syscall_monitor/.gitea/workflows/cd.yml

name: CD

on:
  push:
    tags:
      - "v*"
  workflow_dispatch:

env:
  DEPLOY_DIR: /opt/syscall_monitor
  HEALTH_URL: http://127.0.0.1:5000

jobs:
  deploy:
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: https://gitea.com/actions/checkout@v4

      - name: Show target host info
        run: |
          echo "deploying on: $(hostname)"
          echo "user: $(id -un) ($(id -u))"
          echo "ref: ${{ gitea.ref }}"
          echo "deploy dir: $DEPLOY_DIR"

      - name: Stop running instance (if any)
        run: |
          if [ -x "$DEPLOY_DIR/stop.sh" ]; then
            sudo -n "$DEPLOY_DIR/stop.sh" || true
          else
            echo "no prior install at $DEPLOY_DIR, skipping stop"
          fi

      - name: Sync code to deploy dir
        run: |
          sudo -n /usr/bin/rsync -a --delete \
            --exclude='.git' \
            --exclude='.venv' \
            --exclude='.venv-ci' \
            --exclude='logs' \
            --exclude='.pid' \
            ./ "$DEPLOY_DIR/"
          sudo -n chmod +x "$DEPLOY_DIR/setup.sh" "$DEPLOY_DIR/run.sh" "$DEPLOY_DIR/stop.sh"

      - name: Setup venv and dependencies
        run: sudo -n "$DEPLOY_DIR/setup.sh"

      - name: Start service
        run: sudo -n "$DEPLOY_DIR/run.sh"

      - name: Verify pid is alive
        run: |
          sleep 5
          PID_FILE="$DEPLOY_DIR/.pid"
          if [ ! -f "$PID_FILE" ]; then
            echo "no .pid file at $PID_FILE" >&2
            sudo -n tail -n 50 "$DEPLOY_DIR/logs/app.log" >&2 || true
            exit 1
          fi
          PID=$(cat "$PID_FILE")
          echo "pid=$PID"
          for i in 1 2 3; do
            if [ -d "/proc/$PID" ]; then
              echo "service running, pid=$PID (attempt $i)"
              exit 0
            fi
            echo "attempt $i: pid $PID not alive yet, retrying..."
            sleep 2
          done
          echo "pid $PID not alive after 3 attempts" >&2
          sudo -n tail -n 50 "$DEPLOY_DIR/logs/app.log" >&2 || true
          exit 1

      - name: HTTP health check
        run: |
          for i in 1 2 3 4 5 6 7 8 9 10; do
            if curl -fsS -o /dev/null "$HEALTH_URL"; then
              echo "health check passed on attempt $i"
              exit 0
            fi
            echo "attempt $i failed, retrying..."
            sleep 2
          done
          echo "health check failed: $HEALTH_URL unreachable" >&2
          sudo -n tail -n 80 "$DEPLOY_DIR/logs/app.log" >&2 || true
          exit 1

      - name: Tail startup log
        if: always()
        run: sudo -n tail -n 30 "$DEPLOY_DIR/logs/app.log" || true