name: CI/CD Web + Desktop on: push: branches: [ main ] tags: - 'v*.*.*' env: APP_DIR: /srv/apps/sistema VPS_UPDATES_DIR: /var/www/updates jobs: changes: name: Detect changes runs-on: ubuntu-latest outputs: convex: ${{ steps.filter.outputs.convex }} steps: - name: Checkout uses: actions/checkout@v4 - name: Paths filter id: filter uses: dorny/paths-filter@v3 with: filters: | convex: - 'convex/**' deploy: name: Deploy (VPS Linux) if: ${{ startsWith(github.ref, 'refs/heads/') }} runs-on: [ self-hosted, linux, vps ] steps: - name: Checkout uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: 9 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 cache: 'pnpm' - name: Sync workspace to APP_DIR (preserving local env) run: | mkdir -p "$APP_DIR" rsync -az --delete \ --filter='protect .env' \ --filter='protect .env*' \ --filter='protect apps/desktop/.env*' \ --filter='protect convex/.env*' \ --exclude '.git' \ --exclude '.next' \ --exclude '.env*' \ --exclude 'apps/desktop/.env*' \ --exclude 'convex/.env*' \ ./ "$APP_DIR"/ - name: Install and build (Next.js) run: | cd "$APP_DIR" corepack enable || true pnpm install --frozen-lockfile pnpm prisma:generate pnpm build - name: Optional Swarm deploy (stack.yml) if: ${{ hashFiles(format('{0}/stack.yml', env.APP_DIR)) != '' }} run: | cd "$APP_DIR" RELEASE_SHA=${{ github.sha }} docker stack deploy --with-registry-auth -c stack.yml sistema - name: Ensure web service restarts with new code if: ${{ hashFiles(format('{0}/stack.yml', env.APP_DIR)) != '' }} run: | docker service update --force sistema_web || true - name: (Optional) Restart Convex backend service if: ${{ hashFiles(format('{0}/stack.yml', env.APP_DIR)) != '' }} run: | docker service update --force sistema_convex_backend || true convex_deploy: name: Deploy Convex functions needs: [deploy, changes] if: ${{ needs.changes.outputs.convex == 'true' }} runs-on: [ self-hosted, linux, vps ] env: APP_DIR: /srv/apps/sistema steps: - name: Deploy functions to Convex self-hosted run: | docker run --rm -i \ -v "$APP_DIR":/app \ -w /app \ -e CONVEX_SELF_HOSTED_URL="${{ secrets.CONVEX_SELF_HOSTED_URL }}" \ -e CONVEX_SELF_HOSTED_ADMIN_KEY="${{ secrets.CONVEX_SELF_HOSTED_ADMIN_KEY }}" \ node:20-bullseye bash -lc "corepack enable && corepack prepare pnpm@9 --activate && pnpm install --frozen-lockfile --prod=false && pnpm exec convex deploy" desktop_release: name: Desktop Release (Windows) if: ${{ startsWith(github.ref, 'refs/tags/v') }} runs-on: [ self-hosted, windows, desktop ] defaults: run: working-directory: apps/desktop steps: - name: Checkout uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 with: version: 9 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 cache: 'pnpm' - name: Install deps (desktop) run: pnpm install --frozen-lockfile - name: Build with Tauri uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} with: projectPath: apps/desktop - name: Upload latest.json + bundles to VPS uses: appleboy/scp-action@v0.1.7 with: host: ${{ secrets.VPS_HOST }} username: ${{ secrets.VPS_USER }} key: ${{ secrets.VPS_SSH_KEY }} source: | **/bundle/**/latest.json **/bundle/**/* target: ${{ env.VPS_UPDATES_DIR }} overwrite: true