Michael Freno
9fb5379b7a
- ScanScheduler: tier-based scheduling (BASIC=24h, PLUS=6h, PREMIUM=1h) - WebhookHandler: HMAC-verified webhook ingestion with SCAN_TRIGGER support - API routes: /scheduler and /webhooks endpoints under /api/v1/darkwatch - Jobs: scheduled scan checker + webhook retry processor via BullMQ - Schema: ScanSchedule, WebhookEvent models; ScanJob.scheduledBy field - Types: ScheduleStatus, WebhookEventType, WebhookTriggerInput - Tests: scheduler lifecycle + webhook signature/processing tests Co-Authored-By: Paperclip <noreply@paperclip.ing>
102 lines
3.2 KiB
YAML
102 lines
3.2 KiB
YAML
name: Deploy
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
release:
|
|
types: [published]
|
|
|
|
concurrency:
|
|
group: deploy-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
NODE_VERSION: "20"
|
|
|
|
jobs:
|
|
detect-environment:
|
|
name: Detect Environment
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
environment: ${{ steps.detect.outputs.environment }}
|
|
steps:
|
|
- name: Detect deployment target
|
|
id: detect
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "release" ]; then
|
|
echo "environment=production" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "environment=staging" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
build-and-push:
|
|
name: Build and Push Docker Images
|
|
runs-on: ubuntu-latest
|
|
needs: detect-environment
|
|
environment: ${{ needs.detect-environment.outputs.environment }}
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- name: api
|
|
dockerfile: packages/api/Dockerfile
|
|
- name: darkwatch
|
|
dockerfile: services/darkwatch/Dockerfile
|
|
- name: spamshield
|
|
dockerfile: services/spamshield/Dockerfile
|
|
- name: voiceprint
|
|
dockerfile: services/voiceprint/Dockerfile
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Login to Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Calculate image tag
|
|
id: tag
|
|
run: |
|
|
if [ "${{ needs.detect-environment.outputs.environment }}" = "production" ]; then
|
|
echo "tag=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "tag=staging-${{ github.sha }}" >> $GITHUB_OUTPUT
|
|
fi
|
|
- name: Build and push ${{ matrix.name }}
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ${{ matrix.dockerfile }}
|
|
push: true
|
|
tags: ghcr.io/${{ github.repository_owner }}/shieldai-${{ matrix.name }}:${{ steps.tag.outputs.tag }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
deploy:
|
|
name: Deploy to ${{ needs.detect-environment.outputs.environment }}
|
|
runs-on: ubuntu-latest
|
|
needs: [detect-environment, build-and-push]
|
|
environment: ${{ needs.detect-environment.outputs.environment }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Calculate deployment tag
|
|
id: tag
|
|
run: |
|
|
if [ "${{ needs.detect-environment.outputs.environment }}" = "production" ]; then
|
|
echo "tag=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "tag=staging-${{ github.sha }}" >> $GITHUB_OUTPUT
|
|
fi
|
|
- name: Deploy via Docker Compose
|
|
uses: appleboy/ssh-action@v1
|
|
with:
|
|
host: ${{ secrets.DEPLOY_HOST }}
|
|
username: ${{ secrets.DEPLOY_USER }}
|
|
key: ${{ secrets.DEPLOY_SSH_KEY }}
|
|
script: |
|
|
cd /opt/shieldai
|
|
export DOCKER_TAG="${{ steps.tag.outputs.tag }}"
|
|
export ENVIRONMENT="${{ needs.detect-environment.outputs.environment }}"
|
|
docker compose pull
|
|
docker compose up -d
|
|
docker image prune -f
|