chahine/rebreak-monorepo
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

ci: use self-hosted runner raynis-builder for backend and admin deploys

Browse Source
This commit is contained in:
chahinebrini 2026-06-18 04:58:21 +02:00
parent c8f5bfc82e
commit 85cadd19a0
2 changed files with 15 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/deploy-admin-staging.yml vendored
View File

@ -4,7 +4,7 @@ name: Deploy Admin Staging
# Build + Deploy-Pipeline fuer rebreak-admin-staging. # Build + Deploy-Pipeline fuer rebreak-admin-staging.
# #
# Pattern: identisch zu deploy-staging.yml (backend). # Pattern: identisch zu deploy-staging.yml (backend).
# - Build laeuft auf GH-Runner (7 GB RAM, kein OOM-Risiko auf Hetzner CX23) # - Build laeuft auf self-hosted Runner (raynis-builder, 8 GB RAM)
# - Artifact wird via scp zum Server gepusht # - Artifact wird via scp zum Server gepusht
# - Server-Script deploy-admin-from-artifact.sh extrahiert + pm2 restart # - Server-Script deploy-admin-from-artifact.sh extrahiert + pm2 restart
# #
@ -33,10 +33,10 @@ permissions:
contents: read contents: read
jobs: jobs:
# ── 1. Build auf GitHub-Runner ────────────────────────────────────────────── # ── 1. Build auf self-hosted Runner ─────────────────────────────────────────
build: build:
name: Build admin (Nuxt SSR) name: Build admin (Nuxt SSR)
runs-on: ubuntu-latest runs-on: [self-hosted, raynis-builder]
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -69,7 +69,7 @@ jobs:
deploy: deploy:
name: Deploy zu Hetzner name: Deploy zu Hetzner
needs: build needs: build
runs-on: ubuntu-latest runs-on: [self-hosted, raynis-builder]
environment: staging # selbes GitHub-Environment wie backend-deploy (shared secrets) environment: staging # selbes GitHub-Environment wie backend-deploy (shared secrets)
steps: steps:
- name: Download artifact - name: Download artifact
@ -79,11 +79,11 @@ jobs:
- name: Setup SSH - name: Setup SSH
env: env:
SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }} SSH_PRIVATE_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
SSH_HOST: ${{ vars.HETZNER_HOST }} SSH_HOST: ${{ vars.HETZNER_HOST }}
run: | run: |
if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt" echo "FATAL: STAGING_DEPLOY_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
exit 1 exit 1
fi fi
echo "Deploying admin to host: $SSH_HOST" echo "Deploying admin to host: $SSH_HOST"

22
.github/workflows/deploy-staging.yml vendored
View File

@ -4,14 +4,12 @@ name: Deploy Staging
# Build + Deploy-Pipeline fuer rebreak-staging. # Build + Deploy-Pipeline fuer rebreak-staging.
# #
# Warum GitHub-Actions statt Server-Build: # Warum GitHub-Actions statt Server-Build:
# - Hetzner CX23 (4 GB RAM) gerissen am 2026-05-06 das 1.5 GB Heap-Limit # - Self-hosted Runner auf raynis-builder (api.trucko.org, 8 GB RAM).
# waehrend `pnpm build` (OOM, "ineffective mark-compacts near heap limit"). # - Keine kostenpflichtigen GitHub Actions Minuten mehr fuer Linux-Builds.
# - GitHub Actions Runner haben 7 GB RAM und sind frei (public-repo) bzw.
# monatliches Free-Quota (private-repo).
# - Server bleibt unangetastet -- nur Artifact-Extract + pm2 restart. # - Server bleibt unangetastet -- nur Artifact-Extract + pm2 restart.
# #
# Pattern (uebernommen aus trucko-monorepo .github/workflows/android.yml): # Pattern (uebernommen aus trucko-monorepo .github/workflows/android.yml):
# - SSH-Key in GitHub-Secret (HETZNER_SSH_KEY) # - SSH-Key in GitHub-Secret (STAGING_DEPLOY_KEY)
# - ssh-keyscan + scp + ssh fuer Server-Side-Trigger # - ssh-keyscan + scp + ssh fuer Server-Side-Trigger
# - Concurrency-Group verhindert parallele Deploys # - Concurrency-Group verhindert parallele Deploys
# #
@ -33,10 +31,10 @@ permissions:
contents: read contents: read
jobs: jobs:
# ── 1. Build auf GitHub-Runner (7 GB RAM, kein OOM-Risiko) ────────────────── # ── 1. Build auf self-hosted Runner (raynis-builder) ────────────────────────
build: build:
name: Build backend (Nitro) name: Build backend (Nitro)
runs-on: ubuntu-latest runs-on: [self-hosted, raynis-builder]
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@ -55,9 +53,7 @@ jobs:
- name: Build backend (prisma generate + nitro build) - name: Build backend (prisma generate + nitro build)
working-directory: backend working-directory: backend
# Runner hat 7 GB RAM, aber Node nimmt default nur ~2 GB Heap → nitro build # Runner hat 8 GB RAM; Heap auf 4 GB anheben fuer Nitro build.
# OOM'te ("ineffective mark-compacts near heap limit", exit 134), seit der
# Build gewachsen ist. Heap auf 4 GB anheben (passt locker in die 7 GB).
env: env:
NODE_OPTIONS: "--max-old-space-size=4096" NODE_OPTIONS: "--max-old-space-size=4096"
run: pnpm build run: pnpm build
@ -83,7 +79,7 @@ jobs:
deploy: deploy:
name: Deploy zu Hetzner name: Deploy zu Hetzner
needs: build needs: build
runs-on: ubuntu-latest runs-on: [self-hosted, raynis-builder]
environment: staging # GitHub-Environment fuer Secret-Isolation environment: staging # GitHub-Environment fuer Secret-Isolation
steps: steps:
- name: Download artifact - name: Download artifact
@ -99,11 +95,11 @@ jobs:
- name: Setup SSH - name: Setup SSH
env: env:
SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }} SSH_PRIVATE_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
SSH_HOST: ${{ vars.HETZNER_HOST }} SSH_HOST: ${{ vars.HETZNER_HOST }}
run: | run: |
if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt" echo "FATAL: STAGING_DEPLOY_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
exit 1 exit 1
fi fi
echo "Deploying to host: $SSH_HOST" echo "Deploying to host: $SSH_HOST"