From de5e729466bacd04e9fd09702a7a54bce8718bf4 Mon Sep 17 00:00:00 2001
From: Polianin Nikita <nikitkapolyanin@yandex.ru>
Date: Tue, 9 Dec 2025 21:15:23 +0300
Subject: [PATCH] build: move to new infrastructure

---
 .github/workflows/deploy.yml          | 74 ++++++++++++++++++++
 .github/workflows/release-version.yml | 97 ---------------------------
 2 files changed, 74 insertions(+), 97 deletions(-)
 create mode 100644 .github/workflows/deploy.yml
 delete mode 100644 .github/workflows/release-version.yml

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..b6ca1ed
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,74 @@
+name: Winsomnia GitOps Pipeline
+
+on:
+  push:
+    branches:
+      - "*"
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Determine environment
+        id: envdetect
+        run: |
+          REPO_SLUG=$(echo "${GITHUB_REPOSITORY#*/}" | tr '[:upper:]' '[:lower:]')
+
+          if [[ "${GITHUB_REF_NAME}" == "master" || "${GITHUB_REF_NAME}" == "main" ]]; then
+            DEPLOY_ENV="prod"
+          else
+            DEPLOY_ENV="dev"
+          fi
+
+          echo "repo_slug=$REPO_SLUG" >> $GITHUB_OUTPUT
+          echo "deploy_env=$DEPLOY_ENV" >> $GITHUB_OUTPUT
+
+      - name: Enable Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Winsomnia Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.WINSOMNIA_REGISTRY }}
+          username: ${{ secrets.WINSOMNIA_REGISTRY_USER }}
+          password: ${{ secrets.WINSOMNIA_REGISTRY_TOKEN }}
+
+      - name: Build & Push Docker Image
+        id: build
+        run: |
+          IMAGE="${{ secrets.WINSOMNIA_REGISTRY }}/winsomnia/${{ steps.envdetect.outputs.repo_slug }}:${GITHUB_REF_NAME}"
+
+          docker build -t "$IMAGE" .
+          docker push "$IMAGE"
+
+          echo "image=$IMAGE" >> $GITHUB_OUTPUT
+
+    outputs:
+      image: ${{ steps.build.outputs.image }}
+      repo_slug: ${{ steps.envdetect.outputs.repo_slug }}
+      deploy_env: ${{ steps.envdetect.outputs.deploy_env }}
+
+  deploy:
+    needs: build-and-push
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Add deploy SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.WINSOMNIA_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
+      - name: Add host key
+        run: ssh-keyscan ${{ secrets.WINSOMNIA_DEPLOY_HOST }} >> ~/.ssh/known_hosts
+
+      - name: Run deploy.sh on server
+        run: |
+          REMOTE_PATH="${{ secrets.WINSOMNIA_INFRA_ROOT }}/${{ needs.build-and-push.outputs.repo_slug }}/${{ needs.build-and-push.outputs.deploy_env }}"
+
+          ssh ${{ secrets.WINSOMNIA_DEPLOY_USER }}@${{ secrets.WINSOMNIA_DEPLOY_HOST }} \
+            "bash ${REMOTE_PATH}/deploy.sh '${{ needs.build-and-push.outputs.image }}'"
\ No newline at end of file
diff --git a/.github/workflows/release-version.yml b/.github/workflows/release-version.yml
deleted file mode 100644
index a917719..0000000
--- a/.github/workflows/release-version.yml
+++ /dev/null
@@ -1,97 +0,0 @@
-name: Build and Deploy Docker Container
-
-on:
-  push:
-    branches:
-      [master]
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push Docker image
-        run: |
-          docker build --build-arg NUGET_USERNAME=${{ secrets.NUGET_USERNAME }} --build-arg NUGET_PASSWORD=${{ secrets.NUGET_PASSWORD }} --build-arg NUGET_ADDRESS=${{ secrets.NUGET_ADDRESS }} -t ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest .
