66c1a5c170
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 2m52s
User request: anh trỏ 3 subdomain mới về VPS IP 103.124.94.38:
- api.huypham.vn → api.solutions.com.vn
- admin.huypham.vn → admin.solutions.com.vn
- user.huypham.vn → eoffice.solutions.com.vn
Verified DNS: cả 3 resolve 103.124.94.38 ✓
Update 17 file repo:
FE (4): fe-admin/.env.production + fe-user/.env.production
(VITE_API_BASE_URL → https://api.solutions.com.vn)
fe-admin/src/lib/{api,realtime}.ts + fe-user equivalents (comment)
BE (1): appsettings.Production.json.example — CORS AllowedOrigins
CI/CD (1): .gitea/workflows/deploy.yml — smoke test URL
Scripts (3): setup-iis-sites (DomainApi/Admin/User), setup-ssl (3 host),
deploy-all (verify curls)
Docs (5): STATUS, HANDOFF, PROJECT-MAP, vps-setup, gotchas
Skill (1): iis-deploy-runbook — 3 site table + description
Email admin@huypham.vn giữ nguyên (Let's Encrypt contact — không phải
domain serve).
Thêm scripts/migrate-domains.ps1 — 1-shot VPS migration:
1. Pre-flight: resolve DNS 3 domain → verify IP VPS khớp
2. Add HTTP binding mới cho 3 IIS site (giữ binding cũ làm fallback)
3. Run win-acme xin 3 cert Let's Encrypt qua HTTP-01 challenge
(auto add HTTPS binding + http→https redirect)
4. Verify /health/live + /health/ready + 2 FE endpoint
5. (Optional -RemoveOld) xóa binding huypham.vn sau verify OK
Rollback: nếu fail, binding cũ vẫn active → site serve qua huypham.vn.
Anh chạy trên VPS:
cd C:\solution-erp\scripts ; .\migrate-domains.ps1
# Sau 1-2 ngày verify stable:
.\migrate-domains.ps1 -RemoveOld -SkipCert
117 lines
4.7 KiB
YAML
117 lines
4.7 KiB
YAML
# Gitea Actions CI/CD - build + deploy SOLUTION_ERP to IIS on same VPS.
|
|
# Trigger: push to main, or manual dispatch.
|
|
#
|
|
# Self-hosted Windows runner on VPS (shared with VIETREPORT). Runner has:
|
|
# - git, .NET 10 SDK, Node 20, IIS
|
|
# - Can deploy locally (no WinRM needed)
|
|
#
|
|
# Secrets required in Gitea repo settings:
|
|
# - JWT_SECRET (64+ chars random)
|
|
# - DB_CONNECTION (full connection string with vrapp password)
|
|
|
|
name: Deploy SOLUTION_ERP
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-deploy:
|
|
runs-on: windows-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Show tool versions
|
|
shell: powershell
|
|
run: |
|
|
& 'C:\Program Files\dotnet\dotnet.exe' --version
|
|
& 'C:\Program Files\nodejs\node.exe' --version
|
|
& 'C:\Program Files\nodejs\npm.cmd' --version
|
|
|
|
- name: Build backend
|
|
shell: powershell
|
|
run: |
|
|
& 'C:\Program Files\dotnet\dotnet.exe' restore SolutionErp.slnx
|
|
& 'C:\Program Files\dotnet\dotnet.exe' publish src/Backend/SolutionErp.Api/SolutionErp.Api.csproj `
|
|
--configuration Release `
|
|
--output out/api `
|
|
--runtime win-x64 `
|
|
--self-contained false
|
|
|
|
- name: Build fe-admin
|
|
shell: powershell
|
|
working-directory: fe-admin
|
|
run: |
|
|
# Vite 8 rolldown native binding must match platform; fresh resolve on Windows
|
|
Remove-Item node_modules, package-lock.json -Recurse -Force -ErrorAction SilentlyContinue
