Toutsu
2c9016a383
The 3.9.1 hotfix only repaired WizardDraftRepository, the most common
Dapper call in the wizard. The same AOT-unsafe CommandDefinition pattern
remained in 4 other places that the user hit immediately after the
deploy: the 'Choose visibility' wizard step triggers GetOwnerClubsAsync
when the user picks 'Публичная в витрине клуба' or 'Только для членов
клуба'. The wizard swallowed PlatformNotSupportedException, the
callback ack replied with '⚠️ Ошибка', and the next step never rendered.
Privacy 'didn't stick' from the user's perspective.
Two changes to fix the Discord side as well:
1. Switched GetOwnerClubsAsync / LoadClubsAsync / LoadManagerUserIdsAsync
to the direct (sql, params) overload across TelegramWizardMessenger,
DiscordWizardMessenger, DiscordWizardInteractionModule, and
DiscordPermissionLookup — same pattern as the 3.9.1 fix.
2. Added Dapper.AOT module attribute ([module: Dapper.DapperAot]) and
InterceptorsPreviewNamespaces to the DiscordBot project. The
DiscordBot assembly was previously skipped by the AOT source
generator, so even the direct-overload fix wouldn't have produced
interceptors for the Discord-specific Dapper call sites. With this
addition, the generator emits 3 DiscordBot-specific interceptors
(DiscordWizardMessenger, DiscordWizardInteractionModule,
DiscordPermissionLookup) and the AssemblyLoad ships with the right
GmRelay.DiscordBot.generated.cs.
Also expanded the AOT shape regression tests to cover all 4
CommandDefinition sites + added a 'containingClass' parameter to
ExtractMethodBody to disambiguate the duplicated LoadClubsAsync names
in DiscordWizardInteractionModule.
Bumps: 3.9.1 -> 3.9.2.
165 lines
6.2 KiB
YAML
165 lines
6.2 KiB
YAML
name: Deploy Telegram Bot
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
env:
|
|
VERSION: 3.9.2
|
|
|
|
jobs:
|
|
# ЧАСТЬ 1: Собираем образы и кладем в Gitea (чтобы делиться с ребятами)
|
|
build-and-push:
|
|
runs-on: ubuntu-latest # Замени на метку твоего раннера, если она другая
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to Gitea Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.codeanddice.ru # НАПРИМЕР: gitea.my-server.com
|
|
username: toutsu
|
|
password: ${{ secrets.GIT_TOKEN }}
|
|
|
|
- name: Build Bot image
|
|
run: |
|
|
docker build \
|
|
--label "org.opencontainers.image.source=https://git.codeanddice.ru/${{ gitea.repository }}" \
|
|
-f src/GmRelay.Bot/Dockerfile \
|
|
-t git.codeanddice.ru/toutsu/gmrelay-bot:latest \
|
|
-t git.codeanddice.ru/toutsu/gmrelay-bot:${{ env.VERSION }} \
|
|
.
|
|
|
|
- name: Push Bot image
|
|
run: |
|
|
docker push git.codeanddice.ru/toutsu/gmrelay-bot:latest
|
|
docker push git.codeanddice.ru/toutsu/gmrelay-bot:${{ env.VERSION }}
|
|
|
|
- name: Build Discord Bot image
|
|
run: |
|
|
docker build \
|
|
--label "org.opencontainers.image.source=https://git.codeanddice.ru/${{ gitea.repository }}" \
|
|
-f src/GmRelay.DiscordBot/Dockerfile \
|
|
-t git.codeanddice.ru/toutsu/gmrelay-discord-bot:latest \
|
|
-t git.codeanddice.ru/toutsu/gmrelay-discord-bot:${{ env.VERSION }} \
|
|
.
|
|
|
|
- name: Push Discord Bot image
|
|
run: |
|
|
docker push git.codeanddice.ru/toutsu/gmrelay-discord-bot:latest
|
|
docker push git.codeanddice.ru/toutsu/gmrelay-discord-bot:${{ env.VERSION }}
|
|
|
|
- name: Build Web image
|
|
run: |
|
|
docker build \
|
|
--label "org.opencontainers.image.source=https://git.codeanddice.ru/${{ gitea.repository }}" \
|
|
-f src/GmRelay.Web/Dockerfile \
|
|
-t git.codeanddice.ru/toutsu/gmrelay-web:latest \
|
|
-t git.codeanddice.ru/toutsu/gmrelay-web:${{ env.VERSION }} \
|
|
.
