41f1c402ed
- Implemented a new GitHub Actions workflow for testing deployments (`test-deployment.yml`). - Created detailed deployment documentation (`DEPLOYMENT-README.md`, `DEPLOYMENT.md`, `QUICK-START.md`) for setting up the testing server and configuring GitHub secrets. - Added a setup script (`setup-testing-server.sh`) for automating the environment setup on the testing server, including Docker, Nginx, and user configurations. - Included monitoring and cleanup scripts for managing deployments on the server.
238 lines
7.8 KiB
YAML
238 lines
7.8 KiB
YAML
name: Test Deployment Workflow
|
|
|
|
# Этот workflow можно запустить вручную для тестирования процесса развертывания
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
pr_number:
|
|
description: "PR number to simulate"
|
|
required: true
|
|
default: "999"
|
|
type: string
|
|
cleanup:
|
|
description: "Run cleanup after deployment"
|
|
required: false
|
|
default: false
|
|
type: boolean
|
|
|
|
jobs:
|
|
test-deployment:
|
|
name: Test Deployment Process
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "18"
|
|
cache: "yarn"
|
|
|
|
- name: Install dependencies
|
|
run: yarn install --frozen-lockfile
|
|
|
|
- name: Run tests
|
|
run: |
|
|
# Add your test commands here
|
|
echo "Running tests..."
|
|
yarn lint:check || echo "Linting completed with warnings"
|
|
|
|
- name: Build application
|
|
run: yarn build
|
|
|
|
- name: Build Docker image
|
|
run: |
|
|
docker build -t low-code-engine:test-${{ inputs.pr_number }} .
|
|
echo "Docker image built successfully"
|
|
|
|
- name: Test Docker image
|
|
run: |
|
|
# Test that the image runs correctly
|
|
docker run -d --name test-app -p 3000:3000 low-code-engine:test-${{ inputs.pr_number }}
|
|
sleep 10
|
|
|
|
# Try to connect to the app
|
|
if curl -f http://localhost:3000/health > /dev/null 2>&1; then
|
|
echo "✅ Application is responding"
|
|
else
|
|
echo "❌ Application is not responding"
|
|
docker logs test-app
|
|
fi
|
|
|
|
docker stop test-app
|
|
docker rm test-app
|
|
|
|
- name: Save Docker image
|
|
run: |
|
|
docker save low-code-engine:test-${{ inputs.pr_number }} | gzip > low-code-engine-test.tar.gz
|
|
ls -lh low-code-engine-test.tar.gz
|
|
|
|
- name: Test SSH connection
|
|
if: ${{ secrets.TESTING_SERVER_HOST }}
|
|
uses: appleboy/ssh-action@v1.0.3
|
|
with:
|
|
host: ${{ secrets.TESTING_SERVER_HOST }}
|
|
username: ${{ secrets.TESTING_SERVER_USER }}
|
|
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
|
|
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
|
|
script: |
|
|
echo "✅ SSH connection successful"
|
|
echo "Server info:"
|
|
uname -a
|
|
docker --version
|
|
docker-compose --version
|
|
df -h /opt/low-code-engine
|
|
echo "Available ports for testing:"
|
|
netstat -tln | grep ":30[0-9][0-9]" | head -5 || echo "No testing ports in use"
|
|
|
|
- name: Test file transfer
|
|
if: ${{ secrets.TESTING_SERVER_HOST }}
|
|
uses: appleboy/scp-action@v0.1.7
|
|
with:
|
|
host: ${{ secrets.TESTING_SERVER_HOST }}
|
|
username: ${{ secrets.TESTING_SERVER_USER }}
|
|
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
|
|
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
|
|
source: "low-code-engine-test.tar.gz"
|
|
target: "/tmp/"
|
|
|
|
- name: Test deployment simulation
|
|
if: ${{ secrets.TESTING_SERVER_HOST }}
|
|
uses: appleboy/ssh-action@v1.0.3
|
|
with:
|
|
host: ${{ secrets.TESTING_SERVER_HOST }}
|
|
username: ${{ secrets.TESTING_SERVER_USER }}
|
|
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
|
|
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
|
|
script: |
|
|
echo "Testing deployment simulation for PR #${{ inputs.pr_number }}"
|
|
|
|
# Create test directory
|
|
mkdir -p /opt/low-code-engine/test-pr-${{ inputs.pr_number }}
|
|
cd /opt/low-code-engine/test-pr-${{ inputs.pr_number }}
|
|
|
|
# Copy test file
|
|
cp /tmp/low-code-engine-test.tar.gz .
