josedario87
aeb76bf60f
Some checks failed
deploy-meshcentral / deploy (push) Failing after 2s
CAMBIOS MAYORES: - Usar paths absolutos /srv/meshcentral/* en lugar de relativos - Limpiar datos viejos completamente (empezar de cero) - config.json correcto: * Puerto 443 (no 4430) * OIDC con Authentik configurado * Dominio mesh.nucleoriofrio.com * TlsOffload false (Traefik maneja SSL externo) - Traefik conecta al puerto 443 interno - Sin middleware authentik-forward-auth (OIDC nativo) SOLUCIÓN AL PROBLEMA: Los paths relativos en docker-compose creaban directorios nuevos en cada ejecución de Gitea Actions (/root/.cache/act/HASH/). Ahora usamos /srv/meshcentral/ fijo para persistencia real.
114 lines
3.8 KiB
YAML
114 lines
3.8 KiB
YAML
name: deploy-meshcentral
|
||
|
||
on:
|
||
push:
|
||
branches: [ main, master ]
|
||
|
||
jobs:
|
||
deploy:
|
||
runs-on: docker
|
||
env:
|
||
APP_NAME: ${{ vars.APP_NAME }}
|
||
APP_DOMAIN: ${{ vars.APP_DOMAIN }}
|
||
MESH_PORT: ${{ vars.MESH_PORT }}
|
||
# Authentik OIDC configuration
|
||
AUTHENTIK_ISSUER: ${{ vars.AUTHENTIK_ISSUER }}
|
||
AUTHENTIK_CLIENT_ID: ${{ secrets.AUTHENTIK_CLIENT_ID }}
|
||
AUTHENTIK_CLIENT_SECRET: ${{ secrets.AUTHENTIK_CLIENT_SECRET }}
|
||
steps:
|
||
- uses: actions/checkout@v3
|
||
|
||
- name: Info about deployment
|
||
run: |
|
||
echo "ℹ️ Deploying MeshCentral"
|
||
echo " Domain: ${{ vars.APP_DOMAIN }}"
|
||
echo " Container: ${{ vars.APP_NAME }}"
|
||
echo " Network: principal"
|
||
|
||
- name: Clean up existing stack
|
||
run: docker compose --project-name $APP_NAME down || true
|
||
|
||
- name: Create and clean MeshCentral directories
|
||
run: |
|
||
# Crear directorios fijos en /srv/meshcentral
|
||
sudo mkdir -p /srv/meshcentral/data
|
||
sudo mkdir -p /srv/meshcentral/files
|
||
sudo mkdir -p /srv/meshcentral/backup
|
||
sudo mkdir -p /srv/meshcentral/config
|
||
|
||
# Limpiar SOLO el config.json (empezar de cero según el usuario)
|
||
sudo rm -rf /srv/meshcentral/data/*
|
||
sudo rm -rf /srv/meshcentral/files/*
|
||
|
||
- name: Generate MeshCentral config.json
|
||
run: |
|
||
sudo tee /srv/meshcentral/data/config.json > /dev/null <<'EOF'
|
||
{
|
||
"settings": {
|
||
"cert": "${{ vars.APP_DOMAIN }}",
|
||
"port": 443,
|
||
"aliasPort": 443,
|
||
"redirPort": 80,
|
||
"AgentPong": 300,
|
||
"TlsOffload": false,
|
||
"SelfUpdate": false,
|
||
"AllowFraming": false,
|
||
"WebRTC": true,
|
||
"ClickOnce": false,
|
||
"AllowHighQualityDesktop": true,
|
||
"DesktopAspectRatios": "1.33,1.5,1.6,1.7,1.778,2.0"
|
||
},
|
||
"domains": {
|
||
"": {
|
||
"title": "MeshCentral - Nucleo Rio Frio",
|
||
"title2": "Remote Management Platform",
|
||
"newAccounts": false,
|
||
"certUrl": "https://${{ vars.APP_DOMAIN }}:443/",
|
||
"geoLocation": true,
|
||
"cookieIpCheck": false,
|
||
"allowLoginToken": true,
|
||
"allowFraming": false,
|
||
"authStrategies": {
|
||
"authentik": {
|
||
"issuer": "${{ vars.AUTHENTIK_ISSUER }}",
|
||
"clientid": "${{ secrets.AUTHENTIK_CLIENT_ID }}",
|
||
"clientsecret": "${{ secrets.AUTHENTIK_CLIENT_SECRET }}",
|
||
"callbackurl": "https://${{ vars.APP_DOMAIN }}/auth-oidc-callback"
|
||
}
|
||
},
|
||
"passwordRequirements": {
|
||
"min": 8,
|
||
"max": 128,
|
||
"upper": 1,
|
||
"lower": 1,
|
||
"numeric": 1,
|
||
"nonalpha": 1
|
||
},
|
||
"agentInviteCodes": false,
|
||
"userNameIsEmail": false
|
||
}
|
||
}
|
||
}
|
||
EOF
|
||
|
||
- name: Set correct permissions
|
||
run: |
|
||
sudo chmod -R 755 /srv/meshcentral/data
|
||
sudo chmod -R 755 /srv/meshcentral/files
|
||
sudo chmod -R 755 /srv/meshcentral/backup
|
||
sudo chmod -R 755 /srv/meshcentral/config
|
||
|
||
- name: Start MeshCentral stack
|
||
run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait
|
||
|
||
- name: Wait for MeshCentral to be ready
|
||
run: |
|
||
echo "⏳ Waiting for MeshCentral to start..."
|
||
sleep 10
|
||
docker logs ${APP_NAME}
|
||
|
||
- name: Deployment complete
|
||
run: |
|
||
echo "✅ MeshCentral deployed successfully"
|
||
echo " Access at: https://${{ vars.APP_DOMAIN }}"
|