# Gitea Actions CI/CD - build + deploy SOLUTION_ERP to IIS on same VPS. # Trigger: push to main, or manual dispatch. # # Self-hosted Windows runner on VPS (shared with VIETREPORT). Runner has: # - git, .NET 10 SDK, Node 20, IIS # - Can deploy locally (no WinRM needed) # # Secrets required in Gitea repo settings: # - JWT_SECRET (64+ chars random) # - DB_CONNECTION (full connection string with vrapp password) name: Deploy SOLUTION_ERP on: push: branches: [main] workflow_dispatch: jobs: build-deploy: runs-on: windows-latest steps: - uses: actions/checkout@v4 - name: Show tool versions shell: powershell run: | & 'C:\Program Files\dotnet\dotnet.exe' --version & 'C:\Program Files\nodejs\node.exe' --version & 'C:\Program Files\nodejs\npm.cmd' --version - name: Build backend shell: powershell run: | & 'C:\Program Files\dotnet\dotnet.exe' restore SolutionErp.slnx & 'C:\Program Files\dotnet\dotnet.exe' publish src/Backend/SolutionErp.Api/SolutionErp.Api.csproj ` --configuration Release ` --output out/api ` --runtime win-x64 ` --self-contained false - name: Build fe-admin shell: powershell working-directory: fe-admin run: | # Vite 8 rolldown native binding must match platform; fresh resolve on Windows Remove-Item node_modules, package-lock.json -Recurse -Force -ErrorAction SilentlyContinue & 'C:\Program Files\nodejs\npm.cmd' install --no-audit --no-fund & 'C:\Program Files\nodejs\npm.cmd' run build - name: Build fe-user shell: powershell working-directory: fe-user run: | Remove-Item node_modules, package-lock.json -Recurse -Force -ErrorAction SilentlyContinue & 'C:\Program Files\nodejs\npm.cmd' install --no-audit --no-fund & 'C:\Program Files\nodejs\npm.cmd' run build - name: Deploy to IIS (local) if: github.ref == 'refs/heads/main' shell: powershell env: JWT_SECRET: ${{ secrets.JWT_SECRET }} DB_CONNECTION: ${{ secrets.DB_CONNECTION }} run: | Import-Module WebAdministration # Stop app pool so DLLs are writable if (Get-WebAppPoolState -Name SolutionErp-Api -ErrorAction SilentlyContinue) { Stop-WebAppPool -Name SolutionErp-Api Start-Sleep -Seconds 3 } # Deploy API Remove-Item -Path 'C:\inetpub\solution-erp\api\*' -Recurse -Force -Exclude 'appsettings.Production.json','logs','uploads','wwwroot' -ErrorAction SilentlyContinue Copy-Item -Path 'out\api\*' -Destination 'C:\inetpub\solution-erp\api\' -Recurse -Force # Write appsettings.Production.json from template + secrets $example = 'C:\inetpub\solution-erp\api\appsettings.Production.json.example' $prod = 'C:\inetpub\solution-erp\api\appsettings.Production.json' if (Test-Path $example) { $settings = Get-Content $example -Raw | ConvertFrom-Json $settings.ConnectionStrings.Default = $env:DB_CONNECTION $settings.Jwt.Secret = $env:JWT_SECRET $settings | ConvertTo-Json -Depth 10 | Set-Content -Path $prod -Encoding UTF8 Write-Host "Wrote appsettings.Production.json" # Restrict ACL icacls $prod /inheritance:r | Out-Null icacls $prod /grant:r 'Administrators:(R,W)' 'IIS AppPool\SolutionErp-Api:(R)' | Out-Null } else { Write-Error "Template $example not found" exit 1 } # Deploy fe-admin Remove-Item -Path 'C:\inetpub\solution-erp\fe-admin\*' -Recurse -Force -Exclude 'web.config' -ErrorAction SilentlyContinue Copy-Item -Path 'fe-admin\dist\*' -Destination 'C:\inetpub\solution-erp\fe-admin\' -Recurse -Force # Deploy fe-user Remove-Item -Path 'C:\inetpub\solution-erp\fe-user\*' -Recurse -Force -Exclude 'web.config' -ErrorAction SilentlyContinue Copy-Item -Path 'fe-user\dist\*' -Destination 'C:\inetpub\solution-erp\fe-user\' -Recurse -Force # Restart app pool Start-WebAppPool -Name SolutionErp-Api Write-Host "Deploy done. App pool started." - name: Smoke test if: github.ref == 'refs/heads/main' shell: powershell run: | Start-Sleep -Seconds 10 try { $r = Invoke-WebRequest -Uri 'https://api.huypham.vn/health/live' -TimeoutSec 30 -UseBasicParsing Write-Host "API /health/live -> $($r.StatusCode)" } catch { Write-Warning "API smoke test: $_" }