name: CI-CD on: push: branches: - "**" pull_request: jobs: bot-checks: name: Bot Lint Test Build runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v4 with: node-version: "22" cache: npm - name: Install dependencies run: npm ci - name: Lint run: npm run lint - name: Build run: npm run build - name: Test run: npm run test dashboard-checks: name: Dashboard Lint Build runs-on: ubuntu-latest defaults: run: working-directory: admin-dashboard steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v4 with: node-version: "22" cache: npm cache-dependency-path: admin-dashboard/package-lock.json - name: Install dashboard dependencies run: npm ci - name: Lint dashboard run: npm run lint - name: Build dashboard run: npm run build deploy-coolify: name: Deploy to Coolify runs-on: ubuntu-latest needs: - bot-checks - dashboard-checks if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} steps: - name: Validate Coolify API access env: COOLIFY_BASE_URL: ${{ secrets.COOLIFY_BASE_URL }} COOLIFY_API_TOKEN: ${{ secrets.COOLIFY_API_TOKEN }} run: | if [ -z "$COOLIFY_BASE_URL" ]; then echo "Missing COOLIFY_BASE_URL" exit 1 fi if [ -z "$COOLIFY_API_TOKEN" ]; then echo "Missing COOLIFY_API_TOKEN" exit 1 fi BASE_URL="${COOLIFY_BASE_URL%/}" STATUS=$(curl --silent --output /tmp/coolify_api_probe.txt --write-out "%{http_code}" \ "$BASE_URL/api/v1/deploy" \ -H "Authorization: Bearer $COOLIFY_API_TOKEN") if [ "$STATUS" -eq 401 ] || [ "$STATUS" -eq 403 ]; then echo "Coolify API token rejected during preflight (HTTP $STATUS)." echo "Check token scope and team/project access for this token." exit 1 fi echo "Coolify API preflight HTTP $STATUS" - name: Trigger backend deploy env: COOLIFY_BASE_URL: ${{ secrets.COOLIFY_BASE_URL }} COOLIFY_API_TOKEN: ${{ secrets.COOLIFY_API_TOKEN }} COOLIFY_RESOURCE_UUID: ${{ secrets.COOLIFY_RESOURCE_UUID_BOT }} run: | if [ -z "$COOLIFY_BASE_URL" ]; then echo "Missing COOLIFY_BASE_URL" exit 1 fi if [ -z "$COOLIFY_API_TOKEN" ]; then echo "Missing COOLIFY_API_TOKEN" exit 1 fi if [ -z "$COOLIFY_RESOURCE_UUID" ]; then echo "Missing COOLIFY_RESOURCE_UUID_BOT" exit 1 fi BASE_URL="${COOLIFY_BASE_URL%/}" STATUS=$(curl --silent --output /tmp/coolify_backend_get.txt --write-out "%{http_code}" -G \ "$BASE_URL/api/v1/deploy" \ -H "Authorization: Bearer $COOLIFY_API_TOKEN" \ --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID") if [ "$STATUS" -eq 200 ]; then echo "Backend deploy triggered via GET + Bearer" exit 0 fi STATUS=$(curl --silent --output /tmp/coolify_backend_post_bearer.txt --write-out "%{http_code}" \ -X POST "$BASE_URL/api/v1/deploy" \ -H "Authorization: Bearer $COOLIFY_API_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"uuid\":\"$COOLIFY_RESOURCE_UUID\"}") if [ "$STATUS" -eq 200 ]; then echo "Backend deploy triggered via POST + Bearer" exit 0 fi STATUS=$(curl --silent --output /tmp/coolify_backend_get_token.txt --write-out "%{http_code}" -G \ "$BASE_URL/api/v1/deploy" \ -H "Authorization: $COOLIFY_API_TOKEN" \ --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID") if [ "$STATUS" -eq 200 ]; then echo "Backend deploy triggered via GET + Authorization: Token" exit 0 fi echo "Backend deploy failed across all auth/method variants." echo "GET+Bearer response:" sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_backend_get.txt | head -c 500; echo echo "POST+Bearer response:" sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_backend_post_bearer.txt | head -c 500; echo echo "GET+Token response:" sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_backend_get_token.txt | head -c 500; echo exit 1 - name: Trigger dashboard deploy env: COOLIFY_BASE_URL: ${{ secrets.COOLIFY_BASE_URL }} COOLIFY_API_TOKEN: ${{ secrets.COOLIFY_API_TOKEN }} COOLIFY_RESOURCE_UUID: ${{ secrets.COOLIFY_RESOURCE_UUID_DASHBOARD }} run: | if [ -z "$COOLIFY_BASE_URL" ]; then echo "Missing COOLIFY_BASE_URL" exit 1 fi if [ -z "$COOLIFY_API_TOKEN" ]; then echo "Missing COOLIFY_API_TOKEN" exit 1 fi if [ -z "$COOLIFY_RESOURCE_UUID" ]; then echo "Missing COOLIFY_RESOURCE_UUID_DASHBOARD" exit 1 fi BASE_URL="${COOLIFY_BASE_URL%/}" STATUS=$(curl --silent --output /tmp/coolify_dashboard_get.txt --write-out "%{http_code}" -G \ "$BASE_URL/api/v1/deploy" \ -H "Authorization: Bearer $COOLIFY_API_TOKEN" \ --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID") if [ "$STATUS" -eq 200 ]; then echo "Dashboard deploy triggered via GET + Bearer" exit 0 fi STATUS=$(curl --silent --output /tmp/coolify_dashboard_post_bearer.txt --write-out "%{http_code}" \ -X POST "$BASE_URL/api/v1/deploy" \ -H "Authorization: Bearer $COOLIFY_API_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"uuid\":\"$COOLIFY_RESOURCE_UUID\"}") if [ "$STATUS" -eq 200 ]; then echo "Dashboard deploy triggered via POST + Bearer" exit 0 fi STATUS=$(curl --silent --output /tmp/coolify_dashboard_get_token.txt --write-out "%{http_code}" -G \ "$BASE_URL/api/v1/deploy" \ -H "Authorization: $COOLIFY_API_TOKEN" \ --data-urlencode "uuid=$COOLIFY_RESOURCE_UUID") if [ "$STATUS" -eq 200 ]; then echo "Dashboard deploy triggered via GET + Authorization: Token" exit 0 fi echo "Dashboard deploy failed across all auth/method variants." echo "GET+Bearer response:" sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_dashboard_get.txt | head -c 500; echo echo "POST+Bearer response:" sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_dashboard_post_bearer.txt | head -c 500; echo echo "GET+Token response:" sed -e 's/[A-Za-z0-9_\-]\{20,\}/[REDACTED]/g' /tmp/coolify_dashboard_get_token.txt | head -c 500; echo exit 1