|
|
& 'C:\Program Files\nodejs\npm.cmd' install --no-audit --no-fund
|
|
& 'C:\Program Files\nodejs\npm.cmd' run build
|
|
|
|
- name: Build fe-user
|
|
shell: powershell
|
|
working-directory: fe-user
|
|
run: |
|
|
Remove-Item node_modules, package-lock.json -Recurse -Force -ErrorAction SilentlyContinue
|
|
& 'C:\Program Files\nodejs\npm.cmd' install --no-audit --no-fund
|
|
& 'C:\Program Files\nodejs\npm.cmd' run build
|
|
|
|
- name: Deploy to IIS (local)
|
|
if: github.ref == 'refs/heads/main'
|
|
shell: powershell
|
|
env:
|
|
JWT_SECRET: ${{ secrets.JWT_SECRET }}
|
|
DB_CONNECTION: ${{ secrets.DB_CONNECTION }}
|
|
run: |
|
|
Import-Module WebAdministration
|
|
|
|
# Stop app pool (if running) so DLLs are writable
|
|
$poolState = (Get-WebAppPoolState -Name SolutionErp-Api -ErrorAction SilentlyContinue).Value
|
|
if ($poolState -eq 'Started') {
|
|
Stop-WebAppPool -Name SolutionErp-Api
|
|
Start-Sleep -Seconds 3
|
|
}
|
|
|
|
# Deploy API
|
|
Remove-Item -Path 'C:\inetpub\solution-erp\api\*' -Recurse -Force -Exclude 'appsettings.Production.json','logs','uploads','wwwroot' -ErrorAction SilentlyContinue
|
|
Copy-Item -Path 'out\api\*' -Destination 'C:\inetpub\solution-erp\api\' -Recurse -Force
|
|
|
|
# Write appsettings.Production.json from source template + secrets.
|
|
# Template is in source workspace (not in publish output - dotnet publish
|
|
# doesn't copy .example files).
|
|
$example = 'src\Backend\SolutionErp.Api\appsettings.Production.json.example'
|
|
$prod = 'C:\inetpub\solution-erp\api\appsettings.Production.json'
|
|
$settings = Get-Content $example -Raw | ConvertFrom-Json
|
|
$settings.ConnectionStrings.Default = $env:DB_CONNECTION
|
|
$settings.Jwt.Secret = $env:JWT_SECRET
|
|
$settings | ConvertTo-Json -Depth 10 | Set-Content -Path $prod -Encoding UTF8
|
|
Write-Host "Wrote appsettings.Production.json"
|
|
|
|
# Restrict ACL
|
|
icacls $prod /inheritance:r | Out-Null
|
|
icacls $prod /grant:r 'Administrators:(R,W)' 'IIS AppPool\SolutionErp-Api:(R)' | Out-Null
|
|
|
|
# Deploy fe-admin
|
|
Remove-Item -Path 'C:\inetpub\solution-erp\fe-admin\*' -Recurse -Force -Exclude 'web.config' -ErrorAction SilentlyContinue
|
|
Copy-Item -Path 'fe-admin\dist\*' -Destination 'C:\inetpub\solution-erp\fe-admin\' -Recurse -Force
|
|
|
|
# Deploy fe-user
|
|
Remove-Item -Path 'C:\inetpub\solution-erp\fe-user\*' -Recurse -Force -Exclude 'web.config' -ErrorAction SilentlyContinue
|
|
Copy-Item -Path 'fe-user\dist\*' -Destination 'C:\inetpub\solution-erp\fe-user\' -Recurse -Force
|
|
|
|
# Restart app pool
|
|
Start-WebAppPool -Name SolutionErp-Api
|
|
Write-Host "Deploy done. App pool started."
|
|
|
|
- name: Smoke test
|
|
if: github.ref == 'refs/heads/main'
|
|
shell: powershell
|
|
run: |
|
|
Start-Sleep -Seconds 10
|
|
try {
|
|
$r = Invoke-WebRequest -Uri 'https://api.solutions.com.vn/health/live' -TimeoutSec 30 -UseBasicParsing
|
|
Write-Host "API /health/live -> $($r.StatusCode)"
|
|
} catch {
|
|
Write-Warning "API smoke test: $_"
|
|
}
|