fix: debug ssh connection to sill #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| validations: | |
| runs-on: ubuntu-latest | |
| env: | |
| DATABASE_URL: postgresql://catalogi:pg_password@localhost:5432/catalogi | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: catalogi | |
| POSTGRES_PASSWORD: pg_password | |
| POSTGRES_DB: catalogi | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - uses: bahmutov/npm-install@v1 | |
| - name: Build back | |
| run: cd api && yarn build | |
| - name: Migrate db | |
| run: cd api && yarn migrate latest | |
| - name: Fullcheck | |
| run: yarn fullcheck | |
| check_if_version_upgraded: | |
| name: Check if version upgrade | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| needs: validations | |
| outputs: | |
| is_upgraded_version: ${{ steps.check_version.outputs.is_upgraded_version }} | |
| to_version: ${{ steps.check_version.outputs.to_version }} | |
| from_version: ${{ steps.check_version.outputs.from_version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check version upgrade | |
| id: check_version | |
| run: | | |
| # Get current version from package.json | |
| CURRENT_VERSION=$(jq -r '.version' package.json) | |
| echo "Version in package.json: $CURRENT_VERSION" | |
| # Get deployed version from preprod API | |
| DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill/api/getApiVersion" | jq -r '.result.data.json') | |
| echo "Deployed version in preprod: $DEPLOYED_VERSION" | |
| # Simple comparison: check if versions are different | |
| if [ "$CURRENT_VERSION" != "$DEPLOYED_VERSION" ]; then | |
| IS_UPGRADED="true" | |
| echo "✅ Version changed from $DEPLOYED_VERSION to $CURRENT_VERSION" | |
| else | |
| IS_UPGRADED="false" | |
| echo "ℹ️ Version unchanged: $CURRENT_VERSION" | |
| fi | |
| echo "Is version upgraded: $IS_UPGRADED" | |
| # Set outputs | |
| echo "is_upgraded_version=$IS_UPGRADED" >> $GITHUB_OUTPUT | |
| echo "to_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT | |
| echo "from_version=$DEPLOYED_VERSION" >> $GITHUB_OUTPUT | |
| trigger_pre_production_deploy: | |
| name: "Trigger pre-production deploy" | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: deploy-to-pre-production | |
| cancel-in-progress: true | |
| needs: | |
| - check_if_version_upgraded | |
| if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' | |
| env: | |
| TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering production deploy" | |
| - name: Set up SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| # Debug: Check key format | |
| echo "SSH key first line:" | |
| head -1 ~/.ssh/id_ed25519 | |
| echo "SSH key last line:" | |
| tail -1 ~/.ssh/id_ed25519 | |
| echo "SSH key line count:" | |
| wc -l ~/.ssh/id_ed25519 | |
| # Test SSH connection | |
| echo "Testing SSH connection..." | |
| ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 [email protected] "echo 'SSH connection successful'" | |
| # Run the actual command | |
| ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-preprod.sh v${{ env.TO_VERSION }}'" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| trigger_production_deploy: | |
| name: "Trigger production deploy" | |
| runs-on: ubuntu-latest | |
| environment: production | |
| concurrency: | |
| group: deploy-to-production | |
| cancel-in-progress: true | |
| needs: | |
| - trigger_pre_production_deploy | |
| - check_if_version_upgraded | |
| if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' | |
| env: | |
| TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering production deploy" | |
| - name: Set up SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}'" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |