MokoConsulting/moko-platform
1
0
Fork 0
Code Issues 9 Pull Requests Actions 38 Packages Releases 4 Wiki Activity
Files
4d99ab9a4e66df99a88de75102e79b2967f70eea
moko-platform/templates/workflows/shared/pull-from-dev.yml.template
T
Jonathan Miller 3834781899 feat: add pull-from-dev and export-mysql workflow templates 
pull-from-dev.yml.template:
- Downloads files from dev server via rsync/SSH into repo src/
- Configurable via DEV_SSH_HOST, DEV_SSH_USERNAME, DEV_PULL_PATH vars
- Auth via DEV_SSH_KEY secret
- Dry-run mode, branch selection, diff preview

export-mysql.yml.template:
- Exports MySQL database from dev or demo server
- Supports both Joomla and Dolibarr environments
- Sanitizes PII: passwords (bcrypt), emails, sessions, API keys, tokens
- Preserves admin/moko emails, strips everything else
- Dolibarr-specific: clears api_key, pass_crypted, ldap_pass, oauth secrets
- Saves as artifact (30d retention) or commits to sql/exports/
- Configurable per environment (dev/demo) via org or repo variables

Required variables (org or repo):
- DEV_SSH_HOST, DEV_SSH_PORT, DEV_SSH_USERNAME
- DEV_MYSQL_DATABASE, DEV_MYSQL_USER
- Secrets: DEV_SSH_KEY, DEV_MYSQL_PASSWORD

