first commit

.gitea/workflows/ci-cd.yml

@@ -0,0 +1,113 @@
+name: CI/CD
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+concurrency:
+  group: drsousan-cicd-${{ github.ref }}
+  cancel-in-progress: true
+
+# ─────────────────────────────────────────────────────────────────────────────
+# HOW THIS WORKS
+# ─────────────────────────────────────────────────────────────────────────────
+# Runner labels:
+#   ubuntu-latest → container runner  ← CI dotnet build runs here
+#   self-hosted   → host runner       ← docker build/push/deploy runs here
+#
+# Local Nexus:
+#   Docker registry → 171.22.25.73:8087   (mcr-proxy + drsousan images)
+#   NuGet           → 171.22.25.73:8081/repository/nuget-group/
+#
+# Required Gitea secrets:
+#   ENV_FILE           → contents of .env
+#   REGISTRY_PASSWORD  → Nexus admin password
+# ─────────────────────────────────────────────────────────────────────────────
+
+jobs:
+
+  # ── CI: compile-check (runs on every push / PR) ──────────────────────────────
+  ci:
+    name: "CI · dotnet build"
+    runs-on: ubuntu-latest
+    container:
+      image: 171.22.25.73:8087/dotnet/sdk:10.0
+      options: --add-host=gitea:host-gateway
+    steps:
+      - name: Checkout
+        env:
+          TOKEN: ${{ github.token }}
+          REF:   ${{ github.ref }}
+        run: |
+          git init
+          git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
+          git config http.extraheader "Authorization: Bearer ${TOKEN}"
+          git fetch --depth=1 origin "${REF}"
+          git checkout FETCH_HEAD
+
+      - name: Restore
+        working-directory: DrSousan.Api
+        env:
+          DOTNET_CLI_TELEMETRY_OPTOUT: 1
+        run: dotnet restore DrSousan.Api.csproj
+
+      - name: Build
+        working-directory: DrSousan.Api
+        run: dotnet build DrSousan.Api.csproj --no-restore -c Release
+
+  # ── Deploy: build image on server → run  (push to main only) ────────────────
+  deploy:
+    name: "Deploy · drsousan"
+    runs-on: self-hosted
+    env:
+      PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+    needs: [ci]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    timeout-minutes: 20
+
+    steps:
+      - name: Checkout
+        env:
+          TOKEN: ${{ github.token }}
+          REF:   ${{ github.ref }}
+        run: |
+          git init
+          git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
+          git config http.extraheader "Authorization: Bearer ${TOKEN}"
+          git fetch --depth=1 origin "${REF}"
+          git checkout FETCH_HEAD
+
+      - name: Write .env
+        run: printf '%s' "$ENV_FILE" > .env
+        env:
+          ENV_FILE: ${{ secrets.ENV_FILE }}
+
+      - name: Build image
+        run: docker compose build api
+        env:
+          DOCKER_BUILDKIT: 1
+
+      - name: Deploy
+        run: docker compose up -d --no-deps api
+
+      - name: Wait for healthy
+        run: |
+          for i in $(seq 1 24); do
+            STATUS=$(docker inspect --format='{{.State.Health.Status}}' drsousan_api 2>/dev/null || echo "missing")
+            echo "  [$i/24] $STATUS"
+            [ "$STATUS" = "healthy" ] && echo "✅ drsousan_api healthy" && exit 0
+            sleep 5
+          done
+          echo "❌ timed out"
+          docker compose logs --tail=60 api
+          exit 1
+
+      - name: Show containers
+        if: always()
+        run: docker compose ps
+
+      - name: Prune old images
+        if: success()
+        run: docker image prune -f