name: Snapshot Admin Deployment on: workflow_dispatch: concurrency: group: snapshot-admin-deploy-main cancel-in-progress: true jobs: deploy-snapshot-admin: runs-on: [self-hosted, snapshot-admin-host] timeout-minutes: 20 steps: - name: Checkout Code run: | echo "[deploy] checkout main for snapshot admin runtime" if [ -d .git ]; then git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git else git init git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git fi git fetch origin main --depth=1 git reset --hard FETCH_HEAD - name: Setup Python Environment run: | echo "[deploy] prepare python venv for snapshot admin launcher" VENV_BASE=/volume1/gitea/python_venv REQ_HASH=$(md5sum tools/validate_snapshot_admin_workflow_v1.py 2>/dev/null | cut -d' ' -f1 || echo "snapshot-admin-default") VENV="$VENV_BASE/$REQ_HASH" if [ ! -f "$VENV/bin/python" ]; then mkdir -p "$VENV_BASE" /usr/bin/python3 -m venv "$VENV" "$VENV/bin/pip" install --upgrade pip --quiet fi "$VENV/bin/pip" install pyyaml --quiet echo "$VENV/bin" >> $GITHUB_PATH - name: Deploy Snapshot Admin Runtime env: SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }} SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }} run: | echo "[deploy] restart loopback service on 127.0.0.1:8787" export ROOT_DIR="$PWD" export SNAPSHOT_ADMIN_HOST=127.0.0.1 export SNAPSHOT_ADMIN_PORT=8787 export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid" export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log" export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state" export SNAPSHOT_ADMIN_PUBLIC_STATE_URL="https://admin.example.com/api/state" export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}" export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}" bash tools/run_snapshot_admin_synology.sh restart - name: Verify Snapshot Admin Runtime env: SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }} SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }} run: | echo "[deploy] verify local health and auth gate" export ROOT_DIR="$PWD" export SNAPSHOT_ADMIN_HOST=127.0.0.1 export SNAPSHOT_ADMIN_PORT=8787 export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid" export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log" export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state" export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}" export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}" echo "[deploy] wait for service readiness" ready=0 for attempt in $(seq 1 30); do if bash tools/run_snapshot_admin_synology.sh healthcheck; then ready=1 break fi echo "[deploy] healthcheck retry $attempt/30" sleep 2 done if [ "$ready" -ne 1 ]; then echo "[deploy] snapshot admin did not become ready in time" tail -n 60 "$SNAPSHOT_ADMIN_LOG_FILE" || true exit 1 fi if [ -n "$SNAPSHOT_ADMIN_AUTH_USER" ] && [ -n "$SNAPSHOT_ADMIN_AUTH_PASSWORD" ]; then curl -fsS -u "${SNAPSHOT_ADMIN_AUTH_USER}:${SNAPSHOT_ADMIN_AUTH_PASSWORD}" http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])" else curl -fsS http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])" fi echo "[deploy] snapshot admin deploy verification complete"