ci: use self-hosted runner raynis-builder for backend and admin deploys

2026-06-18 04:58:21 +02:00 · 2026-06-18 04:58:21 +02:00 · 85cadd19a0
commit 85cadd19a0
parent c8f5bfc82e
2 changed files with 15 additions and 19 deletions
--- a/.github/workflows/deploy-admin-staging.yml
+++ b/.github/workflows/deploy-admin-staging.yml
@ -4,7 +4,7 @@ name: Deploy Admin Staging
 # Build + Deploy-Pipeline fuer rebreak-admin-staging.
 #
 # Pattern: identisch zu deploy-staging.yml (backend).
-#   - Build laeuft auf GH-Runner (7 GB RAM, kein OOM-Risiko auf Hetzner CX23)
+#   - Build laeuft auf self-hosted Runner (raynis-builder, 8 GB RAM)
 #   - Artifact wird via scp zum Server gepusht
 #   - Server-Script deploy-admin-from-artifact.sh extrahiert + pm2 restart
 #
@ -33,10 +33,10 @@ permissions:
  contents: read

 jobs:
-  # ── 1. Build auf GitHub-Runner ──────────────────────────────────────────────
+  # ── 1. Build auf self-hosted Runner ─────────────────────────────────────────
  build:
    name: Build admin (Nuxt SSR)
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
    steps:
      - uses: actions/checkout@v4

@ -69,7 +69,7 @@ jobs:
  deploy:
    name: Deploy zu Hetzner
    needs: build
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
    environment: staging  # selbes GitHub-Environment wie backend-deploy (shared secrets)
    steps:
      - name: Download artifact
@ -79,11 +79,11 @@ jobs:

      - name: Setup SSH
        env:
-          SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }}
+          SSH_PRIVATE_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
          SSH_HOST: ${{ vars.HETZNER_HOST }}
        run: |
          if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
-            echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
+            echo "FATAL: STAGING_DEPLOY_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
            exit 1
          fi
          echo "Deploying admin to host: $SSH_HOST"
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@ -4,14 +4,12 @@ name: Deploy Staging
 # Build + Deploy-Pipeline fuer rebreak-staging.
 #
 # Warum GitHub-Actions statt Server-Build:
-#   - Hetzner CX23 (4 GB RAM) gerissen am 2026-05-06 das 1.5 GB Heap-Limit
-#     waehrend `pnpm build` (OOM, "ineffective mark-compacts near heap limit").
-#   - GitHub Actions Runner haben 7 GB RAM und sind frei (public-repo) bzw.
-#     monatliches Free-Quota (private-repo).
+#   - Self-hosted Runner auf raynis-builder (api.trucko.org, 8 GB RAM).
+#   - Keine kostenpflichtigen GitHub Actions Minuten mehr fuer Linux-Builds.
 #   - Server bleibt unangetastet -- nur Artifact-Extract + pm2 restart.
 #
 # Pattern (uebernommen aus trucko-monorepo .github/workflows/android.yml):
-#   - SSH-Key in GitHub-Secret (HETZNER_SSH_KEY)
+#   - SSH-Key in GitHub-Secret (STAGING_DEPLOY_KEY)
 #   - ssh-keyscan + scp + ssh fuer Server-Side-Trigger
 #   - Concurrency-Group verhindert parallele Deploys
 #
@ -33,10 +31,10 @@ permissions:
  contents: read

 jobs:
-  # ── 1. Build auf GitHub-Runner (7 GB RAM, kein OOM-Risiko) ──────────────────
+  # ── 1. Build auf self-hosted Runner (raynis-builder) ────────────────────────
  build:
    name: Build backend (Nitro)
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
    steps:
      - uses: actions/checkout@v4
        with:
@ -55,9 +53,7 @@ jobs:

      - name: Build backend (prisma generate + nitro build)
        working-directory: backend
-        # Runner hat 7 GB RAM, aber Node nimmt default nur ~2 GB Heap → nitro build
-        # OOM'te ("ineffective mark-compacts near heap limit", exit 134), seit der
-        # Build gewachsen ist. Heap auf 4 GB anheben (passt locker in die 7 GB).
+        # Runner hat 8 GB RAM; Heap auf 4 GB anheben fuer Nitro build.
        env:
          NODE_OPTIONS: "--max-old-space-size=4096"
        run: pnpm build
@ -83,7 +79,7 @@ jobs:
  deploy:
    name: Deploy zu Hetzner
    needs: build
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
    environment: staging  # GitHub-Environment fuer Secret-Isolation
    steps:
      - name: Download artifact
@ -99,11 +95,11 @@ jobs:

      - name: Setup SSH
        env:
-          SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }}
+          SSH_PRIVATE_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
          SSH_HOST: ${{ vars.HETZNER_HOST }}
        run: |
          if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
-            echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
+            echo "FATAL: STAGING_DEPLOY_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
            exit 1
          fi
          echo "Deploying to host: $SSH_HOST"