Fix CI/CD: use SSH-based build instead of Docker-in-Docker

act_runner doesn't reliably support docker/build-push-action. Build the image on the staging server and push to registry from there instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 19:49:35 -04:00
parent ef54ac201a
commit f6eeaed97d
2 changed files with 29 additions and 48 deletions
--- a/.gitea/workflows/deploy-prod.yml
+++ b/.gitea/workflows/deploy-prod.yml
@@ -7,9 +7,6 @@ on:
        description: 'Release tag to deploy (e.g. v3.3.0)'
        required: true

-env:
-  IMAGE: git.adlee.work/alee/golfgame
-
 jobs:
  deploy:
    runs-on: ubuntu-latest
@@ -20,19 +17,21 @@ jobs:
          host: ${{ secrets.PROD_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
-          envs: IMAGE
          script: |
+            set -e
+            TAG="${{ github.event.inputs.tag }}"
+            IMAGE="git.adlee.work/alee/golfgame"
+
            cd /opt/golfgame

-            # Pull the same image that passed staging
-            docker login git.adlee.work -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }}
-            docker pull $IMAGE:${{ github.event.inputs.tag }}
+            # Pull the image that passed staging
+            echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.adlee.work -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+            docker pull "$IMAGE:$TAG"
+            docker tag "$IMAGE:$TAG" golfgame-app:latest

-            # Tag it so compose uses it
-            docker tag $IMAGE:${{ github.event.inputs.tag }} golfgame-app:latest
-
-            # Update code (for compose file / env changes)
-            git fetch origin && git checkout ${{ github.event.inputs.tag }}
+            # Update code for compose/env changes
+            git fetch origin
+            git checkout "$TAG"

            # Restart app
            docker compose -f docker-compose.prod.yml up -d app
@@ -41,7 +40,7 @@ jobs:
            echo "Waiting for health check..."
            for i in $(seq 1 30); do
              if docker compose -f docker-compose.prod.yml ps app | grep -q "healthy"; then
-                echo "Production deploy successful — ${{ github.event.inputs.tag }}"
+                echo "Production deploy successful — $TAG"
                exit 0
              fi
              sleep 2
--- a/.gitea/workflows/deploy-staging.yml
+++ b/.gitea/workflows/deploy-staging.yml
@@ -4,63 +4,45 @@ on:
  release:
    types: [published]

-env:
-  IMAGE: git.adlee.work/alee/golfgame
-
 jobs:
-  build:
+  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

-      - name: Log in to Gitea Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.adlee.work
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-
-      - name: Build and push image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          tags: |
-            ${{ env.IMAGE }}:${{ github.ref_name }}
-            ${{ env.IMAGE }}:latest
-
-  deploy:
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - name: Deploy to staging
+      - name: Build, push, and deploy to staging
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.STAGING_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
-          envs: IMAGE
          script: |
+            set -e
+            TAG="${{ github.ref_name }}"
+            IMAGE="git.adlee.work/alee/golfgame"
+
            cd /opt/golfgame

-            # Pull the pre-built image
-            docker login git.adlee.work -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }}
-            docker pull $IMAGE:${{ github.ref_name }}
+            # Pull latest code and checkout the release tag
+            git fetch origin
+            git checkout "$TAG"

-            # Tag it so compose uses it
-            docker tag $IMAGE:${{ github.ref_name }} golfgame-app:latest
+            # Build the image
+            docker build -t "$IMAGE:$TAG" -t "$IMAGE:latest" -t golfgame-app:latest .

-            # Update code (for compose file / env changes)
-            git fetch origin && git checkout ${{ github.ref_name }}
+            # Push to Gitea container registry
+            echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.adlee.work -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+            docker push "$IMAGE:$TAG"
+            docker push "$IMAGE:latest"

-            # Restart app (no --build, image is pre-built)
+            # Restart app (no --build, image already tagged)
            docker compose -f docker-compose.staging.yml up -d app

            # Wait for healthy
            echo "Waiting for health check..."
            for i in $(seq 1 30); do
              if docker compose -f docker-compose.staging.yml ps app | grep -q "healthy"; then
-                echo "Staging deploy successful — ${{ github.ref_name }}"
+                echo "Staging deploy successful — $TAG"
                exit 0
              fi
              sleep 2