|
|
|
|
- name: Push Web image
|
|
run: |
|
|
docker push git.codeanddice.ru/toutsu/gmrelay-web:latest
|
|
docker push git.codeanddice.ru/toutsu/gmrelay-web:${{ env.VERSION }}
|
|
|
|
# ЧАСТЬ 1.5: Сканируем собранные образы на уязвимости
|
|
scan-images:
|
|
needs: build-and-push
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install Trivy
|
|
run: |
|
|
# Pinned version — the upstream install.sh resolves the
|
|
# positional tag against the GitHub releases API; the `latest`
|
|
# tag is no longer published, so leaving it empty fails with
|
|
# `unable to find '' - use 'latest' or see ...`. v0.71.0 has
|
|
# Linux-ARM64 builds for the Pi runner.
|
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.71.0
|
|
|
|
- name: Scan Bot image
|
|
run: |
|
|
trivy image \
|
|
--severity HIGH,CRITICAL \
|
|
--exit-code 1 \
|
|
--format table \
|
|
git.codeanddice.ru/toutsu/gmrelay-bot:${{ env.VERSION }}
|
|
|
|
- name: Scan Discord Bot image
|
|
run: |
|
|
trivy image \
|
|
--severity HIGH,CRITICAL \
|
|
--exit-code 1 \
|
|
--format table \
|
|
git.codeanddice.ru/toutsu/gmrelay-discord-bot:${{ env.VERSION }}
|
|
|
|
- name: Scan Web image
|
|
run: |
|
|
trivy image \
|
|
--severity HIGH,CRITICAL \
|
|
--exit-code 1 \
|
|
--format table \
|
|
git.codeanddice.ru/toutsu/gmrelay-web:${{ env.VERSION }}
|
|
|
|
# ЧАСТЬ 2: Запускаем эти образы на самом сервере
|
|
deploy:
|
|
needs: scan-images
|
|
runs-on: ubuntu-latest # Тот же локальный раннер
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Create .env file with secrets
|
|
run: |
|
|
echo "TELEGRAM_BOT_TOKEN=${{ secrets.TELEGRAM_BOT_TOKEN }}" > .env
|
|
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> .env
|
|
echo "DISCORD_BOT_TOKEN=${{ secrets.DISCORD_BOT_TOKEN }}" >> .env
|
|
echo "TELEGRAM_BOT_USERNAME=${{ secrets.TELEGRAM_BOT_USERNAME }}" >> .env
|
|
echo "TELEGRAM_MINI_APP_URL=${{ secrets.TELEGRAM_MINI_APP_URL }}" >> .env
|
|
echo "DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }}" >> .env
|
|
echo "DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }}" >> .env
|
|
echo "DISCORD_REDIRECT_URI=${{ secrets.DISCORD_REDIRECT_URI }}" >> .env
|
|
|
|
- name: Deploy Containers
|
|
run: |
|
|
# Авторизуемся локальным докером в нашей Gitea
|
|
docker login git.codeanddice.ru/ -u toutsu -p ${{ secrets.GIT_TOKEN }}
|
|
|
|
# Pull гарантирует, что мы получили нужную версию.
|
|
docker compose pull bot discord web
|
|
|
|
# Запускаем! Флаг -d оставит их работать в фоне.
|
|
docker compose up -d
|
|
|
|
# Ждём, пока сервисы перейдут в healthy или упадут
|
|
SERVICES="bot discord web"
|
|
MAX_WAIT=40
|
|
INTERVAL=5
|
|
ELAPSED=0
|
|
|
|
while [ $ELAPSED -lt $MAX_WAIT ]; do
|
|
NOT_HEALTHY=0
|
|
for svc in $SERVICES; do
|
|
HEALTH=$(docker compose ps $svc --format="{{.Health}}" 2>/dev/null | head -n1)
|
|
if [ "$HEALTH" != "healthy" ]; then
|
|
STATE=$(docker compose ps $svc --format="{{.State}}" 2>/dev/null | head -n1)
|
|
echo "❌ $svc not healthy yet (state: ${STATE:-unknown})"
|
|
NOT_HEALTHY=$((NOT_HEALTHY + 1))
|
|
fi
|
|
done
|
|
|
|
if [ $NOT_HEALTHY -eq 0 ]; then
|
|
echo "✅ All services are healthy!"
|
|
exit 0
|
|
fi
|
|
|
|
sleep $INTERVAL
|
|
ELAPSED=$((ELAPSED + INTERVAL))
|
|
done
|
|
|
|
echo "⏰ Timed out waiting for services to become healthy"
|
|
docker compose ps
|
|
exit 1
|