-          docker push ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest
-
-      - name: Start ssh-agent
-        id: ssh-agent
-        uses: webfactory/ssh-agent@v0.9.0
-        with:
-          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
-
-      - name: Deploy to Server
-        env:
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          DOCKER_IMAGE: ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest
-          PATH_TO_SAVE: /data
-          SECURITY_SIGNING_TOKEN: ${{ secrets.SECURITY_SIGNING_TOKEN }}
-          SECURITY_ENCRYPTION_TOKEN: ${{ secrets.SECURITY_ENCRYPTION_TOKEN }}
-          SECURITY_LIFE_TIME_RT: ${{ secrets.SECURITY_LIFE_TIME_RT }}
-          SECURITY_LIFE_TIME_JWT: ${{ secrets.SECURITY_LIFE_TIME_JWT }}
-          SECURITY_LIFE_TIME_1_FA: ${{ secrets.SECURITY_LIFE_TIME_1_FA }}
-          SECURITY_JWT_ISSUER: ${{ secrets.SECURITY_JWT_ISSUER }}
-          SECURITY_JWT_AUDIENCE: ${{ secrets.SECURITY_JWT_AUDIENCE }}
-          SECURITY_HASH_ITERATION: ${{ secrets.SECURITY_HASH_ITERATION }}
-          SECURITY_HASH_MEMORY: ${{ secrets.SECURITY_HASH_MEMORY }}
-          SECURITY_HASH_PARALLELISM: ${{ secrets.SECURITY_HASH_PARALLELISM }}
-          SECURITY_HASH_SIZE: ${{ secrets.SECURITY_HASH_SIZE }}
-          SECURITY_HASH_TOKEN: ${{ secrets.SECURITY_HASH_TOKEN }}
-          SECURITY_SALT_SIZE: ${{ secrets.SECURITY_SALT_SIZE }}
-          GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
-          GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
-          YANDEX_CLIENT_ID: ${{ secrets.YANDEX_CLIENT_ID }}
-          YANDEX_CLIENT_SECRET: ${{ secrets.YANDEX_CLIENT_SECRET }}
-          MAILRU_CLIENT_ID: ${{ secrets.MAILRU_CLIENT_ID }}
-          MAILRU_CLIENT_SECRET: ${{ secrets.MAILRU_CLIENT_SECRET }}
-        run: |
-          ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
-          ssh $SSH_USER@$SSH_HOST "
-            docker pull $DOCKER_IMAGE &&
-            docker stop mirea-backend || true &&
-            docker rm mirea-backend || true &&
-            docker run -d --name mirea-backend -p 127.0.0.1:8085:8080 \
-              --restart=on-failure:10 \
-              -v mirea-data:/data \
-              -e PATH_TO_SAVE=$PATH_TO_SAVE \
-              -e SECURITY_SIGNING_TOKEN=$SECURITY_SIGNING_TOKEN \
-              -e SECURITY_ENCRYPTION_TOKEN=$SECURITY_ENCRYPTION_TOKEN \
-              -e SECURITY_LIFE_TIME_RT=$SECURITY_LIFE_TIME_RT \
-              -e SECURITY_LIFE_TIME_JWT=$SECURITY_LIFE_TIME_JWT \
-              -e SECURITY_LIFE_TIME_1_FA=$SECURITY_LIFE_TIME_1_FA \
-              -e SECURITY_JWT_ISSUER=$SECURITY_JWT_ISSUER \
-              -e SECURITY_JWT_AUDIENCE=$SECURITY_JWT_AUDIENCE \
-              -e SECURITY_HASH_ITERATION=$SECURITY_HASH_ITERATION \
-              -e SECURITY_HASH_MEMORY=$SECURITY_HASH_MEMORY \
-              -e SECURITY_HASH_PARALLELISM=$SECURITY_HASH_PARALLELISM \
-              -e SECURITY_HASH_SIZE=$SECURITY_HASH_SIZE \
-              -e SECURITY_HASH_TOKEN=$SECURITY_HASH_TOKEN \
-              -e SECURITY_SALT_SIZE=$SECURITY_SALT_SIZE \
-              -e ACTUAL_SUB_PATH=api \
-              -e SWAGGER_SUB_PATH=swagger \
-              -e TZ=Europe/Moscow \
-              -e GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \
-              -e GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \
-              -e YANDEX_CLIENT_ID=$YANDEX_CLIENT_ID \
-              -e YANDEX_CLIENT_SECRET=$YANDEX_CLIENT_SECRET \
-              -e MAILRU_CLIENT_ID=$MAILRU_CLIENT_ID \
-              -e MAILRU_CLIENT_SECRET=$MAILRU_CLIENT_SECRET \
-              $DOCKER_IMAGE
-          "
-
-      - name: Remove all keys from ssh-agent
-        run: ssh-add -D