scripts/deploy-prod.sh ./scripts/smoke-check.sh ./scripts/rollback-prod.sh"
ssh -i "$SSH_KEY" "$APP_USER@$APP_HOST" \ echo "Running remote deploy script with exact image tag"
"cd $DEPLOY_PATH && ./scripts/deploy-prod.sh" ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" \
"cd $DEPLOY_PATH && APP_IMAGE='${IMAGE_BUILD}' ./scripts/deploy-prod.sh"
echo "Printing final running container image metadata"
ssh -n ${SSH_OPTS} "$SSH_USER@$APP_HOST" "docker inspect plesk-agency-portal --format='{{.Image}} {{.Created}}'"
EOF EOF
''' '''
} }
}
} }
stage('Smoke check') { stage('Smoke check') {

View File

@@ -12,8 +12,13 @@ if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
exit 1 exit 1
fi fi
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
echo "Missing .env in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}" cd "${DEPLOY_PATH}"
APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate
docker compose -f docker-compose.prod.yml ps APP_IMAGE="${APP_IMAGE}" docker compose -f docker-compose.prod.yml ps

View File

@@ -21,10 +21,20 @@ if [ ! -f "${DEPLOY_PATH}/docker-compose.prod.yml" ]; then
exit 1 exit 1
fi fi
if [ ! -f "${DEPLOY_PATH}/.env" ]; then
echo "Missing .env in ${DEPLOY_PATH}" >&2
exit 1
fi
if [ ! -f "${DEPLOY_PATH}/scripts/smoke-check.sh" ]; then
echo "Missing scripts/smoke-check.sh in ${DEPLOY_PATH}" >&2
exit 1
fi
cd "${DEPLOY_PATH}" cd "${DEPLOY_PATH}"
APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build APP_IMAGE="${PREVIOUS_IMAGE_TAG}" docker compose -f docker-compose.prod.yml up -d --no-build --force-recreate
"${DEPLOY_PATH}/smoke-check.sh" "${APP_BASE_URL}" "${DEPLOY_PATH}/scripts/smoke-check.sh" "${APP_BASE_URL}"
docker compose -f docker-compose.prod.yml ps docker compose -f docker-compose.prod.yml ps

View File

@@ -11,17 +11,26 @@ fi
URL="${BASE_URL%/}/api/health" URL="${BASE_URL%/}/api/health"
TMP_FILE="$(mktemp)" TMP_FILE="$(mktemp)"
MAX_ATTEMPTS=20
SLEEP_SECONDS=3
trap 'rm -f "${TMP_FILE}"' EXIT trap 'rm -f "${TMP_FILE}"' EXIT
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}") for attempt in $(seq 1 "${MAX_ATTEMPTS}"); do
HTTP_CODE=$(curl -sS -o "${TMP_FILE}" -w "%{http_code}" "${URL}" || echo "000")
if [ "${HTTP_CODE}" != "200" ]; then if [ "${HTTP_CODE}" = "200" ]; then
echo "Smoke check failed: ${URL} returned ${HTTP_CODE}" >&2 if node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}"; then
cat "${TMP_FILE}" >&2 || true echo "Smoke check passed: ${URL} (attempt ${attempt}/${MAX_ATTEMPTS})"
exit 1 exit 0
fi fi
fi
node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8'));if(d?.ok!==true||typeof d?.service!=='string'){process.exit(1)}" "${TMP_FILE}" if [ "${attempt}" -lt "${MAX_ATTEMPTS}" ]; then
sleep "${SLEEP_SECONDS}"
fi
done
echo "Smoke check passed: ${URL}" echo "Smoke check failed after ${MAX_ATTEMPTS} attempts: ${URL}" >&2
cat "${TMP_FILE}" >&2 || true
exit 1