|
|
|
|
# Test image loading
|
|
gunzip -c low-code-engine-test.tar.gz | docker load
|
|
|
|
echo "✅ Test deployment simulation completed"
|
|
|
|
# Cleanup test files
|
|
rm -f low-code-engine-test.tar.gz /tmp/low-code-engine-test.tar.gz
|
|
docker rmi low-code-engine:test-${{ inputs.pr_number }} || true
|
|
cd ..
|
|
rm -rf test-pr-${{ inputs.pr_number }}
|
|
|
|
- name: Cleanup on failure
|
|
if: failure() && secrets.TESTING_SERVER_HOST
|
|
uses: appleboy/ssh-action@v1.0.3
|
|
with:
|
|
host: ${{ secrets.TESTING_SERVER_HOST }}
|
|
username: ${{ secrets.TESTING_SERVER_USER }}
|
|
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
|
|
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
|
|
script: |
|
|
# Cleanup any test artifacts
|
|
rm -f /tmp/low-code-engine-test.tar.gz
|
|
rm -rf /opt/low-code-engine/test-pr-${{ inputs.pr_number }}
|
|
docker rmi low-code-engine:test-${{ inputs.pr_number }} || true
|
|
echo "🧹 Cleanup completed"
|
|
|
|
test-health-endpoints:
|
|
name: Test Health Endpoints
|
|
runs-on: ubuntu-latest
|
|
needs: test-deployment
|
|
if: ${{ secrets.TESTING_SERVER_HOST }}
|
|
|
|
steps:
|
|
- name: Test server health endpoints
|
|
uses: appleboy/ssh-action@v1.0.3
|
|
with:
|
|
host: ${{ secrets.TESTING_SERVER_HOST }}
|
|
username: ${{ secrets.TESTING_SERVER_USER }}
|
|
key: ${{ secrets.TESTING_SERVER_SSH_KEY }}
|
|
port: ${{ secrets.TESTING_SERVER_PORT || 22 }}
|
|
script: |
|
|
echo "Testing health check endpoints..."
|
|
|
|
# Test monitoring script
|
|
if [ -f /usr/local/bin/monitor-deployments ]; then
|
|
echo "✅ Monitor script exists"
|
|
/usr/local/bin/monitor-deployments | head -20
|
|
else
|
|
echo "❌ Monitor script not found"
|
|
fi
|
|
|
|
# Test cleanup script
|
|
if [ -f /usr/local/bin/cleanup-old-deployments ]; then
|
|
echo "✅ Cleanup script exists"
|
|
else
|
|
echo "❌ Cleanup script not found"
|
|
fi
|
|
|
|
# Test nginx configuration
|
|
if command -v nginx &> /dev/null; then
|
|
echo "✅ Nginx is installed"
|
|
nginx -t 2>&1 | head -5
|
|
else
|
|
echo "❌ Nginx not installed"
|
|
fi
|
|
|
|
# Test docker access
|
|
docker ps | head -5
|
|
echo "Docker system info:"
|
|
docker system df
|
|
|
|
security-check:
|
|
name: Security Check
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run security audit
|
|
run: |
|
|
echo "Running security checks..."
|
|
|
|
# Check for secrets in code
|
|
if grep -r "password\|secret\|key" --include="*.ts" --include="*.js" --include="*.json" src/ | grep -v "// TODO\|console.log"; then
|
|
echo "❌ Potential secrets found in code"
|
|
exit 1
|
|
else
|
|
echo "✅ No secrets found in source code"
|
|
fi
|
|
|
|
# Check Docker image for security issues
|
|
echo "Building secure Docker image..."
|
|
docker build -t security-test .
|
|
|
|
# Basic security checks
|
|
echo "Checking Docker image user..."
|
|
docker run --rm security-test whoami | grep -v root || echo "✅ Not running as root"
|
|
|
|
docker rmi security-test
|
|
|
|
- name: Check workflow security
|
|
run: |
|
|
echo "Checking workflow file security..."
|
|
|
|
# Check that secrets are properly referenced
|
|
if grep -E '\$\{\{\s*secrets\.' .github/workflows/*.yml > /dev/null; then
|
|
echo "✅ Secrets properly referenced"
|
|
else
|
|
echo "❌ No secrets found in workflows"
|
|
fi
|
|
|
|
# Check for hardcoded values
|
|
if grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' .github/workflows/*.yml; then
|
|
echo "❌ Hardcoded IP addresses found"
|
|
exit 1
|
|
else
|
|
echo "✅ No hardcoded IP addresses"
|
|
fi
|