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-19 15:02:01 -05:00

174 lines
6.2 KiB
Plaintext
Raw Blame History

# Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
# SPDX-License-Identifier: GPL-3.0-or-later
# FILE INFORMATION
# DEFGROUP: Gitea.Workflow
# INGROUP: MokoStandards-API.Deployment
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
# PATH: /templates/workflows/shared/pull-from-dev.yml.template
# VERSION: 04.06.12
# BRIEF: Download files from dev server into repo src/ directory
name: Pull from Dev Server
on:
workflow_dispatch:
inputs:
remote_path:
description: 'Remote path to download (overrides DEV_PULL_PATH variable)'
required: false
type: string
default: ''
target_dir:
description: 'Local directory to save to'
required: false
type: string
default: 'src'
branch:
description: 'Branch to commit to'
required: false
type: string
default: 'dev'
dry_run:
description: 'Preview only (no commit)'
required: false
type: boolean
default: true
# ──────────────────────────────────────────────────────────────
# Required secrets and variables:
#
# SECRETS (org or repo level):
# DEV_SSH_KEY — SSH private key for dev server access
# DEV_SSH_PASSWORD — OR password auth (if not using key)
#
# VARIABLES (org or repo level):
# DEV_SSH_HOST — Dev server hostname (e.g., dev.mokoconsulting.tech)
# DEV_SSH_PORT — SSH port (default: 22)
# DEV_SSH_USERNAME — SSH user
# DEV_PULL_PATH — Remote path to download (e.g., /var/www/html/plugins/system/mokojoomtos)
# ──────────────────────────────────────────────────────────────
permissions:
contents: write
jobs:
pull-from-dev:
name: Pull from Dev Server
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch }}
- name: Validate configuration
run: |
MISSING=""
[ -z "${{ vars.DEV_SSH_HOST }}" ] && MISSING="${MISSING} DEV_SSH_HOST"
[ -z "${{ vars.DEV_SSH_USERNAME }}" ] && MISSING="${MISSING} DEV_SSH_USERNAME"
REMOTE="${{ inputs.remote_path || vars.DEV_PULL_PATH }}"
[ -z "$REMOTE" ] && MISSING="${MISSING} DEV_PULL_PATH"
if [ -n "$MISSING" ]; then
echo "ERROR: Missing required variables:${MISSING}"
echo "Set these as org or repo variables in Gitea Actions settings."
exit 1
fi
echo "remote_path=${REMOTE}" >> $GITHUB_OUTPUT
echo "Config OK — pulling from ${{ vars.DEV_SSH_USERNAME }}@${{ vars.DEV_SSH_HOST }}:${REMOTE}"
id: config
- name: Setup SSH
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
if [ -n "${{ secrets.DEV_SSH_KEY }}" ]; then
echo "${{ secrets.DEV_SSH_KEY }}" > ~/.ssh/dev_key
chmod 600 ~/.ssh/dev_key
echo "Auth: SSH key"
else
echo "Auth: password (sshpass)"
sudo apt-get install -y sshpass -qq
fi
# Disable host key checking for automation
echo "Host *" > ~/.ssh/config
echo " StrictHostKeyChecking no" >> ~/.ssh/config
echo " UserKnownHostsFile /dev/null" >> ~/.ssh/config
chmod 600 ~/.ssh/config
- name: Download from dev server
id: download
run: |
HOST="${{ vars.DEV_SSH_HOST }}"
PORT="${{ vars.DEV_SSH_PORT || '22' }}"
USER="${{ vars.DEV_SSH_USERNAME }}"
REMOTE="${{ steps.config.outputs.remote_path }}"
LOCAL="${{ inputs.target_dir }}"
echo "Downloading: ${USER}@${HOST}:${REMOTE} → ${LOCAL}/"
# Build rsync command
SSH_CMD="ssh -p ${PORT}"
if [ -f ~/.ssh/dev_key ]; then
SSH_CMD="${SSH_CMD} -i ~/.ssh/dev_key"
fi
# Rsync from remote to local (mirror mode, delete extra local files)
rsync -avz --delete \
-e "${SSH_CMD}" \
"${USER}@${HOST}:${REMOTE}/" \
"${LOCAL}/" \
--exclude='.git' \
--exclude='.gitignore' \
--exclude='node_modules' \
--exclude='vendor' \
--exclude='cache' \
--exclude='tmp' \
--exclude='log' \
2>&1 | tee /tmp/rsync.log
CHANGED=$(git status --porcelain "${LOCAL}/" | wc -l)
echo "changed=${CHANGED}" >> $GITHUB_OUTPUT
echo "Files changed: ${CHANGED}"
- name: Show diff
if: steps.download.outputs.changed != '0'
run: |
echo "=== Changed files ==="
git status --short "${{ inputs.target_dir }}/"
echo ""
echo "=== Diff summary ==="
git diff --stat "${{ inputs.target_dir }}/"
- name: Commit and push
if: steps.download.outputs.changed != '0' && inputs.dry_run != true
run: |
git config user.name "gitea-actions[bot]"
git config user.email "gitea-actions[bot]@noreply.git.mokoconsulting.tech"
git add "${{ inputs.target_dir }}/"
git commit -m "chore(sync): pull latest from dev server
Source: ${{ vars.DEV_SSH_USERNAME }}@${{ vars.DEV_SSH_HOST }}:${{ steps.config.outputs.remote_path }}
Files changed: ${{ steps.download.outputs.changed }}
Triggered by: ${{ gitea.actor }}"
git push origin ${{ inputs.branch }}
echo "Pushed to ${{ inputs.branch }}"
- name: Summary
run: |
echo "## Pull from Dev Server"
echo ""
if [ "${{ inputs.dry_run }}" = "true" ]; then
echo "**DRY RUN** — no changes committed"
fi
echo "- Source: \`${{ vars.DEV_SSH_USERNAME }}@${{ vars.DEV_SSH_HOST }}:${{ steps.config.outputs.remote_path }}\`"
echo "- Target: \`${{ inputs.target_dir }}/\`"
echo "- Changed files: ${{ steps.download.outputs.changed }}"
- name: Cleanup
if: always()
run: rm -f ~/.ssh/dev_key
Reference in New Issue View Git Blame Copy Permalink