bb6dbe37a4
Ports the deploy pipeline from the Gitea main fork (commit 7ddb06d's deploy toolkit) into the Auth.js v5 / NextAuth tree: - .gitea/workflows/deploy.yml: inline deploy that brings up the Docker stack, applies migrations, builds Next.js, and runs the app under PM2. Swapped Better Auth env vars (BETTER_AUTH_SECRET/URL, NEXT_PUBLIC_BETTER_AUTH_URL) for Auth.js v5 names (AUTH_SECRET/URL, NEXT_PUBLIC_AUTH_URL). Dropped NEXT_PUBLIC_SUPABASE_URL/ANON_KEY (Supabase removal in progress). Added GOOGLE_CLIENT_ID/SECRET + ALLOW_DEV_LOGIN for the Auth.js Google provider and dev credentials path. Switched runs-on from 'ubuntu-latest' to the self-hosted runner labels matching build.yml. - deploy/: idempotent deploy toolkit (deploy.sh, docker-compose.yml, Dockerfile.nextjs, nginx.conf.template, .env.production.example, healthcheck.sh, Makefile, deploy/.gitignore). No auth/Supabase dependencies — pure infra. - deploy/.env.production.example: renamed NEXTAUTH_SECRET/NEXTAUTH_URL (v4) to AUTH_SECRET/AUTH_URL (v5) and added the v5-specific vars (NEXT_PUBLIC_AUTH_URL, GOOGLE_*, ALLOW_DEV_LOGIN). Build pipeline is now end-to-end: build.yml → typecheck + lint + build (uses [self-hosted, linux, ubuntu-latest]) deploy.yml → start docker stack + migrations + build + PM2 restart Storage / admin code ports (MinIO via @/lib/storage, Supabase removal, admin-permissions rewrite) are tracked separately — they require porting the storage and admin code first; the deploy pipeline itself is ready to run against the Auth.js world.
55 lines
1.7 KiB
Bash
Executable File
55 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# =============================================================================
|
|
# healthcheck.sh — standalone, callable from cron / monitoring
|
|
# =============================================================================
|
|
#
|
|
# Reads the current prod ports from .postgrest-port / .nextjs-port and curls
|
|
# each service. Exit code is the count of failed checks (0 = all healthy).
|
|
#
|
|
# Usage:
|
|
# ./healthcheck.sh
|
|
# ./healthcheck.sh --nginx # also check the fronted URL
|
|
# WORKSPACE=/srv/app ./healthcheck.sh
|
|
# =============================================================================
|
|
|
|
set -Eeuo pipefail
|
|
IFS=$'\n\t'
|
|
|
|
WORKSPACE="${WORKSPACE:-$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)}"
|
|
POSTGREST_PORT_FILE="${POSTGREST_PORT_FILE:-${WORKSPACE}/.postgrest-port}"
|
|
NEXTJS_PORT_FILE="${NEXTJS_PORT_FILE:-${WORKSPACE}/.nextjs-port}"
|
|
TIMEOUT="${HEALTHCHECK_TIMEOUT:-5}"
|
|
|
|
failures=0
|
|
|
|
check() {
|
|
local label="$1" url="$2"
|
|
if curl -fsS --max-time "$TIMEOUT" -o /dev/null "$url"; then
|
|
printf ' [ OK ] %-20s %s\n' "$label" "$url"
|
|
else
|
|
printf ' [FAIL] %-20s %s\n' "$label" "$url"
|
|
failures=$(( failures + 1 ))
|
|
fi
|
|
}
|
|
|
|
pgrest_port=$(tr -d '[:space:]' < "$POSTGREST_PORT_FILE" 2>/dev/null || echo "")
|
|
next_port=$(tr -d '[:space:]' < "$NEXTJS_PORT_FILE" 2>/dev/null || echo "")
|
|
|
|
if [[ -n "$pgrest_port" ]]; then
|
|
check "postgrest" "http://127.0.0.1:${pgrest_port}/"
|
|
else
|
|
printf ' [SKIP] postgrest (no .postgrest-port)\n'
|
|
fi
|
|
|
|
if [[ -n "$next_port" ]]; then
|
|
check "nextjs" "http://127.0.0.1:${next_port}/"
|
|
else
|
|
printf ' [SKIP] nextjs (no .nextjs-port)\n'
|
|
fi
|
|
|
|
if [[ "${1:-}" == "--nginx" ]]; then
|
|
check "nginx" "http://127.0.0.1/"
|
|
fi
|
|
|
|
exit "$failures"
|