compass-admin
059a02e5be
All checks were successful
deploy / apply-migrations (push) Successful in 10s
76 lines
2.8 KiB
YAML
76 lines
2.8 KiB
YAML
name: deploy
|
|
|
|
# Fires on any `deploy-<layer>-<YYYY-MM-DD>` tag pushed to main. The
|
|
# runner pulls the compass-mcp image from ECR and invokes
|
|
# `compass-mcp-deploy run --tag $GITHUB_REF_NAME` inside that container.
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "deploy-*-*"
|
|
|
|
jobs:
|
|
apply-migrations:
|
|
runs-on: ubuntu-latest
|
|
# The runner config allow-lists this network + volumes; both have
|
|
# to match what bootstrap-gitea.sh wrote into runner-config.yaml.
|
|
container:
|
|
image: ${{ vars.COMPASS_MCP_IMAGE }}
|
|
# Join the compose network so `neo4j:7687` resolves. Override
|
|
# `compass_default` via the COMPASS_NETWORK repo variable if the
|
|
# compose project name differs.
|
|
network: ${{ vars.COMPASS_NETWORK || 'compass_default' }}
|
|
# act_runner 0.2.11 does NOT interpolate ${{ }} inside container.volumes
|
|
# — it validates the literal string against valid_volumes before
|
|
# expression evaluation and silently drops non-matches. Keep this path
|
|
# hard-coded until gitea/act_runner fixes the ordering.
|
|
volumes:
|
|
- /var/lib/compass/snapshots:/var/lib/compass/snapshots
|
|
env:
|
|
# Structured graph (7687). These are the ONLY credentials with
|
|
# write access — kept in Gitea repo secrets and never read by
|
|
# the read-side services.
|
|
NEO4J_URI: ${{ secrets.NEO4J_URI }}
|
|
NEO4J_USER: ${{ secrets.NEO4J_DEPLOY_USER }}
|
|
NEO4J_PASSWORD: ${{ secrets.NEO4J_DEPLOY_PASSWORD }}
|
|
POSTGRES_RAG_DSN: ${{ secrets.POSTGRES_RAG_DSN }}
|
|
COMPASS_SNAPSHOT_DIR: ${{ vars.COMPASS_SNAPSHOT_DIR || '/var/lib/compass/snapshots' }}
|
|
|
|
steps:
|
|
- name: Check out migrations repo
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
fetch-tags: true
|
|
|
|
- name: Ensure snapshot directory exists
|
|
run: mkdir -p "$COMPASS_SNAPSHOT_DIR"
|
|
|
|
- name: Apply migrations
|
|
id: deploy
|
|
run: |
|
|
set -euo pipefail
|
|
compass-mcp-deploy run \
|
|
--tag "$GITHUB_REF_NAME" \
|
|
--repo "$GITHUB_WORKSPACE" \
|
|
--snapshot-dir "$COMPASS_SNAPSHOT_DIR" \
|
|
--reviewer "$GITHUB_ACTOR" \
|
|
| tee "deploy-result-$GITHUB_REF_NAME.json"
|
|
|
|
- name: Record resolved image digest
|
|
if: always()
|
|
run: |
|
|
echo "image=${{ vars.COMPASS_MCP_IMAGE }}" >> deploy-meta.txt
|
|
echo "digest=$(cat /proc/self/cgroup 2>/dev/null | head -1 || true)" >> deploy-meta.txt
|
|
|
|
- name: Upload deploy result
|
|
if: always()
|
|
# v4 requires the GHES Artifacts API v2 that Gitea Actions doesn't
|
|
# implement yet; pin to v3 which uses the legacy artifact store.
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: deploy-result-${{ github.ref_name }}
|
|
path: |
|
|
deploy-result-*.json
|
|
deploy-meta.txt
|