josedario87
411c22a2f8
Some checks failed
deploy-meshcentral / deploy (push) Failing after 1m37s
Configuración completa de MeshCentral con: - Integración OIDC con Authentik - Docker Compose para deployment - Gitea Actions workflow para CI/CD - Traefik labels para routing y SSL - Separación de rutas de usuario y agentes
112 lines
3.6 KiB
YAML
112 lines
3.6 KiB
YAML
name: deploy-meshcentral
|
||
|
||
on:
|
||
push:
|
||
branches: [ main, master ]
|
||
|
||
jobs:
|
||
deploy:
|
||
runs-on: docker
|
||
env:
|
||
APP_NAME: ${{ vars.APP_NAME }}
|
||
APP_DOMAIN: ${{ vars.APP_DOMAIN }}
|
||
MESH_PORT: ${{ vars.MESH_PORT }}
|
||
# Authentik OIDC configuration
|
||
AUTHENTIK_ISSUER: ${{ vars.AUTHENTIK_ISSUER }}
|
||
AUTHENTIK_CLIENT_ID: ${{ secrets.AUTHENTIK_CLIENT_ID }}
|
||
AUTHENTIK_CLIENT_SECRET: ${{ secrets.AUTHENTIK_CLIENT_SECRET }}
|
||
steps:
|
||
- uses: actions/checkout@v3
|
||
|
||
- name: Info about deployment
|
||
run: |
|
||
echo "ℹ️ Deploying MeshCentral"
|
||
echo " Domain: ${{ vars.APP_DOMAIN }}"
|
||
echo " Container: ${{ vars.APP_NAME }}"
|
||
echo " Network: principal"
|
||
|
||
- name: Create required directories
|
||
run: |
|
||
mkdir -p meshcentral-data
|
||
mkdir -p meshcentral-files
|
||
mkdir -p meshcentral-backup
|
||
mkdir -p meshcentral-config
|
||
|
||
- name: Generate MeshCentral config.json
|
||
run: |
|
||
cat > meshcentral-data/config.json <<'EOF'
|
||
{
|
||
"settings": {
|
||
"cert": "${{ vars.APP_DOMAIN }}",
|
||
"port": 4430,
|
||
"aliasPort": 443,
|
||
"redirPort": 0,
|
||
"AgentPong": 300,
|
||
"TlsOffload": "127.0.0.1",
|
||
"SelfUpdate": false,
|
||
"AllowFraming": false,
|
||
"WebRTC": true,
|
||
"ClickOnce": false,
|
||
"AllowHighQualityDesktop": true,
|
||
"DesktopAspectRatios": "1.33,1.5,1.6,1.7,1.778,2.0"
|
||
},
|
||
"domains": {
|
||
"": {
|
||
"title": "MeshCentral - Nucleo Rio Frio",
|
||
"title2": "Remote Management Platform",
|
||
"newAccounts": false,
|
||
"certUrl": "https://${{ vars.APP_DOMAIN }}:443/",
|
||
"geoLocation": true,
|
||
"cookieIpCheck": false,
|
||
"allowLoginToken": true,
|
||
"allowFraming": false,
|
||
"authStrategies": {
|
||
"authentik": {
|
||
"issuer": "${{ vars.AUTHENTIK_ISSUER }}",
|
||
"clientid": "${{ secrets.AUTHENTIK_CLIENT_ID }}",
|
||
"clientsecret": "${{ secrets.AUTHENTIK_CLIENT_SECRET }}",
|
||
"callbackurl": "https://${{ vars.APP_DOMAIN }}/auth-oidc-callback"
|
||
}
|
||
},
|
||
"passwordRequirements": {
|
||
"min": 8,
|
||
"max": 128,
|
||
"upper": 1,
|
||
"lower": 1,
|
||
"numeric": 1,
|
||
"nonalpha": 1
|
||
},
|
||
"agentInviteCodes": false,
|
||
"userNameIsEmail": false
|
||
}
|
||
}
|
||
}
|
||
EOF
|
||
|
||
- name: Set correct permissions
|
||
run: |
|
||
chmod -R 755 meshcentral-data
|
||
chmod -R 755 meshcentral-files
|
||
chmod -R 755 meshcentral-backup
|
||
chmod -R 755 meshcentral-config
|
||
|
||
- name: Pull latest MeshCentral image
|
||
run: docker pull ghcr.io/ylianst/meshcentral:latest
|
||
|
||
- name: Clean up existing stack
|
||
run: docker compose --project-name $APP_NAME down || true
|
||
|
||
- name: Start MeshCentral stack
|
||
run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait
|
||
|
||
- name: Wait for MeshCentral to be ready
|
||
run: |
|
||
echo "⏳ Waiting for MeshCentral to start..."
|
||
sleep 10
|
||
docker logs ${APP_NAME}
|
||
|
||
- name: Deployment complete
|
||
run: |
|
||
echo "✅ MeshCentral deployed successfully"
|
||
echo " Access at: https://${{ vars.APP_DOMAIN }}"
|