ci(obs): GitOps obs env split in release — deploy to /opt/familienarchiv/, secrets fresh from Gitea
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
@@ -76,12 +76,6 @@ jobs:
|
|||||||
APP_MAIL_FROM=noreply@raddatz.cloud
|
APP_MAIL_FROM=noreply@raddatz.cloud
|
||||||
IMPORT_HOST_DIR=/srv/familienarchiv-production/import
|
IMPORT_HOST_DIR=/srv/familienarchiv-production/import
|
||||||
POSTGRES_USER=archiv
|
POSTGRES_USER=archiv
|
||||||
PORT_GRAFANA=3003
|
|
||||||
PORT_GLITCHTIP=3002
|
|
||||||
PORT_PROMETHEUS=9090
|
|
||||||
GRAFANA_ADMIN_PASSWORD=${{ secrets.GRAFANA_ADMIN_PASSWORD }}
|
|
||||||
GLITCHTIP_SECRET_KEY=${{ secrets.GLITCHTIP_SECRET_KEY }}
|
|
||||||
GLITCHTIP_DOMAIN=https://glitchtip.archiv.raddatz.cloud
|
|
||||||
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
|
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
@@ -104,11 +98,28 @@ jobs:
|
|||||||
--env-file .env.production \
|
--env-file .env.production \
|
||||||
up -d --wait --remove-orphans
|
up -d --wait --remove-orphans
|
||||||
|
|
||||||
|
- name: Deploy observability configs
|
||||||
|
# Mirrors the nightly approach: copies obs compose file and config tree
|
||||||
|
# to /opt/familienarchiv/ (permanent path, survives workspace wipes — ADR-016),
|
||||||
|
# then writes obs-secrets.env fresh from Gitea secrets.
|
||||||
|
# Non-secret config lives in infra/observability/obs.env (tracked in git).
|
||||||
|
run: |
|
||||||
|
mkdir -p /opt/familienarchiv/infra
|
||||||
|
cp -r infra/observability /opt/familienarchiv/infra/
|
||||||
|
cp docker-compose.observability.yml /opt/familienarchiv/
|
||||||
|
cat > /opt/familienarchiv/obs-secrets.env <<EOF
|
||||||
|
GRAFANA_ADMIN_PASSWORD=${{ secrets.GRAFANA_ADMIN_PASSWORD }}
|
||||||
|
GLITCHTIP_SECRET_KEY=${{ secrets.GLITCHTIP_SECRET_KEY }}
|
||||||
|
POSTGRES_USER=archiv
|
||||||
|
POSTGRES_PASSWORD=${{ secrets.PROD_POSTGRES_PASSWORD }}
|
||||||
|
EOF
|
||||||
|
|
||||||
- name: Start observability stack
|
- name: Start observability stack
|
||||||
run: |
|
run: |
|
||||||
docker compose \
|
docker compose \
|
||||||
-f docker-compose.observability.yml \
|
-f /opt/familienarchiv/docker-compose.observability.yml \
|
||||||
--env-file .env.production \
|
--env-file /opt/familienarchiv/infra/observability/obs.env \
|
||||||
|
--env-file /opt/familienarchiv/obs-secrets.env \
|
||||||
up -d --wait --remove-orphans
|
up -d --wait --remove-orphans
|
||||||
|
|
||||||
- name: Reload Caddy
|
- name: Reload Caddy
|
||||||
|
|||||||
Reference in New Issue
Block a user