diff --git a/.forgejo/workflows/self-deploy.yml b/.forgejo/workflows/self-deploy.yml index 5146dbc13..b6b400eb4 100644 --- a/.forgejo/workflows/self-deploy.yml +++ b/.forgejo/workflows/self-deploy.yml @@ -21,6 +21,8 @@ env: SF_PROD_NAMESPACE: ${{ vars.SF_PROD_NAMESPACE }} SF_TEST_DEPLOYMENT: ${{ vars.SF_TEST_DEPLOYMENT }} SF_PROD_DEPLOYMENT: ${{ vars.SF_PROD_DEPLOYMENT }} + SF_VEGA_UPGRADE_URL: ${{ vars.SF_VEGA_UPGRADE_URL }} + SF_VEGA_UPGRADE_TOKEN: ${{ secrets.SF_VEGA_UPGRADE_TOKEN }} jobs: build: @@ -89,6 +91,63 @@ jobs: if: env.SF_PUSH_IMAGE != '0' run: docker push "${{ steps.image.outputs.image }}" + deploy-vega-source: + name: upgrade vega source server + needs: build + runs-on: docker + if: vars.SF_VEGA_UPGRADE_URL != '' + steps: + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: ${{ env.NODE_VERSION }} + + - name: Trigger source-mounted server upgrade + shell: bash + run: | + set -euo pipefail + base="${SF_VEGA_UPGRADE_URL%/}" + auth_args=() + if [ -n "${SF_VEGA_UPGRADE_TOKEN:-}" ]; then + auth_args=(-H "Authorization: Bearer ${SF_VEGA_UPGRADE_TOKEN}") + fi + response="$(curl --fail --silent --show-error \ + -X POST \ + "${auth_args[@]}" \ + "$base/api/server-upgrade")" + printf '%s\n' "$response" + + - name: Wait for vega source server revision + shell: bash + run: | + set -euo pipefail + base="${SF_VEGA_UPGRADE_URL%/}" + expected="${GITHUB_SHA:-$(git rev-parse HEAD)}" + auth_args=() + if [ -n "${SF_VEGA_UPGRADE_TOKEN:-}" ]; then + auth_args=(-H "Authorization: Bearer ${SF_VEGA_UPGRADE_TOKEN}") + fi + deadline=$((SECONDS + 900)) + last="" + while [ "$SECONDS" -lt "$deadline" ]; do + payload="$(curl --fail --silent --show-error \ + "${auth_args[@]}" \ + "$base/api/ready" || true)" + if [ -n "$payload" ]; then + last="$payload" + actual="$(node -e 'const fs=require("node:fs"); const j=JSON.parse(fs.readFileSync(0,"utf8")); process.stdout.write(String(j.gitSha || ""));' <<<"$payload")" + ready="$(node -e 'const fs=require("node:fs"); const j=JSON.parse(fs.readFileSync(0,"utf8")); process.stdout.write(String(j.ready === true));' <<<"$payload")" + if [ "$ready" = "true" ] && [ "$actual" = "$expected" ]; then + printf 'vega source server upgraded to %s\n' "$actual" + exit 0 + fi + printf 'waiting for vega source server: ready=%s sha=%s expected=%s\n' "$ready" "$actual" "$expected" + fi + sleep 5 + done + printf 'Timed out waiting for vega source server to advertise %s. Last payload:\n%s\n' "$expected" "$last" >&2 + exit 1 + deploy-test: name: deploy test and probe needs: build diff --git a/docs/specs/sf-self-deploy.md b/docs/specs/sf-self-deploy.md index 2738c76bf..519c0926b 100644 --- a/docs/specs/sf-self-deploy.md +++ b/docs/specs/sf-self-deploy.md @@ -85,6 +85,13 @@ candidate. Replacement drains the old container with fallback. The default leaves a 10 second margin over the RPC child's `SF_RPC_SHUTDOWN_GRACE_MS=600000` queue-drain handler. +Forgejo can trigger this source-mounted path automatically after the build job. +Set repository variable `SF_VEGA_UPGRADE_URL` to the private server base URL +such as `http://vega.ts.hugo.dk:4000`. If the web server has auth enabled, set +secret `SF_VEGA_UPGRADE_TOKEN`; the workflow sends it as a bearer token. The +job posts `/api/server-upgrade`, then polls `/api/ready` until the live server +reports the pushed `GITHUB_SHA`. + ## Promotion Test must roll before prod: